Secureideas

Basic Analysis And Security Engine

9 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2012-1198

Exploit
  • EPSS 6.44%
  • Published 18.02.2012 00:55:02
  • Last modified 11.04.2025 00:51:21

base_ag_main.php in Basic Analysis and Security Engine (BASE) 1.4.5 allows remote attackers to execute arbitrary code by uploading contents of the file with an executable extension via a create action, then accessing it via a view action.

7.5

CVE-2012-1199

Exploit
  • EPSS 2.3%
  • Published 18.02.2012 00:55:02
  • Last modified 11.04.2025 00:51:21

Multiple PHP remote file inclusion vulnerabilities in Basic Analysis and Security Engine (BASE) 1.4.5 allow remote attackers to execute arbitrary PHP code via a URL in the (1) BASE_path parameter to base_ag_main.php, (2) base_db_setup.php, (3) base_g...

4.3

CVE-2009-4837

Exploit
  • EPSS 0.29%
  • Published 06.05.2010 12:47:23
  • Last modified 11.04.2025 00:51:21

Multiple cross-site scripting (XSS) vulnerabilities in Basic Analysis and Security Engine (BASE) before 1.4.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) sig[1] parameter to base/base_qry_main.php, or the time[0][1] pa...

7.5

CVE-2009-4838

  • EPSS 0.41%
  • Published 06.05.2010 12:47:23
  • Last modified 11.04.2025 00:51:21

SQL injection vulnerability in base_ag_common.php in Basic Analysis and Security Engine (BASE) before 1.4.3.1 allows remote attackers to execute arbitrary SQL commands via unspecified parameters. NOTE: some of these details are obtained from third p...

4.3

CVE-2009-4839

  • EPSS 0.33%
  • Published 06.05.2010 12:47:23
  • Last modified 11.04.2025 00:51:21

Multiple cross-site scripting (XSS) vulnerabilities in Basic Analysis and Security Engine (BASE), possibly 1.4.4 and earlier, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) admin/base_roleadmin.php, (2...

4.3

CVE-2005-4878

  • EPSS 0.33%
  • Published 18.02.2009 20:30:00
  • Last modified 09.04.2025 00:30:58

Multiple cross-site scripting (XSS) vulnerabilities in (1) acid_qry_main.php in Analysis Console for Intrusion Databases (ACID) 0.9.6b20 and (2) base_qry_main.php in Basic Analysis and Security Engine (BASE) 1.2, and unspecified other console scripts...

4.3

CVE-2007-6156

  • EPSS 0.48%
  • Published 29.11.2007 01:46:00
  • Last modified 09.04.2025 00:30:58

Multiple cross-site scripting (XSS) vulnerabilities in base_qry_main.php in Base Analysis and Security Engine (BASE) before 1.3.9 allow remote attackers to inject arbitrary web script or HTML via the (1) sig[0] and (2) sig[1] parameters.

7.5

CVE-2007-5578

  • EPSS 0.66%
  • Published 18.10.2007 22:17:00
  • Last modified 09.04.2025 00:30:58

Basic Analysis and Security Engine (BASE) before 1.3.8 sends a redirect to the web browser but does not exit, which allows remote attackers to bypass authentication via (1) base_main.php, (2) base_qry_alert.php, and possibly other vectors.

7.5

CVE-2005-3325

Exploit
  • EPSS 3.07%
  • Published 27.10.2005 10:02:00
  • Last modified 03.04.2025 01:03:51

Multiple SQL injection vulnerabilities in (1) acid_qry_main.php in Analysis Console for Intrusion Databases (ACID) 0.9.6b20 and (2) base_qry_main.php in Basic Analysis and Security Engine (BASE) 1.2, and unspecified other console scripts in these pro...