Verity Ultraseek Multiple
Tagged:
Product:
Verity Ultraseek
Released:
11/15/2006
Description:
ZDI published some Verity Ultraseek vulnerabilities (ZDI-06-042) I discovered early this year. This can let you host/port scan or load pages from protected resources (localhost web servers, other servers in a DMZ, etc.).
Contacts:
sullo@cirt.net
References:
Updated information can be found on OSVDB.org and at ZDI under the following entries:
| OSVDB-30286 | Verity Ultraseek /highlight/index.html Arbitrary Proxy |
| OSVDB-30287 | Verity Ultraseek Multiple Script Malformed Request Path Disclosure |
| OSVDB-30288 | Verity Ultraseek urlstatusgo.html url Variable Path Disclosure |
| OSVDB-30289 | Verity Ultraseek logfile.txt name Variable Arbitrary File Retrieval |
| ZDI-06-042 | Verity Ultraseek Request Proxying Vulnerability |
