Directory traversal vulnerability in sendform.cgi 1.44 and earlier allows remote attackers to read arbitrary files by specifying the desired files in the BlurbFilePath parameter.
http://www.securityfocus.com/bid/5286
http://www.scn.org/~bb615/scripts/sendform.html