Multiple directory traversal vulnerabilities in Unica Affinium Campaign 7.2.1.0.55 allow remote attackers to (1) create arbitrary directories or files via a .. (dot dot) in the folder name in the new folder functionality or (2) list arbitrary files via a crafted request to Campaign/CampaignListener.
https://exchange.xforce.ibmcloud.com/vulnerabilities/44075
https://exchange.xforce.ibmcloud.com/vulnerabilities/44071
http://www.securityfocus.com/bid/30433
http://www.portcullis.co.uk/291.php