FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2006-0015

This CVE name corresponds to:

Entered Topic
2006-05-23 frontpage -- cross site scripting vulnerability

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2006-0015 at cve.mitre.org

Details

Type Candidate
Name CVE-2006-0015
Phase Assigned(20051109)

Description

Cross-site scripting (XSS) vulnerability in _vti_bin/_vti_adm/fpadmdll.dll in Microsoft FrontPage Server Extensions 2002 and SharePoint Team Services allows remote attackers to inject arbitrary web script or HTML, then leverage the attack to execute arbitrary programs or create new accounts, via the (1) operation, (2) command, and (3) name parameters.

References

Source Reference
BUGTRAQ 20060412 Vulnerability in Microsoft FrontPage Server Extensions Could Allow Cross-Site Scripting
MISC http://www.argeniss.com/research/ARGENISS-ADV-040602.txt
MS MS06-017
BID 17452
VUPEN ADV-2006-1322
OVAL oval:org.mitre.oval:def:1748
SECTRACK 1015895
SECTRACK 1015896
SECUNIA 19623
SREASON 704
XF fpse-html-xss(25537)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.