Re: [Full-disclosure] Shareaza Remote Vulnerability

Fri, 27 Jan 2006 02:10:55 -0800

Thanks Todd, the correct link is http://www.hustlelabs.com/shareaza_advisory.pdf :>

Ad,
I believe what you mean is that I completed 20% of a job, and the job was correct.  I am sorry you feel my work was incomplete; do you still feel like you recieved a deliverable that matches the dollar amount you spent on the research?

On 1/26/06, [EMAIL PROTECTED] <[EMAIL PROTECTED] > wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

where is your proof then that the remote execution is possible, the
shareaza maker wont probably care until you add a proof on what do you
claim as exploitable..
You just made like 20% of a correct job ...


Ryan Smith wrote:
> There is a vulnerability in the current version of Shareaza, a P2P
> file sharing product.  It results in remote code execution.  Please
>  see the advisory for more details.  There is no patch.
>
> Credit: These vulnerabilities were discovered and researched by
> Ryan Smith.
>
> Contact: [EMAIL PROTECTED]
> <mailto:[EMAIL PROTECTED]>
>
> Details: http://www.hustlelabs.com/
> <http://www.security.nnov.ru/?gohttp://www.rem0te.com/public/images/clamav.pdf >
>
>
>
> ----------------------------------------------------------------------
>
>
> _______________________________________________ Full-Disclosure -
> We believe in it. Charter:
> http://lists.grok.org.uk/full-disclosure-charter.html Hosted and
> sponsored by Secunia - http://secunia.com/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)

iQIVAwUBQ9lO0q+LRXunxpxfAQJmXRAAkpwY9Xgwt9NwEv6JeG/gTqkSSoHwAvQo
e/97GNP+Vz1q8Gv0IxWk4HfmxUmY+oeI76pTwka/yb3p2hbpvVV5i0Ab5pYLt5OL
M3z8S8P4EGbHTn1JNsRxmO65ZRS0W/2QkYY3tLfcPXUeBekgtFhfpuSe3kPgsvEW
zGTNrHBngUZpp/AxsodWWNBRPKt8TAfk24mlLC9r/0WTn1jWv8IjBKEmsCi9trzD
XaIIZMKF9hdmjQYpXYvakwBjm0pHV3bl0IK0oh+iURC2CCWFF7LJTgulGX+QA0PX
truBCvCdKvlGsZePaugywYl/jR5GT5SS0HNa8ZxjgIoMzZn13UcMKdksFMI6aqqI
uAwQzI9dh2Hyy35l4VtPvbnqHc2gBkcLQKOh2BCB5KJ/Q45HhoF8YZYTp55W2kBN
iGQ8jnCPP59006MRt3JqZjWD3iQd5kYwALkHKi96KszbXratq/Q+8Lbp/7N1YVvT
jqN6B+w0zgMtDyE9ZcT0/vpOD49ILKtN8Et5pjOtqGU0BHvTAVLyDSacwmYHyuXX
0dRQl4BT6gITNpmCEvzd86jsTvAe3OwclcsOlZPnWNw4nywE/jEWNlW6/21E9t0y
JfXcrfADTvErX7tmteZMIAdi2BSuC8+kfMwVEqzRGNo/wGgVKH0qD4cFQXdvuRls
kAI1sXRWbQ0=
=4/ii
-----END PGP SIGNATURE-----


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Reply via email to