COMMAND

    Go Express Search

SYSTEMS AFFECTED

    Go Express Search

PROBLEM

    Disney's Go Express  Search operates an  http server at  port 1234
    without authentication.  Remote  users can submit search  queries,
    and view  queries and  personal links  left by  other users.  It's
    possible to access the  configuration interface, which can  reveal
    the e-mail address of the  user who registered it.   Configuration
    settings can be changed remotely to, for instance, add, remove  or
    alter personal links.

SOLUTION

    Nothing yet.