Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
11 vulnerabilities found for Snoopy by Snoopy
CVE-2014-5009 (GCVE-0-2014-5009)
Vulnerability from nvd – Published: 2017-03-31 15:00 – Updated: 2024-08-06 11:34
VLAI?
Summary
Snoopy allows remote attackers to execute arbitrary commands. NOTE: this vulnerability exists due to an incomplete fix for CVE-2014-5008.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
Date Public ?
2014-07-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:34:37.165Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20140709 CVE request - Snoopy incomplete fix for CVE-2008-4796",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/09/11"
},
{
"name": "68783",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68783"
},
{
"name": "[oss-security] 20140718 Re: CVE request - Snoopy incomplete fix for CVE-2008-4796",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/18/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class.php?r1=1.28\u0026r2=1.29"
},
{
"name": "[oss-security] 20140716 Re: Re: CVE request - Snoopy incomplete fix for CVE-2008-4796",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/16/10"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024264"
},
{
"name": "RHSA-2017:0212",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0212.html"
},
{
"name": "RHSA-2017:0213",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0213.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1121497"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/cogdog/feed2js/pull/12#issuecomment-48283706"
},
{
"name": "snoopy-cve20145009-command-exec(94738)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94738"
},
{
"name": "RHSA-2017:0214",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0214.html"
},
{
"name": "RHSA-2017:0211",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0211.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Snoopy allows remote attackers to execute arbitrary commands. NOTE: this vulnerability exists due to an incomplete fix for CVE-2014-5008."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20140709 CVE request - Snoopy incomplete fix for CVE-2008-4796",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/09/11"
},
{
"name": "68783",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68783"
},
{
"name": "[oss-security] 20140718 Re: CVE request - Snoopy incomplete fix for CVE-2008-4796",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/18/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class.php?r1=1.28\u0026r2=1.29"
},
{
"name": "[oss-security] 20140716 Re: Re: CVE request - Snoopy incomplete fix for CVE-2008-4796",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/16/10"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024264"
},
{
"name": "RHSA-2017:0212",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0212.html"
},
{
"name": "RHSA-2017:0213",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0213.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1121497"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cogdog/feed2js/pull/12#issuecomment-48283706"
},
{
"name": "snoopy-cve20145009-command-exec(94738)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94738"
},
{
"name": "RHSA-2017:0214",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0214.html"
},
{
"name": "RHSA-2017:0211",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0211.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5009",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Snoopy allows remote attackers to execute arbitrary commands. NOTE: this vulnerability exists due to an incomplete fix for CVE-2014-5008."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20140709 CVE request - Snoopy incomplete fix for CVE-2008-4796",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/07/09/11"
},
{
"name": "68783",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68783"
},
{
"name": "[oss-security] 20140718 Re: CVE request - Snoopy incomplete fix for CVE-2008-4796",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/07/18/2"
},
{
"name": "http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class.php?r1=1.28\u0026r2=1.29",
"refsource": "CONFIRM",
"url": "http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class.php?r1=1.28\u0026r2=1.29"
},
{
"name": "[oss-security] 20140716 Re: Re: CVE request - Snoopy incomplete fix for CVE-2008-4796",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/07/16/10"
},
{
"name": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024264",
"refsource": "MISC",
"url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024264"
},
{
"name": "RHSA-2017:0212",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0212.html"
},
{
"name": "RHSA-2017:0213",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0213.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1121497",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1121497"
},
{
"name": "https://github.com/cogdog/feed2js/pull/12#issuecomment-48283706",
"refsource": "MISC",
"url": "https://github.com/cogdog/feed2js/pull/12#issuecomment-48283706"
},
{
"name": "snoopy-cve20145009-command-exec(94738)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94738"
},
{
"name": "RHSA-2017:0214",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0214.html"
},
{
"name": "RHSA-2017:0211",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0211.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-5009",
"datePublished": "2017-03-31T15:00:00.000Z",
"dateReserved": "2014-07-18T00:00:00.000Z",
"dateUpdated": "2024-08-06T11:34:37.165Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-5008 (GCVE-0-2014-5008)
Vulnerability from nvd – Published: 2017-03-31 15:00 – Updated: 2024-08-06 11:34
VLAI?
Summary
Snoopy allows remote attackers to execute arbitrary commands.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
Date Public ?
