CVSS: 7.5EPSS: 8%CPEs: 1EXPL: 0CVE-2007-5545
https://notcve.org/view.php?id=CVE-2007-5545
Format string vulnerability in TIBCO SmartPGM FX allows remote attackers to execute arbitrary code via format string specifiers in unspecified vectors. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. Vulnerabilidad de cadena de formato en TIBCO SmartPGM FX permite a atacantes remotos ejecutar código de su elección mediante vectores no especificados. NOTA: a fecha de 16/10/2007, la única revelación es un preaviso vago sin información de uso inmediato. • http://osvdb.org/45276 http://securityreason.com/securityalert/3249 http://www.irmplc.com/index.php/111-Vendor-Alerts http://www.securityfocus.com/archive/1/482353/100/0/threaded http://www.securityfocus.com/bid/26092 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 9.3EPSS: 8%CPEs: 1EXPL: 0CVE-2007-5546
https://notcve.org/view.php?id=CVE-2007-5546
Multiple stack-based buffer overflows in TIBCO SmartPGM FX allow remote attackers to execute arbitrary code or cause a denial of service (service stop and file-transfer outage) via unspecified vectors. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. Múltiples desbordamientos de búfer basado en pila en TIBCO SmargPGM GX permiten a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (parada del servicio e indisponibilidad de la transferencia de ficheros) a través de vectores no especificados. NOTA: a fecha de 16/10/2007, la única revelación es un vago pre-aviso sin información de uso inmediato. • http://osvdb.org/45277 http://securityreason.com/securityalert/3249 http://www.irmplc.com/index.php/111-Vendor-Alerts http://www.securityfocus.com/archive/1/482353/100/0/threaded http://www.securityfocus.com/bid/26092 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 7%CPEs: 3EXPL: 0CVE-2007-4158
https://notcve.org/view.php?id=CVE-2007-4158
Memory leak in TIBCO Rendezvous (RV) daemon (rvd) 7.5.2, 7.5.3 and 7.5.4 allows remote attackers to cause a denial of service (memory consumption) via a packet with a length field of zero, a different vulnerability than CVE-2006-2830. Una pérdida de memoria en demonio (rvd) de TIBCO Rendezvous (RV) versiones 7.5.2, 7.5.3 y 7.5.4, permite a atacantes remotos causar una denegación de servicio (consumo de memoria) por medio de un paquete con un campo de longitud de cero, una vulnerabilidad diferente de CVE-2006-2830. • http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0620.html http://osvdb.org/37680 http://secunia.com/advisories/26337 http://www.attrition.org/pipermail/vim/2007-December/001855.html http://www.irmplc.com/content/pdfs/Security_Testing_Enterprise_Messaging_Systems.pdf http://www.irmplc.com/index.php/111-Vendor-Alerts http://www.irmplc.com/index.php/160-Advisory-025 http://www.securityfocus.com/bid/25132 http://www.securitytracker.com/id?1018512 http://www.vupen.com&# • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2007-4162
https://notcve.org/view.php?id=CVE-2007-4162
TIBCO Rendezvous (RV) 7.5.2 does not protect confidentiality or integrity of inter-daemon communication, which allows remote attackers to capture and spoof traffic. TIBCO Rendezvous (RV) 7.5.2 no protege la confidencialidad ni integridad de la comunicación entre-demonios, lo cual permite a atacantes remotos capturar y suplantar tráfico. • http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0620.html http://osvdb.org/46991 http://www.irmplc.com/content/pdfs/Security_Testing_Enterprise_Messaging_Systems.pdf http://www.securitytracker.com/id?1018512 http://www.vupen.com/english/advisories/2007/2814 •
CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 0CVE-2007-4159
https://notcve.org/view.php?id=CVE-2007-4159
index.html in the HTTP administration interface in certain daemons in TIBCO Rendezvous (RV) 7.5.2 allows remote attackers to obtain sensitive information, such as a user name and IP addresses, via a direct request. index.html de la interfaz de administración HTTP en determinados demonios de TIBCO Rendezvous (RV) 7.5.2 permite a atacantes remotos obtener información sensible, tal como un nombre de usuario y direcciones IP, mediante una petición directa. • http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0620.html http://osvdb.org/46993 http://www.irmplc.com/content/pdfs/Security_Testing_Enterprise_Messaging_Systems.pdf http://www.securitytracker.com/id?1018512 http://www.vupen.com/english/advisories/2007/2814 •