LiveActive security incident?Get immediate response
CVE archive

February 2007

Browse CVE records published in February 2007, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 511 matching CVEs · Page 4 of 11.

Unknown · CVSS Not scored

CVE-2007-1067: Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (w...

Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client do not properly parse commands, which allows local users to gain privileges via unspecified vectors, aka CSCsh30624.

Published Feb 22, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-1066: Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (w...

Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client use an insecure default Discretionary Access Control Lists (DACL) for the connection client GUI, which allows local users to gain privileges by injecting "a thread under ConnectionClient.exe," aka CSCsg20558.

Published Feb 22, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-1065: Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (w...

Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client allows local users to gain SYSTEM privileges via unspecified vectors in the supplicant, aka CSCsf15836.

Published Feb 22, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-1120: The (1) Import.LoadFromURL and (2) Export.asText.SaveToFile functions in TeeChart Pro ActiveX control (TeeC...

The (1) Import.LoadFromURL and (2) Export.asText.SaveToFile functions in TeeChart Pro ActiveX control (TeeChart7.ocx) allow remote attackers to download a crafted .tee file to an arbitrary location. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published Feb 27, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-1008: Apple iTunes 7.0.2 allows user-assisted remote attackers to cause a denial of service (application crash) v...

Apple iTunes 7.0.2 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted XML list of radio stations, which results in memory corruption. NOTE: iTunes retrieves the XML document from a static URL, which requires an attacker to perform DNS spoofing or man-in-the-middle attacks for exploitation.

Published Feb 20, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-1085: Cross-site scripting (XSS) vulnerability in Google Desktop allows remote attackers to bypass protection sch...

Cross-site scripting (XSS) vulnerability in Google Desktop allows remote attackers to bypass protection schemes and inject arbitrary web script or HTML, and possibly gain full access to the system, by using an XSS vulnerability in google.com to extract the signature for the internal web server, then calling the "under" parameter in Advanced Search with the proper signature.

Published Feb 23, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-1060: Multiple PHP remote file inclusion vulnerabilities in Interspire SendStudio 2004.14 and earlier, when regis...

Multiple PHP remote file inclusion vulnerabilities in Interspire SendStudio 2004.14 and earlier, when register_globals and allow_fopenurl are enabled, allow remote attackers to execute arbitrary PHP code via a URL in the ROOTDIR parameter to (1) createemails.inc.php and (2) send_emails.inc.php in /admin/includes/.

Published Feb 22, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-1049: Cross-site scripting (XSS) vulnerability in the wp_explain_nonce function in the nonce AYS functionality (w...

Cross-site scripting (XSS) vulnerability in the wp_explain_nonce function in the nonce AYS functionality (wp-includes/functions.php) for WordPress 2.0 before 2.0.9 and 2.1 before 2.1.1 allows remote attackers to inject arbitrary web script or HTML via the file parameter to wp-admin/templates.php, and possibly other vectors involving the action variable.

Published Feb 21, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-1016: SQL injection vulnerability in Aktueldownload Haber script allows remote attackers to execute arbitrary SQL...

SQL injection vulnerability in Aktueldownload Haber script allows remote attackers to execute arbitrary SQL commands via certain vectors related to the HaberDetay.asp and rss.asp components, and the id and kid parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: the combination of the HaberDetay.asp component and the id parameter is already covered by another February 2007 CVE candidate.

Published Feb 21, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-1018: PHP remote file inclusion vulnerability in tpl/header.php in VirtualSystem VS-News-System 1.2.1 and earlier...

PHP remote file inclusion vulnerability in tpl/header.php in VirtualSystem VS-News-System 1.2.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the newsordner parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published Feb 21, 2007 · Updated Aug 7, 2024