CVE-2008-1704
https://notcve.org/view.php?id=CVE-2008-1704
Multiple buffer overflows in TIBCO Software Enterprise Message Service (EMS) before 4.4.3, and iProcess Engine 10.6.0 through 10.6.1, allow remote attackers to execute arbitrary code via a crafted message to the EMS server. Múltiples desbordamientos de bufer en TIBCO Software Enterprise Message Service (EMS) anterior a 4.4.3, y iProcess Engine 10.6.0 a 10.6.1, permite a atacantes remotos ejecutar código de su elección mediante un mensaje manipulado a el servidor EMS. • http://secunia.com/advisories/29775 http://www.securityfocus.com/bid/28717 http://www.securitytracker.com/id?1019826 http://www.tibco.com/resources/mk/ems_security_advisory_20080409.txt http://www.vupen.com/english/advisories/2008/1190/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41761 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2007-5658
https://notcve.org/view.php?id=CVE-2007-5658
Heap-based buffer overflow in TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing size and copy-length values that trigger the overflow. Desbordamiento de búfer basado en pila en TIBCO SmartSockets RTserver 6.8.0 y anteriores, RTworks before 4.0.4, y Enterprise Message Service (EMS) 4.0.0 hasta el 4.4.1 permite a atacantes remotos ejecutar código de su elección a través de una respuesta manipulada que contiene valores de tamaño y longitud de copia que dispara el desbordamiento. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=638 http://secunia.com/advisories/28490 http://securitytracker.com/id?1019193 http://www.securityfocus.com/bid/27294 http://www.tibco.com/mk/advisory.jsp http://www.tibco.com/resources/mk/ems_security_advisory_20080115.txt http://www.tibco.com/resources/mk/smartsockets_security_advisory_20080115.txt http://www.tibco.com/resources/mk/sspfm_security_advisory_20080115.txt http://www.vupen.com/english/advisories/2008/0173 • CWE-20: Improper Input Validation •
CVE-2007-5656
https://notcve.org/view.php?id=CVE-2007-5656
TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted requests that control loop operations related to memory. TIBCO SmartSockets RTserver 6.8.0 y anteriores, RTworks anterior a 4.0.4, y Enterprise Message Service (EMS) 4.0.0 hasta la 4.4.1 permite a atacantes remotos provocar denegación de servicio (caida) y posiblemente ejecutar código de su elección a través de respuestas manipuladas que controlan operaciones de bucle relacionados con la memoria. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=641 http://secunia.com/advisories/28490 http://securitytracker.com/id?1019193 http://www.securityfocus.com/bid/27293 http://www.tibco.com/mk/advisory.jsp http://www.tibco.com/resources/mk/ems_security_advisory_20080115.txt http://www.tibco.com/resources/mk/smartsockets_security_advisory_20080115.txt http://www.tibco.com/resources/mk/sspfm_security_advisory_20080115.txt http://www.vupen.com/english/advisories/2008/0173 • CWE-399: Resource Management Errors •