Summary
vqSoft's vqServer administrative port is open. Brute force guessing of the username/password is possible, and a bug in versions 1.9.9 and below allows configuration file retrieval remotely.
For more information, see:
http://www.securiteam.com/windowsntfocus/Some_Web_servers_are_still_vulnerable_to_the_dotdotdot_vulnerability.html
Solution
close this port for outside access.
Severity
Classification
-
CVE CVE-2000-0766 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Adobe Air Remote Code Execution Vulnerability -June13 (Windows)
- Adobe Air and Flash Player Multiple Vulnerabilities August-2011 (Windows)
- Adobe Flash Player Buffer Overflow Vulnerability - Apr14 (Linux)
- Adobe Captivate Insecure Library Loading Vulnerability
- Adobe AIR Code Execution and DoS Vulnerabilities Nov13 (Windows)