Vulnerabilities > Netscape > Enterprise Server > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-01-31 | CVE-2018-18940 | Cross-site Scripting vulnerability in Netscape Enterprise Server 3.63 servlet/SnoopServlet (a servlet installed by default) in Netscape Enterprise 3.63 has reflected XSS via an arbitrary parameter=[XSS] in the query string. | 4.3 |
| 2002-12-31 | CVE-2002-1655 | The Web Publishing feature in Netscape Enterprise Server 3.x and iPlanet Web Server 4.x allows remote attackers to cause a denial of service (crash) via a wp-html-rend request. | 5.0 |
| 2002-10-04 | CVE-2002-1042 | Directory traversal vulnerability in search engine for iPlanet web server 6.0 SP2 and 4.1 SP9, and Netscape Enterprise Server 3.6, when running on Windows platforms, allows remote attackers to read arbitrary files via ..\ (dot-dot backslash) sequences in the NS-query-pat parameter. | 5.0 |
| 2001-06-02 | CVE-2001-0251 | Unspecified vulnerability in Netscape Enterprise Server 3.0 The Web Publishing feature in Netscape Enterprise Server 3.x allows remote attackers to cause a denial of service via the REVLOG command. | 5.0 |
| 2001-06-02 | CVE-2001-0250 | Unspecified vulnerability in Netscape Enterprise Server 3.0/4.0 The Web Publishing feature in Netscape Enterprise Server 4.x and earlier allows remote attackers to list arbitrary directories under the web server root via the INDEX command. | 5.0 |
| 2001-03-12 | CVE-1999-0758 | Unspecified vulnerability in Netscape Enterprise Server and Fasttrack Server Netscape Enterprise 3.5.1 and FastTrack 3.01 servers allow a remote attacker to view source code to scripts by appending a %20 to the script's URL. | 5.0 |
| 2000-03-11 | CVE-2000-0237 | Unspecified vulnerability in Netscape Enterprise Server 3.5/3.6 Netscape Enterprise Server with Web Publishing enabled allows remote attackers to list arbitrary directories via a GET request for the /publisher directory, which provides a Java applet that allows the attacker to browse the directories. | 6.4 |
| 1999-12-19 | CVE-1999-1005 | Groupwise web server GWWEB.EXE allows remote attackers to read arbitrary files with .htm extensions via a .. | 5.0 |
| 1999-09-13 | CVE-1999-0751 | Buffer Overflow vulnerability in Netscape Enterprise Accept Buffer overflow in Accept command in Netscape Enterprise Server 3.6 with the SSL Handshake Patch. | 5.0 |
| 1999-07-30 | CVE-1999-1130 | Unspecified vulnerability in Netscape Enterprise Server Default configuration of the search engine in Netscape Enterprise Server 3.5.1, and possibly other versions, allows remote attackers to read the source of JHTML files by specifying a search command using the HTML-tocrec-demo1.pat pattern file. | 5.0 |