Cooolsoft PowerFTP Server 2.03 allows remote attackers to list the contents of arbitrary drives via a ls (LIST) command that includes the drive letter as an argument, e.g. "ls C:".
Securiteam publication at http://www.securiteam.com/exploits/6D00L2A35K.html
External info at https://marc.info/?l=bugtraq&m=100698397818175&w=2
Cisco reference at https://tools.cisco.com/security/center/viewAlert.x?alertId=2884
Alex Hernandez aka (@_alt3kx_)