- EPSS 0.36%
- Published 03.08.2007 21:17:00
- Last modified 09.04.2025 00:30:58
index.html in the HTTP administration interface in certain daemons in TIBCO Rendezvous (RV) 7.5.2 allows remote attackers to obtain sensitive information, such as a user name and IP addresses, via a direct request.
- EPSS 0.36%
- Published 03.08.2007 21:17:00
- Last modified 09.04.2025 00:30:58
The default configuration of TIBCO Rendezvous (RV) 7.5.2 clients, when -no-multicast is omitted, uses a multicast group as the destination for a network message, which might make it easier for remote attackers to capture message contents by sniffing ...
CVE-2007-4161
- EPSS 0.98%
- Published 03.08.2007 21:17:00
- Last modified 09.04.2025 00:30:58
rvd in TIBCO Rendezvous (RV) 7.5.2, when -no-lead-wc is omitted, might allow remote attackers to cause a denial of service (network instability) via a subject name with a leading (1) '*' (asterisk) or (2) '>' (greater than) wildcard character.
CVE-2007-4162
- EPSS 0.37%
- Published 03.08.2007 21:17:00
- Last modified 09.04.2025 00:30:58
TIBCO Rendezvous (RV) 7.5.2 does not protect confidentiality or integrity of inter-daemon communication, which allows remote attackers to capture and spoof traffic.
CVE-2006-4676
- EPSS 0.44%
- Published 11.09.2006 17:04:00
- Last modified 03.04.2025 01:03:51
TIBCO RendezVous 7.4.11 and earlier logs base64-encoded usernames and passwords in rvrd.db, which allows local users to obtain sensitive information by decoding the log file.
CVE-2006-2830
- EPSS 6.88%
- Published 05.06.2006 20:06:00
- Last modified 03.04.2025 01:03:51
Buffer overflow in TIBCO Rendezvous before 7.5.1, TIBCO Runtime Agent (TRA) before 5.4, and Hawk before 4.6.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via the HTTP administrative interface.