FreeBSD Local Security Checks : FreeBSD Ports: yahoo-ui

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.68688

Categoría: FreeBSD Local Security Checks

Título: FreeBSD Ports: yahoo-ui

Resumen: The remote host is missing an update to the system; as announced in the referenced advisory.

Descripción: Summary:
The remote host is missing an update to the system
as announced in the referenced advisory.

Vulnerability Insight:
The following package is affected: yahoo-ui

CVE-2010-4207
Cross-site scripting (XSS) vulnerability in the Flash component
infrastructure in YUI 2.4.0 through 2.8.1, as used in Bugzilla,
Moodle, and other products, allows remote attackers to inject
arbitrary web script or HTML via vectors related to
charts/assets/charts.swf.

CVE-2010-4208
Cross-site scripting (XSS) vulnerability in the Flash component
infrastructure in YUI 2.5.0 through 2.8.1, as used in Bugzilla,
Moodle, and other products, allows remote attackers to inject
arbitrary web script or HTML via vectors related to
uploader/assets/uploader.swf.

CVE-2010-4209
Cross-site scripting (XSS) vulnerability in the Flash component
infrastructure in YUI 2.8.0 through 2.8.1, as used in Bugzilla 3.7.1
through 3.7.3 and 4.1, allows remote attackers to inject arbitrary web
script or HTML via vectors related to swfstore/swfstore.swf.

Solution:
Update your system with the appropriate patches or
software upgrades.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-4207
BugTraq ID: 44420
http://www.securityfocus.com/bid/44420
Bugtraq: 20101103 Security Advisory for Bugzilla 3.2.8, 3.4.8, 3.6.2, and 3.7.3 (Google Search)
http://www.securityfocus.com/archive/1/514622
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050830.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050820.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050813.html
http://www.openwall.com/lists/oss-security/2010/11/07/1
http://www.securitytracker.com/id?1024683
http://secunia.com/advisories/41955
http://secunia.com/advisories/42271
SuSE Security Announcement: SUSE-SR:2010:021 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html
http://www.vupen.com/english/advisories/2010/2878
http://www.vupen.com/english/advisories/2010/2975
Common Vulnerability Exposure (CVE) ID: CVE-2010-4208
Common Vulnerability Exposure (CVE) ID: CVE-2010-4209

Copyright Copyright (C) 2011 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.68688
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Ports: yahoo-ui
Resumen:	The remote host is missing an update to the system; as announced in the referenced advisory.
Descripción:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following package is affected: yahoo-ui CVE-2010-4207 Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.8.1, as used in Bugzilla, Moodle, and other products, allows remote attackers to inject arbitrary web script or HTML via vectors related to charts/assets/charts.swf. CVE-2010-4208 Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.8.1, as used in Bugzilla, Moodle, and other products, allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader/assets/uploader.swf. CVE-2010-4209 Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.8.1, as used in Bugzilla 3.7.1 through 3.7.3 and 4.1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore/swfstore.swf. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-4207 BugTraq ID: 44420 http://www.securityfocus.com/bid/44420 Bugtraq: 20101103 Security Advisory for Bugzilla 3.2.8, 3.4.8, 3.6.2, and 3.7.3 (Google Search) http://www.securityfocus.com/archive/1/514622 http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050830.html http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050820.html http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050813.html http://www.openwall.com/lists/oss-security/2010/11/07/1 http://www.securitytracker.com/id?1024683 http://secunia.com/advisories/41955 http://secunia.com/advisories/42271 SuSE Security Announcement: SUSE-SR:2010:021 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html http://www.vupen.com/english/advisories/2010/2878 http://www.vupen.com/english/advisories/2010/2975 Common Vulnerability Exposure (CVE) ID: CVE-2010-4208 Common Vulnerability Exposure (CVE) ID: CVE-2010-4209
Copyright	Copyright (C) 2011 E-Soft Inc.