CVE-2009-4590

CVE-2009-4590 refers to a Cross-site scripting (XSS) flaw in Basic Analysis and Security Engine (BASE) before version 1.4.4, exploitable via base_local_rules.php with unspecified vectors. Affected product is BASE; root cause involves inadequate input handling in BASE prior to 1.4.4, resulting in ...

CVE-2009-4591

The affected product is Basic Analysis and Security Engine (BASE) prior to 1.4.4. It contains input-validation flaws, including an SQL-injection vulnerability that allows remote attackers to execute arbitrary SQL commands via unspecified vectors. The issue is documented across multiple sources (C...

CVE-2009-4592

BASE prior to 1.4.4 is affected by CVE-2009-4592: an unspecified vulnerability in base_local_rules.php allows remote attackers to include arbitrary local files via unknown vectors. The OpenVAS entries also describe multiple input-validation vulnerabilities in BASE before 1.4.4, including local fi...

CVE-2012-1017

BASE 1.4.5 is vulnerable to SQL injection in base_qry_main.php via ip_addr[0][1], ip_addr[0][2], and ip_addr[0][9], caused by insufficient sanitization of user input. This can allow remote attackers to execute arbitrary SQL commands. Exploitation details and remediation are not provided in the av...