CVE-2005-3330

Published: Oct 27, 2005Modified: Apr 16, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

The _httpsrequest function in Snoopy 1.2, as used in products such as (1) MagpieRSS, (2) WordPress, (3) Ampache, and (4) Jinzora, allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTPS URL to an SSL protected web page, which is not properly handled by the fetch function.

Affected (1)

Products: Snoopy: Snoopy

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Snoopy Snoopy	Version 1.2

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (34)

http://marc.info/?l=bugtraq&m=113028858316430&w=2

Source: cve@mitre.org

http://marc.info/?l=bugtraq&m=113062897231412&w=2

Source: cve@mitre.org

http://secunia.com/advisories/17330

Source: cve@mitre.org

http://secunia.com/advisories/17455

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/17779

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/17887

Source: cve@mitre.org

Vendor Advisory

http://securityreason.com/securityalert/117

Source: cve@mitre.org

http://securitytracker.com/id?1015104

Source: cve@mitre.org

http://sourceforge.net/project/shownotes.php?release_id=368750

Source: cve@mitre.org

http://sourceforge.net/project/shownotes.php?release_id=375385

Source: cve@mitre.org

http://www.osvdb.org/20316

Source: cve@mitre.org

http://www.securityfocus.com/bid/15213

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2005/2202

Source: cve@mitre.org

Vendor Advisory

http://www.vupen.com/english/advisories/2005/2335

Source: cve@mitre.org

Vendor Advisory

http://www.vupen.com/english/advisories/2005/2727

Source: cve@mitre.org

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/22874

Source: cve@mitre.org

https://svn.ampache.org/branches/3.3.1/docs/CHANGELOG

Source: cve@mitre.org

http://marc.info/?l=bugtraq&m=113028858316430&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://marc.info/?l=bugtraq&m=113062897231412&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/17330

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/17455

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/17779

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/17887

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://securityreason.com/securityalert/117

Source: af854a3a-2127-422b-91ae-364da2661108

http://securitytracker.com/id?1015104

Source: af854a3a-2127-422b-91ae-364da2661108

http://sourceforge.net/project/shownotes.php?release_id=368750

Source: af854a3a-2127-422b-91ae-364da2661108

http://sourceforge.net/project/shownotes.php?release_id=375385

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.osvdb.org/20316

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/15213

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2005/2202

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.vupen.com/english/advisories/2005/2335

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.vupen.com/english/advisories/2005/2727

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/22874

Source: af854a3a-2127-422b-91ae-364da2661108

https://svn.ampache.org/branches/3.3.1/docs/CHANGELOG

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.