Search Results (96 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-1915 1 Blackberry 1 Blackberry Enterprise Service 2025-04-20 N/A
Multiple cross-site scripting (XSS) vulnerabilities in BlackBerry Enterprise Server 12 (BES12) Self-Service before 12.4 allow remote attackers to inject arbitrary web script or HTML via the locale parameter to (1) mydevice/index.jsp or (2) mydevice/loggedOut.jsp.
CVE-2017-9367 1 Blackberry 2 Workspaces Appliance-x, Workspaces Vapp 2025-04-20 N/A
A directory traversal vulnerability in the BlackBerry Workspaces Server could potentially allow an attacker to execute or upload arbitrary files, or reveal the content of arbitrary files anywhere on the web server by crafting a URL with a manipulated POST request.
CVE-2016-1914 1 Blackberry 1 Blackberry Enterprise Service 2025-04-20 N/A
Multiple SQL injection vulnerabilities in the com.rim.mdm.ui.server.ImageServlet servlet in BlackBerry Enterprise Server 12 (BES12) Self-Service before 12.4 allow remote attackers to execute arbitrary SQL commands via the imageName parameter to (1) mydevice/client/image, (2) admin/client/image, (3) myapps/client/image, (4) ssam/client/image, or (5) all/client/image.
CVE-2016-3130 1 Blackberry 1 Enterprise Service 2025-04-20 N/A
An information disclosure vulnerability in the Core and Management Console in BlackBerry Enterprise Server (BES) 12 through 12.5.2 allows remote attackers to obtain local or domain credentials of an administrator or user account by sniffing traffic between the two elements during a login attempt.
CVE-2016-3128 1 Blackberry 1 Enterprise Service 2025-04-20 N/A
A spoofing vulnerability in the Core of BlackBerry Enterprise Server (BES) 12 through 12.5.2 allows remote attackers to enroll an illegitimate device to the BES, gain access to device parameters for the BES, or send false information to the BES by gaining access to specific information about a device that was legitimately enrolled on the BES.
CVE-2017-3890 1 Blackberry 2 Appliance-x, Workspaces Vapp 2025-04-20 6.1 Medium
A reflected cross-site scripting vulnerability in the BlackBerry WatchDox Server components Appliance-X, version 1.8.1 and earlier, and vAPP, versions 4.6.0 to 5.4.1, allows remote attackers to execute script commands in the context of the affected browser by persuading a user to click an attacker-supplied malicious link.
CVE-2017-9368 1 Blackberry 2 Workspaces Appliance-x, Workspaces Vapp 2025-04-20 N/A
An information disclosure vulnerability in the BlackBerry Workspaces Server could result in an attacker gaining access to source code for server-side applications by crafting a request for specific files.
CVE-2017-3894 1 Blackberry 2 Enterprise Service, Unified Endpoint Manager 2025-04-20 N/A
A stored cross site scripting vulnerability in the Management Console of BlackBerry Unified Endpoint Manager version 12.6.1 and earlier, and all versions of BES12, allows attackers to execute actions in the context of a Management Console administrator by uploading a malicious script and then persuading a target administrator to view the specific location of the malicious script within the Management Console.
CVE-2015-4112 1 Blackberry 1 Enterprise Server 2025-04-12 N/A
The Management Console in BlackBerry Enterprise Server (BES) 12 before 12.2 does not properly restrict use of FRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site, related to a "cross frame scripting" issue.
CVE-2016-3129 1 Blackberry 1 Good Enterprise Mobility Server 2025-04-12 N/A
A remote shell execution vulnerability in the BlackBerry Good Enterprise Mobility Server (GEMS) implementation of the Apache Karaf command shell in GEMS versions 2.1.5.3 to 2.2.22.25 allows remote attackers to obtain local administrator rights on the GEMS server via commands executed on the Karaf command shell.
CVE-2014-2533 1 Blackberry 1 Qnx Neutrino Rtos 2025-04-12 N/A
/sbin/ifwatchd in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows local users to gain privileges by providing an arbitrary program name as a command-line argument.
CVE-2014-6611 1 Blackberry 2 Blackberry Os, Blackberry World 2025-04-12 N/A
The BlackBerry World app before 5.0.0.262 on BlackBerry 10 OS 10.2.0, before 5.0.0.263 on BlackBerry 10 OS 10.2.1, and before 5.1.0.53 on BlackBerry 10 OS 10.3.0 does not properly validate download/update requests, which allows user-assisted man-in-the-middle attackers to spoof servers and trigger the download of a crafted app by modifying the client-server data stream.
CVE-2014-1469 1 Blackberry 3 Blackberry Enterprise Service, Enterprise Server, Enterprise Server Express 2025-04-12 N/A
BlackBerry Enterprise Server 5.x before 5.0.4 MR7 and Enterprise Service 10.x before 10.2.2 log cleartext credentials during exception handling, which allows local users to obtain sensitive information by reading the exception log file.
CVE-2016-1917 1 Blackberry 1 Enterprise Server 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Management Console in BlackBerry Enterprise Server (BES) 12 before 12.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-1918.
CVE-2014-2389 1 Blackberry 2 Blackberry Os, Blackberry Z10 2025-04-12 N/A
Stack-based buffer overflow in a certain decryption function in qconnDoor on BlackBerry Z10 devices with software 10.1.0.2312, when developer-mode has been previously enabled, allows remote attackers to execute arbitrary code via a crafted packet in a TCP session on a wireless network.
CVE-2016-3126 1 Blackberry 1 Enterprise Server 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Management Console in BlackBerry Enterprise Server (BES) 12 before 12.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
CVE-2016-1916 1 Blackberry 1 Enterprise Server 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Management Console in BlackBerry Enterprise Server (BES) 12 before 12.4.1 allows remote authenticated users to inject arbitrary web script or HTML by leveraging basic administrative access to create a crafted policy, leading to improper rendering on a certain Export IT screen.
CVE-2016-1918 1 Blackberry 1 Enterprise Server 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Management Console in BlackBerry Enterprise Server (BES) 12 before 12.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-1917.
CVE-2014-2534 1 Blackberry 1 Qnx Neutrino Rtos 2025-04-12 N/A
/sbin/pppoectl in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows local users to obtain sensitive information by reading "bad parameter" lines in error messages, as demonstrated by reading the root password hash in /etc/shadow.
CVE-2014-2388 1 Blackberry 5 Blackberry Os, Q10, Q5 and 2 more 2025-04-12 N/A
The Storage and Access service in BlackBerry OS 10.x before 10.2.1.1925 on Q5, Q10, Z10, and Z30 devices does not enforce the password requirement for SMB filesystem access, which allows context-dependent attackers to read arbitrary files via (1) a session over a Wi-Fi network or (2) a session over a USB connection in Development Mode.