Cooolsoft PowerFTP Server 2.03 allows remote attackers to obtain the physical path of the server root via the pwd command, which lists the full pathname.
Securiteam publication at http://www.securiteam.com/exploits/6D00L2A35K.html
External info at https://marc.info/?l=bugtraq&m=100698397818175&w=2
Cisco reference at https://tools.cisco.com/security/center/viewAlert.x?alertId=2884
Alex Hernandez aka (@_alt3kx_)