LiveActive security incident?Get immediate response
CVE archive

February 2007

Browse CVE records published in February 2007, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 511 matching CVEs · Page 3 of 11.

Unknown · CVSS Not scored

CVE-2007-1121: Multiple SQL injection vulnerabilities in Mathis Dirksen-Thedens ZephyrSoft Toolbox Address Book Continued...

Multiple SQL injection vulnerabilities in Mathis Dirksen-Thedens ZephyrSoft Toolbox Address Book Continued (ABC) 1.00 allow remote attackers to execute arbitrary SQL commands via the id parameter to the (1) updateRow and (2) deleteRow functions in functions.php. NOTE: some of these details are obtained from third party information.

Published Feb 27, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-1122: Multiple SQL injection vulnerabilities in Mathis Dirksen-Thedens ZephyrSoft Toolbox Address Book Continued...

Multiple SQL injection vulnerabilities in Mathis Dirksen-Thedens ZephyrSoft Toolbox Address Book Continued (ABC) 1.00 and 1.01 allow remote attackers to execute arbitrary SQL commands via the id parameter to the (1) updateRow and (2) deleteRow functions in functions.php, a variant of a SQL injection issue that was fixed in 1.01. NOTE: some of these details are obtained from third party information.

Published Feb 27, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-1079: Stack-based buffer overflow in Rhino Software, Inc.

Stack-based buffer overflow in Rhino Software, Inc. FTP Voyager 14.0.0.3 and earlier allows remote servers to cause a denial of service (crash) via a long response to a CWD command, which triggers the overflow when the user aborts the command.

Published Feb 22, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-1145: Multiple cross-site scripting (XSS) vulnerabilities in Kayako SupportSuite - ESupport 3.00.13 and 3.04.10 a...

Multiple cross-site scripting (XSS) vulnerabilities in Kayako SupportSuite - ESupport 3.00.13 and 3.04.10 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to a (1) lostpassword or (2) register action in index.php, (3) unspecified vectors in the Submit form in a submit action in index.php, and (4) the user's name in index.php; and (5) allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to the Admin and Staff Control Panel. NOTE: this might issue overlap CVE-2004-1412, CVE-2005-0487, or CVE-2005-0842.

Published Feb 27, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-1070: Multiple stack-based buffer overflows in Trend Micro ServerProtect for Windows and EMC 5.58, and for Networ...

Multiple stack-based buffer overflows in Trend Micro ServerProtect for Windows and EMC 5.58, and for Network Appliance Filer 5.61 and 5.62, allow remote attackers to execute arbitrary code via crafted RPC requests to TmRpcSrv.dll that trigger overflows when calling the (1) CMON_NetTestConnection, (2) CMON_ActiveUpdate, and (3) CMON_ActiveRollback functions in (a) StCommon.dll, and (4) ENG_SetRealTimeScanConfigInfo and (5) ENG_SendEMail functions in (b) eng50.dll.

Published Feb 21, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-1064: Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (w...

Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client do not drop privileges when the help facility in the supplicant GUI is invoked, which allows local users to gain privileges, aka CSCsf14120.

Published Feb 22, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-1068: The (1) TTLS CHAP, (2) TTLS MSCHAP, (3) TTLS MSCHAPv2, (4) TTLS PAP, (5) MD5, (6) GTC, (7) LEAP, (8) PEAP M...

The (1) TTLS CHAP, (2) TTLS MSCHAP, (3) TTLS MSCHAPv2, (4) TTLS PAP, (5) MD5, (6) GTC, (7) LEAP, (8) PEAP MSCHAPv2, (9) PEAP GTC, and (10) FAST authentication methods in Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client store transmitted authentication credentials in plaintext log files, which allows local users to obtain sensitive information by reading these files, aka CSCsg34423.

Published Feb 22, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-1097: Unrestricted file upload vulnerability in the onAttachFiles function in the upload tool (inc/lib/attachment...

Unrestricted file upload vulnerability in the onAttachFiles function in the upload tool (inc/lib/attachment.lib.php) in Wiclear before 0.11.1 allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors related to filename validation. NOTE: some details were obtained from third party information.

Published Feb 26, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-1042: Directory traversal vulnerability in news.php in Xpression News (X-News) 1.0.1, when magic_quotes_gpc is di...

Directory traversal vulnerability in news.php in Xpression News (X-News) 1.0.1, when magic_quotes_gpc is disabled, allows remote attackers to include arbitrary files or obtain sensitive information via a .. (dot dot) in the xnews-template parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published Feb 21, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-1111: Multiple cross-site scripting (XSS) vulnerabilities in ActiveCalendar 1.2.0 allow remote attackers to injec...

Multiple cross-site scripting (XSS) vulnerabilities in ActiveCalendar 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the css parameter to (1) flatevents.php, (2) js.php, (3) mysqlevents.php, (4) m_2.php, (5) m_3.php, (6) m_4.php, (7) xmlevents.php, (8) y_2.php, or (9) y_3.php in data/.

Published Feb 26, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-1038: Shemes.com Grabit 1.5.3, and possibly earlier, allows remote attackers to cause a denial of service (applic...

Shemes.com Grabit 1.5.3, and possibly earlier, allows remote attackers to cause a denial of service (application crash) via a .nzb file with a subject field containing ';' (semicolon) characters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published Feb 21, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-1071: Integer overflow in the gifGetBandProc function in ImageIO in Apple Mac OS X 10.4.8 allows remote attackers...

Integer overflow in the gifGetBandProc function in ImageIO in Apple Mac OS X 10.4.8 allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image that triggers the overflow during decompression. NOTE: this is a different issue than CVE-2006-3502 and CVE-2006-3503.

Published Feb 22, 2007 · Updated Aug 7, 2024