[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <5f4333a90710161106k6ab5814ak5ff03c82a9f20f63@mail.gmail.com>
Date: Tue, 16 Oct 2007 13:06:04 -0500
From: phioust <phioust@...il.com>
To: full-disclosure@...ts.grok.org.uk, andy.davis@...plc.com
Subject: Re: IRM Vendor Alerts: Six critical remote
vulnerabilities in TIBCO SmartPGM FX
LOL
Results *1* - *10* of about *464* for *"TIBCO SmartPGM FX"*. (*0.24*seconds)
why does irm waste their research on shit that no one uses? Is irm going to
be the next morning_wood?
ps: thanks for your ollydbg tutorial at http://milw0rm.com/papers/178.
There is not already 1000s of guides online explaining how to set
breakpoints and find imports so thanks for this valuable information.
On 10/16/07, Andy Davis <andy.davis@...plc.com> wrote:
>
> IRM have discovered six critical remote vulnerabilities in TIBCO SmartPGM
> FX. Five of these vulnerabilities could potentially result in an attacker
> gaining remote administrative control of the server on which SmartPGM FX is
> running and therefore, also allow access to any data stored on or being
> communicated by the server.
>
> The final vulnerability, a Denial of Service attack, would stop the
> SmartPGM FX service so that file transfers could not be performed.
>
> More information can be found at the following location:
>
> http://www.irmplc.com/index.php/111-Vendor-Alerts
>
> Once TIBCO has produced either workarounds or patches to mitigate these
> vulnerabilities, IRM will release advisories which will include full
> technical details.
>
>
>
> Andy Davis| Chief Research Officer
>
> Information Risk Management Plc
> 8th Floor | Kings Building | Smith Square | London SW1P 3JJ
> Tel: +44 (0) 1242 225 205
> Fax: +44 (0) 1242 225 215
> www.irmplc.com
>
> The information contained in this email is privileged and confidential and
> is intended only for the use of the addressee. Unauthorised disclosure,
> copying or distribution of the contents is strictly prohibited. Please reply
> immediately if you receive this email in error and then immediately delete
> it from your system.
>
> Where relevant, any quotation contained within this email is exclusive of
> VAT at the current rate and valid for 30 days from the date of this email.
> Information Risk Management Plc (IRM) does not authorise the creation of
> contracts on its behalf by email. All information contained within this
> email and its attachments are subject to IRM's standard terms and
> conditions, a copy of which is available upon request.
>
> All attachments have been scanned for viruses using regularly updated
> programs. IRM cannot accept liability for any damage you incur as a result
> of virus infection and we advise that you should carry out such virus and
> other checks as you consider appropriate.
> IRM is a company registered in England with company number 3612719. The
> above address is the official registered office of IRM.
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists