Matt Wright FormHandler.cgi 2.0 Reply Attachment Vulnerability
source: http://www.securityfocus.com/bid/799/info
Any file that the FormHandler.cgi has read access to (the cgi is typically run as user 'nobody' on Unix systems) can be specified as an attachment in a reply email. This could allow an attacker to gain access to sensitive files such as /etc/passwd simply by modifying the form document.