2014-07-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:34:37.155Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "68419",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68419"
},
{
"name": "[oss-security] 20140718 Re: CVE request - Snoopy incomplete fix for CVE-2008-4796",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/18/2"
},
{
"name": "DSA-3248",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3248"
},
{
"name": "[oss-security] 20140716 Re: Re: CVE request - Snoopy incomplete fix for CVE-2008-4796",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/16/10"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024264"
},
{
"name": "RHSA-2017:0212",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0212.html"
},
{
"name": "RHSA-2017:0213",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0213.html"
},
{
"name": "[oss-security] 20161221 Re: Nagios Core \u003c 4.2.2 Curl Command Injection leading to Remote Code Execution [CVE-2016-9565]",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/21/8"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1121497"
},
{
"name": "RHSA-2017:0214",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0214.html"
},
{
"name": "RHSA-2017:0211",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0211.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class.php?view=log#rev1.28"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Snoopy allows remote attackers to execute arbitrary commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-31T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "68419",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68419"
},
{
"name": "[oss-security] 20140718 Re: CVE request - Snoopy incomplete fix for CVE-2008-4796",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/18/2"
},
{
"name": "DSA-3248",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3248"
},
{
"name": "[oss-security] 20140716 Re: Re: CVE request - Snoopy incomplete fix for CVE-2008-4796",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/16/10"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024264"
},
{
"name": "RHSA-2017:0212",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0212.html"
},
{
"name": "RHSA-2017:0213",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0213.html"
},
{
"name": "[oss-security] 20161221 Re: Nagios Core \u003c 4.2.2 Curl Command Injection leading to Remote Code Execution [CVE-2016-9565]",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/21/8"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1121497"
},
{
"name": "RHSA-2017:0214",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0214.html"
},
{
"name": "RHSA-2017:0211",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0211.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class.php?view=log#rev1.28"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5008",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Snoopy allows remote attackers to execute arbitrary commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "68419",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68419"
},
{
"name": "[oss-security] 20140718 Re: CVE request - Snoopy incomplete fix for CVE-2008-4796",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/07/18/2"
},
{
"name": "DSA-3248",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3248"
},
{
"name": "[oss-security] 20140716 Re: Re: CVE request - Snoopy incomplete fix for CVE-2008-4796",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/07/16/10"
},
{
"name": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024264",
"refsource": "MISC",
"url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024264"
},
{
"name": "RHSA-2017:0212",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0212.html"
},
{
"name": "RHSA-2017:0213",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0213.html"
},
{
"name": "[oss-security] 20161221 Re: Nagios Core \u003c 4.2.2 Curl Command Injection leading to Remote Code Execution [CVE-2016-9565]",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/21/8"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1121497",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1121497"
},
{
"name": "RHSA-2017:0214",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0214.html"
},
{
"name": "RHSA-2017:0211",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0211.html"
},
{
"name": "http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class.php?view=log#rev1.28",
"refsource": "CONFIRM",
"url": "http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class.php?view=log#rev1.28"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-5008",
"datePublished": "2017-03-31T15:00:00.000Z",
"dateReserved": "2014-07-18T00:00:00.000Z",
"dateUpdated": "2024-08-06T11:34:37.155Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-7313 (GCVE-0-2008-7313)
Vulnerability from nvd – Published: 2017-03-31 15:00 – Updated: 2024-08-07 12:03
VLAI?
Summary
The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. NOTE: this issue exists dues to an incomplete fix for CVE-2008-4796.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
Date Public ?
2008-11-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:03:37.083Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20140709 CVE request - Snoopy incomplete fix for CVE-2008-4796",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/09/11"
},
{
"name": "[oss-security] 20140718 Re: CVE request - Snoopy incomplete fix for CVE-2008-4796",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/18/2"
},
{
"name": "68776",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68776"
},
{
"name": "[oss-security] 20140716 Re: Re: CVE request - Snoopy incomplete fix for CVE-2008-4796",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/16/10"
},
{
"name": "snoopy-cve20087313-command-exec(94737)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94737"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024264"
},
{
"name": "RHSA-2017:0213",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2017-0213.html"
},
{
"name": "RHSA-2017:0211",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2017-0211.html"
},
{
"name": "RHSA-2017:0212",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2017-0212.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class.php?view=log#rev1.27"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1121497"
},
{
"name": "GLSA-201702-26",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201702-26"
},
{
"name": "RHSA-2017:0214",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2017-0214.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. NOTE: this issue exists dues to an incomplete fix for CVE-2008-4796."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-31T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20140709 CVE request - Snoopy incomplete fix for CVE-2008-4796",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/09/11"
},
{
"name": "[oss-security] 20140718 Re: CVE request - Snoopy incomplete fix for CVE-2008-4796",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/18/2"
