VYPR

Base

by Secureideas

CVEs (9)

  • CVE-2006-2685May 31, 2006
    risk 0.07cvss epss 0.49

    PHP remote file inclusion vulnerability in Basic Analysis and Security Engine (BASE) 1.2.4 and earlier, with register_globals enabled, allows remote attackers to execute arbitrary PHP code via a URL in the BASE_path parameter to (1) base_qry_common.php, (2) base_stat_common.php,…

  • CVE-2012-1198Feb 18, 2012
    risk 0.03cvss epss 0.05

    base_ag_main.php in Basic Analysis and Security Engine (BASE) 1.4.5 allows remote attackers to execute arbitrary code by uploading contents of the file with an executable extension via a create action, then accessing it via a view action.

  • CVE-2012-1017Feb 8, 2012
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in base_qry_main.php in Basic Analysis and Security Engine (BASE) 1.4.5 allow remote attackers to execute arbitrary SQL commands via the (1) ip_addr[0][1], (2) ip_addr[0][2], or (3) ip_addr[0][9] parameters.

  • CVE-2006-1590Apr 3, 2006
    risk 0.03cvss epss 0.04

    Cross-site scripting (XSS) vulnerability in the PrintFreshPage function in (1) Basic Analysis and Security Engine (BASE) 1.2.4 and (2) Analysis Console for Intrusion Databases (ACID) 0.9.6b23 allows remote attackers to inject arbitrary web script or HTML via the (a) back…

  • CVE-2009-4592Jan 7, 2010
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in base_local_rules.php in Basic Analysis and Security Engine (BASE) before 1.4.4 allows remote attackers to include arbitrary local files via unknown vectors.

  • CVE-2009-4591Jan 7, 2010
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in Basic Analysis and Security Engine (BASE) before 1.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2009-4590Jan 7, 2010
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in base_local_rules.php in Basic Analysis and Security Engine (BASE) before 1.4.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2007-6156Nov 29, 2007
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in base_qry_main.php in Base Analysis and Security Engine (BASE) before 1.3.9 allow remote attackers to inject arbitrary web script or HTML via the (1) sig[0] and (2) sig[1] parameters.

  • CVE-2007-5578Oct 18, 2007
    risk 0.00cvss epss 0.02

    Basic Analysis and Security Engine (BASE) before 1.3.8 sends a redirect to the web browser but does not exit, which allows remote attackers to bypass authentication via (1) base_main.php, (2) base_qry_alert.php, and possibly other vectors.