CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 0CVE-2006-5971
https://notcve.org/view.php?id=CVE-2006-5971
Absolute path traversal vulnerability in admin/logfile.txt in Verity Ultraseek before 5.6.2 allows remote attackers to read arbitrary files via the name variable. Vulnerabilidad de salto de ruta absoluta en admin/logfile.txt en Verity Ultraseek anterior a 5.6.2 permite a un atacante remoto leer ficheros de su elección a través de la variable name. • http://secunia.com/advisories/22892 http://www.osvdb.org/30289 http://www.securityfocus.com/archive/1/451847/100/0/threaded http://www.ultraseek.com/support/docs/RELNOTES.txt http://www.ultraseek.com/support/docs/release_notes/ultraseek.5.6.2.txt http://www.zerodayinitiative.com/advisories/ZDI-06-042.html https://exchange.xforce.ibmcloud.com/vulnerabilities/30321 •
CVSS: 10.0EPSS: 13%CPEs: 5EXPL: 0CVE-2006-5819 – Verity Ultraseek Request Proxying Vulnerability
https://notcve.org/view.php?id=CVE-2006-5819
Verity Ultraseek before 5.7 allows remote attackers to use the server as a proxy for web attacks and host scanning via a direct request to the highlight/index.html script. Verity Ultraseek anterior a 5.7 permite a un atacante remoto usar el servidor como proxy para ataques web y escaneo de host a través de respuesta directa a la secuencia de comandos highlight/index.html. This vulnerability allows remote attackers to proxy web attacks and scan internal hosts through vulnerable installations of Verity Ultraseek. Authentication is not required to exploit this vulnerability. The specific flaw exists within the highlight script used to highlight search terms on spidered pages. An attacker can directly access the highlight script at '/highlight/index.html' to pass parameters to and retrieve content from arbitrary URLs. • http://securitytracker.com/id?1017235 http://www.kb.cert.org/vuls/id/559616 http://www.osvdb.org/22892 http://www.osvdb.org/30286 http://www.securityfocus.com/archive/1/451847/100/0/threaded http://www.securityfocus.com/bid/21120 http://www.ultraseek.com/support/docs/RELNOTES.txt http://www.zerodayinitiative.com/advisories/ZDI-06-042.html https://exchange.xforce.ibmcloud.com/vulnerabilities/30311 •