CVSS: 10.0EPSS: 11%CPEs: 34EXPL: 0CVE-2011-0496
https://notcve.org/view.php?id=CVE-2011-0496
Unspecified vulnerability in Sybase EAServer 5.x and 6.x before 6.3 ESD#2, as used in Appeon, Replication Server Messaging Edition (RSME), and WorkSpace, allows remote attackers to install arbitrary web services and execute arbitrary code, related to a "design vulnerability." Vulnerabilidad no especificada en Sybase EAServer v5.x y v6.x anterior a v6.3 ESD#2, como el utilizado en Appeon, Replication Server Messaging Edition (RSME), y WorkSpace, permite a atacantes remotos instalar servicios web y ejecutar código de su elección. Relacionado con una «vulnerabilidad inherente». • http://osvdb.org/70428 http://secunia.com/advisories/42904 http://www.securityfocus.com/bid/45809 http://www.sybase.com/detail?id=1091057 http://www.vupen.com/english/advisories/2011/0125 https://exchange.xforce.ibmcloud.com/vulnerabilities/64697 •
CVSS: 7.8EPSS: 0%CPEs: 34EXPL: 0CVE-2011-0497
https://notcve.org/view.php?id=CVE-2011-0497
Directory traversal vulnerability in Sybase EAServer 6.x before 6.3 ESD#2, as used in Appeon, Replication Server Messaging Edition (RSME), and WorkSpace, allows remote attackers to read arbitrary files via "../\" (dot dot forward-slash backslash) sequences in a crafted request. Una vulnerabilidad de salto de directorio en EAServer de Sybase versiones 6.x anteriores a 6.3 ESD-2, tal y como es usado en Appeon, Replication Server Messaging Edition (RSME) y WorkSpace, permite a los atacantes remotos leer archivos arbitrarios por medio de "../\" (punto punto seguido de barra diagonal y barra invertida) en una petición especialmente diseñada. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=889 http://osvdb.org/70427 http://secunia.com/advisories/42904 http://www.securityfocus.com/bid/45809 http://www.sybase.com/detail?id=1091057 http://www.vupen.com/english/advisories/2011/0125 https://exchange.xforce.ibmcloud.com/vulnerabilities/64695 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •