The (1) rdiff and (2) preview scripts in TWiki 4.0 and 4.0.1 ignore access control settings, which allows remote attackers to read restricted areas and access restricted content in TWiki topics.
https://exchange.xforce.ibmcloud.com/vulnerabilities/25444
http://www.vupen.com/english/advisories/2006/1116
http://www.securityfocus.com/bid/17268
http://twiki.org/cgi-bin/view/Codev/SecurityAlertTWiki4RdiffPreviewAccess