Basic Analysis And Security Engine Security Vulnerabilities and Issues — Basic Analysis And Security Engine CVE List

SecureideasBasic Analysis And Security Engine

9 matches found

CVE•added 2010/05/05 6:0 p.m.•54 views

CVE-2009-4838

CVE-2009-4838 : A SQL injection vulnerability exists in Base_Ag_Common.php of the Basic Analysis and Security Engine (BASE) before version 1.4.3.1. Remote attackers can execute arbitrary SQL commands via unspecified parameters due to inadequate input handling. This risk affects BASE deployments r...

7.5CVSS8.6AI score0.00413EPSS

CVE•added 2010/05/05 6:0 p.m.•53 views

CVE-2009-4837

CVE-2009-4837 involves multiple cross-site scripting (XSS) vulnerabilities in the Basic Analysis and Security Engine (BASE) prior to version 1.4.3.1. The affected components allow remote attackers to inject arbitrary web script or HTML via the following parameters: (1) sig[1] in base/base_qry_mai...

4.3CVSS5.8AI score0.00285EPSS

Web

CVE•added 2010/05/05 6:0 p.m.•45 views

CVE-2009-4839

The CVE-2009-4839 entry concerns the Basic Analysis and Security Engine (BASE), likely versions 1.4.4 and earlier. The issue comprises multiple input-validation vulnerabilities in BASE allowing remote attackers to inject arbitrary web script or HTML (XSS) via parameters to admin/base_roleadmin.ph...

4.3CVSS5.9AI score0.00329EPSS

CVE•added 2005/10/27 4:0 a.m.•44 views

CVE-2005-3325

CVE-2005-3325 concerns SQL injection in ACID/BASE consoles (acidlab/acidbase) due to missing input sanitising and improper parameter validation. Debian and related advisories (DSA-893-1) confirm remote exploitation via base_qry_main.php/acid_qry_main.php and related console components, with fixed...

7.5CVSS8.4AI score0.03958EPSS

CVE•added 2007/11/29 1:0 a.m.•40 views

CVE-2007-6156

BASE/Base Analysis and Security Engine (BASE) before 1.3.9 contains cross-site scripting in base_qry_main.php, exploitable via sig[0] and sig[1] parameters. This affects BASE 1.3.8 and earlier releases per CVE-2007-6156. Impact: remote attackers can inject arbitrary web script/HTML. Mitigation: u...

4.3CVSS5.7AI score0.00508EPSS

CVE•added 2007/10/18 10:0 p.m.•37 views

CVE-2007-5578

BASE is affected: the Basic Analysis and Security Engine (BASE) before version 1.3.8 fails to exit after issuing a redirect, enabling remote attackers to bypass authentication via multiple scripts (notably base_main.php and base_qry_alert.php). Exploitation details are not provided in the connect...

7.5CVSS7AI score0.00792EPSS

CVE•added 2012/02/18 12:0 a.m.•36 views

CVE-2012-1198

CVE-2012-1198 affects BASE 1.4.5. The issue occurs in base_ag_main.php where an attacker can upload a file with an executable extension via a create action and then access it via a view action, enabling remote code execution. The NVD entry assigns a CVSSv2 base score of 7.5 (HIGH) with network ac...

7.5CVSS7.8AI score0.04086EPSS

CVE•added 2009/02/18 8:0 p.m.•35 views

CVE-2005-4878

CVE-2005-4878 details: Multiple XSS vulnerabilities in ACID 0.9.6b20 (acid_qry_main.php) and BASE 1.2 (base_qry_main.php), plus unspecified consoles, allow remote injection via the sig[1] parameter and related inputs. Connected documents also flag a separate but related issue CVE-2007-6156 affect...

4.3CVSS6AI score0.00508EPSS

CVE•added 2012/02/18 12:0 a.m.•33 views

CVE-2012-1199

BASE 1.4.5 contains multiple PHP remote file inclusion vulnerabilities that allow an attacker to execute arbitrary PHP code by passing a URL to the BASE_path parameter (and related parameters) to various BASE scripts (e.g., base_ag_main.php, base_db_setup.php, base_graph_.php, base_qry_ .php, bas...

7.5CVSS7.9AI score0.01302EPSS

Web