Directory traversal vulnerability in lib/download.php in iTheora 1.0 rc1 allows remote attackers to read arbitrary files via directory traversal sequences in the url parameter.
https://exchange.xforce.ibmcloud.com/vulnerabilities/40506
http://www.securityfocus.com/bid/27788
http://secunia.com/advisories/28929