Directory traversal vulnerability in the FTP server for Shambala 4.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the (1) LIST (ls) or (2) GET commands.
http://www.securityfocus.com/bid/4896
http://www.iss.net/security_center/static/9224.php
http://archives.neohapsis.com/archives/bugtraq/2002-05/0282.html