source: wwwsecurityfocuscom/bid/2339/info
It is possible for a remote user to gain read access to directories and files outside the root directory of a PicServer Requesting a specially crafted URL composed of '/' or '/' sequences will disclose an arbitrary directory
target//[file outside web root]
target//[file ...