Stack-based buffer overflow in TreeAction.do in Sybase EAServer 4.2.5 through 5.2 allows remote authenticated users to execute arbitrary code via a large javascript parameter.
http://www.sybase.com/detail?id=1036742
http://www.spidynamics.com/spilabs/advisories/sybaseEAserverOverflow.htm
http://securitytracker.com/id?1014497