BASE 1.4.5 (base_qry_main.php t_view) SQL Injection Vulnerability

No description provided by source...

AlienVault OSSIM 3.1 Reflected XSS and Blind SQL Injection

No description provided by source. !/usr/bin/python ''' AlienVault has a reflected XSS vulnerability in the url parameter of top.php. Proof of Concept: Enticing a logged in user to visit the following URL where an attacker is hosting an cookie grabber will allow for the hijacking of the user...

Alienvault Open Source SIEM (OSSIM) 3.1 - Reflected Cross-Site Scripting Blind SQL Injection

Alienvault Open Source SIEM OSSIM 3.1 - Reflected Cross-Site Scripting Blind SQL Injection !/usr/bin/python ''' AlienVault has a reflected XSS vulnerability in the "url" parameter of "top.php". Proof of Concept: Enticing a logged in user to visit the following URL where an attacker is hosting an...

CVE-2012-1017

BASE 1.4.5 is vulnerable to SQL injection in base_qry_main.php via ip_addr[0][1], ip_addr[0][2], and ip_addr[0][9], caused by insufficient sanitization of user input. This can allow remote attackers to execute arbitrary SQL commands. Exploitation details and remediation are not provided in the av...

CVE-2012-1017

Multiple SQL injection vulnerabilities in baseqrymain.php in Basic Analysis and Security Engine BASE 1.4.5 allow remote attackers to execute arbitrary SQL commands via the 1 ipaddr01, 2 ipaddr02, or 3 ipaddr09 parameters...

CVE-2009-4837

CVE-2009-4837 involves multiple cross-site scripting (XSS) vulnerabilities in the Basic Analysis and Security Engine (BASE) prior to version 1.4.3.1. The affected components allow remote attackers to inject arbitrary web script or HTML via the following parameters: (1) sig[1] in base/base_qry_mai...

CVE-2007-6156

BASE/Base Analysis and Security Engine (BASE) before 1.3.9 contains cross-site scripting in base_qry_main.php, exploitable via sig[0] and sig[1] parameters. This affects BASE 1.3.8 and earlier releases per CVE-2007-6156. Impact: remote attackers can inject arbitrary web script/HTML. Mitigation: u...