vqSoft vqServer 1.9.9 Directory Traversal Vulnerability

Some versions of vqSoft vqServer for Windows are vulnerable to the common ../../ method of retrieving known files from outside of the web directory structure, accomplished by appending a variable number of "../" and a known filename to an HTTP GET request.


Privacy Statement
Copyright 2010, SecurityFocus