Directory traversal vulnerability in vote.cgi for Mike Spice Mike's Vote CGI before 1.3 allows remote attackers to write arbitrary files via .. (dot dot) sequences in the type parameter.