Directory traversal vulnerability in InstantServers MiniPortal 1.1.5 and earlier allows remote authenticated users to read arbitrary files via a ... (modified dot dot) in the GET command.
http://www.securityfocus.com/bid/4075
http://www.iss.net/security_center/static/8171.php