},
{
"name": "68776",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68776"
},
{
"name": "[oss-security] 20140716 Re: Re: CVE request - Snoopy incomplete fix for CVE-2008-4796",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/16/10"
},
{
"name": "snoopy-cve20087313-command-exec(94737)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94737"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024264"
},
{
"name": "RHSA-2017:0213",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2017-0213.html"
},
{
"name": "RHSA-2017:0211",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2017-0211.html"
},
{
"name": "RHSA-2017:0212",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2017-0212.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class.php?view=log#rev1.27"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1121497"
},
{
"name": "GLSA-201702-26",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201702-26"
},
{
"name": "RHSA-2017:0214",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2017-0214.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7313",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. NOTE: this issue exists dues to an incomplete fix for CVE-2008-4796."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20140709 CVE request - Snoopy incomplete fix for CVE-2008-4796",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/07/09/11"
},
{
"name": "[oss-security] 20140718 Re: CVE request - Snoopy incomplete fix for CVE-2008-4796",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/07/18/2"
},
{
"name": "68776",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68776"
},
{
"name": "[oss-security] 20140716 Re: Re: CVE request - Snoopy incomplete fix for CVE-2008-4796",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/07/16/10"
},
{
"name": "snoopy-cve20087313-command-exec(94737)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94737"
},
{
"name": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024264",
"refsource": "MISC",
"url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024264"
},
{
"name": "RHSA-2017:0213",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2017-0213.html"
},
{
"name": "RHSA-2017:0211",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2017-0211.html"
},
{
"name": "RHSA-2017:0212",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2017-0212.html"
},
{
"name": "http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class.php?view=log#rev1.27",
"refsource": "CONFIRM",
"url": "http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class.php?view=log#rev1.27"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1121497",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1121497"
},
{
"name": "GLSA-201702-26",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-26"
},
{
"name": "RHSA-2017:0214",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2017-0214.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-7313",
"datePublished": "2017-03-31T15:00:00.000Z",
"dateReserved": "2014-07-18T00:00:00.000Z",
"dateUpdated": "2024-08-07T12:03:37.083Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0502 (GCVE-0-2009-0502)
Vulnerability from nvd – Published: 2009-02-10 02:00 – Updated: 2024-08-07 04:40
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in blocks/html/block_html.php in Snoopy 1.2.3, as used in Moodle 1.6 before 1.6.9, 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before 1.9.4, allows remote attackers to inject arbitrary web script or HTML via an HTML block, which is not properly handled when the "Login as" feature is used to visit a MyMoodle or Blog page.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Date Public ?
2009-02-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:40:03.511Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SR:2009:007",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://moodle.org/security/"
},
{
"name": "34418",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34418"
},
{
"name": "33955",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33955"
},
{
"name": "DSA-1724",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1724"
},
{
"name": "[oss-security] 20090204 CVS request - Moodle",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/02/04/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-02-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in blocks/html/block_html.php in Snoopy 1.2.3, as used in Moodle 1.6 before 1.6.9, 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before 1.9.4, allows remote attackers to inject arbitrary web script or HTML via an HTML block, which is not properly handled when the \"Login as\" feature is used to visit a MyMoodle or Blog page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-04-01T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "SUSE-SR:2009:007",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://moodle.org/security/"
},
{
"name": "34418",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34418"
},
{
"name": "33955",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33955"
},
{
"name": "DSA-1724",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1724"
},
{
"name": "[oss-security] 20090204 CVS request - Moodle",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/02/04/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0502",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in blocks/html/block_html.php in Snoopy 1.2.3, as used in Moodle 1.6 before 1.6.9, 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before 1.9.4, allows remote attackers to inject arbitrary web script or HTML via an HTML block, which is not properly handled when the \"Login as\" feature is used to visit a MyMoodle or Blog page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SR:2009:007",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
},
{
"name": "http://moodle.org/security/",
"refsource": "CONFIRM",
"url": "http://moodle.org/security/"
},
{
"name": "34418",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34418"
},
{
"name": "33955",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33955"
},
{
"name": "DSA-1724",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1724"
},
{
"name": "[oss-security] 20090204 CVS request - Moodle",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/02/04/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0502",
"datePublished": "2009-02-10T02:00:00.000Z",
"dateReserved": "2009-02-09T00:00:00.000Z",
"dateUpdated": "2024-08-07T04:40:03.511Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3330 (GCVE-0-2005-3330)
Vulnerability from nvd – Published: 2005-10-27 04:00 – Updated: 2024-08-07 23:10
VLAI?
Summary
The _httpsrequest function in Snoopy 1.2, as used in products such as (1) MagpieRSS, (2) WordPress, (3) Ampache, and (4) Jinzora, allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTPS URL to an SSL protected web page, which is not properly handled by the fetch function.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
Date Public ?
