FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

PivotX -- Remote File Inclusion Vulnerability of TimThumb

Affected packages
pivotx < 2.3.0

Details

VuXML ID e454ca2f-f88d-11e0-b566-00163e01a509
Discovery 2011-08-03
Entry 2011-10-17

The PivotX team reports:

TimThumb domain name security bypass and insecure cache handling. PivotX before 2.3.0 includes a vulnerable version of TimThumb.

[source]

If you are still running PivotX 2.2.6, you might be vulnerable to a security exploit, that was patched previously. Version 2.3.0 doesn't have this issue, but any older version of PivotX might be vulnerable.

[source]

References

Bugtraq ID 48963
URL https://secunia.com/advisories/45416/

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.