Directory traversal vulnerability in get_message.cgi in QuarkMail allows remote malicious users to read arbitrary files via a .. (dot dot) in the tf parameter.
source: wwwsecurityfocuscom/bid/44226/info
QuarkMail is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input
Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks
wwwexamplecom/cgi-bin/get_messagecgi?sk=tERZ6WI1& ...