| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Java in Netscape 4.5 does not properly restrict applets from connecting to other hosts besides the one from which the applet was loaded, which violates the Java security model and could allow remote attackers to conduct unauthorized activities. |
| Default configuration of the search engine in Netscape Enterprise Server 3.5.1, and possibly other versions, allows remote attackers to read the source of JHTML files by specifying a search command using the HTML-tocrec-demo1.pat pattern file. |
| Netscape Navigator uses weak encryption for storing a user's Netscape mail password. |
| Internet Explorer 3.x to 4.01 allows a remote attacker to insert malicious content into a frame of another web site, aka frame spoofing. |
| Buffer overflow in Netscape Communicator before 4.7 via a dynamic font whose length field is less than the size of the font. |
| Buffer overflow in Netscape Enterprise Server and FastTrask Server allows remote attackers to gain privileges via a long HTTP GET request. |
| Buffer overflow in Accept command in Netscape Enterprise Server 3.6 with the SSL Handshake Patch. |
| Denial of service in Netscape Enterprise Server via a buffer overflow in the SSL handshake. |
| Netscape Enterprise 3.5.1 and FastTrack 3.01 servers allow a remote attacker to view source code to scripts by appending a %20 to the script's URL. |
| The Netscape Directory Server installation procedure leaves sensitive information in a file that is accessible to local users. |
| Netscape Communicator 4.x with Javascript enabled does not warn a user of cookie settings, even if they have selected the option to "Only accept cookies originating from the same server as the page being viewed". |
| By default, Internet Explorer 5.0 and other versions enables the "Navigate sub-frames across different domains" option, which allows frame spoofing. |
| Denial of service in Netscape Enterprise Server (NES) in HP Virtual Vault (VVOS) via a long URL. |
| Buffer overflow in Netscape Communicator via EMBED tags in the pluginspage option. |
| Denial of service Netscape Enterprise Server with VirtualVault on HP-UX VVOS systems. |
| Netscape Enterprise servers may list files through the PageServices query. |
| The view-source CGI program allows remote attackers to read arbitrary files via a .. (dot dot) attack. |
| Information from SSL-encrypted sessions via PKCS #1. |
| List of arbitrary files on Web host via nph-test-cgi script. |
| servlet/SnoopServlet (a servlet installed by default) in Netscape Enterprise 3.63 has reflected XSS via an arbitrary parameter=[XSS] in the query string. A remote unauthenticated attacker could potentially exploit this vulnerability to supply malicious HTML or JavaScript code to a vulnerable web application, which is then reflected back to the victim and executed by the web browser. NOTE: this product is discontinued. |