2005-10-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:10:08.539Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "snoopy-httpsrequest-command-injection(22874)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22874"
},
{
"name": "17887",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17887"
},
{
"name": "20051025 SEC-Consult SA 20051025-0 :: Snoopy Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113028858316430\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://svn.ampache.org/branches/3.3.1/docs/CHANGELOG"
},
{
"name": "17455",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17455"
},
{
"name": "20316",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/20316"
},
{
"name": "117",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/117"
},
{
"name": "15213",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15213"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=375385"
},
{
"name": "1015104",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015104"
},
{
"name": "20051027 Re: [Full-disclosure] SEC-Consult SA 20051025-0 :: Snoopy Remote",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113062897231412\u0026w=2"
},
{
"name": "ADV-2005-2727",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2727"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=368750"
},
{
"name": "ADV-2005-2335",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2335"
},
{
"name": "17330",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17330"
},
{
"name": "17779",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17779"
},
{
"name": "ADV-2005-2202",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2202"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-10-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The _httpsrequest function in Snoopy 1.2, as used in products such as (1) MagpieRSS, (2) WordPress, (3) Ampache, and (4) Jinzora, allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTPS URL to an SSL protected web page, which is not properly handled by the fetch function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "snoopy-httpsrequest-command-injection(22874)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22874"
},
{
"name": "17887",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17887"
},
{
"name": "20051025 SEC-Consult SA 20051025-0 :: Snoopy Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113028858316430\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://svn.ampache.org/branches/3.3.1/docs/CHANGELOG"
},
{
"name": "17455",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17455"
},
{
"name": "20316",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/20316"
},
{
"name": "117",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/117"
},
{
"name": "15213",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15213"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=375385"
},
{
"name": "1015104",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015104"
},
{
"name": "20051027 Re: [Full-disclosure] SEC-Consult SA 20051025-0 :: Snoopy Remote",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113062897231412\u0026w=2"
},
{
"name": "ADV-2005-2727",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2727"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=368750"
},
{
"name": "ADV-2005-2335",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2335"
},
{
"name": "17330",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17330"
},
{
"name": "17779",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17779"
},
{
"name": "ADV-2005-2202",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2202"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3330",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The _httpsrequest function in Snoopy 1.2, as used in products such as (1) MagpieRSS, (2) WordPress, (3) Ampache, and (4) Jinzora, allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTPS URL to an SSL protected web page, which is not properly handled by the fetch function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "snoopy-httpsrequest-command-injection(22874)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22874"
},
{
"name": "17887",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17887"
},
{
"name": "20051025 SEC-Consult SA 20051025-0 :: Snoopy Remote Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=113028858316430\u0026w=2"
},
{
"name": "https://svn.ampache.org/branches/3.3.1/docs/CHANGELOG",
"refsource": "CONFIRM",
"url": "https://svn.ampache.org/branches/3.3.1/docs/CHANGELOG"
},
{
"name": "17455",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17455"
},
{
"name": "20316",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20316"
},
{
"name": "117",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/117"
},
{
"name": "15213",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15213"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=375385",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=375385"
},
{
"name": "1015104",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015104"
},
{
"name": "20051027 Re: [Full-disclosure] SEC-Consult SA 20051025-0 :: Snoopy Remote",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=113062897231412\u0026w=2"
},
{
"name": "ADV-2005-2727",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2727"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=368750",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=368750"
},
{
"name": "ADV-2005-2335",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2335"
},
{
"name": "17330",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17330"
},
{
"name": "17779",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17779"
},
{
"name": "ADV-2005-2202",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2202"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3330",
"datePublished": "2005-10-27T04:00:00.000Z",
"dateReserved": "2005-10-27T00:00:00.000Z",
"dateUpdated": "2024-08-07T23:10:08.539Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-7313 (GCVE-0-2008-7313)
Vulnerability from cvelistv5 – Published: 2017-03-31 15:00 – Updated: 2024-08-07 12:03
VLAI?
Summary
The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. NOTE: this issue exists dues to an incomplete fix for CVE-2008-4796.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
Date Public ?
