CVE-2006-0173

Hummingbird Collaboration <5.21 - XSS

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-0173. PoCs published by Luca Carettoni.

AI-analyzed exploit summary The provided text describes multiple vulnerabilities in Hummingbird Enterprise Collaboration, including arbitrary file upload, file download manipulation, and information disclosure via crafted HTTP GET requests. No actual exploit code is present, only a description of the vulnerabilities and an example URL for one of the issues.

Description

Hummingbird Collaboration (aka Hummingbird Enterprise Collaboration) 5.21 and earlier allows remote attackers to misrepresent the type and name of a file via modified doc_ext and id parameters, which might trick a user into downloading dangerous or unexpected content.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Luca Carettoni · textwebappscgi

https://www.exploit-db.com/exploits/27061

View Code ZIP pw:eip

The provided text describes multiple vulnerabilities in Hummingbird Enterprise Collaboration, including arbitrary file upload, file download manipulation, and information disclosure via crafted HTTP GET requests. No actual exploit code is present, only a description of the vulnerabilities and an example URL for one of the issues.

Classification

Writeup 90%

Attack Type

Other

Complexity

Trivial

Reliability

Theoretical

Target: Hummingbird Enterprise Collaboration 5.2.1 and prior

No auth needed

Prerequisites: Network access to the target application

MITRE ATT&CK