81 matches found
Sybase EAServer multiple security vulnerabilities
Directory traversal, XML injection, shell characters injection...
EAServer <= 6.3.1 Multiple Vulnerabilities
Binary data 6902.prm...
Sybase EAServer 6.x < 6.3.1 ESD#3 Multiple Code Execution Vulnerabilities
The version of Sybase EAServer installed on the remote host is 6.x prior to 6.3.1 ESD3. It is, therefore, potentially affected by multiple code execution vulnerabilities in the handling of login packets. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...
Sybase EAServer 6.3.1 < 6.3.1.07 Build 63107 / 6.2 < 6.2.0.12 Build 62012 Multiple Vulnerabilities
Binary data 6895.prm...
Sybase EAServer Detect
Sybase EAServer, an application server, is installed on the remote host. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid67006; scriptversion"1.4"; scriptcvsdate"Date: 2019/11/22"; scriptnameenglish:"Sybase EAServer Detect"; scriptsummaryenglish:"Checks for Sybase...
Sybase EAServer 6.3.1 < 6.3.1.07 Build 63107 / 6.2 < 6.2.0.12 Build 62012 Multiple Vulnerabilities
The version of Sybase EAServer installed on the remote host is 6.3.1 earlier than 6.3.1.07 Build 63107 or 6.2 earlier than 6.2.0.12 Build 62012. As such, it is potentially affected by multiple vulnerabilities : - An unspecified error can be exploited to access otherwise inaccessible, deployed...
EAServer <= 6.3.1 / 6.2 Multiple Vulnerabilities
Binary data 6935.prm...
CVE-2012-4340
Cross-site scripting XSS vulnerability in Sybase EAServer before 6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
Cross site scripting
Cross-site scripting XSS vulnerability in Sybase EAServer before 6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2012-4340
CVE-2012-4340 is an XSS vulnerability in Sybase EAServer before version 6.1. The issue allows remote attackers to execute arbitrary web script or HTML via unspecified vectors. Connected sources confirm the affected product (Sybase EAServer) and the vulnerability class (XSS), with typical impact b...
CVE-2012-4340
Cross-site scripting XSS vulnerability in Sybase EAServer before 6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
Sybase EAServer vulnerable to cross-site scripting
Overview EAServer contains a cross-site scripting vulnerability. EAServer provided by Sybase is an application server. EAServer contains a cross-site scripting vulnerability. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the develop...
JVN#47662377: Sybase EAServer vulnerable to cross-site scripting
EAServer provided by Sybase is an application server. EAServer contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by the developer...
Sybase EAServer Directory Traversal Vulnerability
Sybase EAServer is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue will allow an attacker to view arbitrary files within the context of the webserver. Information harvested may aid in launching further attacks...
Sybase EAServer Directory Traversal Vulnerability - Active Check
Sybase EAServer is prone to a directory traversal vulnerability because it fails to sufficiently sanitize user-supplied input. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
Sybase Easerver 6.3 Directory Traversal
This module exploits a directory traversal vulnerability found in Sybase EAserver's Jetty webserver on port 8000. Code execution seems unlikely with EAserver's default configuration unless the web server allows WRITE permission. This module requires Metasploit: https://metasploit.com/download...
CVE-2011-2474
Directory traversal vulnerability in the HTTP Server in Sybase EAServer 6.3.1 Developer Edition allows remote attackers to read arbitrary files via a /.../../\ sequence in a path...
Directory traversal
Directory traversal vulnerability in the HTTP Server in Sybase EAServer 6.3.1 Developer Edition allows remote attackers to read arbitrary files via a /.../../\ sequence in a path...
CVE-2011-2474
Directory traversal vulnerability in the HTTP Server in Sybase EAServer 6.3.1 Developer Edition allows remote attackers to read arbitrary files via a /.../../\ sequence in a path...
CVE-2011-2474
CVE-2011-2474 affects Sybase EAServer 6.3.1 Developer Edition (HTTP Server). The vulnerability is a directory traversal issue that allows remote attackers to read arbitrary files by sending a path containing a /.../ sequence. The published CVSS base score in NVD is 5.0 (Medium) with network acces...