Samdark

**Name of the Vulnerable Software and Affected Versions** Yii 2 Redis extension versions prior to 2.0.20 **Description** The issue concerns the logging of commands when a connection fails in the Yii 2 Redis extension. Specifically, prior to version 2.0.20, AUTH parameters are written in plain text, exposing the `username` and `password`. This could be problematic if an attacker gains access to the logs. **Recommendations** For versions prior to 2.0.20, update to version 2.0.20 to resolve the issue. As a temporary workaround, consider restricting access to the logs to minimize the risk of exploitation.

**Nome do software vulnerável e versões afetadas** yii2 (versões afetadas não especificadas) **Descrição** O problema diz respeito ao uso de um algoritmo previsível no gerador de números aleatórios. **Recomendações** No momento, não há informações sobre uma versão mais recente que contenha uma correção para essa vulnerabilidade.

Name of the Vulnerable Software and Affected Versions: Yii Framework versions prior to 2.0.14 Description: The issue allows remote attackers to obtain potentially sensitive information from exception messages or exploit reflected XSS on the error handler page in non-debug mode. This is related to the files base/ErrorHandler.php, log/Dispatcher.php, and views/errorHandler/exception.php. Recommendations: For versions prior to 2.0.14, update to version 2.0.14 or later to resolve the issue. As a temporary workaround, consider restricting access to the error handler page or disabling non-debug mode until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Yii Framework version 2.0.12 **Description** A security issue exists due to the mishandling of `$exception->errorInfo` in the exception screen when debug mode is enabled. This affects the `framework/views/errorHandler/exception.php` file. **Recommendations** For Yii Framework version 2.0.12, consider disabling debug mode to minimize the risk of exploitation until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Yii Framework versions prior to 2.0.11 **Description** A reflected Cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via crafted request data that is mishandled on the debug-mode exception screen when development mode is used. **Recommendations** For versions prior to 2.0.11, update to version 2.0.11 or later to resolve the issue. As a temporary workaround, consider disabling development mode to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Yii Framework versions prior to 2.0.4 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via vectors related to JSON, arrays, and Internet Explorer 6 or 7. **Recommendations** For versions prior to 2.0.4, update to version 2.0.4 or later to resolve the issue.