Back to search
CVE-2005-3330
Published: Oct 27, 2005
Modified: Aug 7, 2024
PUBLISHED
Description
The _httpsrequest function in Snoopy 1.2, as used in products such as (1) MagpieRSS, (2) WordPress, (3) Ampache, and (4) Jinzora, allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTPS URL to an SSL protected web page, which is not properly handled by the fetch function.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
snoopy-httpsrequest-command-injection(22874)
vdb-entry
x_refsource_XF
17887
third-party-advisory
x_refsource_SECUNIA
20051025 SEC-Consult SA 20051025-0 :: Snoopy Remote Code Execution Vulnerability
mailing-list
x_refsource_BUGTRAQ
https://svn.ampache.org/branches/3.3.1/docs/CHANGELOG
x_refsource_CONFIRM
17455
third-party-advisory
x_refsource_SECUNIA
20316
vdb-entry
x_refsource_OSVDB
117
third-party-advisory
x_refsource_SREASON
15213
vdb-entry
x_refsource_BID
http://sourceforge.net/project/shownotes.php?release_id=375385
x_refsource_CONFIRM
1015104
vdb-entry
x_refsource_SECTRACK
20051027 Re: [Full-disclosure] SEC-Consult SA 20051025-0 :: Snoopy Remote
mailing-list
x_refsource_BUGTRAQ
ADV-2005-2727
vdb-entry
x_refsource_VUPEN
http://sourceforge.net/project/shownotes.php?release_id=368750
x_refsource_CONFIRM
ADV-2005-2335
vdb-entry
x_refsource_VUPEN
17330
third-party-advisory
x_refsource_SECUNIA
17779
third-party-advisory
x_refsource_SECUNIA
ADV-2005-2202
vdb-entry
x_refsource_VUPEN
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now