16 lines
No EOL
873 B
Text
16 lines
No EOL
873 B
Text
source: http://www.securityfocus.com/bid/16195/info
|
|
|
|
Hummingbird Enterprise Collaboration is prone to multiple vulnerabilities.
|
|
|
|
The following specific issues were identified:
|
|
|
|
The application reportedly allows remote attackers to upload arbitrary HTML files and script code to the application.
|
|
|
|
Another vulnerability allows attackers to trick users into downloading potentially malicious files.
|
|
|
|
An attacker may also disclose sensitive information about the server by sending specially crafted HTTP GET requests.
|
|
|
|
Hummingbird Enterprise Collaboration 5.2.1 and prior versions are vulnerable to these issues.
|
|
|
|
To trick users into downloading a potentially malicious file, the file is named 'fake.doc', however, a file with the ID of 1189762 is actually downloaded:
|
|
https://www.example.com/hc/hc/fake.doc?d=fc&o=dwnd&fid=1189762&did=89777&x=16080&doc_ext=.txt |