Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Shareaza Remote Vulnerability
From: Ryan Smith <whatstheaddress () gmail com>
Date: Thu, 26 Jan 2006 23:07:21 -0600

Thanks Todd, the correct link is
http://www.hustlelabs.com/shareaza_advisory.pdf :>

Ad,
I believe what you mean is that I completed 20% of a job, and the job was
correct.  I am sorry you feel my work was incomplete; do you still feel like
you recieved a deliverable that matches the dollar amount you spent on the
research?

On 1/26/06, ad () heapoverflow com <ad () heapoverflow com> wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

where is your proof then that the remote execution is possible, the
shareaza maker wont probably care until you add a proof on what do you
claim as exploitable..
You just made like 20% of a correct job ...


Ryan Smith wrote:
There is a vulnerability in the current version of Shareaza, a P2P
file sharing product.  It results in remote code execution.  Please
 see the advisory for more details.  There is no patch.

Credit: These vulnerabilities were discovered and researched by
Ryan Smith.

Contact: WhatsTheAddress () gmail com
<mailto:WhatsTheAddress () gmail com>

Details: http://www.hustlelabs.com/
<
http://www.security.nnov.ru/?gohttp://www.rem0te.com/public/images/clamav.pdf




----------------------------------------------------------------------


_______________________________________________ Full-Disclosure -
We believe in it. Charter:
http://lists.grok.org.uk/full-disclosure-charter.html Hosted and
sponsored by Secunia - http://secunia.com/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)

iQIVAwUBQ9lO0q+LRXunxpxfAQJmXRAAkpwY9Xgwt9NwEv6JeG/gTqkSSoHwAvQo
e/97GNP+Vz1q8Gv0IxWk4HfmxUmY+oeI76pTwka/yb3p2hbpvVV5i0Ab5pYLt5OL
M3z8S8P4EGbHTn1JNsRxmO65ZRS0W/2QkYY3tLfcPXUeBekgtFhfpuSe3kPgsvEW
zGTNrHBngUZpp/AxsodWWNBRPKt8TAfk24mlLC9r/0WTn1jWv8IjBKEmsCi9trzD
XaIIZMKF9hdmjQYpXYvakwBjm0pHV3bl0IK0oh+iURC2CCWFF7LJTgulGX+QA0PX
truBCvCdKvlGsZePaugywYl/jR5GT5SS0HNa8ZxjgIoMzZn13UcMKdksFMI6aqqI
uAwQzI9dh2Hyy35l4VtPvbnqHc2gBkcLQKOh2BCB5KJ/Q45HhoF8YZYTp55W2kBN
iGQ8jnCPP59006MRt3JqZjWD3iQd5kYwALkHKi96KszbXratq/Q+8Lbp/7N1YVvT
jqN6B+w0zgMtDyE9ZcT0/vpOD49ILKtN8Et5pjOtqGU0BHvTAVLyDSacwmYHyuXX
0dRQl4BT6gITNpmCEvzd86jsTvAe3OwclcsOlZPnWNw4nywE/jEWNlW6/21E9t0y
JfXcrfADTvErX7tmteZMIAdi2BSuC8+kfMwVEqzRGNo/wGgVKH0qD4cFQXdvuRls
kAI1sXRWbQ0=
=4/ii
-----END PGP SIGNATURE-----


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault