Verity Ultraseek Multiple

Product:
Verity Ultraseek

Released:
11/15/2006

Description:
ZDI published some Verity Ultraseek vulnerabilities (ZDI-06-042) I discovered early this year. This can let you host/port scan or load pages from protected resources (localhost web servers, other servers in a DMZ, etc.).

Contacts:
sullo@cirt.net

References:
Updated information can be found on OSVDB.org and at ZDI under the following entries:

OSVDB-30286 Verity Ultraseek /highlight/index.html Arbitrary Proxy
OSVDB-30287 Verity Ultraseek Multiple Script Malformed Request Path Disclosure
OSVDB-30288 Verity Ultraseek urlstatusgo.html url Variable Path Disclosure
OSVDB-30289 Verity Ultraseek logfile.txt name Variable Arbitrary File Retrieval
ZDI-06-042 Verity Ultraseek Request Proxying Vulnerability
Vulnerabilities: