Base Security Vulnerabilities

CVE-2016-5604

Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 12.1.0.5 allows local users to affect confidentiality and integrity via vectors related to Security Framework, a different vulnerability than...

CVE-2016-3563

Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 12.1.0.5 allows local users to affect confidentiality and integrity via vectors related to Security Framework, a different vulnerability than...

CVE-2016-3540

Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 12.1.0.5 and 13.1.0.0 allows remote attackers to affect confidentiality via vectors related to UI...

CVE-2016-3534

Unspecified vulnerability in the Oracle Installed Base component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect integrity via vectors related to Engineering Change Order. NOTE: the previous information is from the July 2016 CPU....

CVE-2015-7029

Apple AirPort Base Station Firmware before 7.6.7 and 7.7.x before 7.7.7 misparses DNS data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified...

CVE-2015-7988

The handle_regservice_request function in mDNSResponder before 625.41.2 allows remote attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via unspecified...

CVE-2015-7987

Multiple buffer overflows in mDNSResponder before 625.41.2 allow remote attackers to read or write to out-of-bounds memory locations via vectors involving the (1) GetValueForIPv4Addr, (2) GetValueForMACAddr, (3) rfc3110_import, or (4) CopyNSEC3ResourceRecord...

CVE-2016-2016

Base-VxFS-50 B.05.00.01 through B.05.00.02, Base-VxFS-501 B.05.01.0 through B.05.01.03, and Base-VxFS-51 B.05.10.00 through B.05.10.02 on HPE HP-UX 11iv3 with VxFS 5.0, VxFS 5.0.1, and VxFS 5.1SP1 mishandles ACL inheritance for default:class: entries, default:other: entries, and default:user:...

CVE-2016-2381

Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in...

CVE-2015-7934

The Java client in Adcon Telemetry A840 Telemetry Gateway Base Station allows remote attackers to discover log-file pathnames via unspecified...

CVE-2015-7932

Adcon Telemetry A840 Telemetry Gateway Base Station allows remote attackers to obtain sensitive information by sniffing the...

CVE-2015-7931

The Java client in Adcon Telemetry A840 Telemetry Gateway Base Station does not authenticate the station device, which allows man-in-the-middle attackers to spoof devices and obtain sensitive information by reading cleartext packet data, related to the lack of SSL...

CVE-2015-7930

Adcon Telemetry A840 Telemetry Gateway Base Station has hardcoded credentials, which allows remote attackers to obtain administrative access via unspecified...

CVE-2014-8325

The Calendar Base (cal) extension before 1.5.9 and 1.6.x before 1.6.1 for TYPO3 allows remote attackers to cause a denial of service (resource consumption) via vectors related to the PHP PCRE...

CVE-2014-6752

The Mindless Behavior Fan Base (aka com.mindless.behavior.fan.base) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted...

CVE-2014-2980

Tools/gdomap.c in gdomap in GNUstep Base 1.24.6 and earlier, when run in daemon mode, does not properly handle the file descriptor for the logger, which allows remote attackers to cause a denial of service (abort) via an invalid...

CVE-2014-2262

Buffer overflow in the client application in Base SAS 9.2 TS2M3, SAS 9.3 TS1M1 and TS1M2, and SAS 9.4 TS1M0 allows user-assisted remote attackers to execute arbitrary code via a crafted SAS...

CVE-2012-1017

Multiple SQL injection vulnerabilities in base_qry_main.php in Basic Analysis and Security Engine (BASE) 1.4.5 allow remote attackers to execute arbitrary SQL commands via the (1) ip_addr[0][1], (2) ip_addr[0][2], or (3) ip_addr[0][9]...

CVE-2010-0039

The Application-Level Gateway (ALG) on the Apple Time Capsule, AirPort Extreme Base Station, and AirPort Express Base Station with firmware before 7.5.2 modifies PORT commands in incoming FTP traffic, which allows remote attackers to use the device's IP address for arbitrary intranet TCP traffic...

CVE-2010-1804

Unspecified vulnerability in the network bridge functionality on the Apple Time Capsule, AirPort Extreme Base Station, and AirPort Express Base Station with firmware before 7.5.2 allows remote attackers to cause a denial of service (networking outage) via a crafted DHCP...

CVE-2009-2189

The ICMPv6 implementation on the Apple Time Capsule, AirPort Extreme Base Station, and AirPort Express Base Station with firmware before 7.5.2 does not limit the rate of (1) Router Advertisement and (2) Neighbor Discovery packets, which allows remote attackers to cause a denial of service...

CVE-2010-1620

Integer overflow in the load_iface function in Tools/gdomap.c in gdomap in GNUstep Base before 1.20.0 might allow context-dependent attackers to execute arbitrary code via a (1) file or (2) socket that provides configuration data with many entries, leading to a heap-based buffer...

CVE-2010-1457

Tools/gdomap.c in gdomap in GNUstep Base before 1.20.0 allows local users to read arbitrary files via a (1) -c or (2) -a option, which prints file contents in an error...

CVE-2009-2822

AirPort Utility before 5.5.1 for Apple AirPort Base Station does not properly distribute MAC address ACLs to network extenders, which allows remote attackers to bypass intended access restrictions via an 802.11 authentication...

CVE-2010-0689

The ExecuteExe method in the DVBSExeCall Control ActiveX control 1.0.0.1 in DVBSExeCall.ocx in DATEV Base System (aka Grundpaket Basis) allows remote attackers to execute arbitrary commands via unspecified...

CVE-2009-4592

Unspecified vulnerability in base_local_rules.php in Basic Analysis and Security Engine (BASE) before 1.4.4 allows remote attackers to include arbitrary local files via unknown...

