CVSS: 4.3EPSS: 0%CPEs: 12EXPL: 0CVE-2012-4340
https://notcve.org/view.php?id=CVE-2012-4340
Cross-site scripting (XSS) vulnerability in Sybase EAServer before 6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en Sybase EAServer before v6.1 permite a atacantes remotos inyectar código web o HTML arbitrario a través de vectores no especificados. • http://jvn.jp/en/jp/JVN47662377/index.html http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000047.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.6EPSS: 96%CPEs: 4EXPL: 1CVE-2005-2297 – Sybase EAServer 5.2 - Remote Stack Buffer Overflow
https://notcve.org/view.php?id=CVE-2005-2297
Stack-based buffer overflow in TreeAction.do in Sybase EAServer 4.2.5 through 5.2 allows remote authenticated users to execute arbitrary code via a large javascript parameter. Desbordamiento de búfer en TreeAction.do en Sybase EAServer 4.2.5 hasta la 5.2 permite que usuarios autentificados remotamente ejecute código arbitrario mediante un parámtro grande javascript. • https://www.exploit-db.com/exploits/16766 http://marc.info/?l=bugtraq&m=112146180532313&w=2 http://secunia.com/advisories/16108 http://securitytracker.com/id?1014497 http://www.spidynamics.com/spilabs/advisories/sybaseEAserverOverflow.htm http://www.sybase.com/detail?id=1036742 •