oss-sec mailing list archives

CVE request: wordpress plugin timthumb before 2.0 remote code execution

From: Hanno Böck <hanno () hboeck de>
Date: Thu, 3 Nov 2011 12:23:34 +0100

http://markmaunder.com/2011/08/01/zero-day-vulnerability-in-many-wordpress-themes/

Seems this never got a CVE. German newspage heise reports lots of
hacked wordpress blogs, most likely due to this issue:
http://www.heise.de/security/meldung/Tausende-WordPress-Blogs-zur-Verbreitung-von-Schadcode-genutzt-1370660.html

-- 
Hanno Böck              mail/jabber: hanno () hboeck de
GPG: BBB51E42           http://www.hboeck.de/

Attachment: signature.asc
Description:

Current thread:

CVE request: wordpress plugin timthumb before 2.0 remote code execution Hanno Böck (Nov 03)
- Re: CVE request: wordpress plugin timthumb before 2.0 remote code execution Kurt Seifried (Nov 03)