Cisco TFTP server 1.1 allows remote malicious users to read arbitrary files via a ..(dot dot) attack in the GET command.
cisco tftp server 1.1