File type is not checked on file open. DoS on oversized URLs (>2,5Mb), weak encryption (Caesar code), information leak, directory traversal.
vulners.com/securityvulns/securityvulns:doc:3989
vulners.com/securityvulns/securityvulns:doc:4317