FreeBSD Local Security Checks : FreeBSD Ports: frontpage -- cross site scripting vulnerability

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.56769

Categoría: FreeBSD Local Security Checks

Título: FreeBSD Ports: frontpage -- cross site scripting vulnerability

Resumen: NOSUMMARY

Descripción: Description:
The remote host is missing an update to the system
as announced in the referenced advisory.

The following packages are affected:
frontpage
mod_frontpage13
mod_frontpage20
mod_frontpage21
mod_frontpage22

CVE-2006-0015
Cross-site scripting (XSS) vulnerability in
_vti_bin/_vti_adm/fpadmdll.dll in Microsoft FrontPage Server
Extensions 2002 and SharePoint Team Services allows remote attackers
to inject arbitrary web script or HTML, then leverage the attack to
execute arbitrary programs or create new accounts, via the (1)
operation, (2) command, and (3) name parameters.

Solution:
Update your system with the appropriate patches or
software upgrades.

http://www.microsoft.com/technet/security/bulletin/MS06-017.mspx
http://www.rtr.com/fpsupport/fpse_release_may_2_2006.htm
http://marc.theaimsgroup.com/?l=bugtraq&m=114487846329000
http://www.vuxml.org/freebsd/c0171f59-ea8a-11da-be02-000c6ec775d9.html

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Referencia Cruzada: BugTraq ID: 17452
Common Vulnerability Exposure (CVE) ID: CVE-2006-0015
http://www.securityfocus.com/bid/17452
Bugtraq: 20060412 Vulnerability in Microsoft FrontPage Server Extensions Could Allow Cross-Site Scripting (Google Search)
http://www.securityfocus.com/archive/1/430803/100/0/threaded
http://www.argeniss.com/research/ARGENISS-ADV-040602.txt
Microsoft Security Bulletin: MS06-017
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-017
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1748
http://securitytracker.com/id?1015895
http://securitytracker.com/id?1015896
http://secunia.com/advisories/19623
http://securityreason.com/securityalert/704
http://www.vupen.com/english/advisories/2006/1322
XForce ISS Database: fpse-html-xss(25537)
https://exchange.xforce.ibmcloud.com/vulnerabilities/25537

Copyright Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.56769
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Ports: frontpage -- cross site scripting vulnerability
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to the system as announced in the referenced advisory. The following packages are affected: frontpage mod_frontpage13 mod_frontpage20 mod_frontpage21 mod_frontpage22 CVE-2006-0015 Cross-site scripting (XSS) vulnerability in _vti_bin/_vti_adm/fpadmdll.dll in Microsoft FrontPage Server Extensions 2002 and SharePoint Team Services allows remote attackers to inject arbitrary web script or HTML, then leverage the attack to execute arbitrary programs or create new accounts, via the (1) operation, (2) command, and (3) name parameters. Solution: Update your system with the appropriate patches or software upgrades. http://www.microsoft.com/technet/security/bulletin/MS06-017.mspx http://www.rtr.com/fpsupport/fpse_release_may_2_2006.htm http://marc.theaimsgroup.com/?l=bugtraq&m=114487846329000 http://www.vuxml.org/freebsd/c0171f59-ea8a-11da-be02-000c6ec775d9.html CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	BugTraq ID: 17452 Common Vulnerability Exposure (CVE) ID: CVE-2006-0015 http://www.securityfocus.com/bid/17452 Bugtraq: 20060412 Vulnerability in Microsoft FrontPage Server Extensions Could Allow Cross-Site Scripting (Google Search) http://www.securityfocus.com/archive/1/430803/100/0/threaded http://www.argeniss.com/research/ARGENISS-ADV-040602.txt Microsoft Security Bulletin: MS06-017 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-017 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1748 http://securitytracker.com/id?1015895 http://securitytracker.com/id?1015896 http://secunia.com/advisories/19623 http://securityreason.com/securityalert/704 http://www.vupen.com/english/advisories/2006/1322 XForce ISS Database: fpse-html-xss(25537) https://exchange.xforce.ibmcloud.com/vulnerabilities/25537
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com