3 results (0.007 seconds)

CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 0

Absolute path traversal vulnerability in admin/logfile.txt in Verity Ultraseek before 5.6.2 allows remote attackers to read arbitrary files via the name variable. Vulnerabilidad de salto de ruta absoluta en admin/logfile.txt en Verity Ultraseek anterior a 5.6.2 permite a un atacante remoto leer ficheros de su elección a través de la variable name. • http://secunia.com/advisories/22892 http://www.osvdb.org/30289 http://www.securityfocus.com/archive/1/451847/100/0/threaded http://www.ultraseek.com/support/docs/RELNOTES.txt http://www.ultraseek.com/support/docs/release_notes/ultraseek.5.6.2.txt http://www.zerodayinitiative.com/advisories/ZDI-06-042.html https://exchange.xforce.ibmcloud.com/vulnerabilities/30321 •

CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 0

Verity Ultraseek before 5.7 allows remote attackers to obtain sensitive information via direct requests with (1) a null ("%00") terminated url parameter to help/urlstatusgo.html; or missing parameters to (2) help/header.html, (3) help/footer.html, (4) spell.html, (5) coreforma.html, (6) daterange.html, (7) hits.html, (8) hitsnavbottom.html, (9) indexform.html, (10) indexforma.html, (11) languages.html, (12) nohits.html, (13) onehit1.html, (14) onehit2.html, (15) query.html, (16) queryform0.html, (17) queryform0a.html, (18) queryform1.html, (19) queryform1a.html, (20) queryform2.html, (21) queryform2a.html, (22) quicklinks.html, (23) relatedtopics.html, (24) signin.html, (25) subtopics.html, (26) thesaurus.html, (27) topics.html, (28) hitspagebar.html, (29) highlight/highlight.html, (30) highlight/highlight_one.html, and (31) highlight/topnav.html, which leaks the installation path in the resulting error message. Verity Ultraseek anterior 5.7 permite a un atacante remoto obtener información sensible a través de respuestas directas con un parámetro url terminal nulo a help/urlstatusgo.html; o parámetros que faltan en (2) help/header.html, (3) help/footer.html, (4) spell.html, (5) coreforma.html, (6) daterange.html, (7) hits.html, (8) hitsnavbottom.html, (9) indexform.html, (10) indexforma.html, (11) languages.html, (12) nohits.html, (13) onehit1.html, (14) onehit2.html, (15) query.html, (16) queryform0.html, (17) queryform0a.html, (18) queryform1.html, (19) queryform1a.html, (20) queryform2.html, (21) queryform2a.html, (22) quicklinks.html, (23) relatedtopics.html, (24) signin.html, (25) subtopics.html, (26) thesaurus.html, (27) topics.html, (28) hitspagebar.html, (29) highlight/highlight.html, (30) highlight/highlight_one.html, y (31) highlight/topnav.html, • http://secunia.com/advisories/22892 http://securitytracker.com/id?1017235 http://www.osvdb.org/30287 http://www.osvdb.org/30288 http://www.securityfocus.com/archive/1/451847/100/0/threaded http://www.ultraseek.com/support/docs/RELNOTES.txt http://www.zerodayinitiative.com/advisories/ZDI-06-042.html https://exchange.xforce.ibmcloud.com/vulnerabilities/30314 •

CVSS: 10.0EPSS: 13%CPEs: 5EXPL: 0

Verity Ultraseek before 5.7 allows remote attackers to use the server as a proxy for web attacks and host scanning via a direct request to the highlight/index.html script. Verity Ultraseek anterior a 5.7 permite a un atacante remoto usar el servidor como proxy para ataques web y escaneo de host a través de respuesta directa a la secuencia de comandos highlight/index.html. This vulnerability allows remote attackers to proxy web attacks and scan internal hosts through vulnerable installations of Verity Ultraseek. Authentication is not required to exploit this vulnerability. The specific flaw exists within the highlight script used to highlight search terms on spidered pages. An attacker can directly access the highlight script at '/highlight/index.html' to pass parameters to and retrieve content from arbitrary URLs. • http://securitytracker.com/id?1017235 http://www.kb.cert.org/vuls/id/559616 http://www.osvdb.org/22892 http://www.osvdb.org/30286 http://www.securityfocus.com/archive/1/451847/100/0/threaded http://www.securityfocus.com/bid/21120 http://www.ultraseek.com/support/docs/RELNOTES.txt http://www.zerodayinitiative.com/advisories/ZDI-06-042.html https://exchange.xforce.ibmcloud.com/vulnerabilities/30311 •