Vulnerabilities > Netscape > Communicator > 4.7
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2000-05-10 | CVE-2000-0406 | Unspecified vulnerability in Netscape Communicator Netscape Communicator before version 4.73 and Navigator 4.07 do not properly validate SSL certificates, which allows remote attackers to steal information by redirecting traffic from a legitimate web server to their own malicious server, aka the "Acros-Suencksen SSL" vulnerability. | 2.6 |
2000-01-12 | CVE-2000-0087 | Unspecified vulnerability in Netscape Communicator and Navigator Netscape Mail Notification (nsnotify) utility in Netscape Communicator uses IMAP without SSL, even if the user has set a preference for Communicator to use an SSL connection, allowing a remote attacker to sniff usernames and passwords in plaintext. | 5.0 |
2000-01-12 | CVE-1999-1002 | Remote Security vulnerability in Netscape Communicator 4.7 Netscape Navigator uses weak encryption for storing a user's Netscape mail password. | 5.0 |
1999-12-22 | CVE-2000-0034 | Unspecified vulnerability in Netscape Communicator 4.7 Netscape 4.7 records user passwords in the preferences.js file during an IMAP or POP session, even if the user has not enabled "remember passwords." | 5.0 |
1999-11-24 | CVE-1999-1189 | Unspecified vulnerability in Netscape Communicator and Navigator Buffer overflow in Netscape Navigator/Communicator 4.7 for Windows 95 and Windows 98 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long argument after the ? character in a URL that references an .asp, .cgi, .html, or .pl file. | 7.5 |
1999-10-28 | CVE-1999-1226 | Unspecified vulnerability in Netscape Communicator Netscape Communicator 4.7 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long certificate key. | 2.6 |
1999-10-05 | CVE-1999-1357 | Unspecified vulnerability in Netscape Communicator Netscape Communicator 4.04 through 4.7 (and possibly other versions) in various UNIX operating systems converts the 0x8b character to a "<" sign, and the 0x9b character to a ">" sign, which could allow remote attackers to attack other clients via cross-site scripting (CSS) in CGI programs that do not filter these characters. | 7.5 |