Directory traversal vulnerability in Dovecot 1.0 beta and 1.0 allows remote attackers to list files and directories under the mbox parent directory and obtain mailbox names via ".." sequences in the (1) LIST or (2) DELETE IMAP command.
https://exchange.xforce.ibmcloud.com/vulnerabilities/26536
http://www.vupen.com/english/advisories/2006/2013
http://www.securityfocus.com/bid/17961
http://www.securityfocus.com/archive/1/433878/100/0/threaded
http://www.dovecot.org/list/dovecot-news/2006-May/000006.html
http://www.debian.org/security/2006/dsa-1080
http://securityreason.com/securityalert/913
http://secunia.com/advisories/20315