CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1918
https://notcve.org/view.php?id=CVE-2016-1918
Cross-site scripting (XSS) vulnerability in the Management Console in BlackBerry Enterprise Server (BES) 12 before 12.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-1917. Vulnerabilidad de XSS en la Management Console en BlackBerry Enterprise Server (BES) 12 en versiones anteriores a 12.4.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada, una vulnerabilidad diferente a CVE-2016-1917. • http://www.blackberry.com/btsc/KB38118 http://www.securitytracker.com/id/1035568 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2016-1914 – BlackBerry Enterprise Service < 12.4 (BES12) Self-Service - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2016-1914
Multiple SQL injection vulnerabilities in the com.rim.mdm.ui.server.ImageServlet servlet in BlackBerry Enterprise Server 12 (BES12) Self-Service before 12.4 allow remote attackers to execute arbitrary SQL commands via the imageName parameter to (1) mydevice/client/image, (2) admin/client/image, (3) myapps/client/image, (4) ssam/client/image, or (5) all/client/image. Varias vulnerabilidades de inyección de SQL en el servlet com.rim.mdm.ui.server.ImageServlet en BlackBerry Enterprise Server 12 (BES12) Self-Service en versiones anteriores a 12.4 permiten a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro imageName a (1) mydevice/client/image, (2) admin/client/image, (3) myapps/client/image, (4) ssam/client/image, o (5) all/client/image. BlackBerry Enterprise Service 12 (BES12) Self-Service suffers from cross site scripting and remote SQL injection vulnerabilities. • https://www.exploit-db.com/exploits/39481 http://seclists.org/fulldisclosure/2016/Feb/95 http://security-assessment.com/files/documents/advisory/Blackberry%20BES12%20Self-Service%20Multiple%20Vulnerabilities.pdf http://support.blackberry.com/kb/articleDetail?articleNumber=000038033 http://www.securitytracker.com/id/1035095 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2016-1915 – BlackBerry Enterprise Service < 12.4 (BES12) Self-Service - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2016-1915
Multiple cross-site scripting (XSS) vulnerabilities in BlackBerry Enterprise Server 12 (BES12) Self-Service before 12.4 allow remote attackers to inject arbitrary web script or HTML via the locale parameter to (1) mydevice/index.jsp or (2) mydevice/loggedOut.jsp. Varias vulnerabilidades de XSS en BlackBerry Enterprise Server 12 Self-Service en versiones anteriores a 12.4 permiten a los atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro local en mydevice/ndex.jsp o (2) mydevice /loggedOut.jsp. BlackBerry Enterprise Service 12 (BES12) Self-Service suffers from cross site scripting and remote SQL injection vulnerabilities. • https://www.exploit-db.com/exploits/39481 http://seclists.org/fulldisclosure/2016/Feb/95 http://security-assessment.com/files/documents/advisory/Blackberry%20BES12%20Self-Service%20Multiple%20Vulnerabilities.pdf http://support.blackberry.com/kb/articleDetail?articleNumber=000038033 http://www.securitytracker.com/id/1035095 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2015-4112
https://notcve.org/view.php?id=CVE-2015-4112
The Management Console in BlackBerry Enterprise Server (BES) 12 before 12.2 does not properly restrict use of FRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site, related to a "cross frame scripting" issue. Management Console en BlackBerry Enterprise Server (BES) 12 en versiones anteriores a 12.2 no restringe adecuadamente el uso de elementos FRAME, lo que hace que sea mas fácil para atacantes remotos llevar a cabo ataques de secuestro de clic a través de un sitio web manipulado, relacionado a un problema 'cross frame scripting'. • http://www.blackberry.com/btsc/KB37573 http://www.securitytracker.com/id/1034154 • CWE-254: 7PK - Security Features •
CVSS: 6.8EPSS: 3%CPEs: 1EXPL: 0CVE-2015-4111
https://notcve.org/view.php?id=CVE-2015-4111
mc_demux_mp4_ds.ax in an unspecified third-party codec demux in BlackBerry Link before 1.2.3.53 with installer before 1.1.0.22 allows remote attackers to execute arbitrary code via a crafted MP4 file. Vulnerabilidad en mc_demux_mp4_ds.ax, un códec demux de terceros no especificados en BlackBerry Link anterior a la versión 1.2.3.53 con instalador anterior a 1.1.0.22, permite a los atacantes remotos ejecutar código arbitrario a través de un archivo MP4 manipulado. • http://www.blackberry.com/btsc/KB37207 http://www.securityfocus.com/bid/75950 http://www.securitytracker.com/id/1032969 • CWE-20: Improper Input Validation •