CVE-2012-4340
https://notcve.org/view.php?id=CVE-2012-4340
Cross-site scripting (XSS) vulnerability in Sybase EAServer before 6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en Sybase EAServer before v6.1 permite a atacantes remotos inyectar código web o HTML arbitrario a través de vectores no especificados. • http://jvn.jp/en/jp/JVN47662377/index.html http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000047.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2011-0496
https://notcve.org/view.php?id=CVE-2011-0496
Unspecified vulnerability in Sybase EAServer 5.x and 6.x before 6.3 ESD#2, as used in Appeon, Replication Server Messaging Edition (RSME), and WorkSpace, allows remote attackers to install arbitrary web services and execute arbitrary code, related to a "design vulnerability." Vulnerabilidad no especificada en Sybase EAServer v5.x y v6.x anterior a v6.3 ESD#2, como el utilizado en Appeon, Replication Server Messaging Edition (RSME), y WorkSpace, permite a atacantes remotos instalar servicios web y ejecutar código de su elección. Relacionado con una «vulnerabilidad inherente». • http://osvdb.org/70428 http://secunia.com/advisories/42904 http://www.securityfocus.com/bid/45809 http://www.sybase.com/detail?id=1091057 http://www.vupen.com/english/advisories/2011/0125 https://exchange.xforce.ibmcloud.com/vulnerabilities/64697 •
CVE-2011-0497
https://notcve.org/view.php?id=CVE-2011-0497
Directory traversal vulnerability in Sybase EAServer 6.x before 6.3 ESD#2, as used in Appeon, Replication Server Messaging Edition (RSME), and WorkSpace, allows remote attackers to read arbitrary files via "../\" (dot dot forward-slash backslash) sequences in a crafted request. Una vulnerabilidad de salto de directorio en EAServer de Sybase versiones 6.x anteriores a 6.3 ESD-2, tal y como es usado en Appeon, Replication Server Messaging Edition (RSME) y WorkSpace, permite a los atacantes remotos leer archivos arbitrarios por medio de "../\" (punto punto seguido de barra diagonal y barra invertida) en una petición especialmente diseñada. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=889 http://osvdb.org/70427 http://secunia.com/advisories/42904 http://www.securityfocus.com/bid/45809 http://www.sybase.com/detail?id=1091057 http://www.vupen.com/english/advisories/2011/0125 https://exchange.xforce.ibmcloud.com/vulnerabilities/64695 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2006-2539
https://notcve.org/view.php?id=CVE-2006-2539
Sybase EAServer 5.0 for HP-UX Itanium, 5.2 for IBM AIX, HP-UX PA-RISC, Linux x86, and Sun Solaris SPARC, and 5.3 for Sun Solaris SPARC does not properly protect passwords when they are being entered via the GUI, which allows local users to obtain the cleartext passwords via the getSelectedText function in javax.swing.JPasswordField component. • http://secunia.com/advisories/20145 http://www.securityfocus.com/bid/18036 http://www.sybase.com/detail?id=1040665 http://www.vupen.com/english/advisories/2006/1869 https://exchange.xforce.ibmcloud.com/vulnerabilities/26567 •
CVE-2005-2297 – Sybase EAServer 5.2 - Remote Stack Buffer Overflow
https://notcve.org/view.php?id=CVE-2005-2297
Stack-based buffer overflow in TreeAction.do in Sybase EAServer 4.2.5 through 5.2 allows remote authenticated users to execute arbitrary code via a large javascript parameter. Desbordamiento de búfer en TreeAction.do en Sybase EAServer 4.2.5 hasta la 5.2 permite que usuarios autentificados remotamente ejecute código arbitrario mediante un parámtro grande javascript. • https://www.exploit-db.com/exploits/16766 http://marc.info/?l=bugtraq&m=112146180532313&w=2 http://secunia.com/advisories/16108 http://securitytracker.com/id?1014497 http://www.spidynamics.com/spilabs/advisories/sybaseEAserverOverflow.htm http://www.sybase.com/detail?id=1036742 •