漏洞标题
N/A
漏洞描述信息
真相超seek 5.7前允许远程攻击者通过直接请求获取敏感信息,使用(1)一个空的("%00")结束的URL参数来获取帮助/urlstatusgo.html;或缺少参数来获取(2)帮助/header.html,(3)帮助/footer.html,(4)拼写.html,(5)核心forma.html,(6)日期范围.html,(7) hits.html,(8) hitsnavbottom.html,(9)索引form.html,(10)索引forma.html,(11)语言.html,(12)无结果.html,(13)单条1条结果.html,(14)单条2条结果.html,(15)查询.html,(16)查询form0.html,(17)查询form0a.html,(18)查询form1.html,(19)查询form1a.html,(20)查询form2.html,(21)查询form2a.html,(22)快速链接.html,(23)相关主题.html,(24)登录.html,(25)子主题.html,(26)词汇.html,(27)主题.html,(28) hitspagebar.html,(29)高亮/高亮.html,(30)高亮/高亮_1.html,(31)高亮/导航.html,在结果错误消息中泄露安装路径。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
Verity Ultraseek before 5.7 allows remote attackers to obtain sensitive information via direct requests with (1) a null ("%00") terminated url parameter to help/urlstatusgo.html; or missing parameters to (2) help/header.html, (3) help/footer.html, (4) spell.html, (5) coreforma.html, (6) daterange.html, (7) hits.html, (8) hitsnavbottom.html, (9) indexform.html, (10) indexforma.html, (11) languages.html, (12) nohits.html, (13) onehit1.html, (14) onehit2.html, (15) query.html, (16) queryform0.html, (17) queryform0a.html, (18) queryform1.html, (19) queryform1a.html, (20) queryform2.html, (21) queryform2a.html, (22) quicklinks.html, (23) relatedtopics.html, (24) signin.html, (25) subtopics.html, (26) thesaurus.html, (27) topics.html, (28) hitspagebar.html, (29) highlight/highlight.html, (30) highlight/highlight_one.html, and (31) highlight/topnav.html, which leaks the installation path in the resulting error message.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
Verity Ultraseek 信息泄露漏洞
漏洞描述信息
Verity Ultraseek允许远程攻击者通过直接请求带有(1)空("%00")终止的url参数的help/urlstatusgo.html;或者带有missing参数的(2)help/header.html,(3)help/footer.html,(4)spell.html,(5)coreforma.html,(6)daterange.html,(7)hits.html,(8)hitsnavbottom.html,(9)indexform.html,(10)indexforma.html,(11)l
CVSS信息
N/A
漏洞类别
授权问题