Directory traversal vulnerability in Digicraft Yak! server 2.0 through 2.1.2 allows remote attackers to read or write arbitrary files via "../" or "..\" sequences in commands such as (1) dir or (2) put.
https://exchange.xforce.ibmcloud.com/vulnerabilities/17740
http://securitytracker.com/id?1011708