• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

NVD-CWE-Other

CVE-2007-2225

February 26, 2023 by

A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka “URL Parsing Cross Domain Information Disclosure Vulnerability.”

CVE-2007-2227

February 26, 2023 by

The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition “notifications,” which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka “Content Disposition Parsing Cross Domain Information Disclosure Vulnerability.”

CVE-2007-2228

February 26, 2023 by

rpcrt4.dll (aka the RPC runtime library) in Microsoft Windows XP SP2, XP Professional x64 Edition, Server 2003 SP1 and SP2, Server 2003 x64 Edition and x64 Edition SP2, and Vista and Vista x64 Edition allows remote attackers to cause a denial of service (RPCSS service stop and system restart) via an RPC request that uses NTLMSSP PACKET authentication with a zero-valued verification trailer signature, which triggers an invalid dereference. NOTE: this also affects Windows 2000 SP4, although the impact is an information leak.

CVE-2007-2231

February 26, 2023 by

Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot) sequence in the mailbox name.

CVE-2007-2232

February 26, 2023 by

The CHECK command in Cosign 2.0.1 and earlier allows remote attackers to bypass authentication requirements via CR (r) sequences in the cosign cookie parameter.

CVE-2007-2233

February 26, 2023 by

cosign-bin/cosign.cgi in Cosign 2.0.2 and earlier allows remote authenticated users to perform unauthorized actions as an arbitrary user by using CR (r) sequences in the service parameter to inject LOGIN and REGISTER commands with the desired username.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 336
  • Go to page 337
  • Go to page 338
  • Go to page 339
  • Go to page 340
  • Interim pages omitted …
  • Go to page 940
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE