Directory traversal vulnerability in ParaChat Server 5.5 allows remote attackers to read arbitrary files via a ..%5C (hex-encoded dot dot) in the URL.
https://exchange.xforce.ibmcloud.com/vulnerabilities/17541
http://securitytracker.com/id?1011438
http://marc.info/?l=bugtraq&m=109656982803391&w=2
http://marc.info/?l=bugtraq&m=109647769526696&w=2
http://archives.neohapsis.com/archives/fulldisclosure/2004-09/1063.html
http://archives.neohapsis.com/archives/fulldisclosure/2004-09/1047.html