Page 2 of 17 results (0.010 seconds)

CVSS: 9.3EPSS: 4%CPEs: 7EXPL: 0

Multiple unspecified vulnerabilities in the PDF distiller in the Attachment Service component in Research In Motion (RIM) BlackBerry Enterprise Server (BES) software 4.1.3 through 5.0 and BlackBerry Professional Software 4.1.4 allow user-assisted remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .pdf file attachment, a different vulnerability than CVE-2008-3246 and CVE-2009-0219. Múltiples vulnerabilidades sin especificar en el componente PDF distiller en el Attachment Service en Research In Motion (RIM) BlackBerry Enterprise Server (BES) v4.1.3 a la v5.0 y BlackBerry Professional Software v4.1.4, permite a atacantes remotos asistidos por el usuario provocar una denegación de servicio (corrupción de memoria) o posiblemente la ejecución de código de su elección a través de un adjunto con un archivo .pdf. Vulnerabilidad distinta de CVE-2008-3246 y CVE-2009-0219. • http://secunia.com/advisories/35254 http://www.blackberry.com/btsc/KB18327 http://www.osvdb.org/54767 http://www.securityfocus.com/bid/35102 http://www.securitytracker.com/id?1022295 http://www.vupen.com/english/advisories/2009/1429 https://exchange.xforce.ibmcloud.com/vulnerabilities/50755 •

CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 2

Cross-site scripting (XSS) vulnerability in the "Customize Statistics Page" (admin/statistics/ConfigureStatistics) in the MDS Connection Service in Research in Motion (RIM) BlackBerry Enterprise Server (BES) before 4.1.6 MR5 allows remote attackers to inject arbitrary web script or HTML via the (1) customDate, (2) interval, (3) lastCustomInterval, (4) lastIntervalLength, (5) nextCustomInterval, (6) nextIntervalLength, (7) action, (8) delIntervalIndex, (9) addStatIndex, (10) delStatIndex, and (11) referenceTime parameters. Una Vulnerabilidad de tipo Cross-Site Scripting (XSS) en la "Customize Statistics Page" (admin/statistics/ConfigureStatistics) en el servicio de conexión MDS en Research in Motion (RIM) BlackBerry Enterprise Server (BES) anterior a versión 4.1.6 MR5 permite a atacantes remotos inyectar script web o HTML arbitrario por medio de los parámetros (1) customDate, (2) interval, (3) lastCustomInterval, (4) lastIntervalLength, (5) nextCustomInterval, (6) nextIntervalLength, (7) action, (8) delIntervalIndex, (9) addStatIndex, (10) delStatIndex, y (11) referenceTime. • https://www.exploit-db.com/exploits/32927 http://archives.neohapsis.com/archives/fulldisclosure/2009-04/0170.html http://osvdb.org/53772 http://secunia.com/advisories/34740 http://www.blackberry.com/btsc/dynamickc.do?externalId=KB17969&sliceID=1&command=show&forward=nonthreadedKC&kcId=KB17969 http://www.securityfocus.com/bid/34573 http://www.securitytracker.com/id?1022081 http://www.vupen.com/english/advisories/2009/1090 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.3EPSS: 6%CPEs: 9EXPL: 0

The PDF distiller in the Attachment Service in Research in Motion (RIM) BlackBerry Enterprise Server (BES) 4.1.3 through 4.1.6, BlackBerry Professional Software 4.1.4, and BlackBerry Unite! before 1.0.3 bundle 28 performs delete operations on uninitialized pointers, which allows user-assisted remote attackers to execute arbitrary code via a crafted data stream in a .pdf file. El PDF distiller en el servicio Attachment en Research in Motion (RIM) BlackBerry Enterprise Server (BES) v4.1.3 hasta v4.1.6, BlackBerry Professional Software v4.1.4, y BlackBerry Unite! anteriores a v1.0.3 bundle 28 realiza operaciones de borrado en punteros sin inicializar, lo que permite a atacantes remotos ayudados por el usuario ejecutar código de su elección a través de una secuencia de datos manipulada en un fichero .pdf. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=766 http://secunia.com/advisories/33534 http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB17118 http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB17119 http://www.securityfocus.com/bid/33250 http://www.securitytracker.com/id?1021559 • CWE-399: Resource Management Errors •

CVSS: 9.3EPSS: 8%CPEs: 9EXPL: 0

Multiple heap-based buffer overflows in the PDF distiller in the Attachment Service in Research in Motion (RIM) BlackBerry Enterprise Server (BES) 4.1.3 through 4.1.6, BlackBerry Professional Software 4.1.4, and BlackBerry Unite! before 1.0.3 bundle 28 allow user-assisted remote attackers to execute arbitrary code via (1) a crafted stream in a .pdf file, related to "symWidths"; or (2) a crafted data stream in a .pdf file, related to "bitmaps." Múltiples desbordamientos de búfer basados en montículo en PDF distiller en el Servicio de Adjuntar en Research in Motion (RIM) Blackberry Enterprise Server (BES) v4.1.3 hasta 4.1.6, Blackberry Professional Software v4.1.4, y blackberry Unite! anteriores a v1.0.3 bundle 28, permite a atacantes remotos asistidos por usuarios, ejecutar código de su elección a a través (1)cadena manípulada en un fichero .PDF, relativo a "symWidths"; o (2) a cadenas de datos manipulada en un fichero .PDF, relativo a "bitmaps". • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=764 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=765 http://secunia.com/advisories/33534 http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB17118 http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB17119 http://www.securityfocus.com/bid/33224 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 28%CPEs: 14EXPL: 0

Unspecified vulnerability in the PDF distiller component in the BlackBerry Attachment Service in BlackBerry Unite! 1.0 SP1 (1.0.1) before bundle 36 and BlackBerry Enterprise Server 4.1 SP3 (4.1.3) through 4.1 SP5 (4.1.5) allows user-assisted remote attackers to execute arbitrary code via a crafted PDF file attachment. Vulnerabilidad sin especificar en el componente PDF distiller en el BlackBerry Attachment Service en BlackBerry Unite! 1.0 SP1 (1.0.1) anterior a bundle 36 y BlackBerry Enterprise Server 4.1 SP3 (4.1.3) a la v4.1 SP5 (4.1.5), permite atacantes remotos asistidos por el usuario ejecutar códigod e su elección a través de un fichero PDF adjunto manipulado. • http://secunia.com/advisories/31092 http://secunia.com/advisories/31141 http://www.blackberry.com/btsc/articles/635/KB15770_f.SAL_Public.html http://www.blackberry.com/btsc/articles/660/KB15766_f.SAL_Public.html http://www.kb.cert.org/vuls/id/289235 http://www.securitytracker.com/id?1020505 http://www.vupen.com/english/advisories/2008/2108/references https://exchange.xforce.ibmcloud.com/vulnerabilities/43840 https://exchange.xforce.ibmcloud.com/vulnerabilities/43843 • CWE-94: Improper Control of Generation of Code ('Code Injection') •