Sullo

Name of the Vulnerable Software and Affected Versions: Verity Ultraseek versions prior to 5.7 Description: The issue allows remote attackers to use the server as a proxy for web attacks and host scanning. This is achieved via a direct request to the "highlight/index.html" script. Recommendations: For versions prior to 5.7, update to version 5.7 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Verity Ultraseek versions prior to 5.7 **Description** The issue allows remote attackers to obtain sensitive information via direct requests to various pages, including help/urlstatusgo.html with a null terminated url parameter, or missing parameters to multiple other pages. These requests can leak the installation path in the resulting error message. The affected pages include help/header.html, help/footer.html, spell.html, coreforma.html, daterange.html, hits.html, hitsnavbottom.html, indexform.html, indexforma.html, languages.html, nohits.html, onehit1.html, onehit2.html, query.html, queryform0.html, queryform0a.html, queryform1.html, queryform1a.html, queryform2.html, queryform2a.html, quicklinks.html, relatedtopics.html, signin.html, subtopics.html, thesaurus.html, topics.html, hitspagebar.html, highlight/highlight.html, highlight/highlight one.html, and highlight/topnav.html. **Recommendations** For versions prior to 5.7, update to version 5.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the affected pages until a patch is available. Avoid making direct requests to these pages with missing or null terminated parameters to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Verity Ultraseek versions prior to 5.6.2 **Description** The issue allows remote attackers to read arbitrary files due to an absolute path traversal vulnerability in the admin/logfile.txt file. This is achieved by exploiting the `name` variable. **Recommendations** For versions prior to 5.6.2, update to version 5.6.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the admin/logfile.txt file to minimize the risk of exploitation. Avoid using the `name` variable in the affected file until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** DoubleSpeak version 0.1 **Description** The issue allows remote attackers to execute arbitrary PHP code via the `config[private]` parameter in multiple files, such as "index.php", "faq.php", and "hardware.php", when register globals is enabled. However, this issue has been disputed by multiple third-party researchers, who state that `config[private]` is initialized in an include file before being used. **Recommendations** For DoubleSpeak version 0.1, consider disabling the use of the `config[private]` parameter in affected files until a patch is available. Additionally, disabling register globals can help mitigate the risk of exploitation.