Directory traversal vulnerability in index.php in IDV Directory Viewer before 2005.1 allows remote attackers to view arbitrary directory contents via a .. (dot dot) in the dir parameter.
http://www.vupen.com/english/advisories/2006/0031
http://www.securityfocus.com/bid/16137
http://sourceforge.net/project/shownotes.php?release_id=382593&group_id=152499