Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-disclosure] Shareaza Remote Vulnerability

from [Ryan Smith] Network Security [Permanent Link]
Subject: Re: [Full-disclosure] Shareaza Remote Vulnerability
Date: Thu, 26 Jan 2006 23:07:21 -0600 
Thanks Todd, the correct link is
http://www.hustlelabs.com/shareaza_advisory.pdf :>

Ad,
I believe what you mean is that I completed 20% of a job, and the job was
correct.  I am sorry you feel my work was incomplete; do you still feel like
you recieved a deliverable that matches the dollar amount you spent on the
research?

On 1/26/06, ad@heapoverflow.com <ad@heapoverflow.com> wrote:


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

where is your proof then that the remote execution is possible, the
shareaza maker wont probably care until you add a proof on what do you
claim as exploitable..
You just made like 20% of a correct job ...


Ryan Smith wrote:

There is a vulnerability in the current version of Shareaza, a P2P
file sharing product.  It results in remote code execution.  Please
 see the advisory for more details.  There is no patch.

Credit: These vulnerabilities were discovered and researched by
Ryan Smith.

Contact: WhatsTheAddress@gmail.com
<mailto:WhatsTheAddress@gmail.com>

Details: http://www.hustlelabs.com/
<

http://www.security.nnov.ru/?gohttp://www.rem0te.com/public/images/clamav.pdf





----------------------------------------------------------------------


_______________________________________________ Full-Disclosure -
We believe in it. Charter:
http://lists.grok.org.uk/full-disclosure-charter.html Hosted and
sponsored by Secunia - http://secunia.com/


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)

iQIVAwUBQ9lO0q+LRXunxpxfAQJmXRAAkpwY9Xgwt9NwEv6JeG/gTqkSSoHwAvQo
e/97GNP+Vz1q8Gv0IxWk4HfmxUmY+oeI76pTwka/yb3p2hbpvVV5i0Ab5pYLt5OL
M3z8S8P4EGbHTn1JNsRxmO65ZRS0W/2QkYY3tLfcPXUeBekgtFhfpuSe3kPgsvEW
zGTNrHBngUZpp/AxsodWWNBRPKt8TAfk24mlLC9r/0WTn1jWv8IjBKEmsCi9trzD
XaIIZMKF9hdmjQYpXYvakwBjm0pHV3bl0IK0oh+iURC2CCWFF7LJTgulGX+QA0PX
truBCvCdKvlGsZePaugywYl/jR5GT5SS0HNa8ZxjgIoMzZn13UcMKdksFMI6aqqI
uAwQzI9dh2Hyy35l4VtPvbnqHc2gBkcLQKOh2BCB5KJ/Q45HhoF8YZYTp55W2kBN
iGQ8jnCPP59006MRt3JqZjWD3iQd5kYwALkHKi96KszbXratq/Q+8Lbp/7N1YVvT
jqN6B+w0zgMtDyE9ZcT0/vpOD49ILKtN8Et5pjOtqGU0BHvTAVLyDSacwmYHyuXX
0dRQl4BT6gITNpmCEvzd86jsTvAe3OwclcsOlZPnWNw4nywE/jEWNlW6/21E9t0y
JfXcrfADTvErX7tmteZMIAdi2BSuC8+kfMwVEqzRGNo/wGgVKH0qD4cFQXdvuRls
kAI1sXRWbQ0=
=4/ii
-----END PGP SIGNATURE-----



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Full-disclosure] RE: [funsec] BlackWorm: statistics and numbers, Gary Funck
Next by Date:  [Full-disclosure] [SECURITY] [DSA 958-1] New drupal packages fix several vulnerabilities, Martin Schulze
Previous by Thread:  Re: [Full-disclosure] Shareaza Remote Vulnerability, ad@heapoverflow.com
Next by Thread:  Re: [Full-disclosure] Shareaza Remote Vulnerability, ad@heapoverflow.com
Indexes:  [Date] [Thread] [Top] [All Lists]