2008-11-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:03:37.083Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20140709 CVE request - Snoopy incomplete fix for CVE-2008-4796",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/09/11"
},
{
"name": "[oss-security] 20140718 Re: CVE request - Snoopy incomplete fix for CVE-2008-4796",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/18/2"
},
{
"name": "68776",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68776"
},
{
"name": "[oss-security] 20140716 Re: Re: CVE request - Snoopy incomplete fix for CVE-2008-4796",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/16/10"
},
{
"name": "snoopy-cve20087313-command-exec(94737)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94737"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024264"
},
{
"name": "RHSA-2017:0213",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2017-0213.html"
},
{
"name": "RHSA-2017:0211",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2017-0211.html"
},
{
"name": "RHSA-2017:0212",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2017-0212.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class.php?view=log#rev1.27"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1121497"
},
{
"name": "GLSA-201702-26",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201702-26"
},
{
"name": "RHSA-2017:0214",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2017-0214.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. NOTE: this issue exists dues to an incomplete fix for CVE-2008-4796."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-31T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20140709 CVE request - Snoopy incomplete fix for CVE-2008-4796",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/09/11"
},
{
"name": "[oss-security] 20140718 Re: CVE request - Snoopy incomplete fix for CVE-2008-4796",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/18/2"
},
{
"name": "68776",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68776"
},
{
"name": "[oss-security] 20140716 Re: Re: CVE request - Snoopy incomplete fix for CVE-2008-4796",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/16/10"
},
{
"name": "snoopy-cve20087313-command-exec(94737)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94737"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024264"
},
{
"name": "RHSA-2017:0213",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2017-0213.html"
},
{
"name": "RHSA-2017:0211",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2017-0211.html"
},
{
"name": "RHSA-2017:0212",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2017-0212.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class.php?view=log#rev1.27"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1121497"
},
{
"name": "GLSA-201702-26",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201702-26"
},
{
"name": "RHSA-2017:0214",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2017-0214.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7313",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. NOTE: this issue exists dues to an incomplete fix for CVE-2008-4796."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20140709 CVE request - Snoopy incomplete fix for CVE-2008-4796",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/07/09/11"
},
{
"name": "[oss-security] 20140718 Re: CVE request - Snoopy incomplete fix for CVE-2008-4796",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/07/18/2"
},
{
"name": "68776",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68776"
},
{
"name": "[oss-security] 20140716 Re: Re: CVE request - Snoopy incomplete fix for CVE-2008-4796",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/07/16/10"
},
{
"name": "snoopy-cve20087313-command-exec(94737)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94737"
},
{
"name": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024264",
"refsource": "MISC",
"url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024264"
},
{
"name": "RHSA-2017:0213",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2017-0213.html"
},
{
"name": "RHSA-2017:0211",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2017-0211.html"
},
{
"name": "RHSA-2017:0212",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2017-0212.html"
},
{
"name": "http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class.php?view=log#rev1.27",
"refsource": "CONFIRM",
"url": "http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class.php?view=log#rev1.27"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1121497",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1121497"
},
{
"name": "GLSA-201702-26",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-26"
},
{
"name": "RHSA-2017:0214",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2017-0214.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-7313",
"datePublished": "2017-03-31T15:00:00.000Z",
"dateReserved": "2014-07-18T00:00:00.000Z",
"dateUpdated": "2024-08-07T12:03:37.083Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-5009 (GCVE-0-2014-5009)
Vulnerability from cvelistv5 – Published: 2017-03-31 15:00 – Updated: 2024-08-06 11:34
VLAI?
Summary
Snoopy allows remote attackers to execute arbitrary commands. NOTE: this vulnerability exists due to an incomplete fix for CVE-2014-5008.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
Date Public ?
2014-07-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:34:37.165Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20140709 CVE request - Snoopy incomplete fix for CVE-2008-4796",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/09/11"
},
{
"name": "68783",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68783"
},
{
"name": "[oss-security] 20140718 Re: CVE request - Snoopy incomplete fix for CVE-2008-4796",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/18/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class.php?r1=1.28\u0026r2=1.29"
},
{
"name": "[oss-security] 20140716 Re: Re: CVE request - Snoopy incomplete fix for CVE-2008-4796",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/16/10"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024264"
},
{
"name": "RHSA-2017:0212",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0212.html"
},
{
"name": "RHSA-2017:0213",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0213.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1121497"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/cogdog/feed2js/pull/12#issuecomment-48283706"
