Vulnerabilities > Sybase
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2011-06-09 | CVE-2011-2475 | USE of Externally-Controlled Format String vulnerability in Sybase Onebridge Mobile Data Suite 5.5/5.6 Format string vulnerability in ECTrace.dll in the iMailGateway service in the Internet Mail Gateway in OneBridge Server and DMZ Proxy in Sybase OneBridge Mobile Data Suite 5.5 and 5.6 allows remote attackers to execute arbitrary code via format string specifiers in unspecified string fields, related to authentication logging. | 10.0 |
2011-06-09 | CVE-2011-2474 | Path Traversal vulnerability in Sybase Easerver 6.3.1 Directory traversal vulnerability in the HTTP Server in Sybase EAServer 6.3.1 Developer Edition allows remote attackers to read arbitrary files via a /.\../\../\ sequence in a path. | 5.0 |
2011-01-20 | CVE-2011-0497 | Path Traversal vulnerability in Sybase products Directory traversal vulnerability in Sybase EAServer 6.x before 6.3 ESD#2, as used in Appeon, Replication Server Messaging Edition (RSME), and WorkSpace, allows remote attackers to read arbitrary files via "../\" (dot dot forward-slash backslash) sequences in a crafted request. | 7.8 |
2011-01-20 | CVE-2011-0496 | Multiple vulnerability in Sybase EAServer Unspecified vulnerability in Sybase EAServer 5.x and 6.x before 6.3 ESD#2, as used in Appeon, Replication Server Messaging Edition (RSME), and WorkSpace, allows remote attackers to install arbitrary web services and execute arbitrary code, related to a "design vulnerability." Per: http://www.sybase.com/detail?id=1091057 ' Remote exploitation of a design vulnerability in Sybase EAServer could allow an attacker to install arbitrary web services, this condition can result in arbitrary code execution allowing attacker to gain control over the affected machine. This also affects those products that include EAServer: Appeon, Replication Server Messaging Edition, and WorkSpace.' | 10.0 |
2008-02-22 | CVE-2008-0912 | Buffer Errors vulnerability in Sybase Mobilink and SQL Anywhere Multiple heap-based buffer overflows in mlsrv10.exe in Sybase MobiLink 10.0.1.3629 and earlier, as used by SQL Anywhere Developer Edition 10.0.1.3415 and probably other products, allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a long (1) username, (2) version, or (3) remote ID. | 10.0 |
2006-07-18 | CVE-2006-3667 | Security vulnerability in Sybase Financial Fusion Server Unspecified vulnerability in Sybase/Financial Fusion Consumer Banking Suite versions before 20060706 has unknown impact and remote attack vectors. | 10.0 |
2006-05-22 | CVE-2006-2539 | Unspecified vulnerability in Sybase Easerver 5.0/5.2/5.3 Sybase EAServer 5.0 for HP-UX Itanium, 5.2 for IBM AIX, HP-UX PA-RISC, Linux x86, and Sun Solaris SPARC, and 5.3 for Sun Solaris SPARC does not properly protect passwords when they are being entered via the GUI, which allows local users to obtain the cleartext passwords via the getSelectedText function in javax.swing.JPasswordField component. | 3.5 |
2006-04-25 | CVE-2006-1997 | Unspecified vulnerability in Sybase Pylon Anywhere Unspecified vulnerability in Sybase Pylon Anywhere groupware synchronization server before 7.0 allows local users to obtain sensitive information such as email and PIM data of another user via unknown attack vectors. | 2.1 |
2006-04-19 | CVE-2006-1829 | Unspecified vulnerability in Sybase Easerver 5.2/5.3 EAServer Manager in Sybase EAServer 5.2 and 5.3 allows remote authenticated users, possibly guests, to obtain password credentials of arbitrary users via unspecified vectors involving (1) connection caches, (2) open password prompts, and (3) stored custom connection profiles. | 4.0 |
2005-07-19 | CVE-2005-2297 | Local Security vulnerability in EAServer Stack-based buffer overflow in TreeAction.do in Sybase EAServer 4.2.5 through 5.2 allows remote authenticated users to execute arbitrary code via a large javascript parameter. | 4.6 |