Cerberus FTP Server before 4.0.3.0 allows remote authenticated users to list hidden files, even when the "Display hidden files" option is enabled, via the (1) MLSD or (2) MLST commands.Referenceshttp://secunia.com/advisories/40370http://www.cerberusftp.com/phpBB3/viewtopic.php?f=4&t=644http://www.cerberusftp.com/releasenotes.htmlhttp://www.securityfocus.com/bid/41285
