The scope of both problems relate to the FreeWeb which is the web server component. There are no reported problems with FreeProxy. Details are as follows:
By including "../" in the URL, it was possible to open files above the root directory. The vulnerability was limited to reading as the web server is not able to post at this stage. This problem has been fixed.
For some reason the tester used a "GET CreateFile" command. The word "CreateFile" had no significance as FreeWeb does not execute commands built into the URL. The same error would have occurred for any word placed after the get without a leading "/". The problem related to a bug in the parser which has now been fixed.
All FreeProxy versions built after 9 Jan 2004