CVE-2025-54572

The Ruby SAML library is for implementing the client side of a SAML authorization. In versions 1.18.0 and below, a denial-of-service vulnerability exists in ruby-saml even with the messagemaxbytesize setting configured. The vulnerability occurs because the SAML response is validated for Base64...

汇文手机图书馆不用密码获取用户信息

简要描述： 生成认证token，只用用户名即可获取用户信息 详细说明： 将用于认证的token的生成方式在客户端实现且生成方式与密码无关 影响院校列表 http://www.libsys.com.cn/huiwenappcenter2.php 漏洞证明： import java.io.UnsupportedEncodingException; import java.math.BigInteger; / Created by snail on 14-11-23. / public class LibToken public static String makeTokenString s...