CVE-2009-4590

Cross-site scripting (XSS) vulnerability in base_local_rules.php in Basic Analysis and Security Engine (BASE) before 1.4.4 allows remote attackers to inject arbitrary web script or HTML via unspecified...

CVE-2009-4591

SQL injection vulnerability in Basic Analysis and Security Engine (BASE) before 1.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified...

CVE-2008-7240

Directory traversal vulnerability in include/unverified.inc.php in Linux Web Shop (LWS) php User Base 1.3beta allows remote attackers to include and execute arbitrary local files via the template...

CVE-2009-1751

SQL injection vulnerability in list_list.php in Realty Webware Technologies Web-Base 1.0 allows remote attackers to execute arbitrary SQL commands via the id...

CVE-2009-1658

Multiple SQL injection vulnerabilities in admin/admin.php in Realty Webware Technologies Realty Web-Base 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) user (username) and (2) password parameters. NOTE: some of these details are obtained from third party...

CVE-2008-5088

Multiple SQL injection vulnerabilities in PHPKB Knowledge Base Software 1.5 Professional allow remote attackers to execute arbitrary SQL commands via the ID parameter to (1) email.php and (2) question.php, a different vector than...

CVE-2008-3555

Directory traversal vulnerability in index.php in (1) WSN Forum 4.1.43 and earlier, (2) Gallery 4.1.30 and earlier, (3) Knowledge Base (WSNKB) 4.1.36 and earlier, (4) Links 4.1.44 and earlier, and possibly (5) Classifieds before 4.1.30 allows remote attackers to include and execute arbitrary local....

CVE-2008-1909

SQL injection vulnerability in comment.php in PHP Knowledge Base (PHPKB) 1.5 and 2.0 allows remote attackers to execute arbitrary SQL commands via the ID...

CVE-2008-1542

Airspan Base Station Distribution Unit (BSDU) has "topsecret" as its password for the root account, which allows remote attackers to obtain administrative access via a telnet login, a different vulnerability than...

CVE-2008-1012

Unspecified vulnerability in Apple AirPort Extreme Base Station Firmware 7.3.1 allows remote attackers to cause a denial of service (file sharing hang) via a crafted AFP request, related to "input...

CVE-2008-1043

PHP remote file inclusion vulnerability in templates/default/header.inc.php in Linux Web Shop (LWS) php User Base 1.3 BETA allows remote attackers to execute arbitrary PHP code via a URL in the menu...

CVE-2007-3795

Unspecified vulnerability in Hitachi TP1/Server Base before 03-05-/P, 05-00-x before 05-00-/G, 05-01-x before 05-01-/A, and 05-02-x before 05-02-/C on HP-UX 11.0 through 11i v3 allows attackers to cause a denial of service by sending certain data to a...

CVE-2007-3556

Liesbeth base CMS stores sensitive information under the web root with insufficient access control, which allows remote attackers to download an include file containing account credentials via a direct request for...

CVE-2007-1039

Unspecified vulnerability in Peanut Knowledge Base (PeanutKB) 0.0.3 and earlier has unknown impact and attack...

CVE-2007-0512

Hitachi TP1/LiNK 05-00 through 05-03-/F, 03-04 through 03-06-/K, and 03-00 through 03-03-/H; and TP1/Server Base 05-00 through 05-00-/M, 03-01-E through 03-01-FD, 03-01 through 03-01-DB, and 05-03; allow attackers to cause a denial of service (process crash) via invalid data to an OpenTP1...

CVE-2006-2184

Cross-site scripting (XSS) vulnerability in search.php in PHPKB Knowledge Base allows remote attackers to inject arbitrary web script or HTML via the searchkeyword parameter. NOTE: the issue was originally disputed by the vendor, but on 20060519, the vendor notified CVE that "We have fixed all...

CVE-2006-1505

base_maintenance.php in Basic Analysis and Security Engine (BASE) before 1.2.4 (melissa), when running in standalone mode, allows remote attackers to bypass authentication, possibly by setting the standalone parameter to...

CVE-2005-3939

Multiple SQL injection vulnerabilities in WSN Knowledge Base 1.2.0 and earler allow remote attackers to execute arbitrary SQL commands via the (1) catid, (2) perpage, (3) ascdesc, and (4) orderlinks in a displaycat action in (a) index.php; and the (5) id parameter in (b) comments.php and (c)...

CVE-2005-3881

SQL injection vulnerability in search.php in AtlantisFAQ Knowledge Base Software 2.03 and earlier allows remote attackers to execute arbitrary SQL commands via the searchStr...

CVE-2005-3882

SQL injection vulnerability in answer.php in FAQSystems FAQRing Knowledge Base Software 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id...

CVE-2004-2451

Roger Wilco 1.4.1.6 and earlier, or Roger Wilco Base Station 0.30a or earlier, allows remote attackers to send audio to arbitrary channels, aka the "Voices from the deep"...

CVE-2004-0610

The Web administration interface in Microsoft MN-500 Wireless Router allows remote attackers to cause a denial of service (connection refusal) via a large number of open HTTP...

CVE-2002-0218

Format string vulnerability in (1) sastcpd in SAS/Base 8.0 and 8.1 or (2) objspawn in SAS/Integration Technologies 8.0 and 8.1 allows local users to execute arbitrary code via format specifiers in a command line...

CVE-2002-0219

Buffer overflow in (1) sastcpd in SAS/Base 8.0 and 8.1 or (2) objspawn in SAS/Integration Technologies 8.0 and 8.1 allows local users to execute arbitrary code via large command line...