CVE-2014-2976

Sixnet SixView Manager 2.4.1 - Unauthenticated Path Traversal via HTTP GET Request

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-2976. PoCs published by daniel svartman.

AI-analyzed exploit summary This exploit demonstrates a directory traversal vulnerability in Sixnet Sixview web console 2.4.1, allowing unauthorized access to arbitrary files on the underlying Linux system via crafted HTTP GET requests. The PoC shows retrieval of /etc/shadow without authentication.

Description

Directory traversal vulnerability in Sixnet SixView Manager 2.4.1 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request to TCP port 18081.

Exploits (1)

exploitdb WORKING POC
by daniel svartman · textwebappshardware
https://www.exploit-db.com/exploits/32973

This exploit demonstrates a directory traversal vulnerability in Sixnet Sixview web console 2.4.1, allowing unauthorized access to arbitrary files on the underlying Linux system via crafted HTTP GET requests. The PoC shows retrieval of /etc/shadow without authentication.

Classification
Working Poc 100%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Sixnet Sixview web console 2.4.1
No auth needed
Prerequisites: Network access to port 18081 on the target device
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/32973
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/58231

Scores

EPSS 0.0371
EPSS Percentile 88.4%

Details

CWE
CWE-22
Status published
Products (1)
sixnet/sixview_manager 2.4.1
Published Apr 23, 2014
Tracked Since Feb 18, 2026