Ultraseek信息泄露及请求代理漏洞

Ultraseek是一款企业级的搜索引擎。 Ultraseek中用于高亮显示蜘蛛抓取的页面中搜索条款的highlight脚本存在漏洞。攻击者可以直接访问/highlight/index.html中的highlight脚本，对其传送URL参数并检索内容。 攻击者还可以滥用该脚本枚举其他情况下无法访问的内部地址和开放端口。 Ultraseek的以下脚本还存在各种信息泄露漏洞： /help/urlstatusgo.html /help/header.html /help/footer.html /spell.html /coreforma.html /daterange.html...

CVE-2006-5971

CVE-2006-5971 describes an absolute path traversal vulnerability in Verity Ultraseek (admin/logfile.txt) prior to version 5.6.2. An attacker could read arbitrary files by supplying a crafted name variable, enabling partial confidentiality impact. The issue is rooted in improper validation of file...

Verity Ultraseek Request Proxying Vulnerability

This vulnerability allows remote attackers to proxy web attacks and scan internal hosts through vulnerable installations of Verity Ultraseek. Authentication is not required to exploit this vulnerability. The specific flaw exists within the highlight script used to highlight search terms on spider...