Recent changes to bugs

Issue BASE autentication with Oracle 11g

Paulo Matos — Fri, 03 May 2013 19:23:27 -0000

First I want congrat you for your excepcional work with BASE.
Second I am deploying Base with Oracle 11g and I am with issue in autentication.
All function works fine, but autentication don´t work.
Base can create the user and password but when I enable autentication don´t work.
Application returns as "user don´t exist or password was wrong".
If you could help me, I will stay very thankful.

Regards

Issue BASE autentication with Oracle

Anonymous — Fri, 03 May 2013 15:55:29 -0000

Regards

PHP Remote Inclusion Vulnerability

Anonymous — Fri, 26 Apr 2013 17:10:18 -0000

Hi,

we ran some tests on one of our installations and found an remote inclusion vulnerability as already published on:
http://xforce.iss.net/xforce/xfdb/73200
and
http://packetstormsecurity.com/files/109663/BASE-1.4.5-Remote-File-Inclusion-Shell-Creation.html

Do you plan on fixing these issues?

Kind regards.

2995737 patch

Anonymous — Fri, 25 Mar 2011 16:03:07 -0000

Fix Sensor.name sort in base_sensor_stat.php

Props to abenson

error in DB connection settings

Anonymous — Wed, 09 Mar 2011 13:06:47 -0000

BASE doesn't show any data until in base_conf.php will be set $alert_host='0.0.0.0' and $archive_host='localhost'. In other variations of this parameters (both set to localhost, or to 0.0.0.0) BASE didn't work.

Bug in Base 1.4.5

Gilbert Standen — Fri, 24 Sep 2010 22:51:31 -0000

Hi not sure if this is the way to submit a bug. I am using BASE and ADODB with Oracle as a backend DB. When I tried to use Base 1.4.5 I found that the lower part of the main BASE page (base_main.php) threw an Oracle error for the lower part of the screen (which remains blank). The error was "Database ERROR: Database ERROR: ORA-00907 missing parenthesis". When I ripped out Base 1.4.5 and went back to 1.4.3 the error was not occurring. Thanks.

XSS

Anonymous — Wed, 11 Aug 2010 07:24:07 -0000

Base has a XSS bug in search field.

Sagan SID's show up as Emerging Thread SIDS.

Da Beave — Thu, 22 Jul 2010 14:40:38 -0000

Sagan is a real time log analysis tool that can store and correlate IDS/IPS information with log information. For more information, please see http://sagan.softwink.com. Sagan uses the Snort MySQL and PostgreSQL to store events and for correlation. When Sagan stores events, reference URLs show Sagan alerts as "EmThreat", which is incorrect. Sagan rule set SID's start at 500000. It's likely that BASE simply considers EmThreat rules any thing over 200000 (?). There's a screen shot of this issue at: http://sagan.softwink.com/screenshots.html (about middle of the page). Let me know if you need any more information.

Sorting order

Anonymous — Mon, 03 May 2010 06:09:46 -0000

base 1.4.5

base_stat_sensor.php: " ORDER BY sensor.name ASC",
base_stat_sensor.php: " ORDER BY sensor.name DESC");

Unknown column 'sensor.name' in 'order clause'

$qro->AddTitle(_SIPLTOTALEVENTS,
"occur_a", " ",
" ORDER BY event_cnt ASC",
"occur_d", " ",
" ORDER BY event_cnt DESC");

"missing" -> " ORDER BY event_cnt ASC", and " ORDER BY event_cnt DESC");

Order by unique event not work correctly
$qro->AddTitle(_SIPLUNIEVENTS,
"occur_a", "", " ORDER BY sig_cnt ASC",
"occur_d", "", " ORDER BY sig_cnt DESC");

$sql = "SELECT DISTINCT acid_event.sid, count(acid_event.cid) as event_cnt,".
" count(distinct(acid_event.signature)) as sig_cnt, ".
" count(distinct(acid_event.ip_src)) as saddr_cnt, ".
" count(distinct(acid_event.ip_dst)) as daddr_cnt, ".
"min(timestamp) as first_timestamp, max(timestamp) as last_timestamp".
$sort_sql[0].$from.$where." GROUP BY acid_event.sid ".$sort_sql[1];