ROADS search.pl program allows remote attackers to read arbitrary files by specifying the file name in the form parameter and terminating the filename with a null byte.
https://exchange.xforce.ibmcloud.com/vulnerabilities/6097
http://www.roads.lut.ac.uk/lists/open-roads/2001/02/0001.html