Security is not one size fits all, that is why we tailor our services to your requirements. We offer a wide range of security services to assist you with any aspect of your information security requirements. | Verity Ultraseek Multiple Script Malformed Request Path Disclosure |
| Wednesday, 15 November 2006 | |
|
Ultraseek contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker loads scripts without any parameters, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks. The impacted scripts are: /help/header.html /help/footer.html /spell.html /coreforma.html /daterange.html /hits.html /hitsnavbottom.html /indexform.html /indexforma.html /languages.html /nohits.html /onehit1.html /onehit2.html /query.html /queryform0.html /queryform0a.html /queryform1.html /queryform1a.html /queryform2.html /queryform2a.html /quicklinks.html /relatedtopics.html /signin.html /subtopics.html /thesaurus.html /topics.html /hitspagebar.html /highlight/highlight.html /highlight/highlight_one.html /highlight/topnav.html Read more... |