Alex111998 issues

Results 10 issues of


                                            Alex111998

A OOM problem was found in metadata-extractor

(Please include as much information as possible, and attach a sample image if possible.) When I test the latest version(2.19.0) of metadata-extractor by CIFuzz，a OOM security issue was found, it...

help wanted

good-first-issue

DoS Vulnerability was discovered in io.vavr:vavr:0.10.4

## Summary A denial of service vulnerability in vavr was discovered by CIFuzz. A bug in method CharSeq.repeat(char, int) means that an input of modest size can lead to indefinite...

Remote Code Execution caused by XmlUtils.readObjectFromXml() via untrusted XML String

### Description bus-core provides XML utility classes that may be vulnerable to remote code execution when using XmlKit.readObjectFromXml() to interpret untrusted XML strings. --- ### Detail The program will call...

Temporary File Information Disclosure Vulnerability

https://github.com/nutzam/nutz/blob/595355b3ce41d5e98538a9ef6cbec7f76fa09345/src/org/nutz/dao/jdbc/Jdbcs.java#L709 Preamble --------------------------------------------------------------- The system temporary directory is shared between all users on most unix-like systems (not MacOS, or Windows). Thus, code interacting with the system temporary directory must be...

There is a XXE vulnerability in ueboot-core module of the method XMLUtil.doXMLParse(String strxml)

https://github.com/ueboot/ueboot/blob/55763e037fd339ca0e8165ccda185ce5028deb03/ueboot-core/src/main/java/com/ueboot/core/utils/XMLUtil.java#LL35C19-L35C26 # Description ueboot-core provides XML utility classes that may be vulnerable to XXE when using XMLUtil.doXMLParse(String strxml) to interpret untrusted XML strings.Attacker can get important file content on the...

A OOM security issue was found in JSON-java

When I test the latest version(20231013) of JSON-java by CIFuzz，a OOM security issue was found, it caused when put a big number in JSONArray, may cause denial of service issues...

No changes at this time

book-manager v1.0.3-Change User Password Vulnerability

Log in by admin, create a account test which is not admin, then log in with test, in the reader page, account test can change any user passowrd by modify...

Add reader has storage xss vulnerability

Use fiddler to mock a request to add reader: ![image](https://user-images.githubusercontent.com/127834723/225027380-3474df0b-95bf-4606-8fe6-b820d3b51883.png) then the message "xss2" popup will be on reader list page: ![image](https://user-images.githubusercontent.com/127834723/225027943-39c46ee2-5aba-49db-8334-4ed6066fcd92.png) the poc is ： `POST http://localhost:8080/user/addReader Host: localhost:8080...

Borrow book has storage xss vulnerability

In borrow page, input ISBN "131e12e" and submit: ![image](https://user-images.githubusercontent.com/127834723/225024612-2c306770-3fdc-4fe4-ba7b-35fbfd4b6168.png) The return book page will alert the message：xss1 ![image](https://user-images.githubusercontent.com/127834723/225024859-84354c10-4767-4c96-8daf-4a9a00f30bd3.png)

Add book has storage xss vulnerability

Add a book info,book name input ![image](https://user-images.githubusercontent.com/127834723/225023126-b0f1616d-7e63-459b-9768-7edaa61e39b5.png) Then the book list page alert the message: xss1 ![image](https://user-images.githubusercontent.com/127834723/225023395-79cbb93b-05a7-46ae-af4d-d38e8bd7add8.png)