Page 5 of 22 results (0.003 seconds)

CVSS: 4.9EPSS: 0%CPEs: 3EXPL: 0

Unspecified vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows local users to obtain sensitive information via unspecified vectors. Vulnerabilidad no especificada en SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 anterior a 15.0.3 ESD#4.3, 15.5 anterior a 15.5 ESD#5.3, y 15.7 anterior a 15.7 SP50 o 15.7 SP100 permite a usuarios locales obtener información sensible a través de vectores no especificados. • http://scn.sap.com/docs/DOC-8218 http://secunia.com/advisories/55537 http://www.sybase.com/detail?id=1099371 https://service.sap.com/sap/support/notes/1809246 •

CVSS: 4.0EPSS: 5%CPEs: 1EXPL: 1

The XMLParse procedure in SAP Sybase Adaptive Server Enterprise (ASE) 15.7 ESD 2 allows remote authenticated users to read arbitrary files via a SQL statement containing an XML document with an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. El procedimiento XMLParse en SAP Sybase Adaptive Server Enterprise (ASE) 15.7 ESD 2 permite a los usuarios remotos autenticados leer archivos arbitrarios a través de una declaración SQL que contenga un documento XML con una declaración de una entidad externa, relacionada con una referencia de entidad, en relación con un problema XML External Entity (XXE). SAP Sybase Adaptive Server Enterprise suffers from an XXE injection vulnerability. • https://www.exploit-db.com/exploits/38805 http://secunia.com/advisories/55377 http://www.kb.cert.org/vuls/id/303900 http://www.securityfocus.com/bid/63193 http://www.securitytracker.com/id/1029208 https://exchange.xforce.ibmcloud.com/vulnerabilities/88105 • CWE-94: Improper Control of Generation of Code ('Code Injection') •