[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247862

 
 

909

 
 

194603

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2005-3330Date: (C)2005-10-27   (M)2023-12-22


The _httpsrequest function in Snoopy 1.2, as used in products such as (1) MagpieRSS, (2) WordPress, (3) Ampache, and (4) Jinzora, allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTPS URL to an SSL protected web page, which is not properly handled by the fetch function.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECTRACK-1015104
SREASON-117
BID-15213
SECUNIA-17330
SECUNIA-17455
SECUNIA-17779
SECUNIA-17887
http://marc.info/?l=bugtraq&m=113028858316430&w=2
http://marc.info/?l=bugtraq&m=113062897231412&w=2
OSVDB-20316
ADV-2005-2202
ADV-2005-2335
ADV-2005-2727
http://sourceforge.net/project/shownotes.php?release_id=368750
http://sourceforge.net/project/shownotes.php?release_id=375385
https://svn.ampache.org/branches/3.3.1/docs/CHANGELOG
snoopy-httpsrequest-command-injection(22874)

CWE    1
CWE-20

© SecPod Technologies