CVE-2002-2444
https://notcve.org/view.php?id=CVE-2002-2444
Snoopy before 2.0.0 has a security hole in exec cURL Snoopy en versiones anteriores a la 2.0.0 tiene un hueco de seguridad en exec cURL • http://www.openwall.com/lists/oss-security/2014/07/18/2 https://security-tracker.debian.org/tracker/CVE-2002-2444 https://sourceforge.net/p/snoopy/bugs/13 • CWE-20: Improper Input Validation •
CVE-2014-5009 – snoopy: incomplete fixes for command execution flaws
https://notcve.org/view.php?id=CVE-2014-5009
Snoopy allows remote attackers to execute arbitrary commands. NOTE: this vulnerability exists due to an incomplete fix for CVE-2014-5008. Snoopy permite a atacantes remotos ejecutar comandos arbitrarios. NOTA: esta vulnerabilidad existe debido a una corrección incompleta para CVE-2014-5008. Various command-execution flaws were found in the Snoopy library included with Nagios. • http://rhn.redhat.com/errata/RHSA-2017-0211.html http://rhn.redhat.com/errata/RHSA-2017-0212.html http://rhn.redhat.com/errata/RHSA-2017-0213.html http://rhn.redhat.com/errata/RHSA-2017-0214.html http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class.php?r1=1.28&r2=1.29 http://www.openwall.com/lists/oss-security/2014/07/09/11 http://www.openwall.com/lists/oss-security/2014/07/16/10 http://www.openwall.com/lists/oss-security/2014/07/18 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2008-7313 – snoopy: incomplete fixes for command execution flaws
https://notcve.org/view.php?id=CVE-2008-7313
The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. NOTE: this issue exists dues to an incomplete fix for CVE-2008-4796. La función _httpsrequest en Snoopy permite a atacantes remotos ejecutar comandos arbitrarios. NOTA: este problema existe debido a una solución incompleta para CVE-2008-4796. Various command-execution flaws were found in the Snoopy library included with Nagios. • http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class.php?view=log#rev1.27 http://www.openwall.com/lists/oss-security/2014/07/09/11 http://www.openwall.com/lists/oss-security/2014/07/16/10 http://www.openwall.com/lists/oss-security/2014/07/18/2 http://www.securityfocus.com/bid/68776 https://bugzilla.redhat.com/show_bug.cgi?id=1121497 https://exchange.xforce.ibmcloud.com/vulnerabilities/94737 https://rhn.redhat.com/errata/RHSA-2017-0211.html https:/ • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2014-5008 – snoopy: incomplete fixes for command execution flaws
https://notcve.org/view.php?id=CVE-2014-5008
Snoopy allows remote attackers to execute arbitrary commands. Snoopy permite a atacantes remotos ejecutar comandos arbitrarios. Various command-execution flaws were found in the Snoopy library included with Nagios. These flaws allowed remote attackers to execute arbitrary commands by manipulating Nagios HTTP headers. • http://rhn.redhat.com/errata/RHSA-2017-0211.html http://rhn.redhat.com/errata/RHSA-2017-0212.html http://rhn.redhat.com/errata/RHSA-2017-0213.html http://rhn.redhat.com/errata/RHSA-2017-0214.html http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class.php?view=log#rev1.28 http://www.debian.org/security/2015/dsa-3248 http://www.openwall.com/lists/oss-security/2014/07/16/10 http://www.openwall.com/lists/oss-security/2014/07/18/2 http://www • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2009-0502
https://notcve.org/view.php?id=CVE-2009-0502
Cross-site scripting (XSS) vulnerability in blocks/html/block_html.php in Snoopy 1.2.3, as used in Moodle 1.6 before 1.6.9, 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before 1.9.4, allows remote attackers to inject arbitrary web script or HTML via an HTML block, which is not properly handled when the "Login as" feature is used to visit a MyMoodle or Blog page. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en blocks/html/block_html.php en Snoopy v1.2.3, como la utilizada en el Moodle v1.6 anterior a v1.6.9, v1.7 anterior a v1.7.7, v1.8 anterior a v1.8.8, y v1.9 anterior a v1.9.4, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de un bloqueo HTML que no es manejado correctamente cuando la característica "Login as" es utilizada para visitar una página MyMoodle o Blog. • http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html http://moodle.org/security http://secunia.com/advisories/33955 http://secunia.com/advisories/34418 http://www.debian.org/security/2009/dsa-1724 http://www.openwall.com/lists/oss-security/2009/02/04/1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •