Some vulnerabilities have been reported in Verity Ultraseek, which can be exploited by malicious users to gain knowledge of sensitive information or by malicious people to bypass certain security restrictions and disclose sensitive information.
1) An error in the highlight script in highlight/index.html can be exploited by malicious people to retrieve content from arbitrary URLs or enumerate internal systems and open ports.
2) Multiple scripts expose various unspecified information.
3) A malicious users can disclose the contents of arbitrary files via the "admin/logfile.txt" script.
Solution: Update to version 5.7.
Provided and/or discovered by: sullo, CIRT.NET
Original Advisory: Ultraseek:
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org