Directory traversal vulnerability in Yawcam 0.2.5 allows remote attackers to read arbitrary files via "..\" (dot dot backslash) sequences in a GET request.