Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

CSA-200012.txt

🗓️ 07 Dec 2000 00:00:00Reported by chinansl.comType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 21 Views

Ultraseek Server 3.0 vulnerability allows access to paths and source code without a fix available.

Code
`CHINANSL Security Advisory(CSA-200012)  
  
Topic: Ultraseek Server 3.0 Vulnerability  
  
Release Date£º Dec 6, 2000  
  
Affected system:  
============  
  
Ultraseek Server 3.0  
¡¡¡¡- SunOS  
  
Impact:  
======  
  
CHINANLS security team has found a security  
problem in Ultraseek Server  
3.0 . Exploitation of this vulnerability, It is possible that  
a malicious  
user can get the absolute path and source code of  
Ultraseek Server addons.  
  
Description£º  
=========  
  
Ultraseek Server with interpreter can interpret the  
script file and execute  
some correcpond functions.But Ultraseek Server  
have some bug to exploit the  
script file.  
  
Exploit:  
=====  
  
(1) run arbitrary command :  
  
http://target:8765/null.html  
  
Ultraseek Server will return :  
  
The path where Ultraseek Server install and other  
information.  
  
(2) we can get the content of source code files with  
this bug too:  
  
http://target:8765/index.html/  
  
Ultraseek Server will return the conten of index.html  
and other source  
code which work for Ultraseek Server.  
  
Sample:  
=======  
http://www.sun.com.cn:8765/index.html/  
  
  
Solution:  
=======  
  
None  
  
DISCLAIMS:  
========  
THE INFORMATION PROVIDED IS RELEASED BY  
CHINANSL "AS IS" WITHOUT WARRANTY OF ANY  
KIND. CHINANSL DISCLAIMS ALL WARRANTIES,  
EITHER EXPRESS OR IMPLIED, EXCEPT FOR  
THE WARRANTIES OF MERCHANTABILITY. IN NO  
EVENTSHALL CHINANSL BE LIABLE FOR ANY  
DAMAGES WHATSOEVER INCLUDING DIRECT,  
INDIRECT, INCIDENTAL,CONSEQUENTIAL, LOSS  
OF BUSINESS PROFITS OR SPECIAL DAMAGES,  
EVEN IF CHINANSL HAS BEEN ADVISED OF THE  
POSSIBILITY OF SUCH DAMAGES. DISTRIBUTION  
OR REPRODUTION OF THE INFORMATION IS  
PROVIDED THAT THE ADVISORY IS NOT  
MODIFIED IN ANY WAY.  
  
Copyright 1999-2000 CHINANSL. All Rights  
Reserved. Terms of use.  
  
  
CHINANSL Security Team (http://www.chinansl.com)  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
07 Dec 2000 00:00Current
7.4High risk
Vulners AI Score7.4
ultraseek server vulnerabilitysecurity risksource code exposurearbitrary command executionno solution.
21