LiveActive security incident?Get immediate response
CVE archive

May 2007

Browse CVE records published in May 2007, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 568 matching CVEs · Page 1 of 12.

Unknown · CVSS Not scored

CVE-2007-2447: The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitr...

The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the (1) SamrChangePassword function, when the "username map script" smb.conf option is enabled, and allows remote authenticated users to execute commands via shell metacharacters involving other MS-RPC functions in the (2) remote printer and (3) file share management.

Published May 14, 2007 · Updated Nov 4, 2025

Critical · CVSS 9.8

CVE-2007-2422: Multiple PHP remote file inclusion vulnerabilities in Modules Builder (modbuild) 4.1 for Comdev One Admin a...

Multiple PHP remote file inclusion vulnerabilities in Modules Builder (modbuild) 4.1 for Comdev One Admin allow remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter to (1) config-bak.php or (2) config.php. NOTE: CVE disputes this vulnerability because the unmodified scripts set the applicable variable to the empty string; reasonable modified copies would use a fixed pathname string

Published May 2, 2007 · Updated Jan 17, 2025

Unknown · CVSS Not scored

CVE-2007-2679: PHP file inclusion vulnerability in index.php in Ivan Peevski gallery 0.3 in Simple PHP Scripts (sphp) allo...

PHP file inclusion vulnerability in index.php in Ivan Peevski gallery 0.3 in Simple PHP Scripts (sphp) allows remote attackers to execute arbitrary PHP code via a UNC share pathname or a local file pathname in the gallery parameter, which is accessed by the file_exists function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published May 15, 2007 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2007-6746: telepathy-idle before 0.1.15 does not verify (1) that the issuer is a trusted CA, (2) that the server hostn...

telepathy-idle before 0.1.15 does not verify (1) that the issuer is a trusted CA, (2) that the server hostname matches a domain name in the subject's Common Name (CN), or (3) the expiration date of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

Published May 21, 2013 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-5962: Memory leak in a certain Red Hat patch, applied to vsftpd 2.0.5 on Red Hat Enterprise Linux (RHEL) 5 and Fe...

Memory leak in a certain Red Hat patch, applied to vsftpd 2.0.5 on Red Hat Enterprise Linux (RHEL) 5 and Fedora 6 through 8, and on Foresight Linux and rPath appliances, allows remote attackers to cause a denial of service (memory consumption) via a large number of CWD commands, as demonstrated by an attack on a daemon with the deny_file configuration option.

Published May 22, 2008 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-2966: Buffer overflow in the LHA decompression component in F-Secure anti-virus products for Microsoft Windows an...

Buffer overflow in the LHA decompression component in F-Secure anti-virus products for Microsoft Windows and Linux before 20070529 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted LHA archive, related to an integer wrap, a similar issue to CVE-2006-4335.

Published May 31, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-2965: Unspecified vulnerability in the Real-time Scanning component in multiple F-Secure products, including Inte...

Unspecified vulnerability in the Real-time Scanning component in multiple F-Secure products, including Internet Security 2005, 2006 and 2007; Anti-Virus 2005, 2006 and 2007; and Solutions based on F-Secure Protection Service for Consumers 6.40 and earlier allows local users to gain privileges via a crafted I/O request packet (IRP), related to IOCTL (Input/Output Control) and "access validation of the address space."

Published May 31, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-2960: Multiple directory traversal vulnerabilities in Scallywag 2005-04-25 allow remote attackers to include and...

Multiple directory traversal vulnerabilities in Scallywag 2005-04-25 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the skin_name parameter to template.php in (1) skin/dark/, (2) skin/gold/, or (3) skin/original/, a different vector than CVE-2007-2900. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published May 31, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-2963: Multiple cross-site scripting (XSS) vulnerabilities in Invision Power Board (IPB or IP.Board) 2.2.2, and po...

Multiple cross-site scripting (XSS) vulnerabilities in Invision Power Board (IPB or IP.Board) 2.2.2, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via (1) module_bbcodeloader.php, (2) module_div.php, (3) module_email.php, (4) module_image.php, (5) module_link.php, or (6) the editorid parameter to module_table.php in jscripts/folder_rte_files/. NOTE: some details were obtained from third party sources.

Published May 31, 2007 · Updated Aug 7, 2024