CVE-2005-1350

The ad.cgi script allows remote attackers to read arbitrary files via a full pathname in the argument.