CVE-2003-1102

CVE-2003-1102 affects Hummingbird CyberDOCS versions 3.5, 3.9, and 4.0 when run on IIS. The root cause is insecure permissions on script source code files, enabling remote attackers to read the source code. The connected documents confirm the same description across multiple records (NVD, CVE Lis...

CVE-2003-1103

The CVE-2003-1103 entry describes an SQL injection vulnerability in Hummingbird CyberDOCS (loginact.asp) prior to version 3.9, enabling remote execution of arbitrary SQL commands. Root cause: improper handling in loginact.asp leading to SQL injection. Impact per source: partial confidentiality, i...

CVE-2003-1100

Multiple cross-site scripting XSS vulnerabilities in Hummingbird CyberDOCS 3.5.1, 3.9, and 4.0 allow remote attackers to inject arbitrary web script or HTML via certain vectors...

CVE-2003-1101

Hummingbird CyberDOCS 3.5.1, 3.9, and 4.0 allows remote attackers to obtain the full path of the DM Web Server via invalid login credentials, which reveals the path in an error message...

CVE-2003-1102

Hummingbird CyberDOCS 3.5, 3.9, and 4.0, when running on IIS, uses insecure permissions for script source code files, which allows remote attackers to read the source code...

CVE-2003-1103

SQL injection vulnerability in loginact.asp for Hummingbird CyberDOCS before 3.9 allows remote attackers to execute arbitrary SQL commands...

CVE-2004-2258

Xconfig in Hummingbird Exceed before 9.0.0.1, when the Screen Definition is password-protected, allows local users to access certain options by switching to another tab, then switching back to the original tab...

CVE-2004-2729

Inetd32 Administration Tool of Hummingbird Connectivity 7.1 and 9.0 allows local users to execute arbitrary code by changing the program for handling incoming connections...

Hummingbird Connectivity FTP Service XCWD Command Overflow

The remote host is running the Hummingbird Connectivity FTP server. It was possible to shut down the remote FTP server by issuing a XCWD command followed by a too long argument. This problem allows an attacker to prevent the remote site from sharing some resources with the rest of the world...

Hummingbird Inetd FTP Server XCWD Command Remote Overflow

Binary data 2377.prm...

CVE-2003-1101

Hummingbird CyberDOCS 3.5.1, 3.9, and 4.0 allows remote attackers to obtain the full path of the DM Web Server via invalid login credentials, which reveals the path in an error message...

CVE-2003-1103

SQL injection vulnerability in loginact.asp for Hummingbird CyberDOCS before 3.9 allows remote attackers to execute arbitrary SQL commands...

CVE-2003-1100

Multiple cross-site scripting XSS vulnerabilities in Hummingbird CyberDOCS 3.5.1, 3.9, and 4.0 allow remote attackers to inject arbitrary web script or HTML via certain vectors...

CVE-2003-1102

Hummingbird CyberDOCS 3.5, 3.9, and 4.0, when running on IIS, uses insecure permissions for script source code files, which allows remote attackers to read the source code...

Hummingbird CyberDOCS error page discloses web server installation path

Overview Hummingbird CyberDOCS contains a vulnerability that could allow a remote attacker to learn the installation path of the web server. This information could be used to support further attacks. Description Hummingbird CyberDOCS Hummingbird DM is a web-based enterprise document management...

Hummingbird Exceed X buffer overflow

Buffer overflow on oversized font name...

[EXPL] Hummingbird's Exceed X Emulator Fonts Directive Mishandling

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion Beyond Security in Canada Toronto-based Sunrays Technologies is now Beyond Security's representative in Canada. We welcome ISPs, system...

CVE-1999-1196

CVE-1999-1196 affects Hummingbird Exceed X version 5. Remote denial of service can be triggered by malformed data sent to port 6000. This is documented across multiple sources (NVD/NIST and CVE list). The connected OpenVAS/Nessus entries reiterate a remote crash/vector via arbitrary data, but do ...

CVE-1999-1280

In CVE-1999-1280, Hummingbird Exceed 6.0.1.0 includes a development/testing DLL that logs user names and passwords in cleartext in the test.log file. The issue affects the DLL usage within Exceed; the precise vulnerable surface is the development/testing DLL component. Documented impact indicates...

CVE-1999-1280

Hummingbird Exceed 6.0.1.0 inadvertently includes a DLL that was meant for development and testing, which logs user names and passwords in cleartext in the test.log file...