81 matches found
Sybase EAServer未明目录遍历漏洞
Bugtraq ID: 47987 Sybase EAServer是一款基于开放标准的企业应用服务器,能够驱动业务关键型应用。 Sybase EAServer不正确过滤部分输入,远程攻击者可以利用目录遍历攻击读取任意文件内容,造成敏感信息泄露。 Sybase WorkSpace 2.5 Sybase WorkSpace 2.1.2 Sybase WorkSpace 2.1 Sybase WorkSpace 2.0 Sybase Replication Server Messaging Edition 15.2 Sybase EAServer 6.3.1 Sybase EAServer 6...
CVE-2011-0496
Unspecified vulnerability in Sybase EAServer 5.x and 6.x before 6.3 ESD2, as used in Appeon, Replication Server Messaging Edition RSME, and WorkSpace, allows remote attackers to install arbitrary web services and execute arbitrary code, related to a "design vulnerability."...
CVE-2011-0497
Directory traversal vulnerability in Sybase EAServer 6.x before 6.3 ESD2, as used in Appeon, Replication Server Messaging Edition RSME, and WorkSpace, allows remote attackers to read arbitrary files via "../" dot dot forward-slash backslash sequences in a crafted request...
Design/Logic Flaw
Unspecified vulnerability in Sybase EAServer 5.x and 6.x before 6.3 ESD2, as used in Appeon, Replication Server Messaging Edition RSME, and WorkSpace, allows remote attackers to install arbitrary web services and execute arbitrary code, related to a "design vulnerability."...
Directory traversal
Directory traversal vulnerability in Sybase EAServer 6.x before 6.3 ESD2, as used in Appeon, Replication Server Messaging Edition RSME, and WorkSpace, allows remote attackers to read arbitrary files via "../" dot dot forward-slash backslash sequences in a crafted request...
EUVD-2011-0516
Unspecified vulnerability in Sybase EAServer 5.x and 6.x before 6.3 ESD2, as used in Appeon, Replication Server Messaging Edition RSME, and WorkSpace, allows remote attackers to install arbitrary web services and execute arbitrary code, related to a "design vulnerability."...
CVE-2011-0497
CVE-2011-0497 —Directory traversal vulnerability in Sybase EAServer 6.x before 6.3 ESD#2, used in Appeon, Replication Server Messaging Edition (RSME), and WorkSpace. A crafted request can trigger directory traversal via the sequence "../\" to read arbitrary files. The issue is remote and network-...
CVE-2011-0496
Unspecified vulnerability in Sybase EAServer 5.x and 6.x before 6.3 ESD2, as used in Appeon, Replication Server Messaging Edition RSME, and WorkSpace, allows remote attackers to install arbitrary web services and execute arbitrary code, related to a "design vulnerability."...
CVE-2011-0496
CVE-2011-0496 affects Sybase EAServer 5.x and 6.x up to 6.3 ESD#2 (as used in Appeon, Replication Server Messaging Edition, and WorkSpace). It allows remote attackers to install arbitrary web services and execute arbitrary code, related to a "design vulnerability." The NVD lists a CVSSv2 base sco...
CVE-2011-0497
Directory traversal vulnerability in Sybase EAServer 6.x before 6.3 ESD2, as used in Appeon, Replication Server Messaging Edition RSME, and WorkSpace, allows remote attackers to read arbitrary files via "../" dot dot forward-slash backslash sequences in a crafted request...
Sybase EAServer 5.2 - Remote Stack Buffer Overflow (Metasploit)
$Id: sybaseeaserver.rb 9583 2010-06-22 19:11:05Z todb $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/...
Sybase EAServer WebConsole Buffer Overflow (CVE-2005-2297)
Sybase EAServer is a web service application server suite. The software provides a web-based management console to allow a remote user using a web browser to perform database administration tasks. The communication between the client and the web-based management console is encapsulated in the HTT...
Sybase EAServer 5.2 Remote Stack Overflow
$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Sybase...
Sybase EAServer Default Password (deprecated)
Binary data 4904.prm...
Sybase Enterprise Application Server Management Console detection
The remote host is running the Sybase Enterprise Application Server JSP Administration Console. Sybase EAServer is the open application server from Sybase Inc an enterprise software and services company, exclusively focused on managing and mobilizing information. This VT was deprecated and the...
Sybase EAServer 5.2 Remote Stack Buffer Overflow
This module exploits a stack buffer overflow in the Sybase EAServer Web Console. The offset to the SEH frame appears to change depending on what version of Java is in use by the remote server, making this exploit somewhat unreliable. This module requires Metasploit: https://metasploit.com/downloa...
Design/Logic Flaw
Sybase EAServer 5.0 for HP-UX Itanium, 5.2 for IBM AIX, HP-UX PA-RISC, Linux x86, and Sun Solaris SPARC, and 5.3 for Sun Solaris SPARC does not properly protect passwords when they are being entered via the GUI, which allows local users to obtain the cleartext passwords via the getSelectedText...
CVE-2006-2539
Sybase EAServer 5.0 for HP-UX Itanium, 5.2 for IBM AIX, HP-UX PA-RISC, Linux x86, and Sun Solaris SPARC, and 5.3 for Sun Solaris SPARC does not properly protect passwords when they are being entered via the GUI, which allows local users to obtain the cleartext passwords via the getSelectedText...
CVE-2006-2539
CVE-2006-2539 : Sybase EAServer exposes cleartext passwords entered in GUI. Local users can recover passwords via javax.swing.JPasswordField.getSelectedText. Affected products/versions: EAServer 5.0 on HP-UX Itanium; 5.2 on IBM AIX, HP-UX PA-RISC, Linux x86, Sun Solaris SPARC; 5.3 on Sun Solaris ...
CVE-2006-2539
Sybase EAServer 5.0 for HP-UX Itanium, 5.2 for IBM AIX, HP-UX PA-RISC, Linux x86, and Sun Solaris SPARC, and 5.3 for Sun Solaris SPARC does not properly protect passwords when they are being entered via the GUI, which allows local users to obtain the cleartext passwords via the getSelectedText...