Verity Ultraseek Multiple
Product:
Verity Ultraseek
Released:
11/15/2006
Description:
ZDI published some Verity Ultraseek vulnerabilities (ZDI-06-042) I discovered early this year. This can let you host/port scan or load pages from protected resources (localhost web servers, other servers in a DMZ, etc.).
Contacts:
sullo@cirt.net
References:
Updated information can be found on under the following entries:
| CVE-2006-5819 | Verity Ultraseek /highlight/index.html Arbitrary Proxy |
| CVE-2006-5970 | Verity Ultraseek Multiple Script Malformed Request Path Disclosure |
| CVE-2006-5971 | Verity Ultraseek logfile.txt name Variable Arbitrary File Retrieval |
| ZDI-06-042 | Verity Ultraseek Request Proxying Vulnerability |
Vulnerabilities: