Verity Ultraseek Multiple

Product:
Verity Ultraseek

Released:
11/15/2006

Description:
ZDI published some Verity Ultraseek vulnerabilities (ZDI-06-042) I discovered early this year. This can let you host/port scan or load pages from protected resources (localhost web servers, other servers in a DMZ, etc.).

Contacts:
sullo@cirt.net

References:
Updated information can be found on under the following entries:

CVE-2006-5819 Verity Ultraseek /highlight/index.html Arbitrary Proxy
CVE-2006-5970 Verity Ultraseek Multiple Script Malformed Request Path Disclosure
CVE-2006-5971 Verity Ultraseek logfile.txt name Variable Arbitrary File Retrieval
ZDI-06-042 Verity Ultraseek Request Proxying Vulnerability
Vulnerabilities: