Basic Analysis And Security Engine Security Vulnerabilities and Issues — Basic Analysis And Security Engine CVE List

Lucene search

SecureideasBasic Analysis And Security Engine

9 matches found

CVE•added 2010/05/06 12:47 p.m.•45 views

CVE-2009-4838

SQL injection vulnerability in base_ag_common.php in Basic Analysis and Security Engine (BASE) before 1.4.3.1 allows remote attackers to execute arbitrary SQL commands via unspecified parameters. NOTE: some of these details are obtained from third party information.

7.5CVSS8.6AI score0.00413EPSS

CVE•added 2010/05/06 12:47 p.m.•44 views

CVE-2009-4837

Multiple cross-site scripting (XSS) vulnerabilities in Basic Analysis and Security Engine (BASE) before 1.4.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) sig[1] parameter to base/base_qry_main.php, or the time[0][1] parameter to (2) base/base_stat_alerts.php or (3) b...

4.3CVSS5.8AI score0.00285EPSS

CVE•added 2010/05/06 12:47 p.m.•37 views

CVE-2009-4839

Multiple cross-site scripting (XSS) vulnerabilities in Basic Analysis and Security Engine (BASE), possibly 1.4.4 and earlier, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) admin/base_roleadmin.php, (2) admin/base_useradmin.php, (3) base_conf_content...

4.3CVSS5.9AI score0.00329EPSS

CVE•added 2005/10/27 10:2 a.m.•36 views

CVE-2005-3325

Multiple SQL injection vulnerabilities in (1) acid_qry_main.php in Analysis Console for Intrusion Databases (ACID) 0.9.6b20 and (2) base_qry_main.php in Basic Analysis and Security Engine (BASE) 1.2, and unspecified other console scripts in these products, allow remote attackers to execute arbitrar...

7.5CVSS8.4AI score0.0266EPSS

CVE•added 2007/11/29 1:46 a.m.•34 views

CVE-2007-6156

Multiple cross-site scripting (XSS) vulnerabilities in base_qry_main.php in Base Analysis and Security Engine (BASE) before 1.3.9 allow remote attackers to inject arbitrary web script or HTML via the (1) sig[0] and (2) sig[1] parameters.

4.3CVSS5.7AI score0.00475EPSS

CVE•added 2007/10/18 10:17 p.m.•31 views

CVE-2007-5578

Basic Analysis and Security Engine (BASE) before 1.3.8 sends a redirect to the web browser but does not exit, which allows remote attackers to bypass authentication via (1) base_main.php, (2) base_qry_alert.php, and possibly other vectors.

7.5CVSS7AI score0.00658EPSS

CVE•added 2009/02/18 8:30 p.m.•27 views

CVE-2005-4878

Multiple cross-site scripting (XSS) vulnerabilities in (1) acid_qry_main.php in Analysis Console for Intrusion Databases (ACID) 0.9.6b20 and (2) base_qry_main.php in Basic Analysis and Security Engine (BASE) 1.2, and unspecified other console scripts in these products, allow remote attackers to inj...

4.3CVSS6AI score0.00475EPSS

CVE•added 2012/02/18 12:55 a.m.•26 views

CVE-2012-1198

base_ag_main.php in Basic Analysis and Security Engine (BASE) 1.4.5 allows remote attackers to execute arbitrary code by uploading contents of the file with an executable extension via a create action, then accessing it via a view action.

7.5CVSS7.8AI score0.06439EPSS

CVE•added 2012/02/18 12:55 a.m.•25 views

CVE-2012-1199

Multiple PHP remote file inclusion vulnerabilities in Basic Analysis and Security Engine (BASE) 1.4.5 allow remote attackers to execute arbitrary PHP code via a URL in the (1) BASE_path parameter to base_ag_main.php, (2) base_db_setup.php, (3) base_graph_common.php, (4) base_graph_display.php, (5) ...

7.5CVSS7.9AI score0.02295EPSS