Lucene search
K
SybaseEaserver

8 matches found

CVE
CVE
added 2011/06/09 9:0 p.m.67 views

CVE-2011-2474

CVE-2011-2474 affects Sybase EAServer 6.3.1 Developer Edition (HTTP Server). The vulnerability is a directory traversal issue that allows remote attackers to read arbitrary files by sending a path containing a /.../ sequence. The published CVSS base score in NVD is 5.0 (Medium) with network acces...

5CVSS6.7AI score0.63612EPSS
CVE
CVE
added 2005/06/28 4:0 a.m.65 views

CVE-2002-1861

CVE-2002-1861 concerns Sybase Enterprise Application Server 4.0 running on Windows, where a remote attacker could retrieve files from the WEB-INF directory by requesting the directory with a trailing dot (WEB-INF.). This is an information disclosure vulnerability tied to how the server handles WE...

5CVSS7.5AI score0.02119EPSS
CVE
CVE
added 2011/01/20 6:0 p.m.65 views

CVE-2011-0496

CVE-2011-0496 affects Sybase EAServer 5.x and 6.x up to 6.3 ESD#2 (as used in Appeon, Replication Server Messaging Edition, and WorkSpace). It allows remote attackers to install arbitrary web services and execute arbitrary code, related to a "design vulnerability." The NVD lists a CVSSv2 base sco...

10CVSS7.4AI score0.04549EPSS
CVE
CVE
added 2005/07/19 4:0 a.m.61 views

CVE-2005-2297

CVE-2005-2297 describes a stack-based buffer overflow in the Sybase EAServer WebConsole (Login.jsp) that can allow remote code execution via a long query string. The vulnerability is reported for Sybase EAServer versions 4.2.5 through 5.2 and involves a boundary error in HTTP request handling. Pu...

4.6CVSS7.6AI score0.74202EPSS
CVE
CVE
added 2011/01/20 6:0 p.m.53 views

CVE-2011-0497

CVE-2011-0497 —Directory traversal vulnerability in Sybase EAServer 6.x before 6.3 ESD#2, used in Appeon, Replication Server Messaging Edition (RSME), and WorkSpace. A crafted request can trigger directory traversal via the sequence "../\" to read arbitrary files. The issue is remote and network-...

7.8CVSS6.9AI score0.02218EPSS
CVE
CVE
added 2006/05/22 11:0 p.m.51 views

CVE-2006-2539

CVE-2006-2539 : Sybase EAServer exposes cleartext passwords entered in GUI. Local users can recover passwords via javax.swing.JPasswordField.getSelectedText. Affected products/versions: EAServer 5.0 on HP-UX Itanium; 5.2 on IBM AIX, HP-UX PA-RISC, Linux x86, Sun Solaris SPARC; 5.3 on Sun Solaris ...

3.5CVSS6.1AI score0.00302EPSS
CVE
CVE
added 2012/08/15 9:0 p.m.49 views

CVE-2012-4340

CVE-2012-4340 is an XSS vulnerability in Sybase EAServer before version 6.1. The issue allows remote attackers to execute arbitrary web script or HTML via unspecified vectors. Connected sources confirm the affected product (Sybase EAServer) and the vulnerability class (XSS), with typical impact b...

4.3CVSS5.8AI score0.00931EPSS
CVE
CVE
added 2006/04/19 4:0 p.m.44 views

CVE-2006-1829

CVE-2006-1829 affects Sybase EAServer Manager (versions 5.2 and 5.3). The issue allows remote authenticated users (potentially guests) to obtain password credentials of arbitrary users through unspecified vectors involving (1) connection caches, (2) open password prompts, and (3) stored custom co...

4CVSS6.5AI score0.01224EPSS