Directory traversal in DataWizard WebXQ server 1.204 allows remote attackers to view files outside of the web root via a .. (dot dot) attack.
https://exchange.xforce.ibmcloud.com/vulnerabilities/6466
http://archives.neohapsis.com/archives/bugtraq/2001-04/0490.html