The embedded web server on the Cisco Video Surveillance 2500 Series IP Camera with firmware before 2.1 allows remote attackers to read arbitrary files via a (1) http or (2) https request, related to the (a) SD Camera Web Server and the (b) Wireless Camera HTTP Server, aka Bug IDs CSCsu05515 and CSCsr96497.
http://www.securitytracker.com/id?1022445
http://www.securityfocus.com/bid/35478
http://www.cisco.com/en/US/products/products_security_advisory09186a0080ad0f8f.shtml
http://www.cisco.com/en/US/products/products_applied_mitigation_bulletin09186a0080ad1002.html