DansGuardian 2.8 and earlier allows remote attackers to bypass the extension filtering rule via a hex encoded extension or . in the filename.
https://exchange.xforce.ibmcloud.com/vulnerabilities/16836
http://www.securityfocus.com/bid/10823
http://securitytracker.com/id?1010817
http://secunia.com/advisories/12191