Directory traversal vulnerability in Moreover.com cached_feed.cgi script version 4.July.00 allows remote attackers to read arbitrary files via a .. (dot dot) attack on the category or format parameters.