CVE-2008-1000
Directory traversal vulnerability in ContentServer.py in the Wiki Server in Apple Mac OS X 10.5.2 (aka Leopard) allows remote authenticated users to write arbitrary files via ".." sequences in file attachments.
Date published : 2008-03-18
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html