Sam Hsu

icon indicating a website link yichaoxu.github.io

icon location Mars icon location A Novice Computer Security Student

Results 14 issues of Sam Hsu

update sumo relative path and sumo vehicle name in mininet wifi

5 comment

Hi, I create a subclass of "[sumo](https://github.com/intrig-unicamp/mininet-wifi/blob/master/mn_wifi/sumo/runner.py)". There are some updates compared with its parent class: * It allows us to customise the sumo map by both relative path and...

Question about Cross-files invocation and analyze for functions in a certain NodeJS module

4 comment

Dear developers of SAFE,  I notice that safe accepts multiple JS files as inputs, so I was wondering whether the SAFE is able to handle the model and some functions...

Update 14_object_assigned_by_reference.php

Hi there, There is a slight mistake in the line 6. I believe that it should be `$obj = new myclass();` instead of `$obj = "abc";`, because the latter one...

[*] Improve database query security with prepared statements

1 comment

# SQL Injection Vulnerability Fix ## Vulnerability Description Multiple SQL injection vulnerabilities have been identified during code review, primarily in scenarios where user input is directly concatenated into SQL statements....

[Bug] Joern-Scan Timeout Issue on PHP CVE Repositories

## Overview We encountered a significant issue while analyzing **312 PHP repositories** containing vulnerabilities referenced in CVE reports using `joern-scan`. Despite setting a **2-hour timeout per repository**, approximately **90% of...

bug

**Bug Report: Multiple Vulnerabilities in `/wcms/wex/cssjs.php`**

#### **Version Information** - **Branch/Release**: Latest commit from the repository [ea19dd](https://github.com/vedees/wcms/commit/ea19dd2cfc93543bf859916a55afd501e64090ce): [https://github.com/vedees/wcms/blob/master/wcms/wex/cssjs.php](https://github.com/vedees/wcms/blob/master/wcms/wex/cssjs.php). --- #### **Issue Description** Two vulnerabilities were identified in **`/wcms/wex/cssjs.php`**: 1. **Improper Handling of the `path` Parameter**: -...

A possible XSS vulnerability detected by our tool

1 comment

Hello, this is JHU SecLab. Our tool has detected a possible vulnerability in your repository. Before making it public, we would like to inform the developer privately. Please contact us...

A possible SQLi vulnerability is detected by our tool

1 comment

Hello, this is JHU SecLab. Our tool has detected a possible vulnerability in your repository. Before making it public, we would like to inform the developer privately. Please contact us...

请求响应安全汇报(GHSA-8v55-6hpr-rj3r)

您好,我们是来自JHU SecLab的研究人员,最近在EasyImages 2.0 (< v2.8.6) 系统中发现了一个漏洞。我们在仓库的安全页面上记录了该漏洞的详细复现步骤,并提交了一个修复补丁的请求。我们期待与开发者取得联系。

CVE Report: Online Shopping System - Order Total Manipulation via Client-Side Parameter Injection

## Vulnerability Summary The Online Shopping System web application is vulnerable to client-side parameter manipulation, allowing attackers to bypass front-end protections and submit arbitrary order data. By directly sending crafted...