CVSS: 4.9EPSS: 0%CPEs: 3EXPL: 0CVE-2013-6861
https://notcve.org/view.php?id=CVE-2013-6861
Unspecified vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows local users to obtain sensitive information via unspecified vectors. Vulnerabilidad no especificada en SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 anterior a 15.0.3 ESD#4.3, 15.5 anterior a 15.5 ESD#5.3, y 15.7 anterior a 15.7 SP50 o 15.7 SP100 permite a usuarios locales obtener información sensible a través de vectores no especificados. • http://scn.sap.com/docs/DOC-8218 http://secunia.com/advisories/55537 http://www.sybase.com/detail?id=1099371 https://service.sap.com/sap/support/notes/1809246 •
CVSS: 10.0EPSS: 7%CPEs: 1EXPL: 0CVE-2013-6245
https://notcve.org/view.php?id=CVE-2013-6245
Unspecified vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) before 15.0.3 ESD#4.3. 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to execute arbitrary code via unspecified vectors. Una vulnerabilidad no especificada en Sybase Adaptive Server Enterprise (ASE) de SAP versiones anteriores a 15.0.3 ESD#4.3. versiones 15.5 anteriores a 15.5 ESD#5.3 y versiones 15.7 anteriores a 15.7 SP50 o versión 15.7 SP100, permite a los usuarios autenticados remotos ejecutar código arbitrario por medio de vectores no especificados. • http://osvdb.org/98899 http://scn.sap.com/docs/DOC-8218 http://www.layersevensecurity.com/docs/Layer%20Seven%20Security_Advisory_September%202013.pdf http://www.securityfocus.com/bid/63310 http://www.sybase.com/detail?id=1099371 https://service.sap.com/sap/support/notes/1893560 •
CVSS: 4.0EPSS: 5%CPEs: 1EXPL: 1CVE-2013-6025 – SAP Sybase Adaptive Server Enterprise - XML External Entity Information Disclosure
https://notcve.org/view.php?id=CVE-2013-6025
The XMLParse procedure in SAP Sybase Adaptive Server Enterprise (ASE) 15.7 ESD 2 allows remote authenticated users to read arbitrary files via a SQL statement containing an XML document with an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. El procedimiento XMLParse en SAP Sybase Adaptive Server Enterprise (ASE) 15.7 ESD 2 permite a los usuarios remotos autenticados leer archivos arbitrarios a través de una declaración SQL que contenga un documento XML con una declaración de una entidad externa, relacionada con una referencia de entidad, en relación con un problema XML External Entity (XXE). SAP Sybase Adaptive Server Enterprise suffers from an XXE injection vulnerability. • https://www.exploit-db.com/exploits/38805 http://secunia.com/advisories/55377 http://www.kb.cert.org/vuls/id/303900 http://www.securityfocus.com/bid/63193 http://www.securitytracker.com/id/1029208 https://exchange.xforce.ibmcloud.com/vulnerabilities/88105 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.3EPSS: 0%CPEs: 12EXPL: 0CVE-2012-4340
https://notcve.org/view.php?id=CVE-2012-4340
Cross-site scripting (XSS) vulnerability in Sybase EAServer before 6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en Sybase EAServer before v6.1 permite a atacantes remotos inyectar código web o HTML arbitrario a través de vectores no especificados. • http://jvn.jp/en/jp/JVN47662377/index.html http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000047.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2011-5078
https://notcve.org/view.php?id=CVE-2011-5078
The web administration interface in the server in Sybase M-Business Anywhere 6.7 before ESD# 3 and 7.0 before ESD# 7 does not require admin authentication for unspecified scripts, which allows remote authenticated users to list or delete user accounts, modify passwords, or read log files via HTTP requests, aka Bug IDs 678497 and 678499. La interfaz de administración Web en el servidor Sybase M-Business Anywhere v6.7 antes de ESD#3 y v7.0 antes de ESD#7 no requiere autenticación de administrador, lo que permite listar o eliminar cuentas de usuario, modificar las contraseñas o leer los archivos de registro a usuarios remotos autenticados a través de peticiones HTTP. Se trata de un problema explicados con los Bugs ID 678497 y 678499. • http://www.sybase.com/detail?id=1095200 http://www.verisigninc.com/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=952 • CWE-264: Permissions, Privileges, and Access Controls •