Secureideas

Basic Analysis And Security Engine

9 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2012-1198

Exploit
  • EPSS 6.44%
  • Veröffentlicht 18.02.2012 00:55:02
  • Zuletzt bearbeitet 11.04.2025 00:51:21

base_ag_main.php in Basic Analysis and Security Engine (BASE) 1.4.5 allows remote attackers to execute arbitrary code by uploading contents of the file with an executable extension via a create action, then accessing it via a view action.

7.5

CVE-2012-1199

Exploit
  • EPSS 2.3%
  • Veröffentlicht 18.02.2012 00:55:02
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Multiple PHP remote file inclusion vulnerabilities in Basic Analysis and Security Engine (BASE) 1.4.5 allow remote attackers to execute arbitrary PHP code via a URL in the (1) BASE_path parameter to base_ag_main.php, (2) base_db_setup.php, (3) base_g...

4.3

CVE-2009-4837

Exploit
  • EPSS 0.29%
  • Veröffentlicht 06.05.2010 12:47:23
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Multiple cross-site scripting (XSS) vulnerabilities in Basic Analysis and Security Engine (BASE) before 1.4.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) sig[1] parameter to base/base_qry_main.php, or the time[0][1] pa...

7.5

CVE-2009-4838

  • EPSS 0.41%
  • Veröffentlicht 06.05.2010 12:47:23
  • Zuletzt bearbeitet 11.04.2025 00:51:21

SQL injection vulnerability in base_ag_common.php in Basic Analysis and Security Engine (BASE) before 1.4.3.1 allows remote attackers to execute arbitrary SQL commands via unspecified parameters. NOTE: some of these details are obtained from third p...

4.3

CVE-2009-4839

  • EPSS 0.33%
  • Veröffentlicht 06.05.2010 12:47:23
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Multiple cross-site scripting (XSS) vulnerabilities in Basic Analysis and Security Engine (BASE), possibly 1.4.4 and earlier, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) admin/base_roleadmin.php, (2...

4.3

CVE-2005-4878

  • EPSS 0.33%
  • Veröffentlicht 18.02.2009 20:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple cross-site scripting (XSS) vulnerabilities in (1) acid_qry_main.php in Analysis Console for Intrusion Databases (ACID) 0.9.6b20 and (2) base_qry_main.php in Basic Analysis and Security Engine (BASE) 1.2, and unspecified other console scripts...

4.3

CVE-2007-6156

  • EPSS 0.48%
  • Veröffentlicht 29.11.2007 01:46:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple cross-site scripting (XSS) vulnerabilities in base_qry_main.php in Base Analysis and Security Engine (BASE) before 1.3.9 allow remote attackers to inject arbitrary web script or HTML via the (1) sig[0] and (2) sig[1] parameters.

7.5

CVE-2007-5578

  • EPSS 0.66%
  • Veröffentlicht 18.10.2007 22:17:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Basic Analysis and Security Engine (BASE) before 1.3.8 sends a redirect to the web browser but does not exit, which allows remote attackers to bypass authentication via (1) base_main.php, (2) base_qry_alert.php, and possibly other vectors.

7.5

CVE-2005-3325

Exploit
  • EPSS 3.07%
  • Veröffentlicht 27.10.2005 10:02:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Multiple SQL injection vulnerabilities in (1) acid_qry_main.php in Analysis Console for Intrusion Databases (ACID) 0.9.6b20 and (2) base_qry_main.php in Basic Analysis and Security Engine (BASE) 1.2, and unspecified other console scripts in these pro...