Lucene search

Ultraseek Security Vulnerabilities

cve

CVE-2004-0050

Verity Ultraseek before 5.2.2 allows remote attackers to obtain the full pathname of the document root via an MS-DOS device name in the web search option, such as (1) NUL, (2) CON, (3) AUX, (4) COM1, (5) COM2, and others.

6.6AI Score

0.006EPSS

2004-06-14 04:00 AM

cve

CVE-2005-0514

Cross-site scripting (XSS) vulnerability in Verity Ultraseek before 5.3.3 allows remote attackers to inject arbitrary HTML and web script via search parameters.

5.8AI Score

0.003EPSS

2005-02-23 05:00 AM

cve

CVE-2006-5819

Verity Ultraseek before 5.7 allows remote attackers to use the server as a proxy for web attacks and host scanning via a direct request to the highlight/index.html script.

6.6AI Score

0.133EPSS

2006-11-18 12:07 AM

cve

CVE-2006-5970

Verity Ultraseek before 5.7 allows remote attackers to obtain sensitive information via direct requests with (1) a null ("%00") terminated url parameter to help/urlstatusgo.html; or missing parameters to (2) help/header.html, (3) help/footer.html, (4) spell.html, (5) coreforma.html, (6) daterange.h...

6.6AI Score

0.012EPSS

2006-11-18 12:07 AM

cve

CVE-2006-5971

Absolute path traversal vulnerability in admin/logfile.txt in Verity Ultraseek before 5.6.2 allows remote attackers to read arbitrary files via the name variable.

7.1AI Score

0.01EPSS

2006-11-18 12:07 AM

cve

CVE-2009-0347

Open redirect vulnerability in cs.html in the Autonomy (formerly Verity) Ultraseek search engine allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter.

6.9AI Score

0.106EPSS

2009-01-29 07:30 PM