EUVD-2009-3267

Malware in sbrugna...

TimThumb 'timthumb.php' WebShot 'src' Parameter Remote Command Execution

The TimThumb 'timthumb.php' script installed on the remote host is affected by a remote command execution vulnerability due to a failure to properly sanitize user-supplied input to the 'src' parameter. A remote, unauthenticated attacker can leverage this issue to execute arbitrary commands on the...

TimThumb 'timthumb.php' < 2.8.14 WebShot 'src' Parameter Remote Command Execution

The TimThumb 'timthumb.php' script installed on the remote host is prior to version 2.8.14. It is, therefore, affected by a remote command execution vulnerability due to a failure to properly sanitize user-supplied input to the 'src' parameter. A remote, unauthenticated attacker can leverage this...

Wordpress Timthumb WebShot Vulnerability Code Execution

A vulnerability in TimThumb's "Webshot" feature allows for certain commands to be remotely executed on vulnerable websites with no authentication. An attacker can create, remove and modify any files on the affected server...

Code injection

TimThumb 2.8.13 and WordThumb 1.07, when Webshot aka Webshots is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in the src parameter...

CVE-2014-4663

TimThumb 2.8.13 and WordThumb 1.07, when Webshot aka Webshots is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in the src parameter...

CVE-2014-4663

No additional technical details are provided in the connected documents for CVE-2014-4663; the Connected Documents do not disclose root cause, exploit vectors, affected versions, or remediation.

Wordpress TimThumb 2.8.13 WebShot - Remote Code Execution (0-day)

No description provided by source...

Zero-Day Patched in TimThumb WordPress Script

A patch for a zero-day vulnerability in TimThumb has been released by its developer who is none too pleased about this week’s disclosure on a popular security mailing list. “Unfortunately nobody told me about this before the exploit was announced – in fact I found out about the bug through...

Wordpress TimThumb 2.8.13 WebShot - Remote Code Execution Exploit

Exploit for php platform in category web applications | | / | \ | |/ |/ | / | | | | | | | | | | | | | / \ | | | || || | |\ | || | | / | | |/|| ||// \| Wordpress TimThumb 2.8.13 WebShot Remote Code Execution 0-day Affected website : a lot Wordpress Themes, Plugins, 3rd party components...

Zero-Day TimThumb WebShot Vulnerability leaves Thousands of Wordpress Blogs at Risk

Yesterday we learned of a critical Zero-day vulnerability in a popular image resizing library called TimThumb, which is used in thousands WordPress themes and plugins. WordPress is a free and open source blogging tool and a content management system CMS with more than 30,000 plugins, each of whic...

Multiple WordPress Plugins (TimThumb 2.8.13 / WordThumb 1.07) - &#039;WebShot&#039; Remote Code Execution

| | / | \ | |/ |/ | / | | | | | | | | | | | | | / \ | | | || || | |\ | || | | / | | |/|| ||// \| Wordpress TimThumb 2.8.13 WebShot Remote Code Execution 0-day Affected website : a lot Wordpress Themes, Plugins, 3rd party components Exploit Author : @u0x Pichaya Morimoto Release dates :...

TimThumb 2.8.13 Remote Code Execution

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 | | / | \ | |/ |/ | / | | | | | | | | | | | | | / \ | | | || || | |\ | || | | / | | |/|| ||// \| Wordpress TimThumb 2.8.13 WebShot Remote Code Execution 0-day Affected website : a lot Wordpress Themes, Plugins, 3rd party components Exploit...

WordPress TimThumb WebShot Plugin 2.8.13 - Remote Code Execution

TimThumb WebShot plugin is prone to a remote code execution vulnerability, because of script does not check remotely cached files properly. Also, it can attack URL. Solution Upgrade the plugin...

Multiple WordPress Plugins (TimThumb 2.8.13 WordThumb 1.07) - WebShot Remote Code Execution

Multiple WordPress Plugins TimThumb 2.8.13 WordThumb 1.07 - WebShot Remote Code Execution | | / | \ | |/ |/ | / | | | | | | | | | | | | | / \ | | | || || | |\ | || | | / | | |/|| ||// \| Wordpress TimThumb 2.8.13 WebShot Remote Code Execution 0-day Affected website : a lot Wordpress...

CVE-2009-3284

CVE-2009-3284 is a directory traversal vulnerability affecting multiple phpspot products: PHP BBS, PHP Image Capture BBS, PHP & CSS BBS, PHP BBS CE, PHP_RSS_Builder, and webshot. A remote attacker could read server files via unspecified vectors and cause potential data disclosure. Public referenc...

CVE-2009-3284

Directory traversal vulnerability in phpspot PHP BBS, PHP Image Capture BBS, PHP & CSS BBS, PHP BBS CE, PHPRSSBuilder, and webshot, dated before 20090914, allows remote attackers to read arbitrary files via unspecified vectors...