},
{
"name": "snoopy-cve20145009-command-exec(94738)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94738"
},
{
"name": "RHSA-2017:0214",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0214.html"
},
{
"name": "RHSA-2017:0211",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0211.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Snoopy allows remote attackers to execute arbitrary commands. NOTE: this vulnerability exists due to an incomplete fix for CVE-2014-5008."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20140709 CVE request - Snoopy incomplete fix for CVE-2008-4796",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/09/11"
},
{
"name": "68783",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68783"
},
{
"name": "[oss-security] 20140718 Re: CVE request - Snoopy incomplete fix for CVE-2008-4796",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/18/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class.php?r1=1.28\u0026r2=1.29"
},
{
"name": "[oss-security] 20140716 Re: Re: CVE request - Snoopy incomplete fix for CVE-2008-4796",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/16/10"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024264"
},
{
"name": "RHSA-2017:0212",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0212.html"
},
{
"name": "RHSA-2017:0213",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0213.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1121497"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cogdog/feed2js/pull/12#issuecomment-48283706"
},
{
"name": "snoopy-cve20145009-command-exec(94738)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94738"
},
{
"name": "RHSA-2017:0214",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0214.html"
},
{
"name": "RHSA-2017:0211",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0211.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5009",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Snoopy allows remote attackers to execute arbitrary commands. NOTE: this vulnerability exists due to an incomplete fix for CVE-2014-5008."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20140709 CVE request - Snoopy incomplete fix for CVE-2008-4796",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/07/09/11"
},
{
"name": "68783",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68783"
},
{
"name": "[oss-security] 20140718 Re: CVE request - Snoopy incomplete fix for CVE-2008-4796",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/07/18/2"
},
{
"name": "http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class.php?r1=1.28\u0026r2=1.29",
"refsource": "CONFIRM",
"url": "http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class.php?r1=1.28\u0026r2=1.29"
},
{
"name": "[oss-security] 20140716 Re: Re: CVE request - Snoopy incomplete fix for CVE-2008-4796",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/07/16/10"
},
{
"name": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024264",
"refsource": "MISC",
"url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024264"
},
{
"name": "RHSA-2017:0212",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0212.html"
},
{
"name": "RHSA-2017:0213",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0213.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1121497",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1121497"
},
{
"name": "https://github.com/cogdog/feed2js/pull/12#issuecomment-48283706",
"refsource": "MISC",
"url": "https://github.com/cogdog/feed2js/pull/12#issuecomment-48283706"
},
{
"name": "snoopy-cve20145009-command-exec(94738)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94738"
},
{
"name": "RHSA-2017:0214",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0214.html"
},
{
"name": "RHSA-2017:0211",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0211.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-5009",
"datePublished": "2017-03-31T15:00:00.000Z",
"dateReserved": "2014-07-18T00:00:00.000Z",
"dateUpdated": "2024-08-06T11:34:37.165Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-5008 (GCVE-0-2014-5008)
Vulnerability from cvelistv5 – Published: 2017-03-31 15:00 – Updated: 2024-08-06 11:34
VLAI?
Summary
Snoopy allows remote attackers to execute arbitrary commands.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
Date Public ?
2014-07-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:34:37.155Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "68419",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68419"
},
{
"name": "[oss-security] 20140718 Re: CVE request - Snoopy incomplete fix for CVE-2008-4796",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/18/2"
},
{
"name": "DSA-3248",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3248"
},
{
"name": "[oss-security] 20140716 Re: Re: CVE request - Snoopy incomplete fix for CVE-2008-4796",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/16/10"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024264"
},
{
"name": "RHSA-2017:0212",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0212.html"
},
{
"name": "RHSA-2017:0213",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0213.html"
},
{
"name": "[oss-security] 20161221 Re: Nagios Core \u003c 4.2.2 Curl Command Injection leading to Remote Code Execution [CVE-2016-9565]",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/21/8"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1121497"
},
{
"name": "RHSA-2017:0214",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0214.html"
},
{
"name": "RHSA-2017:0211",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0211.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class.php?view=log#rev1.28"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Snoopy allows remote attackers to execute arbitrary commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-31T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "68419",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68419"
},
{
"name": "[oss-security] 20140718 Re: CVE request - Snoopy incomplete fix for CVE-2008-4796",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/18/2"
},
{
"name": "DSA-3248",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3248"
},
{
"name": "[oss-security] 20140716 Re: Re: CVE request - Snoopy incomplete fix for CVE-2008-4796",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/16/10"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024264"
},
{
"name": "RHSA-2017:0212",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0212.html"
