CVE-2005-1303

The citat.pl script allows remote attackers to read arbitrary files via a full pathname in the argument.