Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4796

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2008-4796
Last Modified 18 Jul 2011 12:00:00
Published 30 Oct 2008 04:56:54
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-4796

Summary

The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 and earlier, as used in (1) ampache, (2) libphp-snoopy, (3) mahara, (4) mediamate, (5) opendb, (6) pixelpost, and possibly other products, allows remote attackers to execute arbitrary commands via shell metacharacters in https URLs.

Vulnerable Systems

Application

  • Andrei Zmievski Snoopy 0.91

  • Andrei Zmievski Snoopy 0.92

  • Andrei Zmievski Snoopy 0.93

  • Andrei Zmievski Snoopy 0.94

  • Andrei Zmievski Snoopy 1.0

  • Andrei Zmievski Snoopy 1.01

  • Andrei Zmievski Snoopy 1.2

  • Andrei Zmievski Snoopy 1.2.1

  • Andrei Zmievski Snoopy 1.2.2

  • Andrei Zmievski Snoopy 1.2.3


References

BID - 31887

DEBIAN - DSA-1691

CONFIRM - http://sourceforge.net/forum/forum.php?forum_id=879959

XF - snoopy-snoopyclass-command-execution(46068)

VUPEN - ADV-2008-2901

BUGTRAQ - 20080907 xoops-1.3.10 shell command execute vulnerability ( causing snoopy class )

MLIST - [oss-security] 20081101 CVE-2008-4796: snoopy triage

DEBIAN - DSA-1871

SECUNIA - 32361

JVNDB - JVNDB-2008-000074

JVN - JVN#20502807


Last Updated: 27 May 2016 10:48:38