19 lines
No EOL
878 B
Text
19 lines
No EOL
878 B
Text
source: http://www.securityfocus.com/bid/16195/info
|
|
|
|
Hummingbird Enterprise Collaboration is prone to multiple vulnerabilities.
|
|
|
|
The following specific issues were identified:
|
|
|
|
The application reportedly allows remote attackers to upload arbitrary HTML files and script code to the application.
|
|
|
|
Another vulnerability allows attackers to trick users into downloading potentially malicious files.
|
|
|
|
An attacker may also disclose sensitive information about the server by sending specially crafted HTTP GET requests.
|
|
|
|
Hummingbird Enterprise Collaboration 5.2.1 and prior versions are vulnerable to these issues.
|
|
|
|
To disclose the internal IP address:
|
|
|
|
https://www.example.com/hc/hc?d=mes&x=20433&ntb=[numericParam]
|
|
|
|
Where the ntb parameter is supplied a numeric value instead of a string value. The internal IP address of the server may be found in a cookie. |