Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Verity Ultraseek before 5.7 allows remote attackers to obtain sensitive information via direct requests with (1) a null ("%00") terminated url parameter to help/urlstatusgo.html; or missing parameters to (2) help/header.html, (3) help/footer.html, (4) spell.html, (5) coreforma.html, (6) daterange.html, (7) hits.html, (8) hitsnavbottom.html, (9) indexform.html, (10) indexforma.html, (11) languages.html, (12) nohits.html, (13) onehit1.html, (14) onehit2.html, (15) query.html, (16) queryform0.html, (17) queryform0a.html, (18) queryform1.html, (19) queryform1a.html, (20) queryform2.html, (21) queryform2a.html, (22) quicklinks.html, (23) relatedtopics.html, (24) signin.html, (25) subtopics.html, (26) thesaurus.html, (27) topics.html, (28) hitspagebar.html, (29) highlight/highlight.html, (30) highlight/highlight_one.html, and (31) highlight/topnav.html, which leaks the installation path in the resulting error message.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Verity Ultraseek 信息泄露漏洞
Vulnerability Description
Verity Ultraseek允许远程攻击者通过直接请求带有(1)空("%00")终止的url参数的help/urlstatusgo.html;或者带有missing参数的(2)help/header.html,(3)help/footer.html,(4)spell.html,(5)coreforma.html,(6)daterange.html,(7)hits.html,(8)hitsnavbottom.html,(9)indexform.html,(10)indexforma.html,(11)l
CVSS Information
N/A
Vulnerability Type
N/A