Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2008-4796

Published: 30/10/2008 Updated: 30/09/2021
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
VMScore: 890
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Snoopy Project

Vulnerability Summary

The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 and previous versions, as used in (1) ampache, (2) libphp-snoopy, (3) mahara, (4) mediamate, (5) opendb, (6) pixelpost, and possibly other products, allows remote malicious users to execute arbitrary commands via shell metacharacters in https URLs.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

snoopy project snoopy

debian debian linux 4.0

debian debian linux 5.0

nagios nagios

wordpress wordpress

Vendor Advisories

Ubuntu Security Notice: moodle vulnerabilities
Thor Larholm discovered that PHPMailer, as used by Moodle, did not correctly escape email addresses A local attacker with direct access to the Moodle database could exploit this to execute arbitrary commands as the web server user (CVE-2007-3215) ...
Debian Security Advisories: DSA-1691-1 moodle -- several vulnerabilities
Several remote vulnerabilities have been discovered in Moodle, an online course management system The following issues are addressed in this update, ranging from cross site scripting to remote code execution Various cross site scripting issues in the Moodle codebase (CVE-2008-3326, CVE-2008-3325, CVE-2007-3555, CVE-2008-5432, MSA-08-0021, MDL-884 ...
Debian Security Advisories: DSA-1871-1 wordpress -- several vulnerabilities
Several vulnerabilities have been discovered in wordpress, weblog manager The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-6762 It was discovered that wordpress is prone to an open redirect vulnerability which allows remote attackers to conduct phishing atacks CVE-2008-6767 It was discovered that remot ...
Debian CVElist Bug Report Logs: wordpress can be subject of delayed attacks via cookies
Debian Bug report logs - #504771 wordpress can be subject of delayed attacks via cookies Package: wordpress; Maintainer for wordpress is Craig Small <csmall@debianorg>; Source for wordpress is src:wordpress (PTS, buildd, popcon) Reported by: Raphael Geissert <atomo64@gmailcom> Date: Fri, 7 Nov 2008 02:42:04 UTC S ...
Debian CVElist Bug Report Logs: The possibility of attack with the help of symlinks in some Debian packages
Debian Bug report logs - #496369 The possibility of attack with the help of symlinks in some Debian packages Package: ampache; Maintainer for ampache is Debian QA Group <packages@qadebianorg>; Source for ampache is src:ampache (PTS, buildd, popcon) Reported by: "Dmitry E Oboukhov" <dimka@uvwru> Date: Sun, 24 Aug ...
Debian CVElist Bug Report Logs: libphp-snoopy: CVE-2008-7313 / CVE-2014-5008
Debian Bug report logs - #778634 libphp-snoopy: CVE-2008-7313 / CVE-2014-5008 Package: libphp-snoopy; Maintainer for libphp-snoopy is Debian PHP PEAR Maintainers <pkg-php-pear@listsaliothdebianorg>; Source for libphp-snoopy is src:libphp-snoopy (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> ...
Debian CVElist Bug Report Logs: CVE-2008-4796: missing input sanitising
Debian Bug report logs - #504168 CVE-2008-4796: missing input sanitising Package: libphp-snoopy; Maintainer for libphp-snoopy is Debian PHP PEAR Maintainers <pkg-php-pear@listsaliothdebianorg>; Source for libphp-snoopy is src:libphp-snoopy (PTS, buildd, popcon) Reported by: Steffen Joeris <steffenjoeris@skolelinuxde& ...
Debian CVElist Bug Report Logs: wordpress: CORE-2009-0515 priviledges unchecked and multiple information disclosures
Debian Bug report logs - #536724 wordpress: CORE-2009-0515 priviledges unchecked and multiple information disclosures Package: wordpress; Maintainer for wordpress is Craig Small <csmall@debianorg>; Source for wordpress is src:wordpress (PTS, buildd, popcon) Reported by: "Michael S Gilbert" <michaelsgilbert@gmailcom&g ...
Debian CVElist Bug Report Logs: CVE-2008-6767, CVE-2008-6762
Debian Bug report logs - #531736 CVE-2008-6767, CVE-2008-6762 Package: wordpress; Maintainer for wordpress is Craig Small <csmall@debianorg>; Source for wordpress is src:wordpress (PTS, buildd, popcon) Reported by: Giuseppe Iuculano <giuseppe@iuculanoit> Date: Wed, 3 Jun 2009 17:27:02 UTC Severity: normal Tags: s ...
Amazon Linux AMI: ALAS-2017-899
Multiple off-by-one errors in Nagios Core 351, 402, and earlier, and Icinga before 185, 19 before 194, and 110 before 1102 allow remote authenticated users to obtain sensitive information from process memory or cause a denial of service (crash) via a long string in the last key value in the variable list to the process_cgivars function ...

Exploits

Exploit DB: Feed2JS File Disclosure
Feed2JS uses MagpieRSS for parsing the feeds, and MagpieRSS uses Snoopy library for fetching the documents The version of Snoopy in use suffers from a local file disclosure vulnerability ...
Exploit DB: Nagios Core Curl Command Injection / Code Execution
Nagios Core versions prior to 422 suffer from a curl command injection vulnerability that can lead to remote code execution ...

References

CWE-78http://jvn.jp/en/jp/JVN20502807/index.htmlhttp://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000074.htmlhttp://sourceforge.net/forum/forum.php?forum_id=879959http://secunia.com/advisories/32361http://www.openwall.com/lists/oss-security/2008/11/01/1http://www.securityfocus.com/bid/31887http://www.debian.org/security/2008/dsa-1691http://www.debian.org/security/2009/dsa-1871http://www.vupen.com/english/advisories/2008/2901https://www.nagios.org/projects/nagios-core/history/4x/https://security.gentoo.org/glsa/201702-26https://exchange.xforce.ibmcloud.com/vulnerabilities/46068http://www.securityfocus.com/archive/1/496068/100/0/threadedhttps://usn.ubuntu.com/791-1/https://nvd.nist.gov
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977IMAPlocal usersCVE-2024-32038CVE-2023-49963CVE-2023-22869CVE-2024-31497localCVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook