CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2006-5970
https://notcve.org/view.php?id=CVE-2006-5970
18 Nov 2006 — Verity Ultraseek before 5.7 allows remote attackers to obtain sensitive information via direct requests with (1) a null ("%00") terminated url parameter to help/urlstatusgo.html; or missing parameters to (2) help/header.html, (3) help/footer.html, (4) spell.html, (5) coreforma.html, (6) daterange.html, (7) hits.html, (8) hitsnavbottom.html, (9) indexform.html, (10) indexforma.html, (11) languages.html, (12) nohits.html, (13) onehit1.html, (14) onehit2.html, (15) query.html, (16) queryform0.html, (17) queryf... • http://secunia.com/advisories/22892 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2006-5971
https://notcve.org/view.php?id=CVE-2006-5971
18 Nov 2006 — Absolute path traversal vulnerability in admin/logfile.txt in Verity Ultraseek before 5.6.2 allows remote attackers to read arbitrary files via the name variable. Vulnerabilidad de salto de ruta absoluta en admin/logfile.txt en Verity Ultraseek anterior a 5.6.2 permite a un atacante remoto leer ficheros de su elección a través de la variable name. • http://secunia.com/advisories/22892 •
CVSS: 10.0EPSS: 6%CPEs: 5EXPL: 0CVE-2006-5819 – Verity Ultraseek Request Proxying Vulnerability
https://notcve.org/view.php?id=CVE-2006-5819
15 Nov 2006 — Verity Ultraseek before 5.7 allows remote attackers to use the server as a proxy for web attacks and host scanning via a direct request to the highlight/index.html script. Verity Ultraseek anterior a 5.7 permite a un atacante remoto usar el servidor como proxy para ataques web y escaneo de host a través de respuesta directa a la secuencia de comandos highlight/index.html. This vulnerability allows remote attackers to proxy web attacks and scan internal hosts through vulnerable installations of Verity Ultras... • http://securitytracker.com/id?1017235 •
CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 0CVE-2005-0514
https://notcve.org/view.php?id=CVE-2005-0514
22 Feb 2005 — Cross-site scripting (XSS) vulnerability in Verity Ultraseek before 5.3.3 allows remote attackers to inject arbitrary HTML and web script via search parameters. • http://lists.grok.org.uk/pipermail/full-disclosure/2004-December/030222.html •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2004-0050
https://notcve.org/view.php?id=CVE-2004-0050
06 May 2004 — Verity Ultraseek before 5.2.2 allows remote attackers to obtain the full pathname of the document root via an MS-DOS device name in the web search option, such as (1) NUL, (2) CON, (3) AUX, (4) COM1, (5) COM2, and others. Verity Ultraseek anteriores a 5.2.2 permite a atacantes remotos obtener la ruta completa de la raíz de documentos mediante un nombre de dispositivo de MS-DOS en la opción de búsqueda web, como (1) NUL, (2) CON, (3) AUX, (4) COM1, (5) COM2, y otros. • http://archives.neohapsis.com/archives/vulnwatch/2004-q2/0024.html •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2002-1651
https://notcve.org/view.php?id=CVE-2002-1651
31 Dec 2002 — Cross-site scripting (XSS) vulnerability in Verity Search97 allows remote attackers to insert arbitrary web content and steal sensitive information from other clients, possibly due to certain error messages from template pages that use the (1) vformat or (2) vfilter functions. • http://www.kb.cert.org/vuls/id/636431 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.4EPSS: 30%CPEs: 20EXPL: 0CVE-2002-0370
https://notcve.org/view.php?id=CVE-2002-0370
05 Oct 2002 — Buffer overflow in the ZIP capability for multiple products allows remote attackers to cause a denial of service or execute arbitrary code via ZIP files containing entries with long filenames, including (1) Microsoft Windows 98 with Plus! Pack, (2) Windows XP, (3) Windows ME, (4) Lotus Notes R4 through R6 (pre-gold), (5) Verity KeyView, and (6) Stuffit Expander before 7.0. Desbordamiento de búfer en la capacidad ZIP de múltiples productos permite a atacantes remotos causar una denegación de servicio o ejecu... • http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0009.html •