Vulnerabilities (CVE)

Filtered by vendor Sybase Subscribe
Filtered by product Easerver
Total 8 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2012-4340 1 Sybase 1 Easerver 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Sybase EAServer before 6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2011-2474 1 Sybase 1 Easerver 2024-11-21 5.0 MEDIUM N/A
Directory traversal vulnerability in the HTTP Server in Sybase EAServer 6.3.1 Developer Edition allows remote attackers to read arbitrary files via a /.\../\../\ sequence in a path.
CVE-2011-0497 1 Sybase 4 Appeon For Powerbuilder, Easerver, Replication Server and 1 more 2024-11-21 7.8 HIGH N/A
Directory traversal vulnerability in Sybase EAServer 6.x before 6.3 ESD#2, as used in Appeon, Replication Server Messaging Edition (RSME), and WorkSpace, allows remote attackers to read arbitrary files via "../\" (dot dot forward-slash backslash) sequences in a crafted request.
CVE-2011-0496 1 Sybase 4 Appeon For Powerbuilder, Easerver, Replication Server and 1 more 2024-11-21 10.0 HIGH N/A
Unspecified vulnerability in Sybase EAServer 5.x and 6.x before 6.3 ESD#2, as used in Appeon, Replication Server Messaging Edition (RSME), and WorkSpace, allows remote attackers to install arbitrary web services and execute arbitrary code, related to a "design vulnerability."
CVE-2006-2539 1 Sybase 1 Easerver 2024-11-21 3.5 LOW N/A
Sybase EAServer 5.0 for HP-UX Itanium, 5.2 for IBM AIX, HP-UX PA-RISC, Linux x86, and Sun Solaris SPARC, and 5.3 for Sun Solaris SPARC does not properly protect passwords when they are being entered via the GUI, which allows local users to obtain the cleartext passwords via the getSelectedText function in javax.swing.JPasswordField component.
CVE-2006-1829 1 Sybase 1 Easerver 2024-11-21 4.0 MEDIUM N/A
EAServer Manager in Sybase EAServer 5.2 and 5.3 allows remote authenticated users, possibly guests, to obtain password credentials of arbitrary users via unspecified vectors involving (1) connection caches, (2) open password prompts, and (3) stored custom connection profiles.
CVE-2005-2297 1 Sybase 1 Easerver 2024-11-20 4.6 MEDIUM N/A
Stack-based buffer overflow in TreeAction.do in Sybase EAServer 4.2.5 through 5.2 allows remote authenticated users to execute arbitrary code via a large javascript parameter.
CVE-2002-1861 1 Sybase 1 Easerver 2024-11-20 5.0 MEDIUM N/A
Sybase Enterprise Application Server 4.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF.").