7.5

CVE-2005-3330

The _httpsrequest function in Snoopy 1.2, as used in products such as (1) MagpieRSS, (2) WordPress, (3) Ampache, and (4) Jinzora, allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTPS URL to an SSL protected web page, which is not properly handled by the fetch function.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SnoopySnoopy Version1.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 17.19% 0.967
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://marc.info/?l=bugtraq&m=113028858316430&w=2
http://marc.info/?l=bugtraq&m=113062897231412&w=2
http://secunia.com/advisories/17330
http://secunia.com/advisories/17455
Vendor Advisory
http://secunia.com/advisories/17779
Vendor Advisory
http://secunia.com/advisories/17887
Vendor Advisory
http://securityreason.com/securityalert/117
http://securitytracker.com/id?1015104
http://sourceforge.net/project/shownotes.php?release_id=368750
http://sourceforge.net/project/shownotes.php?release_id=375385
http://www.osvdb.org/20316
http://www.securityfocus.com/bid/15213
http://www.vupen.com/english/advisories/2005/2202
Vendor Advisory
http://www.vupen.com/english/advisories/2005/2335
Vendor Advisory
http://www.vupen.com/english/advisories/2005/2727
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/22874
https://svn.ampache.org/branches/3.3.1/docs/CHANGELOG