The ad.cgi script allows remote malicious users to read arbitrary files via a full pathname in the argument.
leif m. wright ad.cgi