source: https://www.securityfocus.com/bid/8018/info

VisNetic WebMail is prone to an information disclosure vulnerability. Reportedly, by appending a dot '.' character to the end of a URI request to WebMail, the source code of PHP files may be returned in the web browser.

http://webmailhost:32000/mail/admin/../include.html.
http://webmailhost:32000/mail/admin/../settings.html.