FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2025-03-11 08:52:20 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
c0171f59-ea8a-11da-be02-000c6ec775d9	frontpage -- cross site scripting vulnerability Esteban Martinez Fayo reports: The FrontPage Server Extensions 2002 (included in Windows Sever 2003 IIS 6.0 and available as a separate download for Windows 2000 and XP) has a web page /_vti_bin/_vti_adm/fpadmdll.dll that is used for administrative purposes. This web page is vulnerable to cross site scripting attacks allowing an attacker to run client-side script on behalf of an FPSE user. If the victim is an administrator, the attacker could take complete control of a Front Page Server Extensions 2002 server. To exploit the vulnerability an attacker can send a specially crafted e-mail message to a FPSE user and then persuade the user to click a link in the e-mail message. In addition, this vulnerability can be exploited if an attacker hosts a malicious website and persuade the user to visit it. Discovery 2006-04-12 Entry 2006-05-23 frontpage mod_frontpage13 mod_frontpage20 mod_frontpage21 mod_frontpage22 < 5.0.2.4803 CVE-2006-0015 http://marc.theaimsgroup.com/?l=bugtraq&m=114487846329000 http://www.microsoft.com/technet/security/bulletin/MS06-017.mspx http://www.rtr.com/fpsupport/fpse_release_may_2_2006.htm

VuXML ID

Description

c0171f59-ea8a-11da-be02-000c6ec775d9

frontpage -- cross site scripting vulnerability

Esteban Martinez Fayo reports:

The FrontPage Server Extensions 2002 (included in Windows Sever 2003 IIS 6.0 and available as a separate download for Windows 2000 and XP) has a web page /_vti_bin/_vti_adm/fpadmdll.dll that is used for administrative purposes. This web page is vulnerable to cross site scripting attacks allowing an attacker to run client-side script on behalf of an FPSE user. If the victim is an administrator, the attacker could take complete control of a Front Page Server Extensions 2002 server.

To exploit the vulnerability an attacker can send a specially crafted e-mail message to a FPSE user and then persuade the user to click a link in the e-mail message.

In addition, this vulnerability can be exploited if an attacker hosts a malicious website and persuade the user to visit it.

Discovery 2006-04-12
Entry 2006-05-23
frontpage
mod_frontpage13
mod_frontpage20
mod_frontpage21
mod_frontpage22

< 5.0.2.4803

CVE-2006-0015
http://marc.theaimsgroup.com/?l=bugtraq&m=114487846329000
http://www.microsoft.com/technet/security/bulletin/MS06-017.mspx
http://www.rtr.com/fpsupport/fpse_release_may_2_2006.htm