MidnightBSD

Advisories for snoopy

CVE-2005-3330 HIGH

The _httpsrequest function in Snoopy 1.2, as used in products such as (1) MagpieRSS, (2) WordPress, (3) Ampache, and (4) Jinzora, allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTPS URL to an SSL protected web page, which is not properly handled by the fetch function.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
snoopy snoopy 1.2
CVE-2008-7313 HIGH

The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. NOTE: this issue exists dues to an incomplete fix for CVE-2008-4796.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,

Products Affected

Vendor Product Version
snoopy snoopy -
redhat openstack 6.0
nagios nagios *
redhat openstack 5.0
CVE-2014-5008 HIGH

Snoopy allows remote attackers to execute arbitrary commands.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,

Products Affected

Vendor Product Version
snoopy snoopy -
redhat openstack 6.0
debian debian_linux 7.0
redhat openstack 5.0
CVE-2014-5009 HIGH

Snoopy allows remote attackers to execute arbitrary commands. NOTE: this vulnerability exists due to an incomplete fix for CVE-2014-5008.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,

Products Affected

Vendor Product Version
snoopy snoopy -
redhat openstack 6.0
nagios nagios *
redhat openstack 5.0