I have noticed a file upload vulnerability in AOLserver that can be exploited to potentially read, expose or copy the contents of any file readable by the user account under which AOLserver runs. This usually includes the nsd.tcl file and any ssl certificate files as well as the /etc/passwd file. Only systems which process forms which allow users to upload files are vulnerable.
Details, including potential replacement functions which block the vulnerability can be found under http://zmbh.com/aolserver-vulnerability/ --Tom Jackson
