CVE-2005-3330

HIGH

The _httpsrequest function in Snoopy 1.2, as used in products such as (1) MagpieRSS, (2) WordPress, (3) Ampache, and (4) Jinzora, allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTPS URL to an SSL protected web page, which is not properly handled by the fetch function.

Score CVSS v2.0

7.5

/ 10.0

HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:P

Informations

Publié: 27 oct. 2005
Mis à jour: 16 avr. 2026
Statut: Modified
Source: cve@mitre.org

Produits affectés

snoopy snoopy

Versions : 1.2

Faiblesses (CWE)

CWE-20

Références (34)

http://marc.info/?l=bugtraq&m=113028858316430&w=2
http://marc.info/?l=bugtraq&m=113062897231412&w=2
http://secunia.com/advisories/17330
http://secunia.com/advisories/17455
Vendor Advisory
http://secunia.com/advisories/17779
Vendor Advisory
http://secunia.com/advisories/17887
Vendor Advisory
http://securityreason.com/securityalert/117
http://securitytracker.com/id?1015104
http://sourceforge.net/project/shownotes.php?release_id=368750
http://sourceforge.net/project/shownotes.php?release_id=375385
http://www.osvdb.org/20316
http://www.securityfocus.com/bid/15213
http://www.vupen.com/english/advisories/2005/2202
Vendor Advisory
http://www.vupen.com/english/advisories/2005/2335
Vendor Advisory
http://www.vupen.com/english/advisories/2005/2727
Vendor Advisory
+ 19 autres références sur NVD

CVEs similaires

Autres vulnérabilités de type CWE-20

Loading…

Surveillez vos produits

Recevez une alerte automatique à chaque nouvelle CVE affectant vos équipements.

Activer la surveillance