yii2-redis 日志信息泄露漏洞

yii2-redis is an extension to yii open source. A log information disclosure vulnerability exists in yii2-redis versions prior to 2.0.20, which stems from the explicit logging of the AUTH parameter in the logs, which could lead to credential disclosure...

moonmoon security breach

moonmoon is a web-based aggregator similar to Planetplanet. It can be used to mix posts from different blogs with the same interests into a single page. A security vulnerability exists in moonmoon, which stems from an incorrect comparison of the auth parameter on the admin/inc/auth.inc.php page...

CVE-2023-51049

S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the Abbsauth parameter at /admin/ajax.php...

CVE-2021-44266

GUnet Open eClass aka openeclass before 3.12.2 allows XSS via the modules/auth/formuser.php auth parameter...

CVE-2021-44266

GUnet Open eClass aka openeclass before 3.12.2 allows XSS via the modules/auth/formuser.php auth parameter...

CentOS 8 : squid:4 (CESA-2019:3476)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2019:3476 advisory. - squid: XSS via username or auth parameter in cachemgr.cgi CVE-2019-13345 Note that Nessus has not tested for this issue but has instead relied only on the...

squid: XSS via user_name or auth parameter in cachemgr.cgi

The cachemgr.cgi web module of Squid through 4.7 has XSS via the username or auth parameter...

RHEL 8 : squid:4 (RHSA-2019:3476)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:3476 advisory. Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fixes: squid: XSS via...

DEBIAN-CVE-2019-13345

The cachemgr.cgi web module of Squid through 4.7 has XSS via the username or auth parameter...

ALPINE-CVE-2019-13345

The cachemgr.cgi web module of Squid through 4.7 has XSS via the username or auth parameter...

https-proxy-agent memory leak vulnerability

https-proxy-agent is an implementation of an HTTP or HTTPS proxy. A security vulnerability exists in https-proxy-agent versions prior to 2.1.1, which stems from a failure of the program to perform proper filtering. An attacker can exploit this vulnerability by submitting input e.g. JSON to the...

Design/Logic Flaw

https-proxy-agent before 2.1.1 passes auth option to the Buffer constructor without proper sanitization, resulting in DoS and uninitialized memory leak in setups where an attacker could submit typed input to the 'auth' parameter e.g. JSON...

CVE-2018-3739

https-proxy-agent before 2.1.1 passes auth option to the Buffer constructor without proper sanitization, resulting in DoS and uninitialized memory leak in setups where an attacker could submit typed input to the 'auth' parameter e.g. JSON...

CVE-2016-4028

An issue was discovered in Open-Xchange OX Guard before 2.4.0-rev8. OX Guard uses an authentication token to identify and transfer guest users' credentials. The OX Guard API acts as a padding oracle by responding with different error codes depending on whether the provided token matches the...