CVSS: 4.3EPSS: 0%CPEs: 12EXPL: 0CVE-2012-4340
https://notcve.org/view.php?id=CVE-2012-4340
Cross-site scripting (XSS) vulnerability in Sybase EAServer before 6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en Sybase EAServer before v6.1 permite a atacantes remotos inyectar código web o HTML arbitrario a través de vectores no especificados. • http://jvn.jp/en/jp/JVN47662377/index.html http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000047.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 0CVE-2002-1861
https://notcve.org/view.php?id=CVE-2002-1861
Sybase Enterprise Application Server 4.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF."). • http://online.securityfocus.com/archive/1/279582 http://www.iss.net/security_center/static/9446.php http://www.securityfocus.com/bid/5119 http://www.westpoint.ltd.uk/advisories/wp-02-0002.txt •