The convert.bas program in the Novell web server allows a remote malicious users to read any file on the system that is internally accessible by the web server.
source: wwwsecurityfocuscom/bid/2025/info
Novell NetWare Web Server 2x versions came with a CGI written in BASIC called convertbas This script allows retrieval of files outside of the normal web server context This can be accomplished simply by submitting the filename and path as a parameter to the script, using relative paths (// ...