New aribtrary code vulnerability in TimThumb (not quite as bad as last time)

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

New aribtrary code vulnerability in TimThumb (not quite as bad as last time)

Harry Metcalfe-4
Just a heads-up. If you're using Webshots, you're vulnerable. No new
version yet.

Here's the report: http://seclists.org/fulldisclosure/2014/Jun/117

And my writeup with instructions for fix:
http://www.dxw.com/2014/06/timthumb-raises-its-ugly-head-once-again/

Harry

--
Harry Metcalfe
07790 559 876
@harrym

_______________________________________________
wp-hackers mailing list
[hidden email]
http://lists.automattic.com/mailman/listinfo/wp-hackers