SecPod Research Team member (Prabhu S Angadi) has found an Information Disclosure Vulnerability in Habari. Direct HTTP request to certain pages will disclose the full installation path, which can be used for further attacks.
More information on the flaws can be found here.