and how many use the product you found the vulnerability in?
On 10/17/07, Andy Davis <[EMAIL PROTECTED]> wrote: > > Yeah, you're right – no-one uses TIBCO products…. > > > > http://www.tibco.com/customers/default.jsp > > > > Andy > > > ------------------------------ > > *From:* phioust [mailto:[EMAIL PROTECTED] > *Sent:* 16 October 2007 19:06 > *To:* [email protected]; Andy Davis > *Subject:* Re: [Full-disclosure] IRM Vendor Alerts: Six critical remote > vulnerabilities in TIBCO SmartPGM FX > > > > LOL > > Results *1* - *10* of about *464* for *"TIBCO SmartPGM FX"*. (*0.24*seconds) > > why does irm waste their research on shit that no one uses? Is irm going > to be the next morning_wood? > > ps: thanks for your ollydbg tutorial at http://milw0rm.com/papers/178. > There is not already 1000s of guides online explaining how to set > breakpoints and find imports so thanks for this valuable information. > > On 10/16/07, *Andy Davis* <[EMAIL PROTECTED]> wrote: > > IRM have discovered six critical remote vulnerabilities in TIBCO SmartPGM > FX. Five of these vulnerabilities could potentially result in an attacker > gaining remote administrative control of the server on which SmartPGM FX is > running and therefore, also allow access to any data stored on or being > communicated by the server. > > The final vulnerability, a Denial of Service attack, would stop the > SmartPGM FX service so that file transfers could not be performed. > > More information can be found at the following location: > > http://www.irmplc.com/index.php/111-Vendor-Alerts > > Once TIBCO has produced either workarounds or patches to mitigate these > vulnerabilities, IRM will release advisories which will include full > technical details. > > > > Andy Davis| Chief Research Officer > > Information Risk Management Plc > 8th Floor | Kings Building | Smith Square | London SW1P 3JJ > Tel: +44 (0) 1242 225 205 > Fax: +44 (0) 1242 225 215 > www.irmplc.com > > The information contained in this email is privileged and confidential and > is intended only for the use of the addressee. Unauthorised disclosure, > copying or distribution of the contents is strictly prohibited. Please reply > immediately if you receive this email in error and then immediately delete > it from your system. > > Where relevant, any quotation contained within this email is exclusive of > VAT at the current rate and valid for 30 days from the date of this email. > Information Risk Management Plc (IRM) does not authorise the creation of > contracts on its behalf by email. All information contained within this > email and its attachments are subject to IRM's standard terms and > conditions, a copy of which is available upon request. > > All attachments have been scanned for viruses using regularly updated > programs. IRM cannot accept liability for any damage you incur as a result > of virus infection and we advise that you should carry out such virus and > other checks as you consider appropriate. > IRM is a company registered in England with company number 3612719. The > above address is the official registered office of IRM. > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
