HFS (http://www.rejetto.com/hfs/) is "an HTTP File Server that can be to send and receive files". A directory traversal vulnerability in HFS allows remote attackers to upload files to locations that reside outside the bounding HTTP root directory.

http://www.securiteam.com/windowsntfocus/6U00B00KKU.html