8 matches found
CVE-2011-2474
CVE-2011-2474 affects Sybase EAServer 6.3.1 Developer Edition (HTTP Server). The vulnerability is a directory traversal issue that allows remote attackers to read arbitrary files by sending a path containing a /.../ sequence. The published CVSS base score in NVD is 5.0 (Medium) with network acces...
CVE-2002-1861
CVE-2002-1861 concerns Sybase Enterprise Application Server 4.0 running on Windows, where a remote attacker could retrieve files from the WEB-INF directory by requesting the directory with a trailing dot (WEB-INF.). This is an information disclosure vulnerability tied to how the server handles WE...
CVE-2011-0496
CVE-2011-0496 affects Sybase EAServer 5.x and 6.x up to 6.3 ESD#2 (as used in Appeon, Replication Server Messaging Edition, and WorkSpace). It allows remote attackers to install arbitrary web services and execute arbitrary code, related to a "design vulnerability." The NVD lists a CVSSv2 base sco...
CVE-2005-2297
CVE-2005-2297 describes a stack-based buffer overflow in the Sybase EAServer WebConsole (Login.jsp) that can allow remote code execution via a long query string. The vulnerability is reported for Sybase EAServer versions 4.2.5 through 5.2 and involves a boundary error in HTTP request handling. Pu...
CVE-2011-0497
CVE-2011-0497 —Directory traversal vulnerability in Sybase EAServer 6.x before 6.3 ESD#2, used in Appeon, Replication Server Messaging Edition (RSME), and WorkSpace. A crafted request can trigger directory traversal via the sequence "../\" to read arbitrary files. The issue is remote and network-...
CVE-2006-2539
CVE-2006-2539 : Sybase EAServer exposes cleartext passwords entered in GUI. Local users can recover passwords via javax.swing.JPasswordField.getSelectedText. Affected products/versions: EAServer 5.0 on HP-UX Itanium; 5.2 on IBM AIX, HP-UX PA-RISC, Linux x86, Sun Solaris SPARC; 5.3 on Sun Solaris ...
CVE-2012-4340
CVE-2012-4340 is an XSS vulnerability in Sybase EAServer before version 6.1. The issue allows remote attackers to execute arbitrary web script or HTML via unspecified vectors. Connected sources confirm the affected product (Sybase EAServer) and the vulnerability class (XSS), with typical impact b...
CVE-2006-1829
CVE-2006-1829 affects Sybase EAServer Manager (versions 5.2 and 5.3). The issue allows remote authenticated users (potentially guests) to obtain password credentials of arbitrary users through unspecified vectors involving (1) connection caches, (2) open password prompts, and (3) stored custom co...