← volver
CVE-2005-3330

CVE-2005-3330

EPSS 17.2%
The _httpsrequest function in Snoopy 1.2, as used in products such as (1) MagpieRSS, (2) WordPress, (3) Ampache, and (4) Jinzora, allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTPS URL to an SSL protected web page, which is not properly handled by the fetch function.
Productos afectados
n/a · n/a
PoCs públicas encontradas1
exploitdbwww.exploit-db.com/exploits/26424no verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://marc.info/?l=bugtraq&m=113028858316430&w=2http://marc.info/?l=bugtraq&m=113062897231412&w=2http://secunia.com/advisories/17330http://secunia.com/advisories/17455http://secunia.com/advisories/17779http://secunia.com/advisories/17887http://securityreason.com/securityalert/117http://securitytracker.com/id?1015104https://exchange.xforce.ibmcloud.com/vulnerabilities/22874http://sourceforge.net/project/shownotes.php?release_id=368750http://sourceforge.net/project/shownotes.php?release_id=375385https://svn.ampache.org/branches/3.3.1/docs/CHANGELOG