CVE-2000-0240

vqSoft vqServer - Unauthenticated Arbitrary File Read via Dot-Dot-Slash URL Traversal

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2000-0240. PoCs published by Johan Nilsson.

AI-analyzed exploit summary This exploit demonstrates a directory traversal vulnerability in vqSoft vqServer for Windows, allowing an attacker to retrieve arbitrary files outside the web directory by appending '../' sequences to an HTTP GET request.

Description

vqSoft vqServer program allows remote attackers to read arbitrary files via a /........../ in the URL, a variation of a .. (dot dot) attack.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Johan Nilsson · textremotewindows
https://www.exploit-db.com/exploits/19815

This exploit demonstrates a directory traversal vulnerability in vqSoft vqServer for Windows, allowing an attacker to retrieve arbitrary files outside the web directory by appending '../' sequences to an HTTP GET request.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: vqSoft vqServer for Windows
No auth needed
Prerequisites: Network access to the target server
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
URL Repurposed x_refsource_confirm
http://www.vqsoft.com/vq/server/faqs/dotdotbug.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/270
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/1067

Scores

EPSS 0.0765
EPSS Percentile 93.8%

Details

Status published
Products (1)
vqsoft/vqserver 1.9.9
Published Mar 21, 2000
Tracked Since Feb 18, 2026