Vulnerabilities > Netscape
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2000-12-19 | CVE-2000-0960 | Unspecified vulnerability in Netscape Messaging Server 4.15 The POP3 server in Netscape Messaging Server 4.15p1 generates different error messages for incorrect user names versus incorrect passwords, which allows remote attackers to determine valid users on the system and harvest email addresses for spam abuse. | 5.0 |
2000-12-11 | CVE-2000-1076 | Netscape (iPlanet) Certificate Management System 4.2 and Directory Server 4.12 stores the administrative password in plaintext, which could allow local and possibly remote attackers to gain administrative privileges on the server. | 10.0 |
2000-12-11 | CVE-2000-1075 | Directory traversal vulnerability in iPlanet Certificate Management System 4.2 and Directory Server 4.12 allows remote attackers to read arbitrary files via a .. | 5.0 |
2000-12-11 | CVE-2000-1074 | Unspecified vulnerability in Netscape Iplanet Ical 2.1 csstart program in iCal 2.1 Patch 2 uses relative pathnames to install the libsocket and libnsl libraries, which could allow the icsuser account to gain root privileges by creating a Trojan Horse library in the current or parent directory. | 10.0 |
2000-12-11 | CVE-2000-1073 | Unspecified vulnerability in Netscape Iplanet Ical 2.1 csstart program in iCal 2.1 Patch 2 searches for the cshttpd program in the current working directory, which allows local users to gain root privileges by creating a Trojan Horse cshttpd program in a directory and calling csstart from that directory. | 7.2 |
2000-12-11 | CVE-2000-1072 | Unspecified vulnerability in Netscape Iplanet Ical 2.1 iCal 2.1 Patch 2 installs many files with world-writeable permissions, which allows local users to modify the iCal configuration and execute arbitrary commands by replacing the iplncal.sh program with a Trojan horse. | 7.2 |
2000-12-11 | CVE-2000-1071 | Unspecified vulnerability in Netscape Iplanet Ical 2.1 The GUI installation for iCal 2.1 Patch 2 disables access control for the X server using an "xhost +" command, which allows remote attackers to monitor X Windows events and gain privileges. | 10.0 |
2000-10-20 | CVE-2000-0676 | Unspecified vulnerability in Netscape Communicator Netscape Communicator and Navigator 4.04 through 4.74 allows remote attackers to read arbitrary files by using a Java applet to open a connection to a URL using the "file", "http", "https", and "ftp" protocols, as demonstrated by Brown Orifice. | 5.0 |
2000-07-25 | CVE-2000-0655 | Netscape Communicator 4.73 and earlier allows remote attackers to cause a denial of service or execute arbitrary commands via a JPEG image containing a comment with an illegal field length of 1. | 5.0 |
2000-06-26 | CVE-2000-0600 | Netscape Enterprise Server in NetWare 5.1 allows remote attackers to cause a denial of service or execute arbitrary commands via a malformed URL. | 7.5 |