MidnightBSD

Advisories for secureideas

CVE-2005-3325 HIGH

Multiple SQL injection vulnerabilities in (1) acid_qry_main.php in Analysis Console for Intrusion Databases (ACID) 0.9.6b20 and (2) base_qry_main.php in Basic Analysis and Security Engine (BASE) 1.2, and unspecified other console scripts in these products, allow remote attackers to execute arbitrary SQL commands via the sig[1] parameter and possibly other parameters.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
acid analysis_console_for_intrusion_databases 0.9.6b20
secureideas basic_analysis_and_security_engine 1.2
CVE-2009-4837 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in Basic Analysis and Security Engine (BASE) before 1.4.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) sig[1] parameter to base/base_qry_main.php, or the time[0][1] parameter to (2) base/base_stat_alerts.php or (3) base/base_stat_uaddr.php. NOTE: some of these details are obtained from third party information.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
secureideas basic_analysis_and_security_engine 1.2.5
secureideas basic_analysis_and_security_engine 1.2.0
secureideas basic_analysis_and_security_engine 1.2
secureideas basic_analysis_and_security_engine 1.3.5
secureideas basic_analysis_and_security_engine 1.1.4
secureideas basic_analysis_and_security_engine 1.2.2
secureideas basic_analysis_and_security_engine 1.2.7
secureideas basic_analysis_and_security_engine 1.3.6
secureideas basic_analysis_and_security_engine 1.3.8
secureideas basic_analysis_and_security_engine 1.2.4
secureideas basic_analysis_and_security_engine *
secureideas basic_analysis_and_security_engine 1.1.3
secureideas basic_analysis_and_security_engine 1.3.9
secureideas basic_analysis_and_security_engine 1.2.1
secureideas basic_analysis_and_security_engine 1.1
secureideas basic_analysis_and_security_engine 1.2.6
secureideas basic_analysis_and_security_engine 1.1.2
CVE-2009-4838 HIGH

SQL injection vulnerability in base_ag_common.php in Basic Analysis and Security Engine (BASE) before 1.4.3.1 allows remote attackers to execute arbitrary SQL commands via unspecified parameters. NOTE: some of these details are obtained from third party information.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
secureideas basic_analysis_and_security_engine 1.2.5
secureideas basic_analysis_and_security_engine 1.2.0
secureideas basic_analysis_and_security_engine 1.2
secureideas basic_analysis_and_security_engine 1.3.5
secureideas basic_analysis_and_security_engine 1.1.4
secureideas basic_analysis_and_security_engine 1.2.2
secureideas basic_analysis_and_security_engine 1.2.7
secureideas basic_analysis_and_security_engine 1.3.6
secureideas basic_analysis_and_security_engine 1.3.8
secureideas basic_analysis_and_security_engine 1.2.4
secureideas basic_analysis_and_security_engine *
secureideas basic_analysis_and_security_engine 1.1.3
secureideas basic_analysis_and_security_engine 1.3.9
secureideas basic_analysis_and_security_engine 1.2.1
secureideas basic_analysis_and_security_engine 1.1
secureideas basic_analysis_and_security_engine 1.2.6
secureideas basic_analysis_and_security_engine 1.1.2
CVE-2009-4839 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in Basic Analysis and Security Engine (BASE), possibly 1.4.4 and earlier, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) admin/base_roleadmin.php, (2) admin/base_useradmin.php, (3) base_conf_contents.php, (4) base_qry_sqlcalls.php, and (5) base_ag_main.php.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
secureideas basic_analysis_and_security_engine 1.2.5
secureideas basic_analysis_and_security_engine 1.2.0
secureideas basic_analysis_and_security_engine 1.4.3
secureideas basic_analysis_and_security_engine 1.2
secureideas basic_analysis_and_security_engine 1.3.5
secureideas basic_analysis_and_security_engine 1.1.4
secureideas basic_analysis_and_security_engine 1.2.2
secureideas basic_analysis_and_security_engine 1.2.7
secureideas basic_analysis_and_security_engine 1.3.6
secureideas basic_analysis_and_security_engine 1.3.8
secureideas basic_analysis_and_security_engine 1.2.4
secureideas basic_analysis_and_security_engine *
secureideas basic_analysis_and_security_engine 1.1.3
secureideas basic_analysis_and_security_engine 1.3.9
secureideas basic_analysis_and_security_engine 1.2.1
secureideas basic_analysis_and_security_engine 1.1
secureideas basic_analysis_and_security_engine 1.2.6
secureideas basic_analysis_and_security_engine 1.1.2
CVE-2012-1017 HIGH

Multiple SQL injection vulnerabilities in base_qry_main.php in Basic Analysis and Security Engine (BASE) 1.4.5 allow remote attackers to execute arbitrary SQL commands via the (1) ip_addr[0][1], (2) ip_addr[0][2], or (3) ip_addr[0][9] parameters.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
secureideas base 1.4.5
CVE-2012-1198 HIGH

base_ag_main.php in Basic Analysis and Security Engine (BASE) 1.4.5 allows remote attackers to execute arbitrary code by uploading contents of the file with an executable extension via a create action, then accessing it via a view action.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
secureideas basic_analysis_and_security_engine 1.4.5
CVE-2012-1199 HIGH

Multiple PHP remote file inclusion vulnerabilities in Basic Analysis and Security Engine (BASE) 1.4.5 allow remote attackers to execute arbitrary PHP code via a URL in the (1) BASE_path parameter to base_ag_main.php, (2) base_db_setup.php, (3) base_graph_common.php, (4) base_graph_display.php, (5) base_graph_form.php, (6) base_graph_main.php, (7) base_local_rules.php, (8) base_logout.php, (9) base_main.php, (10) base_maintenance.php, (11) base_payload.php, (12) base_qry_alert.php, (13) base_qry_common.php, (14) base_qry_main.php, (15) base_stat_alerts.php, (16) base_stat_class.php, (17) base_stat_common.php, (18) base_stat_ipaddr.php, (19) base_stat_iplink.php, (20) base_stat_ports.php, (21) base_stat_sensor.php, (22) base_stat_time.php, (23) base_stat_uaddr.php, (24) base_user.php, (25) index.php, (26) admin/base_roleadmin.php, (27) admin/base_useradmin.php, (28) admin/index.php, (29) help/base_setup_help.php, (30) includes/base_action.inc.php, (31) includes/base_cache.inc.php, (32) includes/base_db.inc.php, (33) includes/base_db.inc.php, (34) includes/base_include.inc.php, (35) includes/base_output_html.inc.php, (36) includes/base_output_query.inc.php, (37) includes/base_state_criteria.inc.php, (38) includes/base_state_query.inc.php or (39) setup/base_conf_contents.php; (40) GLOBALS[user_session_path] parameter to includes/base_state_common.inc.php; (41) BASE_Language parameter to setup/base_conf_contents.php; or (42) ado_inc_php parameter to setup/setup2.php.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,

Products Affected

Vendor Product Version
secureideas basic_analysis_and_security_engine 1.4.5