glftpd privpath Directive Vulnerability
From the example posted to Bugtraq:
/Groups/Mygroup and you have a dir named 'test' there.
you can simply jump to it by typing
glftpd does not check if you have the proper rights to see the dir, it just hops in there without any problem. So if you try a-9 on the dirnames you can see all stuff inside a private dir,, takes some time, but with a nice script its not that hard... ;-)