},
{
"name": "RHSA-2017:0213",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0213.html"
},
{
"name": "[oss-security] 20161221 Re: Nagios Core \u003c 4.2.2 Curl Command Injection leading to Remote Code Execution [CVE-2016-9565]",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/21/8"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1121497"
},
{
"name": "RHSA-2017:0214",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0214.html"
},
{
"name": "RHSA-2017:0211",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0211.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class.php?view=log#rev1.28"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5008",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Snoopy allows remote attackers to execute arbitrary commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "68419",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68419"
},
{
"name": "[oss-security] 20140718 Re: CVE request - Snoopy incomplete fix for CVE-2008-4796",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/07/18/2"
},
{
"name": "DSA-3248",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3248"
},
{
"name": "[oss-security] 20140716 Re: Re: CVE request - Snoopy incomplete fix for CVE-2008-4796",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/07/16/10"
},
{
"name": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024264",
"refsource": "MISC",
"url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024264"
},
{
"name": "RHSA-2017:0212",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0212.html"
},
{
"name": "RHSA-2017:0213",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0213.html"
},
{
"name": "[oss-security] 20161221 Re: Nagios Core \u003c 4.2.2 Curl Command Injection leading to Remote Code Execution [CVE-2016-9565]",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/21/8"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1121497",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1121497"
},
{
"name": "RHSA-2017:0214",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0214.html"
},
{
"name": "RHSA-2017:0211",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0211.html"
},
{
"name": "http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class.php?view=log#rev1.28",
"refsource": "CONFIRM",
"url": "http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class.php?view=log#rev1.28"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-5008",
"datePublished": "2017-03-31T15:00:00.000Z",
"dateReserved": "2014-07-18T00:00:00.000Z",
"dateUpdated": "2024-08-06T11:34:37.155Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0502 (GCVE-0-2009-0502)
Vulnerability from cvelistv5 – Published: 2009-02-10 02:00 – Updated: 2024-08-07 04:40
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in blocks/html/block_html.php in Snoopy 1.2.3, as used in Moodle 1.6 before 1.6.9, 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before 1.9.4, allows remote attackers to inject arbitrary web script or HTML via an HTML block, which is not properly handled when the "Login as" feature is used to visit a MyMoodle or Blog page.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Date Public ?
2009-02-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:40:03.511Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SR:2009:007",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://moodle.org/security/"
},
{
"name": "34418",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34418"
},
{
"name": "33955",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33955"
},
{
"name": "DSA-1724",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1724"
},
{
"name": "[oss-security] 20090204 CVS request - Moodle",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/02/04/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-02-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in blocks/html/block_html.php in Snoopy 1.2.3, as used in Moodle 1.6 before 1.6.9, 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before 1.9.4, allows remote attackers to inject arbitrary web script or HTML via an HTML block, which is not properly handled when the \"Login as\" feature is used to visit a MyMoodle or Blog page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-04-01T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "SUSE-SR:2009:007",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://moodle.org/security/"
},
{
"name": "34418",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34418"
},
{
"name": "33955",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33955"
},
{
"name": "DSA-1724",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1724"
},
{
"name": "[oss-security] 20090204 CVS request - Moodle",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/02/04/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0502",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in blocks/html/block_html.php in Snoopy 1.2.3, as used in Moodle 1.6 before 1.6.9, 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before 1.9.4, allows remote attackers to inject arbitrary web script or HTML via an HTML block, which is not properly handled when the \"Login as\" feature is used to visit a MyMoodle or Blog page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SR:2009:007",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
},
{
"name": "http://moodle.org/security/",
"refsource": "CONFIRM",
"url": "http://moodle.org/security/"
},
{
"name": "34418",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34418"
},
{
"name": "33955",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33955"
},
{
"name": "DSA-1724",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1724"
},
{
"name": "[oss-security] 20090204 CVS request - Moodle",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/02/04/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0502",
"datePublished": "2009-02-10T02:00:00.000Z",
"dateReserved": "2009-02-09T00:00:00.000Z",
"dateUpdated": "2024-08-07T04:40:03.511Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3330 (GCVE-0-2005-3330)
Vulnerability from cvelistv5 – Published: 2005-10-27 04:00 – Updated: 2024-08-07 23:10
VLAI?
Summary
The _httpsrequest function in Snoopy 1.2, as used in products such as (1) MagpieRSS, (2) WordPress, (3) Ampache, and (4) Jinzora, allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTPS URL to an SSL protected web page, which is not properly handled by the fetch function.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
Date Public ?
