CVE-2004-2745

Anteco Visual Technologies OwnServer < 1.0 - Path Traversal via URL

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-2745. PoCs published by Rafel Ivgi The-Insider.

AI-analyzed exploit summary This exploit demonstrates a directory traversal vulnerability in OwnServer 1.0 and earlier, allowing remote attackers to access files outside the web root directory. The PoC provides example URLs to retrieve sensitive files like boot.ini.

Description

Directory traversal vulnerability in Anteco Visual Technologies OwnServer 1.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in a URL.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Rafel Ivgi The-Insider · textremotewindows

https://www.exploit-db.com/exploits/23560

View Code ZIP pw:eip

This exploit demonstrates a directory traversal vulnerability in OwnServer 1.0 and earlier, allowing remote attackers to access files outside the web root directory. The PoC provides example URLs to retrieve sensitive files like boot.ini.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: OwnServer 1.0 and earlier

No auth needed

Prerequisites: Network access to the vulnerable server

MITRE ATT&CK

T1006 - Direct Volume Access

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/9461

Third Party Advisory third-party-advisory x_refsource_sreason

http://securityreason.com/securityalert/3329

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/350421/30/21610/threaded

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id?1008800

Scores

EPSS 0.0280

EPSS Percentile 84.6%

Details

CWE

CWE-22

Status published

Products (1)

anteco_visual_technologies/ownserver < 1.0

Published Dec 31, 2004

Tracked Since Feb 18, 2026