CVE-2005-3330

HIGH

The _httpsrequest function in Snoopy 1.2, as used in products such as (1) MagpieRSS, (2) WordPress, (3) Ampache, and (4) Jinzora, allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTPS URL to an SSL protected web page, which is not properly handled by the fetch function.

CVSS v2.0 Score

7.5

/ 10.0

HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:P

Information

Published: 27 oct. 2005
Updated: 16 avr. 2026
Status: Modified
Source: cve@mitre.org

Affected products

snoopy snoopy

Versions : 1.2

Weaknesses (CWE)

CWE-20

References (34)

http://marc.info/?l=bugtraq&m=113028858316430&w=2
http://marc.info/?l=bugtraq&m=113062897231412&w=2
http://secunia.com/advisories/17330
http://secunia.com/advisories/17455
Vendor Advisory
http://secunia.com/advisories/17779
Vendor Advisory
http://secunia.com/advisories/17887
Vendor Advisory
http://securityreason.com/securityalert/117
http://securitytracker.com/id?1015104
http://sourceforge.net/project/shownotes.php?release_id=368750
http://sourceforge.net/project/shownotes.php?release_id=375385
http://www.osvdb.org/20316
http://www.securityfocus.com/bid/15213
http://www.vupen.com/english/advisories/2005/2202
Vendor Advisory
http://www.vupen.com/english/advisories/2005/2335
Vendor Advisory
http://www.vupen.com/english/advisories/2005/2727
Vendor Advisory
+ 19 more references on NVD

Similar CVEs

Other vulnerabilities of type CWE-20

Loading…

Monitor your products

Get automatic alerts for every new CVE affecting your equipment.

Enable monitoring