CVE-2006-5714

Easy File Sharing EFS Web Server 4.0 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-5714. PoCs published by Greg Linares.

AI-analyzed exploit summary This exploit leverages an alternative data stream vulnerability in Easy File Sharing Web Server 4.0 to retrieve sensitive files without authentication. It uses HTTP GET requests with encoded paths to bypass security and dump files like user credentials, RSA keys, or server settings.

Description

Easy File Sharing (EFS) Web Server 4.0, when running on an NTFS file system, allows remote attackers to read arbitrary files under the web root by appending "::$DATA" to the end of a HTTP GET request, which accesses the alternate data stream.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Greg Linares · cremotewindows
https://www.exploit-db.com/exploits/2690

This exploit leverages an alternative data stream vulnerability in Easy File Sharing Web Server 4.0 to retrieve sensitive files without authentication. It uses HTTP GET requests with encoded paths to bypass security and dump files like user credentials, RSA keys, or server settings.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Easy File Sharing Web Server v4.0
No auth needed
Prerequisites: network access to the target server · server running Easy File Sharing Web Server v4.0
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/29925
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/20823
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/2690
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/22602

Scores

EPSS 0.0620
EPSS Percentile 92.6%

Details

Status published
Products (1)
efs_software/efs_web_server 4.0
Published Nov 04, 2006
Tracked Since Feb 18, 2026