Lucene search
K

44 matches found

Veracode
Veracode
added 2024/04/15 12:35 p.m.22 views

Deserialization Of Untrusted Data

timber/timber is vulnerable to Deserialization of Untrusted Data. The vulnerability due to a lack of input validation before passing it into the fileexists function. An attacker can execute arbitrary code by uploading files of any type to the server which then gets passed in the phar:// protocol ...

8CVSS8.3AI score0.00454EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/04/12 3:15 p.m.25 views

GHSA-6363-V5M4-FVQ3 timber/timber vulnerable to Deserialization of Untrusted Data

Summary Timber is vulnerable to PHAR deserialization due to a lack of checking the input before passing it into the fileexists function. If an attacker can upload files of any type to the server, he can pass in the phar:// protocol to unserialize the uploaded file and instantiate arbitrary PHP...

8CVSS8.2AI score0.00454EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2024/04/12 3:15 p.m.33 views

timber/timber vulnerable to Deserialization of Untrusted Data

Summary Timber is vulnerable to PHAR deserialization due to a lack of checking the input before passing it into the fileexists function. If an attacker can upload files of any type to the server, he can pass in the phar:// protocol to unserialize the uploaded file and instantiate arbitrary PHP...

8CVSS8AI score0.00454EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2024/04/12 12:0 a.m.3 views

PT-2024-23045 · Timber · Timber

Name of the Vulnerable Software and Affected Versions: Timber versions 1.23.0 and earlier Description: The issue is related to Deserialization of Untrusted Data, which can lead to remote code execution, especially when used with frameworks or developer code that have vulnerable POP chains. This i...

8CVSS7.8AI score0.00454EPSS
Exploits0References10
Circl
Circl
added 2024/04/11 8:29 p.m.8 views

CVE-2024-29800

creationtimestamp| type| source ---|---|--- 2024-04-11 20:29:44+00:00| published-proof-of-concept| https://github.com/timber/timber/security/advisories/GHSA-6363-v5m4-fvq3...

8CVSS7.2AI score0.00454EPSS
Exploits0References1
Friends Of PHP
Friends Of PHP
added 2024/04/10 4:24 p.m.40 views

Deserialization of Untrusted Data in timber/timber

Summary Timber is vulnerable to PHAR deserialization due to a lack of checking the input before passing it into the fileexists function. If an attacker can upload files of any type to the server, he can pass in the phar:// protocol to unserialize the uploaded file and instantiate arbitrary PHP...

8CVSS8.2AI score0.00454EPSS
Exploits0Affected Software1
Openbugbounty
Openbugbounty
added 2024/01/11 10:3 a.m.10 views

timber-pioneer.de Cross Site Scripting vulnerability OBB-3831867

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2023/11/24 2:9 a.m.4 views

timberframesolutions.ca Improper Access Control vulnerability OBB-3792127

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

7AI score
Exploits0
Openbugbounty
Openbugbounty
added 2020/09/27 1:44 p.m.9 views

timber-designs.co.il Cross Site Scripting vulnerability OBB-1368759

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

6.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2020/09/03 1:40 p.m.5 views

wisconsin.timberrattlers.milb.com Cross Site Scripting vulnerability OBB-1299549

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

6.2AI score
Exploits0
exploitpack
exploitpack
added 2018/05/24 12:0 a.m.33 views

Timber 1.1 - Cross-Site Request Forgery

Timber 1.1 - Cross-Site Request Forgery Exploit Title: Timber - Ultimate Freelancer Platform 1.1 - Cross site request forgery Date: 2018-05-24 Exploit Author: L0RD or [email protected] Vendor Homepage: https://codecanyon.net/item/timber-ultimate-freelancer-platform/14747284?srank=1717...

0.5AI score
Exploits0
Packet Storm
Packet Storm
added 2018/05/24 12:0 a.m.38 views

Timber 1.1 Cross Site Request Forgery

Exploit Title: Timber - Ultimate Freelancer Platform 1.1 - Cross site request forgery Date: 2018-05-24 Exploit Author: L0RD or [email protected] Vendor Homepage: https://codecanyon.net/item/timber-ultimate-freelancer-platform/14747284?srank=1717 Version: 1.1 Tested on: Kali linux...

0.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/05/24 12:0 a.m.52 views

Timber 1.1 - Cross-Site Request Forgery

Exploit Title: Timber - Ultimate Freelancer Platform 1.1 - Cross site request forgery Date: 2018-05-24 Exploit Author: L0RD or [email protected] Vendor Homepage: https://codecanyon.net/item/timber-ultimate-freelancer-platform/14747284?srank=1717 Version: 1.1 Tested on: Kali linux...

7.4AI score
Exploits0
0day.today
0day.today
added 2018/05/24 12:0 a.m.39 views

Timber 1.1 - Cross-Site Request Forgery Vulnerability

Exploit for php platform in category web applications Exploit Title: Timber - Ultimate Freelancer Platform 1.1 - Cross site request forgery Date: 2018-05-24 Exploit Author: L0RD or email protected Vendor Homepage: https://codecanyon.net/item/timber-ultimate-freelancer-platform/14747284?srank=1717...

7.4AI score
Exploits0
Openbugbounty
Openbugbounty
added 2017/07/04 10:47 a.m.18 views

coolibahbuilding.com.au XSS vulnerability

Open Bug Bounty ID: OBB-258153 Description| Value ---|--- Affected Website:| coolibahbuilding.com.au Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

6.3AI score
Exploits0
seebug.org
seebug.org
added 2016/04/19 12:0 a.m.26 views

Timber E-learning在线培训系统 Type_List.aspx 参数typeid SQL注入漏洞

0x01 框架介绍 相关厂商: 上海天柏信息科技有限公司 公开时间: 2016-01-11 漏洞类型: SQL注射漏洞 官方主页: http://www.timber2005.com/ 案例:http://www.timber2005.com/Customer.html 0x02 漏洞细节 http://.../WebOrg/TypeList.aspx?typeid=1 0x03 修复方案 1、过滤漏洞文件参数 2、使用加速乐等防护产品...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/04/19 12:0 a.m.13 views

Timber E-learning在线培训系统网校版 Search.aspx 参数select SQL注入漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/04/13 12:0 a.m.27 views

Timber E-learning在线考试系统后台 /system/Dep_Right.aspx 参数DEP_NAME2 SQL注入漏洞

0x01漏洞简介 Timber E-learning在线考试系统的后台/system/DepRight.aspx对参数DEPNAME2过滤不严格,导致出现注入漏洞。远程攻击者先需要注册一个用户,登陆后台后可以利用这些漏洞执行SQL指令。该漏洞利用的步骤如下: 1访问页面/usercontrol/ajax.aspx输入用户名密码,进行登陆 http://www..com/usercontrol/ajax.aspx post: Action=post&username=&pwd=&func=Login 登陆成功,将返回true,否则返回false 2登陆成功后,可以利用注入漏洞执行SQL指令...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/03/19 12:0 a.m.32 views

Timber E-learning在线考试系统后台 /Paper/Paper_Manage.aspx 等13处 SQL注入漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/03/19 12:0 a.m.19 views

Timber E-learning在线考试系统商业版 /Web/User_Sort_List.aspx等8处 SQL注入漏洞

No description provided by source...

7.1AI score
Exploits0
Rows per page
Query Builder