BRS WebWeaver FTP server before 0.64 Beta allows remote attackers to obtain the real pathname of the server via a "CD *" command followed by an ls command.
http://www.securityfocus.com/archive/1/180506
http://members.nbci.com/_XMCM/BSoutham/WebWeaver/WebWeaverHistory.html