Yii 2 Redis may expose AUTH parameters in logs in case of connection failure

Impact On failing connection extension writes commands sequence to logs. AUTH parameters are written in plain text exposing username and password. That might be an issue if attacker has access to logs...

GHSA-G3P6-82VC-43JH Yii 2 Redis may expose AUTH parameters in logs in case of connection failure

Impact On failing connection extension writes commands sequence to logs. AUTH parameters are written in plain text exposing username and password. That might be an issue if attacker has access to logs...

CVE-2025-48493 Yii 2 Redis may expose AUTH paramters in logs in case of connection failure

The Yii 2 Redis extension provides the redis key-value store support for the Yii framework 2.0. On failing connection, the extension writes commands sequence to logs. Prior to version 2.0.20, AUTH parameters are written in plain text exposing username and password. That might be an issue if...

Accellion FTA Device Cross-Site Scripting Vulnerability

Accellion File Transfer is a web-based file transfer/synchronization system. A cross-site scripting vulnerability exists in the Accellion FTA appliance FTA912180 and prior versions. 允许远程攻击者可以通过courier/1000@/index.html中的authparams参数注入任意的web脚本或HTML...

CVE-2017-8791

An issue was discovered on Accellion FTA devices before FTA912180. There is a home/seos/courier/login.html authparams CRLF attack vector...