Lucene search
+L
BinarymoonTimthumb

5 matches found

cve
cve
added 2014/07/15 2:0 p.m.135 views

CVE-2014-4663

No additional technical details are provided in the connected documents for CVE-2014-4663; the Connected Documents do not disclose root cause, exploit vectors, affected versions, or remediation.

6.8CVSS7.8AI score0.0975EPSS
cve
cve
added 2013/10/26 4:0 p.m.87 views

CVE-2011-4106

TimThumb (timthumb.php) prior to version 2.0 contains a flaw where the code does not validate the entire image source against the domain whitelist. This allows a remote attacker to craft a URL with a whitelisted domain in the src parameter to upload and subsequently access a file in the cache dir...

6.8CVSS9.4AI score0.23165EPSS
cve
cve
added 2014/08/21 11:0 p.m.52 views

CVE-2009-5142

Technical details of CVE-2009-5142 are not publicly available in the provided connected documents. Monitor for updates.

4.3CVSS5.9AI score0.0124EPSS
cve
cve
added 2014/08/21 11:0 p.m.48 views

CVE-2010-5303

CVE-2010-5303 describes a cross-site scripting (XSS) vulnerability in TimThumb before 1.15 (r85), specifically in the displayError function, where an attacker could inject arbitrary script/HTML via $errorString. Affected: TimThumb core used in multiple products. Impact: remote abuse of XSS. Mitig...

4.3CVSS5.8AI score0.00942EPSS
cve
cve
added 2014/08/21 11:0 p.m.37 views

CVE-2010-5302

TimThumb vulnerability CVE-2010-5302 affects the timthumb.php component in TimThumb (versions before 1.15, as of 2010-09-08 r88). The root cause is a cross-site scripting (XSS) flaw that allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING. The affected software is ...

4.3CVSS5.9AI score0.00931EPSS