CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 0CVE-2011-2475
https://notcve.org/view.php?id=CVE-2011-2475
Format string vulnerability in ECTrace.dll in the iMailGateway service in the Internet Mail Gateway in OneBridge Server and DMZ Proxy in Sybase OneBridge Mobile Data Suite 5.5 and 5.6 allows remote attackers to execute arbitrary code via format string specifiers in unspecified string fields, related to authentication logging. Vulnerabilidad de formato de cadena en ECTrace.dll en el servicio iMailGateway en el Internet Mail Gateway en OneBridge Server y DMZ Proxy en Sybase OneBridge Mobile Data Suite v5.5 y v5.6 permite a atacantes remotos ejecutar código arbitrario mediante especificadores de formato de cadena en campos de cadena no especificados, relacionada con la autenticación de registro. • http://www.sybase.com/detail?id=1092074 http://zerodayinitiative.com/advisories/ZDI-11-171 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 5.0EPSS: 2%CPEs: 1EXPL: 0CVE-2011-2474 – Sybase Easerver 6.3 Directory Traversal
https://notcve.org/view.php?id=CVE-2011-2474
Directory traversal vulnerability in the HTTP Server in Sybase EAServer 6.3.1 Developer Edition allows remote attackers to read arbitrary files via a /.\../\../\ sequence in a path. Vulnerabilidad de salto de directorio en el servidor HTTP de Sybase EAServer v6.3.1 Developer Edition , permite a atacantes remotos incluir y ejecutar ficheros locales de su elección al utilizar la secuencia /.\../\../\ en una ruta. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=912 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 11%CPEs: 34EXPL: 0CVE-2011-0496
https://notcve.org/view.php?id=CVE-2011-0496
Unspecified vulnerability in Sybase EAServer 5.x and 6.x before 6.3 ESD#2, as used in Appeon, Replication Server Messaging Edition (RSME), and WorkSpace, allows remote attackers to install arbitrary web services and execute arbitrary code, related to a "design vulnerability." Vulnerabilidad no especificada en Sybase EAServer v5.x y v6.x anterior a v6.3 ESD#2, como el utilizado en Appeon, Replication Server Messaging Edition (RSME), y WorkSpace, permite a atacantes remotos instalar servicios web y ejecutar código de su elección. Relacionado con una «vulnerabilidad inherente». • http://osvdb.org/70428 http://secunia.com/advisories/42904 http://www.securityfocus.com/bid/45809 http://www.sybase.com/detail?id=1091057 http://www.vupen.com/english/advisories/2011/0125 https://exchange.xforce.ibmcloud.com/vulnerabilities/64697 •
CVSS: 7.8EPSS: 0%CPEs: 34EXPL: 0CVE-2011-0497
https://notcve.org/view.php?id=CVE-2011-0497
Directory traversal vulnerability in Sybase EAServer 6.x before 6.3 ESD#2, as used in Appeon, Replication Server Messaging Edition (RSME), and WorkSpace, allows remote attackers to read arbitrary files via "../\" (dot dot forward-slash backslash) sequences in a crafted request. Una vulnerabilidad de salto de directorio en EAServer de Sybase versiones 6.x anteriores a 6.3 ESD-2, tal y como es usado en Appeon, Replication Server Messaging Edition (RSME) y WorkSpace, permite a los atacantes remotos leer archivos arbitrarios por medio de "../\" (punto punto seguido de barra diagonal y barra invertida) en una petición especialmente diseñada. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=889 http://osvdb.org/70427 http://secunia.com/advisories/42904 http://www.securityfocus.com/bid/45809 http://www.sybase.com/detail?id=1091057 http://www.vupen.com/english/advisories/2011/0125 https://exchange.xforce.ibmcloud.com/vulnerabilities/64695 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 18%CPEs: 2EXPL: 2CVE-2008-0912 – Sybase MobiLink 10.0.1.3629 - Multiple Heap Buffer Overflow Vulnerabilities
https://notcve.org/view.php?id=CVE-2008-0912
Multiple heap-based buffer overflows in mlsrv10.exe in Sybase MobiLink 10.0.1.3629 and earlier, as used by SQL Anywhere Developer Edition 10.0.1.3415 and probably other products, allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a long (1) username, (2) version, or (3) remote ID. NOTE: some of these details are obtained from third party information. Múltiples desbordamientos de búfer basados en montículo en mlsrv10.exe de Sybase MobiLink 10.0.1.3629 y anteriores, del modo que se usa en SQL Anywhere Developer Edition 10.0.1.3415 y probablemente otros productos, permiten a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (caída del demonio) a través de 1) nombre de usuario, (2) versión o (3) ID remota largos. NOTA: algunos de estos detalles se han obtenido de información de terceros. • https://www.exploit-db.com/exploits/31271 http://aluigi.altervista.org/adv/mobilinkhof-adv.txt http://secunia.com/advisories/29045 http://securityreason.com/securityalert/3691 http://www.securityfocus.com/archive/1/488409/100/0/threaded http://www.securityfocus.com/archive/1/490259/100/0/threaded http://www.securityfocus.com/bid/27914 http://www.securitytracker.com/id?1019469 http://www.vupen.com/english/advisories/2008/0626 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •