VYPR

Ultraseek

by Verity

CVEs (6)

  • CVE-2009-0347Jan 29, 2009
    risk 0.04cvss epss 0.10

    Open redirect vulnerability in cs.html in the Autonomy (formerly Verity) Ultraseek search engine allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter.

  • CVE-2006-5819Nov 18, 2006
    risk 0.01cvss epss 0.06

    Verity Ultraseek before 5.7 allows remote attackers to use the server as a proxy for web attacks and host scanning via a direct request to the highlight/index.html script.

  • CVE-2006-5971Nov 18, 2006
    risk 0.00cvss epss 0.02

    Absolute path traversal vulnerability in admin/logfile.txt in Verity Ultraseek before 5.6.2 allows remote attackers to read arbitrary files via the name variable.

  • CVE-2006-5970Nov 18, 2006
    risk 0.00cvss epss 0.02

    Verity Ultraseek before 5.7 allows remote attackers to obtain sensitive information via direct requests with (1) a null ("%00") terminated url parameter to help/urlstatusgo.html; or missing parameters to (2) help/header.html, (3) help/footer.html, (4) spell.html, (5)…

  • CVE-2005-0514Feb 22, 2005
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in Verity Ultraseek before 5.3.3 allows remote attackers to inject arbitrary HTML and web script via search parameters.

  • CVE-2004-0050Jun 14, 2004
    risk 0.00cvss epss 0.01

    Verity Ultraseek before 5.2.2 allows remote attackers to obtain the full pathname of the document root via an MS-DOS device name in the web search option, such as (1) NUL, (2) CON, (3) AUX, (4) COM1, (5) COM2, and others.