CVE-2006-0174

Hummingbird Collaboration <5.21 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-0174. PoCs published by Luca Carettoni.

AI-analyzed exploit summary This is a vulnerability writeup describing multiple issues in Hummingbird Enterprise Collaboration, including arbitrary file upload, file download manipulation, and information disclosure via crafted HTTP GET requests. The example provided demonstrates an information leak of the server's internal IP address through a cookie.

Description

Hummingbird Collaboration (aka Hummingbird Enterprise Collaboration) 5.21 and earlier allows remote attackers to obtain sensitive information (intranet IP addresses and enumerations of valid parameter values) via a direct request to hc, which reveals the information in an error message or a cookie.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Luca Carettoni · textwebappscgi
https://www.exploit-db.com/exploits/27062

This is a vulnerability writeup describing multiple issues in Hummingbird Enterprise Collaboration, including arbitrary file upload, file download manipulation, and information disclosure via crafted HTTP GET requests. The example provided demonstrates an information leak of the server's internal IP address through a cookie.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Hummingbird Enterprise Collaboration 5.2.1 and prior
No auth needed
Prerequisites: Network access to the target server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7
Core References
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/0145
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/16195
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/24069
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/328
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/18411
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/421392/100/0/threaded

Scores

EPSS 0.0275
EPSS Percentile 84.3%

Details

Status published
Products (4)
hummingbird/collaboration 5.2
hummingbird/collaboration < 5.21
hummingbird/enterprise_collaboration 5.2
hummingbird/enterprise_collaboration < 5.21
Published Jan 11, 2006
Tracked Since Feb 18, 2026