Directory traversal vulnerability in ftpfile in the Vacation plugin 0.15 and earlier for Squirrelmail allows local users to read arbitrary files via a .. (dot dot) in a get request.
https://exchange.xforce.ibmcloud.com/vulnerabilities/18856
http://www.squirrelmail.org/plugin_view.php?id=51
http://www.securityfocus.com/bid/12222
http://securitytracker.com/id?1012866