source: https://www.securityfocus.com/bid/8237/info
It has been reported that an information disclosure issue exists in WebCalendar. This may allow an attacker to gain unauthorized read access to potentially sensitive information with the privileges of the web server process.
http://www.example.com/webcalendar/[filename].php?user_inc=../../../../../etc/passwd