CVSS: 6.1EPSS: 0%CPEs: 18EXPL: 0CVE-2009-0502
https://notcve.org/view.php?id=CVE-2009-0502
10 Feb 2009 — Cross-site scripting (XSS) vulnerability in blocks/html/block_html.php in Snoopy 1.2.3, as used in Moodle 1.6 before 1.6.9, 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before 1.9.4, allows remote attackers to inject arbitrary web script or HTML via an HTML block, which is not properly handled when the "Login as" feature is used to visit a MyMoodle or Blog page. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en blocks/html/block_html.php en Snoopy v1.2.3, como la utilizada en ... • http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 1CVE-2008-4796 – Feed2JS File Disclosure
https://notcve.org/view.php?id=CVE-2008-4796
30 Oct 2008 — The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 and earlier, as used in (1) ampache, (2) libphp-snoopy, (3) mahara, (4) mediamate, (5) opendb, (6) pixelpost, and possibly other products, allows remote attackers to execute arbitrary commands via shell metacharacters in https URLs. La función _httpsrequest function (Snoopy/Snoopy.class.php) en Snoopy 1.2.3 y versiones anteriores, cuando es usada en (1) ampache, (2) libphp-snoopy, (3) mahara, (4) mediamate, (5) opendb, (6) pixelpost y posi... • https://packetstorm.news/files/id/127352 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 21%CPEs: 1EXPL: 2CVE-2005-3330 – Snoopy 0.9x/1.0/1.2 - Arbitrary Command Execution
https://notcve.org/view.php?id=CVE-2005-3330
27 Oct 2005 — The _httpsrequest function in Snoopy 1.2, as used in products such as (1) MagpieRSS, (2) WordPress, (3) Ampache, and (4) Jinzora, allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTPS URL to an SSL protected web page, which is not properly handled by the fetch function. Feed2JS uses MagpieRSS for parsing the feeds, and MagpieRSS uses Snoopy library for fetching the documents. The version of Snoopy in use suffers from a local file disclosure vulnerability. • https://packetstorm.news/files/id/127352 • CWE-20: Improper Input Validation •