Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2005-3330

Published: 27/10/2005 Updated: 11/07/2017
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 755
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Snoopy

Vulnerability Summary

The _httpsrequest function in Snoopy 1.2, as used in products such as (1) MagpieRSS, (2) WordPress, (3) Ampache, and (4) Jinzora, allows remote malicious users to execute arbitrary commands via shell metacharacters in an HTTPS URL to an SSL protected web page, which is not properly handled by the fetch function.

Vulnerable Product Search on Vulmon Subscribe to Product

snoopy snoopy 1.2

Exploits

Exploit DB: Snoopy 0.9x/1.0/1.2 - Arbitrary Command Execution
source: wwwsecurityfocuscom/bid/15213/info Snoopy is prone to a vulnerability that lets attackers execute arbitrary commands because the application fails to properly sanitize user-supplied input This issue may facilitate unauthorized remote access to the application in the context of the webserver www%22;+echo+'hello'+%3E+ ...
Exploit DB: Feed2JS File Disclosure
Feed2JS uses MagpieRSS for parsing the feeds, and MagpieRSS uses Snoopy library for fetching the documents The version of Snoopy in use suffers from a local file disclosure vulnerability ...

References

CWE-20http://www.securityfocus.com/bid/15213http://www.osvdb.org/20316http://securitytracker.com/id?1015104http://secunia.com/advisories/17330https://svn.ampache.org/branches/3.3.1/docs/CHANGELOGhttp://secunia.com/advisories/17779http://sourceforge.net/project/shownotes.php?release_id=375385http://secunia.com/advisories/17887http://sourceforge.net/project/shownotes.php?release_id=368750http://secunia.com/advisories/17455http://securityreason.com/securityalert/117http://www.vupen.com/english/advisories/2005/2202http://www.vupen.com/english/advisories/2005/2727http://www.vupen.com/english/advisories/2005/2335http://marc.info/?l=bugtraq&m=113028858316430&w=2http://marc.info/?l=bugtraq&m=113062897231412&w=2https://exchange.xforce.ibmcloud.com/vulnerabilities/22874https://nvd.nist.govhttps://www.exploit-db.com/exploits/26424/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook