cvelistv5 - cve-2006-0015

cve-2006-0015

Vulnerability from cvelistv5

Published

2006-04-11 23:00

Modified

2024-08-07 16:18

Severity ?

Summary

References

URL	Tags
secure@microsoft.com	http://secunia.com/advisories/19623	Patch, Vendor Advisory
secure@microsoft.com	http://securityreason.com/securityalert/704
secure@microsoft.com	http://securitytracker.com/id?1015895	Patch
secure@microsoft.com	http://securitytracker.com/id?1015896	Patch
secure@microsoft.com	http://www.argeniss.com/research/ARGENISS-ADV-040602.txt	Exploit, Patch, Vendor Advisory
secure@microsoft.com	http://www.securityfocus.com/archive/1/430803/100/0/threaded
secure@microsoft.com	http://www.securityfocus.com/bid/17452	Exploit, Patch
secure@microsoft.com	http://www.vupen.com/english/advisories/2006/1322
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-017
secure@microsoft.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/25537
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1748
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/19623	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/704
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1015895	Patch
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1015896	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.argeniss.com/research/ARGENISS-ADV-040602.txt	Exploit, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/430803/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/17452	Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/1322
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-017
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/25537
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1748

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T16:18:20.725Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "fpse-html-xss(25537)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25537"
          },
          {
            "name": "17452",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/17452"
          },
          {
            "name": "20060412 Vulnerability in Microsoft FrontPage Server Extensions Could Allow Cross-Site Scripting",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/430803/100/0/threaded"
          },
          {
            "name": "oval:org.mitre.oval:def:1748",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1748"
          },
          {
            "name": "19623",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/19623"
          },
          {
            "name": "704",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/704"
          },
          {
            "name": "1015896",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1015896"
          },
          {
            "name": "ADV-2006-1322",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/1322"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.argeniss.com/research/ARGENISS-ADV-040602.txt"
          },
          {
            "name": "1015895",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1015895"
          },
          {
            "name": "MS06-017",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-017"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-04-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in _vti_bin/_vti_adm/fpadmdll.dll in Microsoft FrontPage Server Extensions 2002 and SharePoint Team Services allows remote attackers to inject arbitrary web script or HTML, then leverage the attack to execute arbitrary programs or create new accounts, via the (1) operation, (2) command, and (3) name parameters."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-19T14:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "fpse-html-xss(25537)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25537"
        },
        {
          "name": "17452",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/17452"
        },
        {
          "name": "20060412 Vulnerability in Microsoft FrontPage Server Extensions Could Allow Cross-Site Scripting",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/430803/100/0/threaded"
        },
        {
          "name": "oval:org.mitre.oval:def:1748",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1748"
        },
        {
          "name": "19623",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/19623"
        },
        {
          "name": "704",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/704"
        },
        {
          "name": "1015896",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1015896"
        },
        {
          "name": "ADV-2006-1322",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/1322"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.argeniss.com/research/ARGENISS-ADV-040602.txt"
        },
        {
          "name": "1015895",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1015895"
        },
        {
          "name": "MS06-017",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-017"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2006-0015",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in _vti_bin/_vti_adm/fpadmdll.dll in Microsoft FrontPage Server Extensions 2002 and SharePoint Team Services allows remote attackers to inject arbitrary web script or HTML, then leverage the attack to execute arbitrary programs or create new accounts, via the (1) operation, (2) command, and (3) name parameters."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "fpse-html-xss(25537)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25537"
            },
            {
              "name": "17452",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/17452"
            },
            {
              "name": "20060412 Vulnerability in Microsoft FrontPage Server Extensions Could Allow Cross-Site Scripting",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/430803/100/0/threaded"
            },
            {
              "name": "oval:org.mitre.oval:def:1748",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1748"
            },
            {
              "name": "19623",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/19623"
            },
            {
              "name": "704",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/704"
            },
            {
              "name": "1015896",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1015896"
            },
            {
              "name": "ADV-2006-1322",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/1322"
            },
            {
              "name": "http://www.argeniss.com/research/ARGENISS-ADV-040602.txt",
              "refsource": "MISC",
              "url": "http://www.argeniss.com/research/ARGENISS-ADV-040602.txt"
            },
            {
              "name": "1015895",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1015895"
            },
            {
              "name": "MS06-017",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-017"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2006-0015",
    "datePublished": "2006-04-11T23:00:00",
    "dateReserved": "2005-11-09T00:00:00",
    "dateUpdated": "2024-08-07T16:18:20.725Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2006-0015\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2006-04-11T23:02:00.000\",\"lastModified\":\"2024-11-21T00:05:28.270\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cross-site scripting (XSS) vulnerability in _vti_bin/_vti_adm/fpadmdll.dll in Microsoft FrontPage Server Extensions 2002 and SharePoint Team Services allows remote attackers to inject arbitrary web script or HTML, then leverage the attack to execute arbitrary programs or create new accounts, via the (1) operation, (2) command, and (3) name parameters.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":true,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:frontpage_server_extensions:2002:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E7E274F0-F1B8-4C3D-961B-80B92830ABF9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sharepoint_team_services:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"83ADDF33-AC0A-43F1-8250-EC84221F02D6\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/19623\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://securityreason.com/securityalert/704\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://securitytracker.com/id?1015895\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\"]},{\"url\":\"http://securitytracker.com/id?1015896\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.argeniss.com/research/ARGENISS-ADV-040602.txt\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Exploit\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/430803/100/0/threaded\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securityfocus.com/bid/17452\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Exploit\",\"Patch\"]},{\"url\":\"http://www.vupen.com/english/advisories/2006/1322\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-017\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/25537\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1748\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://secunia.com/advisories/19623\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://securityreason.com/securityalert/704\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1015895\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://securitytracker.com/id?1015896\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.argeniss.com/research/ARGENISS-ADV-040602.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/430803/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/17452\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\"]},{\"url\":\"http://www.vupen.com/english/advisories/2006/1322\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-017\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/25537\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1748\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

ghsa-78hp-864j-39pv

Vulnerability from github

Published

2022-05-01 06:37

Modified

2022-05-01 06:37

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2006-0015"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2006-04-11T23:02:00Z",
    "severity": "MODERATE"
  },
  "details": "Cross-site scripting (XSS) vulnerability in _vti_bin/_vti_adm/fpadmdll.dll in Microsoft FrontPage Server Extensions 2002 and SharePoint Team Services allows remote attackers to inject arbitrary web script or HTML, then leverage the attack to execute arbitrary programs or create new accounts, via the (1) operation, (2) command, and (3) name parameters.",
  "id": "GHSA-78hp-864j-39pv",
  "modified": "2022-05-01T06:37:05Z",
  "published": "2022-05-01T06:37:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-0015"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-017"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25537"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1748"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/19623"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/704"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1015895"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1015896"
    },
    {
      "type": "WEB",
      "url": "http://www.argeniss.com/research/ARGENISS-ADV-040602.txt"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/430803/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/17452"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/1322"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

gsd-2006-0015

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Aliases

CVE-2006-0015

Aliases

CVE-2006-0015

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2006-0015",
    "description": "Cross-site scripting (XSS) vulnerability in _vti_bin/_vti_adm/fpadmdll.dll in Microsoft FrontPage Server Extensions 2002 and SharePoint Team Services allows remote attackers to inject arbitrary web script or HTML, then leverage the attack to execute arbitrary programs or create new accounts, via the (1) operation, (2) command, and (3) name parameters.",
    "id": "GSD-2006-0015"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2006-0015"
      ],
      "details": "Cross-site scripting (XSS) vulnerability in _vti_bin/_vti_adm/fpadmdll.dll in Microsoft FrontPage Server Extensions 2002 and SharePoint Team Services allows remote attackers to inject arbitrary web script or HTML, then leverage the attack to execute arbitrary programs or create new accounts, via the (1) operation, (2) command, and (3) name parameters.",
      "id": "GSD-2006-0015",
      "modified": "2023-12-13T01:19:50.289884Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2006-0015",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cross-site scripting (XSS) vulnerability in _vti_bin/_vti_adm/fpadmdll.dll in Microsoft FrontPage Server Extensions 2002 and SharePoint Team Services allows remote attackers to inject arbitrary web script or HTML, then leverage the attack to execute arbitrary programs or create new accounts, via the (1) operation, (2) command, and (3) name parameters."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "fpse-html-xss(25537)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25537"
          },
          {
            "name": "17452",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/17452"
          },
          {
            "name": "20060412 Vulnerability in Microsoft FrontPage Server Extensions Could Allow Cross-Site Scripting",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/430803/100/0/threaded"
          },
          {
            "name": "oval:org.mitre.oval:def:1748",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1748"
          },
          {
            "name": "19623",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/19623"
          },
          {
            "name": "704",
            "refsource": "SREASON",
            "url": "http://securityreason.com/securityalert/704"
          },
          {
            "name": "1015896",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1015896"
          },
          {
            "name": "ADV-2006-1322",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2006/1322"
          },
          {
            "name": "http://www.argeniss.com/research/ARGENISS-ADV-040602.txt",
            "refsource": "MISC",
            "url": "http://www.argeniss.com/research/ARGENISS-ADV-040602.txt"
          },
          {
            "name": "1015895",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1015895"
          },
          {
            "name": "MS06-017",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-017"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:sharepoint_team_services:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:frontpage_server_extensions:2002:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2006-0015"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in _vti_bin/_vti_adm/fpadmdll.dll in Microsoft FrontPage Server Extensions 2002 and SharePoint Team Services allows remote attackers to inject arbitrary web script or HTML, then leverage the attack to execute arbitrary programs or create new accounts, via the (1) operation, (2) command, and (3) name parameters."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "19623",
              "refsource": "SECUNIA",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/19623"
            },
            {
              "name": "http://www.argeniss.com/research/ARGENISS-ADV-040602.txt",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.argeniss.com/research/ARGENISS-ADV-040602.txt"
            },
            {
              "name": "17452",
              "refsource": "BID",
              "tags": [
                "Exploit",
                "Patch"
              ],
              "url": "http://www.securityfocus.com/bid/17452"
            },
            {
              "name": "1015895",
              "refsource": "SECTRACK",
              "tags": [
                "Patch"
              ],
              "url": "http://securitytracker.com/id?1015895"
            },
            {
              "name": "1015896",
              "refsource": "SECTRACK",
              "tags": [
                "Patch"
              ],
              "url": "http://securitytracker.com/id?1015896"
            },
            {
              "name": "704",
              "refsource": "SREASON",
              "tags": [],
              "url": "http://securityreason.com/securityalert/704"
            },
            {
              "name": "ADV-2006-1322",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2006/1322"
            },
            {
              "name": "fpse-html-xss(25537)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25537"
            },
            {
              "name": "oval:org.mitre.oval:def:1748",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1748"
            },
            {
              "name": "MS06-017",
              "refsource": "MS",
              "tags": [],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-017"
            },
            {
              "name": "20060412 Vulnerability in Microsoft FrontPage Server Extensions Could Allow Cross-Site Scripting",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/430803/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": true,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-19T15:42Z",
      "publishedDate": "2006-04-11T23:02Z"
    }
  }
}

Cross-site scripting (XSS) vulnerability in _vti_bin/_vti_adm/fpadmdll.dll in Microsoft FrontPage Server Extensions 2002 and SharePoint Team Services allows remote attackers to inject arbitrary web script or HTML, then leverage the attack to execute arbitrary programs or create new accounts, via the (1) operation, (2) command, and (3) name parameters. Microsoft FrontPage Server Extensions are prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before it is rendered to other users. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user, with the privileges of the victim userâ??s account. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

SOLUTION: Apply patches.

FrontPage Server Extensions 2002 (Windows Server 2003 and Windows Server 2003 SP1): http://www.microsoft.com/downloads/details.aspx?FamilyId=5C03F85A-5228-47FB-A338-90FA23818E08

FrontPage Server Extensions 2002 (Windows Server 2003 for Itanium-based systems and Windows Server 2003 with SP1 for Itanium-based systems): http://www.microsoft.com/downloads/details.aspx?FamilyId=59F15A6B-CC1B-43D5-A007-BFC9ABB63486

FrontPage Server Extensions 2002 (x64 Edition) downloaded and installed on Windows Server 2003 x64 Edition and Windows XP Pro x64 Edition: http://www.microsoft.com/downloads/details.aspx?FamilyId=F453530D-7063-49AB-B304-9C455DE6D8DA

FrontPage Server Extensions 2002 (x86 Editions) downloaded and installed on Windows Server 2000 SP4, Windows XP SP1, and Windows XP SP2: http://www.microsoft.com/downloads/details.aspx?FamilyId=F453530D-7063-49AB-B304-9C455DE6D8DA

Microsoft SharePoint Team Services: http://www.microsoft.com/downloads/details.aspx?FamilyId=EEE40662-39E6-4C07-8241-1AC4F5D24FFC

PROVIDED AND/OR DISCOVERED BY: The vendor credits Esteban Mart\xednez Fay\xf3.

ORIGINAL ADVISORY: MS06-017 (KB917627): http://www.microsoft.com/technet/security/Bulletin/MS06-017.mspx

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200604-0199",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "frontpage server extensions",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "microsoft",
        "version": "2002"
      },
      {
        "model": "sharepoint team services",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "*"
      },
      {
        "model": "iis",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "5.0"
      },
      {
        "model": "iis",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "5.1"
      },
      {
        "model": "iis",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "6.0"
      },
      {
        "model": "sharepoint team services",
        "scope": null,
        "trust": 0.6,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": "windows xp professional edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "x64"
      },
      {
        "model": "windows xp professional sp2",
        "scope": null,
        "trust": 0.3,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": "windows xp professional",
        "scope": null,
        "trust": 0.3,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": "windows xp home sp2",
        "scope": null,
        "trust": 0.3,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": "windows server standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2003x64"
      },
      {
        "model": "windows server standard edition sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2003"
      },
      {
        "model": "windows server enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2003x64"
      },
      {
        "model": "windows server enterprise edition itanium sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2003"
      },
      {
        "model": "windows server enterprise edition itanium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "20030"
      },
      {
        "model": "windows server enterprise edition sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2003"
      },
      {
        "model": "windows server datacenter edition itanium sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2003"
      },
      {
        "model": "windows server datacenter edition itanium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "20030"
      },
      {
        "model": "sharepoint team services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2002"
      },
      {
        "model": "windows sharepoint services",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": "windows me",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": "windows 98se",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": "windows",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "98"
      },
      {
        "model": "frontpage server extensions",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2000"
      },
      {
        "model": "frontpage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2002"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "17452"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000169"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200604-154"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-0015"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:microsoft:iis",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000169"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Esteban Mart\u00ednez Fay\u00f3 secemf@gmail.com",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200604-154"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2006-0015",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CVE-2006-0015",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2006-0015",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2006-0015",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200604-154",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000169"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200604-154"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-0015"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cross-site scripting (XSS) vulnerability in _vti_bin/_vti_adm/fpadmdll.dll in Microsoft FrontPage Server Extensions 2002 and SharePoint Team Services allows remote attackers to inject arbitrary web script or HTML, then leverage the attack to execute arbitrary programs or create new accounts, via the (1) operation, (2) command, and (3) name parameters. Microsoft FrontPage Server Extensions are prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before it is rendered to other users. \nAn attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user, with the privileges of the victim user\u00e2??s account. This may help the attacker steal cookie-based authentication credentials and launch other attacks. \n\nSOLUTION:\nApply patches. \n\nFrontPage Server Extensions 2002 (Windows Server 2003 and Windows\nServer 2003 SP1):\nhttp://www.microsoft.com/downloads/details.aspx?FamilyId=5C03F85A-5228-47FB-A338-90FA23818E08\n\nFrontPage Server Extensions 2002 (Windows Server 2003 for\nItanium-based systems and Windows Server 2003 with SP1 for\nItanium-based systems):\nhttp://www.microsoft.com/downloads/details.aspx?FamilyId=59F15A6B-CC1B-43D5-A007-BFC9ABB63486\n\nFrontPage Server Extensions 2002 (x64 Edition) downloaded and\ninstalled on Windows Server 2003 x64 Edition and Windows XP Pro x64\nEdition:\nhttp://www.microsoft.com/downloads/details.aspx?FamilyId=F453530D-7063-49AB-B304-9C455DE6D8DA\n\nFrontPage Server Extensions 2002 (x86 Editions) downloaded and\ninstalled on Windows Server 2000 SP4, Windows XP SP1, and Windows XP\nSP2:\nhttp://www.microsoft.com/downloads/details.aspx?FamilyId=F453530D-7063-49AB-B304-9C455DE6D8DA\n\nMicrosoft SharePoint Team Services:\nhttp://www.microsoft.com/downloads/details.aspx?FamilyId=EEE40662-39E6-4C07-8241-1AC4F5D24FFC\n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits Esteban Mart\\xednez Fay\\xf3. \n\nORIGINAL ADVISORY:\nMS06-017 (KB917627):\nhttp://www.microsoft.com/technet/security/Bulletin/MS06-017.mspx\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-0015"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000169"
      },
      {
        "db": "BID",
        "id": "17452"
      },
      {
        "db": "PACKETSTORM",
        "id": "45339"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2006-0015",
        "trust": 2.7
      },
      {
        "db": "BID",
        "id": "17452",
        "trust": 2.7
      },
      {
        "db": "SECUNIA",
        "id": "19623",
        "trust": 2.5
      },
      {
        "db": "SECTRACK",
        "id": "1015896",
        "trust": 1.6
      },
      {
        "db": "SECTRACK",
        "id": "1015895",
        "trust": 1.6
      },
      {
        "db": "SREASON",
        "id": "704",
        "trust": 1.6
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-1322",
        "trust": 1.6
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000169",
        "trust": 0.8
      },
      {
        "db": "XF",
        "id": "25537",
        "trust": 0.6
      },
      {
        "db": "OVAL",
        "id": "OVAL:ORG.MITRE.OVAL:DEF:1748",
        "trust": 0.6
      },
      {
        "db": "BUGTRAQ",
        "id": "20060412 VULNERABILITY IN MICROSOFT FRONTPAGE SERVER EXTENSIONS COULD ALLOW CROSS-SITE SCRIPTING",
        "trust": 0.6
      },
      {
        "db": "MS",
        "id": "MS06-017",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200604-154",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "45339",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "17452"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000169"
      },
      {
        "db": "PACKETSTORM",
        "id": "45339"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200604-154"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-0015"
      }
    ]
  },
  "id": "VAR-200604-0199",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 1.0
  },
  "last_update_date": "2024-11-23T23:13:28.712000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "MS06-017",
        "trust": 0.8,
        "url": "http://www.microsoft.com/technet/security/bulletin/ms06-017.mspx"
      },
      {
        "title": "MS06-017",
        "trust": 0.8,
        "url": "http://www.microsoft.com/japan/technet/security/bulletin/ms06-017.mspx"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000169"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-0015"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.6,
        "url": "http://www.securityfocus.com/bid/17452"
      },
      {
        "trust": 1.6,
        "url": "http://www.argeniss.com/research/argeniss-adv-040602.txt"
      },
      {
        "trust": 1.6,
        "url": "http://securitytracker.com/id?1015896"
      },
      {
        "trust": 1.6,
        "url": "http://securitytracker.com/id?1015895"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/19623"
      },
      {
        "trust": 1.6,
        "url": "http://securityreason.com/securityalert/704"
      },
      {
        "trust": 1.4,
        "url": "http://www.frsirt.com/english/advisories/2006/1322"
      },
      {
        "trust": 1.0,
        "url": "http://www.microsoft.com/technet/security/bulletin/ms06-017.mspx"
      },
      {
        "trust": 1.0,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a1748"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/1322"
      },
      {
        "trust": 1.0,
        "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-017"
      },
      {
        "trust": 1.0,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25537"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/430803/100/0/threaded"
      },
      {
        "trust": 0.9,
        "url": "http://secunia.com/advisories/19623/"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-0015"
      },
      {
        "trust": 0.8,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2006-0015"
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/17452/"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/archive/1/archive/1/430803/100/0/threaded"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/25537"
      },
      {
        "trust": 0.6,
        "url": "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:1748"
      },
      {
        "trust": 0.3,
        "url": "http://office.microsoft.com/en-us/fx010858021033.aspx"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/430803"
      },
      {
        "trust": 0.1,
        "url": "http://www.microsoft.com/downloads/details.aspx?familyid=59f15a6b-cc1b-43d5-a007-bfc9abb63486"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://www.microsoft.com/downloads/details.aspx?familyid=5c03f85a-5228-47fb-a338-90fa23818e08"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/1529/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/6314/"
      },
      {
        "trust": 0.1,
        "url": "http://www.microsoft.com/downloads/details.aspx?familyid=f453530d-7063-49ab-b304-9c455de6d8da"
      },
      {
        "trust": 0.1,
        "url": "http://www.microsoft.com/downloads/details.aspx?familyid=eee40662-39e6-4c07-8241-1ac4f5d24ffc"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "17452"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000169"
      },
      {
        "db": "PACKETSTORM",
        "id": "45339"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200604-154"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-0015"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "17452"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000169"
      },
      {
        "db": "PACKETSTORM",
        "id": "45339"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200604-154"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-0015"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-04-11T00:00:00",
        "db": "BID",
        "id": "17452"
      },
      {
        "date": "2007-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2006-000169"
      },
      {
        "date": "2006-04-12T04:04:04",
        "db": "PACKETSTORM",
        "id": "45339"
      },
      {
        "date": "2006-04-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200604-154"
      },
      {
        "date": "2006-04-11T23:02:00",
        "db": "NVD",
        "id": "CVE-2006-0015"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-04-13T18:07:00",
        "db": "BID",
        "id": "17452"
      },
      {
        "date": "2007-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2006-000169"
      },
      {
        "date": "2006-04-19T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200604-154"
      },
      {
        "date": "2024-11-21T00:05:28.270000",
        "db": "NVD",
        "id": "CVE-2006-0015"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200604-154"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Microsoft Internet Information Services of  FPSE Vulnerable to cross-site scripting",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000169"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "xss",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "45339"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200604-154"
      }
    ],
    "trust": 0.7
  }
}

fkie_cve-2006-0015

Vulnerability from fkie_nvd

Published

2006-04-11 23:02

Modified

2024-11-21 00:05

Severity ?

Summary

References

URL	Tags
secure@microsoft.com	http://secunia.com/advisories/19623	Patch, Vendor Advisory
secure@microsoft.com	http://securityreason.com/securityalert/704
secure@microsoft.com	http://securitytracker.com/id?1015895	Patch
secure@microsoft.com	http://securitytracker.com/id?1015896	Patch
secure@microsoft.com	http://www.argeniss.com/research/ARGENISS-ADV-040602.txt	Exploit, Patch, Vendor Advisory
secure@microsoft.com	http://www.securityfocus.com/archive/1/430803/100/0/threaded
secure@microsoft.com	http://www.securityfocus.com/bid/17452	Exploit, Patch
secure@microsoft.com	http://www.vupen.com/english/advisories/2006/1322
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-017
secure@microsoft.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/25537
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1748
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/19623	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/704
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1015895	Patch
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1015896	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.argeniss.com/research/ARGENISS-ADV-040602.txt	Exploit, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/430803/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/17452	Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/1322
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-017
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/25537
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1748

Impacted products

	Vendor	Product	Version
	microsoft	frontpage_server_extensions	2002
	microsoft	sharepoint_team_services	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:frontpage_server_extensions:2002:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7E274F0-F1B8-4C3D-961B-80B92830ABF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sharepoint_team_services:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "83ADDF33-AC0A-43F1-8250-EC84221F02D6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in _vti_bin/_vti_adm/fpadmdll.dll in Microsoft FrontPage Server Extensions 2002 and SharePoint Team Services allows remote attackers to inject arbitrary web script or HTML, then leverage the attack to execute arbitrary programs or create new accounts, via the (1) operation, (2) command, and (3) name parameters."
    }
  ],
  "id": "CVE-2006-0015",
  "lastModified": "2024-11-21T00:05:28.270",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-04-11T23:02:00.000",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/19623"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://securityreason.com/securityalert/704"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch"
      ],
      "url": "http://securitytracker.com/id?1015895"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch"
      ],
      "url": "http://securitytracker.com/id?1015896"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.argeniss.com/research/ARGENISS-ADV-040602.txt"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/archive/1/430803/100/0/threaded"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/17452"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.vupen.com/english/advisories/2006/1322"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-017"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25537"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1748"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/19623"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/704"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://securitytracker.com/id?1015895"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://securitytracker.com/id?1015896"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.argeniss.com/research/ARGENISS-ADV-040602.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/430803/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/17452"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/1322"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-017"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25537"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1748"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2006-0015

Vulnerability from cvelistv5

ghsa-78hp-864j-39pv

Vulnerability from github

gsd-2006-0015

Vulnerability from gsd

var-200604-0199

Vulnerability from variot

fkie_cve-2006-0015

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature