Recent changes to bugs

Issue BASE autentication with Oracle 11g

2013-05-03T19:23:27Z

First I want congrat you for your excepcional work with BASE.
Second I am deploying Base with Oracle 11g and I am with issue in autentication.
All function works fine, but autentication don´t work.
Base can create the user and password but when I enable autentication don´t work.
Application returns as "user don´t exist or password was wrong".
If you could help me, I will stay very thankful.

Regards

Issue BASE autentication with Oracle

2013-05-03T15:55:29Z

Regards

PHP Remote Inclusion Vulnerability

2013-04-26T17:10:18Z

Hi,

we ran some tests on one of our installations and found an remote inclusion vulnerability as already published on:
http://xforce.iss.net/xforce/xfdb/73200
and
http://packetstormsecurity.com/files/109663/BASE-1.4.5-Remote-File-Inclusion-Shell-Creation.html

Do you plan on fixing these issues?

Kind regards.

2995737 patch

2011-03-25T16:03:07Z

Fix Sensor.name sort in base_sensor_stat.php

Props to abenson

error in DB connection settings

2011-03-09T13:06:47Z

BASE doesn't show any data until in base_conf.php will be set $alert_host='0.0.0.0' and $archive_host='localhost'. In other variations of this parameters (both set to localhost, or to 0.0.0.0) BASE didn't work.

Bug in Base 1.4.5

2010-09-24T22:51:31Z

Hi not sure if this is the way to submit a bug. I am using BASE and ADODB with Oracle as a backend DB. When I tried to use Base 1.4.5 I found that the lower part of the main BASE page (base_main.php) threw an Oracle error for the lower part of the screen (which remains blank). The error was "Database ERROR: Database ERROR: ORA-00907 missing parenthesis". When I ripped out Base 1.4.5 and went back to 1.4.3 the error was not occurring. Thanks.

XSS

2010-08-11T07:24:07Z

Base has a XSS bug in search field.

Sagan SID's show up as Emerging Thread SIDS.

2010-07-22T14:40:38Z

Sagan is a real time log analysis tool that can store and correlate IDS/IPS information with log information. For more information, please see http://sagan.softwink.com. Sagan uses the Snort MySQL and PostgreSQL to store events and for correlation. When Sagan stores events, reference URLs show Sagan alerts as "EmThreat", which is incorrect. Sagan rule set SID's start at 500000. It's likely that BASE simply considers EmThreat rules any thing over 200000 (?). There's a screen shot of this issue at: http://sagan.softwink.com/screenshots.html (about middle of the page). Let me know if you need any more information.

Sorting order

2010-05-03T06:09:46Z

base 1.4.5

base_stat_sensor.php: " ORDER BY sensor.name ASC",
base_stat_sensor.php: " ORDER BY sensor.name DESC");

Unknown column 'sensor.name' in 'order clause'

$qro->AddTitle(_SIPLTOTALEVENTS,
"occur_a", " ",
" ORDER BY event_cnt ASC",
"occur_d", " ",
" ORDER BY event_cnt DESC");

"missing" -> " ORDER BY event_cnt ASC", and " ORDER BY event_cnt DESC");

Order by unique event not work correctly
$qro->AddTitle(_SIPLUNIEVENTS,
"occur_a", "", " ORDER BY sig_cnt ASC",
"occur_d", "", " ORDER BY sig_cnt DESC");

$sql = "SELECT DISTINCT acid_event.sid, count(acid_event.cid) as event_cnt,".
" count(distinct(acid_event.signature)) as sig_cnt, ".
" count(distinct(acid_event.ip_src)) as saddr_cnt, ".
" count(distinct(acid_event.ip_dst)) as daddr_cnt, ".
"min(timestamp) as first_timestamp, max(timestamp) as last_timestamp".
$sort_sql[0].$from.$where." GROUP BY acid_event.sid ".$sort_sql[1];