| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri Jan 27 10:10:02 2006 From: whatstheaddress at gmail.com (Ryan Smith) Subject: Shareaza Remote Vulnerability Thanks Todd, the correct link is http://www.hustlelabs.com/shareaza_advisory.pdf :> Ad, I believe what you mean is that I completed 20% of a job, and the job was correct. I am sorry you feel my work was incomplete; do you still feel like you recieved a deliverable that matches the dollar amount you spent on the research? On 1/26/06, ad@...poverflow.com <ad@...poverflow.com> wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > where is your proof then that the remote execution is possible, the > shareaza maker wont probably care until you add a proof on what do you > claim as exploitable.. > You just made like 20% of a correct job ... > > > Ryan Smith wrote: > > There is a vulnerability in the current version of Shareaza, a P2P > > file sharing product. It results in remote code execution. Please > > see the advisory for more details. There is no patch. > > > > Credit: These vulnerabilities were discovered and researched by > > Ryan Smith. > > > > Contact: WhatsTheAddress@...il.com > > <mailto:WhatsTheAddress@...il.com> > > > > Details: http://www.hustlelabs.com/ > > < > http://www.security.nnov.ru/?gohttp://www.rem0te.com/public/images/clamav.pdf > > > > > > > > > > ---------------------------------------------------------------------- > > > > > > _______________________________________________ Full-Disclosure - > > We believe in it. Charter: > > http://lists.grok.org.uk/full-disclosure-charter.html Hosted and > > sponsored by Secunia - http://secunia.com/ > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.2 (MingW32) > > iQIVAwUBQ9lO0q+LRXunxpxfAQJmXRAAkpwY9Xgwt9NwEv6JeG/gTqkSSoHwAvQo > e/97GNP+Vz1q8Gv0IxWk4HfmxUmY+oeI76pTwka/yb3p2hbpvVV5i0Ab5pYLt5OL > M3z8S8P4EGbHTn1JNsRxmO65ZRS0W/2QkYY3tLfcPXUeBekgtFhfpuSe3kPgsvEW > zGTNrHBngUZpp/AxsodWWNBRPKt8TAfk24mlLC9r/0WTn1jWv8IjBKEmsCi9trzD > XaIIZMKF9hdmjQYpXYvakwBjm0pHV3bl0IK0oh+iURC2CCWFF7LJTgulGX+QA0PX > truBCvCdKvlGsZePaugywYl/jR5GT5SS0HNa8ZxjgIoMzZn13UcMKdksFMI6aqqI > uAwQzI9dh2Hyy35l4VtPvbnqHc2gBkcLQKOh2BCB5KJ/Q45HhoF8YZYTp55W2kBN > iGQ8jnCPP59006MRt3JqZjWD3iQd5kYwALkHKi96KszbXratq/Q+8Lbp/7N1YVvT > jqN6B+w0zgMtDyE9ZcT0/vpOD49ILKtN8Et5pjOtqGU0BHvTAVLyDSacwmYHyuXX > 0dRQl4BT6gITNpmCEvzd86jsTvAe3OwclcsOlZPnWNw4nywE/jEWNlW6/21E9t0y > JfXcrfADTvErX7tmteZMIAdi2BSuC8+kfMwVEqzRGNo/wGgVKH0qD4cFQXdvuRls > kAI1sXRWbQ0= > =4/ii > -----END PGP SIGNATURE----- > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060126/4e08ed2a/attachment.html
Powered by blists - more mailing lists