CVE-2004-1646

Xedus 1.0 - Directory Traversal via URL

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-1646. PoCs published by GulfTech Security.

AI-analyzed exploit summary The provided text describes multiple vulnerabilities in Xedus 1.0, including DoS, XSS, and directory traversal, but does not contain executable exploit code. It includes example URLs demonstrating the directory traversal issue.

Description

Directory traversal vulnerability in Xedus 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.

Exploits (1)

exploitdb WRITEUP VERIFIED
by GulfTech Security · textremotewindows
https://www.exploit-db.com/exploits/24419

The provided text describes multiple vulnerabilities in Xedus 1.0, including DoS, XSS, and directory traversal, but does not contain executable exploit code. It includes example URLs demonstrating the directory traversal issue.

Classification
Writeup 90%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: Xedus 1.0
No auth needed
Prerequisites: Network access to the target server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=109394018411394&w=2
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/17167
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/12418
Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/11071

Scores

EPSS 0.0714
EPSS Percentile 93.4%

Details

Status published
Products (1)
jerod_moemeka/xedus 1.0
Published Aug 30, 2004
Tracked Since Feb 18, 2026