BRS WebWeaver FTP server before 0.64 Beta allows remote attackers to obtain the real pathname of the server via a "CD *" command followed by an ls command.Referenceshttp://members.nbci.com/_XMCM/BSoutham/WebWeaver/WebWeaverHistory.htmlhttp://www.securityfocus.com/bid/2676http://www.securityfocus.com/archive/1/180506
