Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3330

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-3330
Last Modified 07 Mar 2011 12:00:00
Published 27 Oct 2005 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-3330

Summary

The _httpsrequest function in Snoopy 1.2, as used in products such as (1) MagpieRSS, (2) WordPress, (3) Ampache, and (4) Jinzora, allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTPS URL to an SSL protected web page, which is not properly handled by the fetch function.

Vulnerable Systems

Application

  • Snoopy 1.2


References

CONFIRM - https://svn.ampache.org/branches/3.3.1/docs/CHANGELOG

XF - snoopy-httpsrequest-command-injection(22874)

VUPEN - ADV-2005-2727

VUPEN - ADV-2005-2335

VUPEN - ADV-2005-2202

BID - 15213

OSVDB - 20316

CONFIRM - http://sourceforge.net/project/shownotes.php?release_id=375385

CONFIRM - http://sourceforge.net/project/shownotes.php?release_id=368750

SECTRACK - 1015104

SREASON - 117

SECUNIA - 17887

SECUNIA - 17779

SECUNIA - 17455

SECUNIA - 17330

BUGTRAQ - 20051027 Re: [Full-disclosure] SEC-Consult SA 20051025-0 :: Snoopy Remote

BUGTRAQ - 20051025 SEC-Consult SA 20051025-0 :: Snoopy Remote Code Execution Vulnerability


Last Updated: 27 May 2016 10:40:54