Directory traversal vulnerability in Funsoft Dino's Webserver 1.2 and earlier allows remote attackers to read files or execute arbitrary commands via a .. (dot dot) in the URL.
http://www.iss.net/security_center/static/7853.php
http://online.securityfocus.com/cgi-bin/vulns-item.pl?section=info&id=3861