JBrowser allows remote attackers to bypass authentication and access certain administrative capabilities via a direct request for _admin/.
http://www.securityfocus.com/bid/9537
http://www.securityfocus.com/archive/1/461298/100/100/threaded
http://www.securityfocus.com/archive/1/460923/100/0/threaded
http://securitytracker.com/id?1008909