From se_cur_ity@hotmail.com Wed May 28 14:23:45 2003 From: morning_wood X-Originating-IP: [12.229.234.100] To: vulnwatch@vulnwatch.org, bugtraq@securityfocus.com, full-disclosure@lists.netsys.com Cc: tech-support@verity.com Date: Wed, 21 May 2003 03:02:46 -0700 Subject: [Full-Disclosure] Verity/Search'97 ObjectStoreSearch [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] ------------------------------------------ FSN-2003-001 Frame4 Security Notice ------------------------------------------ 05/20/2003 Donnie Werner morning_wood@frame4.com http://frame4.com Product:: Verity/Search'97 ObjectStoreSearch This is a different issue than posted at: http://www.kb.cert.org/vuls/id/636431 and http://archives.neohapsis.com/archives/bugtraq/1998_3/0143.html Sites affected: ( sample ) http://wwws.house.gov http://www.timex.com Exploit / Fault: type into search box... <""> press go, view results... -------------- copy-n-paste ------------------------- Formatter Cannot open template file serror.hts Component Component (vformat) failed in processing request, -2002 Action Action (ErrorReport) failed while processing request in component (vformat), -2002 Service Manager Action (FilterSearch) failed in processing request, -2002 S97IS Service manager failed to process request ---------------------------- end --------------------------------- Vendor Contact: Concurent to this Advisory tech-support@verity.com ---------------------------------------------------------------- Donnie Werner - Exploit Research morning_wood@frame4.com http://frame4.com --------------------------------------------------------------- se_cur_ity@hotmail.com http://exploit.wox.org _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html