CVE-2014-4663

No additional technical details are provided in the connected documents for CVE-2014-4663; the Connected Documents do not disclose root cause, exploit vectors, affected versions, or remediation.

CVE-2011-4106

TimThumb (timthumb.php) prior to version 2.0 contains a flaw where the code does not validate the entire image source against the domain whitelist. This allows a remote attacker to craft a URL with a whitelisted domain in the src parameter to upload and subsequently access a file in the cache dir...

CVE-2009-5142

Technical details of CVE-2009-5142 are not publicly available in the provided connected documents. Monitor for updates.

CVE-2010-5303

CVE-2010-5303 describes a cross-site scripting (XSS) vulnerability in TimThumb before 1.15 (r85), specifically in the displayError function, where an attacker could inject arbitrary script/HTML via $errorString. Affected: TimThumb core used in multiple products. Impact: remote abuse of XSS. Mitig...

CVE-2010-5302

TimThumb vulnerability CVE-2010-5302 affects the timthumb.php component in TimThumb (versions before 1.15, as of 2010-09-08 r88). The root cause is a cross-site scripting (XSS) flaw that allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING. The affected software is ...