TimThumb Multiple Denial of Service and Cross-Site Scripting Vulnerabilities
April 16, 2012 by Network Security
Filed under Software patches
TimThumb is prone to a denial-of-service vulnerabilities and multiple cross-site scripting vulnerabilities.
An attacker can exploit these issues to cause denial-of-service conditions or to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site and steal cookie-based authentication credentials.
| Vulnerable: | WordPress SH Slideshow 3.1.7 WordPress Magazeen Theme 1.0 Timthumb Timthumb 1.1 Pro Theme Design WordPress Mimbo Pro Magazine Theme 0 Dotclear Magazeen Theme 1.0 |
- Issue 49: Cross-site Script Vulnerability – can inject javascript into URI (TimThumb)
- Issue 123: Problem with IE8 display (TimThumb)
- Issue 88: Path of the image not correct? (TimThumb)
- SH Slideshow ChangeLog (WordPress)
- SH Slideshow Homepage (WordPress)
- The application handles overly large remote image data improperly, which can be (TimThumb)
- Vendor Homepage (TimThumb)
- Vulnerabilities in Magazeen theme for WordPress and Dotclear (MustLive)
- Vulnerability in Mimbo Pro theme for WordPress (MustLive)
- WordPress Mimbo Pro Magazine Theme (Pro Theme Design)
