Vulnerability CVE-2005-3330


Published: 2005-10-27   Modified: 2012-02-12

Description:
The _httpsrequest function in Snoopy 1.2, as used in products such as (1) MagpieRSS, (2) WordPress, (3) Ampache, and (4) Jinzora, allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTPS URL to an SSL protected web page, which is not properly handled by the fetch function.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
SEC-Consult SA 20051025-0 :: Snoopy Remote Code Execution Vulnerability
Bernhard Mueller...
26.10.2005
Low
Feed2JS File Disclosure
Monte Ohrt &...
08.07.2014

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Snoopy -> Snoopy 

 References:
https://svn.ampache.org/branches/3.3.1/docs/CHANGELOG
http://xforce.iss.net/xforce/xfdb/22874
http://www.vupen.com/english/advisories/2005/2727
http://www.vupen.com/english/advisories/2005/2335
http://www.vupen.com/english/advisories/2005/2202
http://www.securityfocus.com/bid/15213
http://www.osvdb.org/20316
http://sourceforge.net/project/shownotes.php?release_id=375385
http://sourceforge.net/project/shownotes.php?release_id=368750
http://securitytracker.com/id?1015104
http://securityreason.com/securityalert/117
http://secunia.com/advisories/17887
http://secunia.com/advisories/17779
http://secunia.com/advisories/17455
http://secunia.com/advisories/17330
http://marc.theaimsgroup.com/?l=bugtraq&m=113062897231412&w=2
http://marc.theaimsgroup.com/?l=bugtraq&m=113028858316430&w=2

Copyright 2024, cxsecurity.com

 

Back to Top