Please help me, I'm a bit stressed with this leak I just discovered. I might have made a mistake in my config...
No need to be stressed, what the user can see there is the same that he sees when he downloads the ispconfig tar.gz file, so there is no sensitive data there and not data that is specific to your installation.
The reason for the filelisting is that Indexes is on in the ispconfig vhost, this has been changed already in svm some time ago and will get changed in the next patch release. But as I explained above, thats uncritical.
If you want to change it on your server, edit the ispconfig vhost file and add change the Option line to:
Options -Indexes FollowSymLinks MultiViews +ExecCGI