2005-10-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:10:08.539Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "snoopy-httpsrequest-command-injection(22874)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22874"
},
{
"name": "17887",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17887"
},
{
"name": "20051025 SEC-Consult SA 20051025-0 :: Snoopy Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113028858316430\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://svn.ampache.org/branches/3.3.1/docs/CHANGELOG"
},
{
"name": "17455",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17455"
},
{
"name": "20316",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/20316"
},
{
"name": "117",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/117"
},
{
"name": "15213",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15213"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=375385"
},
{
"name": "1015104",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015104"
},
{
"name": "20051027 Re: [Full-disclosure] SEC-Consult SA 20051025-0 :: Snoopy Remote",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113062897231412\u0026w=2"
},
{
"name": "ADV-2005-2727",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2727"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=368750"
},
{
"name": "ADV-2005-2335",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2335"
},
{
"name": "17330",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17330"
},
{
"name": "17779",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17779"
},
{
"name": "ADV-2005-2202",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2202"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-10-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The _httpsrequest function in Snoopy 1.2, as used in products such as (1) MagpieRSS, (2) WordPress, (3) Ampache, and (4) Jinzora, allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTPS URL to an SSL protected web page, which is not properly handled by the fetch function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "snoopy-httpsrequest-command-injection(22874)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22874"
},
{
"name": "17887",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17887"
},
{
"name": "20051025 SEC-Consult SA 20051025-0 :: Snoopy Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113028858316430\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://svn.ampache.org/branches/3.3.1/docs/CHANGELOG"
},
{
"name": "17455",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17455"
},
{
"name": "20316",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/20316"
},
{
"name": "117",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/117"
},
{
"name": "15213",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15213"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=375385"
},
{
"name": "1015104",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015104"
},
{
"name": "20051027 Re: [Full-disclosure] SEC-Consult SA 20051025-0 :: Snoopy Remote",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113062897231412\u0026w=2"
},
{
"name": "ADV-2005-2727",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2727"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=368750"
},
{
"name": "ADV-2005-2335",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2335"
},
{
"name": "17330",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17330"
},
{
"name": "17779",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17779"
},
{
"name": "ADV-2005-2202",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2202"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3330",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The _httpsrequest function in Snoopy 1.2, as used in products such as (1) MagpieRSS, (2) WordPress, (3) Ampache, and (4) Jinzora, allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTPS URL to an SSL protected web page, which is not properly handled by the fetch function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "snoopy-httpsrequest-command-injection(22874)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22874"
},
{
"name": "17887",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17887"
},
{
"name": "20051025 SEC-Consult SA 20051025-0 :: Snoopy Remote Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=113028858316430\u0026w=2"
},
{
"name": "https://svn.ampache.org/branches/3.3.1/docs/CHANGELOG",
"refsource": "CONFIRM",
"url": "https://svn.ampache.org/branches/3.3.1/docs/CHANGELOG"
},
{
"name": "17455",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17455"
},
{
"name": "20316",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20316"
},
{
"name": "117",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/117"
},
{
"name": "15213",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15213"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=375385",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=375385"
},
{
"name": "1015104",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015104"
},
{
"name": "20051027 Re: [Full-disclosure] SEC-Consult SA 20051025-0 :: Snoopy Remote",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=113062897231412\u0026w=2"
},
{
"name": "ADV-2005-2727",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2727"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=368750",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=368750"
},
{
"name": "ADV-2005-2335",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2335"
},
{
"name": "17330",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17330"
},
{
"name": "17779",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17779"
},
{
"name": "ADV-2005-2202",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2202"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3330",
"datePublished": "2005-10-27T04:00:00.000Z",
"dateReserved": "2005-10-27T00:00:00.000Z",
"dateUpdated": "2024-08-07T23:10:08.539Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
JVNDB-2008-000074
Vulnerability from jvndb - Published: 2008-10-28 15:34 - Updated:2008-11-28 13:54Summary
Snoopy command injection vulnerability
Details
Snoopy, a PHP library contains a command injection vulnerability.
Snoopy is an open source PHP library. Snoopy does not properly handle user-input data. This causes a vulnerability which may allow a remote attacker to execute an arbitrary command.
Takeshi Terada of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000074.html",
"dc:date": "2008-11-28T13:54+09:00",
"dcterms:issued": "2008-10-28T15:34+09:00",
"dcterms:modified": "2008-11-28T13:54+09:00",
"description": "Snoopy, a PHP library contains a command injection vulnerability.\r\n\r\nSnoopy is an open source PHP library. Snoopy does not properly handle user-input data. This causes a vulnerability which may allow a remote attacker to execute an arbitrary command.\r\n\r\nTakeshi Terada of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000074.html",
"sec:cpe": {
"#text": "cpe:/a:snoopy:snoopy",
"@product": "Snoopy",
"@vendor": "Snoopy",
"@version": "2.2"
},
"sec:cvss": {
"@score": "5.1",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2008-000074",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN20502807/index.html",
"@id": "JVN#20502807",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4796",
"@id": "CVE-2008-4796",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4796",
"@id": "CVE-2008-4796",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/32361",
"@id": "32361",
"@source": "SECUNIA"
},
{
"#text": "http://www.frsirt.com/english/advisories/2008/2901",
"@id": "FrSIRT/ADV-2008-2901",
"@source": "FRSIRT"
},
{
"#text": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000074.html",
"@id": "JVNDB-2008-000074",
"@source": "JVNDB_Ja"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-78",
"@title": "OS Command Injection(CWE-78)"
}
],
"title": "Snoopy command injection vulnerability"
}