10
CVSSv2

CVE-2008-4796

Published: 30/10/2008 Updated: 11/10/2018
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
VMScore: 890
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 and previous versions, as used in (1) ampache, (2) libphp-snoopy, (3) mahara, (4) mediamate, (5) opendb, (6) pixelpost, and possibly other products, allows remote malicious users to execute arbitrary commands via shell metacharacters in https URLs.

Vendor Advisories

Debian Bug report logs - #504168 CVE-2008-4796: missing input sanitising Package: libphp-snoopy; Maintainer for libphp-snoopy is Debian PHP PEAR Maintainers <pkg-php-pear@listsaliothdebianorg>; Source for libphp-snoopy is src:libphp-snoopy (PTS, buildd, popcon) Reported by: Steffen Joeris <steffenjoeris@skolelinuxde& ...
Debian Bug report logs - #496369 The possibility of attack with the help of symlinks in some Debian packages Package: ampache; Maintainer for ampache is Debian QA Group <packages@qadebianorg>; Source for ampache is src:ampache (PTS, buildd, popcon) Reported by: "Dmitry E Oboukhov" <dimka@uvwru> Date: Sun, 24 Aug ...
Debian Bug report logs - #778634 libphp-snoopy: CVE-2008-7313 / CVE-2014-5008 Package: libphp-snoopy; Maintainer for libphp-snoopy is Debian PHP PEAR Maintainers <pkg-php-pear@listsaliothdebianorg>; Source for libphp-snoopy is src:libphp-snoopy (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> ...
Multiple off-by-one errors in Nagios Core 351, 402, and earlier, and Icinga before 185, 19 before 194, and 110 before 1102 allow remote authenticated users to obtain sensitive information from process memory or cause a denial of service (crash) via a long string in the last key value in the variable list to the process_cgivars function ...
Several remote vulnerabilities have been discovered in Moodle, an online course management system The following issues are addressed in this update, ranging from cross site scripting to remote code execution Various cross site scripting issues in the Moodle codebase (CVE-2008-3326, CVE-2008-3325, CVE-2007-3555, CVE-2008-5432, MSA-08-0021, MDL-884 ...
Thor Larholm discovered that PHPMailer, as used by Moodle, did not correctly escape email addresses A local attacker with direct access to the Moodle database could exploit this to execute arbitrary commands as the web server user (CVE-2007-3215) ...
Several vulnerabilities have been discovered in wordpress, weblog manager The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-6762 It was discovered that wordpress is prone to an open redirect vulnerability which allows remote attackers to conduct phishing atacks CVE-2008-6767 It was discovered that remot ...
Debian Bug report logs - #504771 wordpress can be subject of delayed attacks via cookies Package: wordpress; Maintainer for wordpress is Craig Small <csmall@debianorg>; Source for wordpress is src:wordpress (PTS, buildd, popcon) Reported by: Raphael Geissert <atomo64@gmailcom> Date: Fri, 7 Nov 2008 02:42:04 UTC S ...
Debian Bug report logs - #531736 CVE-2008-6767, CVE-2008-6762 Package: wordpress; Maintainer for wordpress is Craig Small <csmall@debianorg>; Source for wordpress is src:wordpress (PTS, buildd, popcon) Reported by: Giuseppe Iuculano <giuseppe@iuculanoit> Date: Wed, 3 Jun 2009 17:27:02 UTC Severity: normal Tags: s ...
Debian Bug report logs - #536724 wordpress: CORE-2009-0515 priviledges unchecked and multiple information disclosures Package: wordpress; Maintainer for wordpress is Craig Small <csmall@debianorg>; Source for wordpress is src:wordpress (PTS, buildd, popcon) Reported by: "Michael S Gilbert" <michaelsgilbert@gmailcom&g ...

Mailing Lists

Feed2JS uses MagpieRSS for parsing the feeds, and MagpieRSS uses Snoopy library for fetching the documents The version of Snoopy in use suffers from a local file disclosure vulnerability ...
Nagios Core versions prior to 422 suffer from a curl command injection vulnerability that can lead to remote code execution ...