The view-source CGI program allows remote attackers to read arbitrary files via a .. (dot dot) attack.
Max CVSS
6.4
EPSS Score
3.91%
Published
1997-02-01
Updated
2022-08-17
talkback in Netscape 4.5 allows a local user to kill an arbitrary process of another user whose Netscape crashes.
Max CVSS
6.4
EPSS Score
0.06%
Published
1999-03-18
Updated
2022-08-17
Netscape Enterprise Server with Web Publishing enabled allows remote attackers to list arbitrary directories via a GET request for the /publisher directory, which provides a Java applet that allows the attacker to browse the directories.
Max CVSS
6.4
EPSS Score
0.24%
Published
2000-03-11
Updated
2008-09-10
Netscape Communicator 4.0 through 4.79 allows remote attackers to bypass JVM security and execute arbitrary Java code via an applet that loads user-supplied Java classes.
Max CVSS
6.4
EPSS Score
0.40%
Published
2002-12-31
Updated
2017-07-29
servlet/SnoopServlet (a servlet installed by default) in Netscape Enterprise 3.63 has reflected XSS via an arbitrary parameter=[XSS] in the query string. A remote unauthenticated attacker could potentially exploit this vulnerability to supply malicious HTML or JavaScript code to a vulnerable web application, which is then reflected back to the victim and executed by the web browser. NOTE: this product is discontinued.
Max CVSS
6.1
EPSS Score
0.30%
Published
2019-01-31
Updated
2019-02-01
5 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!