Ultraseek
by Verity
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2009-0347 | 0.04 | — | 0.10 | Jan 29, 2009 | Open redirect vulnerability in cs.html in the Autonomy (formerly Verity) Ultraseek search engine allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter. | |||
| CVE-2006-5819 | 0.01 | — | 0.06 | Nov 18, 2006 | Verity Ultraseek before 5.7 allows remote attackers to use the server as a proxy for web attacks and host scanning via a direct request to the highlight/index.html script. | |||
| CVE-2006-5971 | 0.00 | — | 0.02 | Nov 18, 2006 | Absolute path traversal vulnerability in admin/logfile.txt in Verity Ultraseek before 5.6.2 allows remote attackers to read arbitrary files via the name variable. | |||
| CVE-2006-5970 | 0.00 | — | 0.02 | Nov 18, 2006 | Verity Ultraseek before 5.7 allows remote attackers to obtain sensitive information via direct requests with (1) a null ("%00") terminated url parameter to help/urlstatusgo.html; or missing parameters to (2) help/header.html, (3) help/footer.html, (4) spell.html, (5)… | |||
| CVE-2005-0514 | 0.00 | — | 0.02 | Feb 22, 2005 | Cross-site scripting (XSS) vulnerability in Verity Ultraseek before 5.3.3 allows remote attackers to inject arbitrary HTML and web script via search parameters. | |||
| CVE-2004-0050 | 0.00 | — | 0.01 | Jun 14, 2004 | Verity Ultraseek before 5.2.2 allows remote attackers to obtain the full pathname of the document root via an MS-DOS device name in the web search option, such as (1) NUL, (2) CON, (3) AUX, (4) COM1, (5) COM2, and others. |
- CVE-2009-0347Jan 29, 2009risk 0.04cvss —epss 0.10
Open redirect vulnerability in cs.html in the Autonomy (formerly Verity) Ultraseek search engine allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter.
- CVE-2006-5819Nov 18, 2006risk 0.01cvss —epss 0.06
Verity Ultraseek before 5.7 allows remote attackers to use the server as a proxy for web attacks and host scanning via a direct request to the highlight/index.html script.
- CVE-2006-5971Nov 18, 2006risk 0.00cvss —epss 0.02
Absolute path traversal vulnerability in admin/logfile.txt in Verity Ultraseek before 5.6.2 allows remote attackers to read arbitrary files via the name variable.
- CVE-2006-5970Nov 18, 2006risk 0.00cvss —epss 0.02
Verity Ultraseek before 5.7 allows remote attackers to obtain sensitive information via direct requests with (1) a null ("%00") terminated url parameter to help/urlstatusgo.html; or missing parameters to (2) help/header.html, (3) help/footer.html, (4) spell.html, (5)…
- CVE-2005-0514Feb 22, 2005risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in Verity Ultraseek before 5.3.3 allows remote attackers to inject arbitrary HTML and web script via search parameters.
- CVE-2004-0050Jun 14, 2004risk 0.00cvss —epss 0.01
Verity Ultraseek before 5.2.2 allows remote attackers to obtain the full pathname of the document root via an MS-DOS device name in the web search option, such as (1) NUL, (2) CON, (3) AUX, (4) COM1, (5) COM2, and others.