LiveActive security incident?Get immediate response
CVE archive

February 2007

Browse CVE records published in February 2007, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 511 matching CVEs · Page 2 of 11.

Unknown · CVSS Not scored

CVE-2007-1053: Multiple PHP remote file inclusion vulnerabilities in phpXmms 1.0 allow remote attackers to execute arbitra...

Multiple PHP remote file inclusion vulnerabilities in phpXmms 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the tcmdp parameter to (1) phpxmmsb.php or (2) phpxmmst.php. NOTE: this issue has been disputed by a reliable third party, stating that the tcmdp variable is initialized by config.php

Published Feb 21, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-1153: Multiple PHP remote file inclusion vulnerabilities in CutePHP CuteNews 1.3.6 allow remote attackers to exec...

Multiple PHP remote file inclusion vulnerabilities in CutePHP CuteNews 1.3.6 allow remote attackers to execute arbitrary PHP code via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: issue might overlap CVE-2004-1660 or CVE-2006-4445.

Published Feb 27, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-1057: The Net Direct client for Linux before 6.0.5 in Nortel Application Switch 2424, VPN 3050 and 3070, and SSL...

The Net Direct client for Linux before 6.0.5 in Nortel Application Switch 2424, VPN 3050 and 3070, and SSL VPN Module 1000 extracts and executes files with insecure permissions, which allows local users to exploit a race condition to replace a world-writable file in /tmp/NetClient and cause another user to execute arbitrary code when attempting to execute this client, as demonstrated by replacing /tmp/NetClient/client.

Published Feb 21, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-1056: VMware Workstation 5.5.3 build 34685 does not provide per-user restrictions on certain privileged actions,...

VMware Workstation 5.5.3 build 34685 does not provide per-user restrictions on certain privileged actions, which allows local users to perform restricted operations such as changing system time, accessing hardware components, and stopping the "VMware tools service" service. NOTE: exploitation is simplified via (1) weak file permissions (Users = Read & Execute) for %PROGRAMFILES%\VMware; and weak registry key permissions (access by Users) for (2) vmmouse, (3) vmscsi, (4) VMTools, (5) vmx_svga, and (6) vmxnet in HKLM\SYSTEM\CurrentControlSet\Services\; which allows local users to perform various privileged actions outside of the guest OS by executing certain files under %PROGRAMFILES%\VMware\VMware Tools, as demonstrated by (a) VMControlPanel.cpl and (b) vmwareservice.exe.

Published Feb 21, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-1052: PHP remote file inclusion vulnerability in index.php in PBLang (PBL) 4.60 and earlier allows remote attacke...

PHP remote file inclusion vulnerability in index.php in PBLang (PBL) 4.60 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the dbpath parameter, a different vector than CVE-2006-5062. NOTE: this issue has been disputed by a reliable third party for 4.65, stating that the dbpath variable is initialized in an included file that is created upon installation

Published Feb 21, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-1179: WebAPP before 0.9.9.5 does not properly manage e-mail addresses in certain contexts related to (1) the Reco...

WebAPP before 0.9.9.5 does not properly manage e-mail addresses in certain contexts related to (1) the Recommend feature, Email Article (2) senders and (3) recipients, (4) New User Approval, (5) Edit Profiles, (6) the Newsletter Subscription form, (7) the Recommend form, and (8) sending of articles, which has unknown impact, and remote attack vectors related to spam attacks and possibly other attacks.

Published Feb 28, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-1109: Multiple cross-site scripting (XSS) vulnerabilities in Phpwebgallery 1.4.1 allow remote attackers to inject...

Multiple cross-site scripting (XSS) vulnerabilities in Phpwebgallery 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) login or (2) mail_address field in Register.php, or the (3) search_author, (4) mode, (5) start_year, (6) end_year, or (7) date_type field in Search.php, a different vulnerability than CVE-2006-1674. NOTE: 1.6.2 and other versions might also be affected.

Published Feb 26, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-1117: Unspecified vulnerability in Publisher 2007 in Microsoft Office 2007 allows remote attackers to execute arb...

Unspecified vulnerability in Publisher 2007 in Microsoft Office 2007 allows remote attackers to execute arbitrary code via unspecified vectors, related to a "file format vulnerability." NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source.

Published Feb 27, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-1152: Multiple directory traversal vulnerabilities in Pyrophobia 2.1.3.1 allow remote attackers to read arbitrary...

Multiple directory traversal vulnerabilities in Pyrophobia 2.1.3.1 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) act or (2) pid parameter to the top-level URI (index.php), or the (3) action parameter to admin/index.php. NOTE: some of these details are obtained from third party information.

Published Feb 27, 2007 · Updated Aug 7, 2024