NetServe version 1.0.7 suffers from a directory traversal vulnerability that allows a remote attack to download any file outside of the webroot. Using this knowledge, a remote attacker can exploit this vulnerability to access the config.dat file that holds the login and password for the administrative account. Tested on Microsoft Windows XP and 2000.
852c4463ccb97a58ecaf9041db4c846ee003660cb27e1d5da9855d1d9bf1cbe7