Secureideas Basic Analysis And Security Engine vulnerabilities
9 known vulnerabilities affecting secureideas/basic_analysis_and_security_engine.
Total CVEs
9
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
HIGH5MEDIUM4
Vulnerabilities
Page 1 of 1
CVE-2012-1198P3HIGHCVSS 7.5PoCv1.4.52012-02-18
CVE-2012-1198 [HIGH] CWE-20 CVE-2012-1198: base_ag_main.php in Basic Analysis and Security Engine (BASE) 1.4.5 allows remote attackers to execu
base_ag_main.php in Basic Analysis and Security Engine (BASE) 1.4.5 allows remote attackers to execute arbitrary code by uploading contents of the file with an executable extension via a create action, then accessing it via a view action.
nvd
CVE-2012-1199P3HIGHCVSS 7.5PoCv1.4.52012-02-18
CVE-2012-1199 [HIGH] CWE-94 CVE-2012-1199: Multiple PHP remote file inclusion vulnerabilities in Basic Analysis and Security Engine (BASE) 1.4.
Multiple PHP remote file inclusion vulnerabilities in Basic Analysis and Security Engine (BASE) 1.4.5 allow remote attackers to execute arbitrary PHP code via a URL in the (1) BASE_path parameter to base_ag_main.php, (2) base_db_setup.php, (3) base_graph_common.php, (4) base_graph_display.php, (5) base_graph_form.php, (6) base_graph_main.php, (7) base_lo
nvd
CVE-2005-3325P3HIGHCVSS 7.5PoCv1.22005-10-27
CVE-2005-3325 [HIGH] CWE-89 CVE-2005-3325: Multiple SQL injection vulnerabilities in (1) acid_qry_main.php in Analysis Console for Intrusion Da
Multiple SQL injection vulnerabilities in (1) acid_qry_main.php in Analysis Console for Intrusion Databases (ACID) 0.9.6b20 and (2) base_qry_main.php in Basic Analysis and Security Engine (BASE) 1.2, and unspecified other console scripts in these products, allow remote attackers to execute arbitrary SQL commands via the sig[1] parameter and possibly othe
nvd
CVE-2007-5578P3HIGHCVSS 7.5v1.3.62007-10-18
CVE-2007-5578 [HIGH] CWE-287 CVE-2007-5578: Basic Analysis and Security Engine (BASE) before 1.3.8 sends a redirect to the web browser but does
Basic Analysis and Security Engine (BASE) before 1.3.8 sends a redirect to the web browser but does not exit, which allows remote attackers to bypass authentication via (1) base_main.php, (2) base_qry_alert.php, and possibly other vectors.
nvd
CVE-2009-4838P3HIGHCVSS 7.5≤ 1.4.3v1.1+15 more2010-05-06
CVE-2009-4838 [HIGH] CWE-89 CVE-2009-4838: SQL injection vulnerability in base_ag_common.php in Basic Analysis and Security Engine (BASE) befor
SQL injection vulnerability in base_ag_common.php in Basic Analysis and Security Engine (BASE) before 1.4.3.1 allows remote attackers to execute arbitrary SQL commands via unspecified parameters. NOTE: some of these details are obtained from third party information.
nvd
CVE-2007-6156P4MEDIUMCVSS 4.3≤ 1.3.8v1.1+13 more2007-11-29
CVE-2007-6156 [MEDIUM] CWE-79 CVE-2007-6156: Multiple cross-site scripting (XSS) vulnerabilities in base_qry_main.php in Base Analysis and Securi
Multiple cross-site scripting (XSS) vulnerabilities in base_qry_main.php in Base Analysis and Security Engine (BASE) before 1.3.9 allow remote attackers to inject arbitrary web script or HTML via the (1) sig[0] and (2) sig[1] parameters.
nvd
CVE-2005-4878P4MEDIUMCVSS 4.3v1.22009-02-18
CVE-2005-4878 [MEDIUM] CWE-79 CVE-2005-4878: Multiple cross-site scripting (XSS) vulnerabilities in (1) acid_qry_main.php in Analysis Console for
Multiple cross-site scripting (XSS) vulnerabilities in (1) acid_qry_main.php in Analysis Console for Intrusion Databases (ACID) 0.9.6b20 and (2) base_qry_main.php in Basic Analysis and Security Engine (BASE) 1.2, and unspecified other console scripts in these products, allow remote attackers to inject arbitrary web script or HTML via the sig[1] paramet
nvd
CVE-2009-4839P4MEDIUMCVSS 4.3≤ 1.4.4v1.1+16 more2010-05-06
CVE-2009-4839 [MEDIUM] CWE-79 CVE-2009-4839: Multiple cross-site scripting (XSS) vulnerabilities in Basic Analysis and Security Engine (BASE), po
Multiple cross-site scripting (XSS) vulnerabilities in Basic Analysis and Security Engine (BASE), possibly 1.4.4 and earlier, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) admin/base_roleadmin.php, (2) admin/base_useradmin.php, (3) base_conf_contents.php, (4) base_qry_sqlcalls.php, and (5) base_ag_main.
nvd
CVE-2009-4837P4MEDIUMCVSS 4.3≤ 1.4.3v1.1+15 more2010-05-06
CVE-2009-4837 [MEDIUM] CWE-79 CVE-2009-4837: Multiple cross-site scripting (XSS) vulnerabilities in Basic Analysis and Security Engine (BASE) bef
Multiple cross-site scripting (XSS) vulnerabilities in Basic Analysis and Security Engine (BASE) before 1.4.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) sig[1] parameter to base/base_qry_main.php, or the time[0][1] parameter to (2) base/base_stat_alerts.php or (3) base/base_stat_uaddr.php. NOTE: some of these details ar
nvd