[原文]Directory traversal vulnerability in Pablo FTP server 1.0 build 9 and earlier allows remote authenticated users to list arbitrary directories via "..\" (dot-dot backslash) sequences in a LIST command.
Pablo Software Solutions Quick and Easy FTP Server contains a flaw that allows a remote attacker to view directories outside of the web path. The issue is due to the program not properly sanitizing user input, specifically traversal style attacks (../../) supplied directly via the LIST command.
Upgrade to version 1.0 Build 010 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.