CVE-2007-4159
https://notcve.org/view.php?id=CVE-2007-4159
index.html in the HTTP administration interface in certain daemons in TIBCO Rendezvous (RV) 7.5.2 allows remote attackers to obtain sensitive information, such as a user name and IP addresses, via a direct request. index.html de la interfaz de administración HTTP en determinados demonios de TIBCO Rendezvous (RV) 7.5.2 permite a atacantes remotos obtener información sensible, tal como un nombre de usuario y direcciones IP, mediante una petición directa. • http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0620.html http://osvdb.org/46993 http://www.irmplc.com/content/pdfs/Security_Testing_Enterprise_Messaging_Systems.pdf http://www.securitytracker.com/id?1018512 http://www.vupen.com/english/advisories/2007/2814 •
CVE-2007-4161
https://notcve.org/view.php?id=CVE-2007-4161
rvd in TIBCO Rendezvous (RV) 7.5.2, when -no-lead-wc is omitted, might allow remote attackers to cause a denial of service (network instability) via a subject name with a leading (1) '*' (asterisk) or (2) '>' (greater than) wildcard character. rvd en TIBCO Rendezvous (RV) 7.5.2, cuando se omite -no-lead-wc, podría permitir a atacantes remotos provocar una denegación de servicio (inestabilidad de red) a través de un nombre de asunto con un carácter comodín principal (1) '*' (asterisco) o (2) '>' (mayor que). • http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0620.html http://osvdb.org/37681 http://secunia.com/advisories/26337 http://www.irmplc.com/content/pdfs/Security_Testing_Enterprise_Messaging_Systems.pdf http://www.securitytracker.com/id?1018512 http://www.vupen.com/english/advisories/2007/2814 •
CVE-2007-4160
https://notcve.org/view.php?id=CVE-2007-4160
The default configuration of TIBCO Rendezvous (RV) 7.5.2 clients, when -no-multicast is omitted, uses a multicast group as the destination for a network message, which might make it easier for remote attackers to capture message contents by sniffing the network. La configuración por defecto de los clientes TIBCO Rendezvous (RV) 7.5.2, cuando se omite el -no-multicast (multidifusión), utiliza un grupo de multicast como el destinatario de un mensaje de red, lo que puede facilitar a los atacantes remotos la captura de mensajes de contenido mediante un rastreador de red. • http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0620.html http://osvdb.org/46992 http://www.irmplc.com/content/pdfs/Security_Testing_Enterprise_Messaging_Systems.pdf http://www.securitytracker.com/id?1018512 http://www.vupen.com/english/advisories/2007/2814 •
CVE-2007-4162
https://notcve.org/view.php?id=CVE-2007-4162
TIBCO Rendezvous (RV) 7.5.2 does not protect confidentiality or integrity of inter-daemon communication, which allows remote attackers to capture and spoof traffic. TIBCO Rendezvous (RV) 7.5.2 no protege la confidencialidad ni integridad de la comunicación entre-demonios, lo cual permite a atacantes remotos capturar y suplantar tráfico. • http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0620.html http://osvdb.org/46991 http://www.irmplc.com/content/pdfs/Security_Testing_Enterprise_Messaging_Systems.pdf http://www.securitytracker.com/id?1018512 http://www.vupen.com/english/advisories/2007/2814 •
CVE-2006-4676 – TIBCO Rendezvous 7.4.11 - Password Extractor
https://notcve.org/view.php?id=CVE-2006-4676
TIBCO RendezVous 7.4.11 and earlier logs base64-encoded usernames and passwords in rvrd.db, which allows local users to obtain sensitive information by decoding the log file. Los registros de TIBCO RendezVous 7.4.11 y anteriores de los nombres de usuarios y contraseñas codificados en base64 en rvrd.db, el cual permite a un usuario local obtener informaciòn sensible a través de la decodificación del archvio de registro. • https://www.exploit-db.com/exploits/2284 http://secunia.com/advisories/21748 http://www.securityfocus.com/bid/19883 http://www.vupen.com/english/advisories/2006/3497 •