Directory traversal vulnerability in ArGoSoft FTP Server before 1.4.1.6 allows remote authenticated users to determine the existence of arbitrary files via ".." sequences in the SITE UNZIP argument.
https://exchange.xforce.ibmcloud.com/vulnerabilities/15411
http://www.securiteam.com/windowsntfocus/5RP010KCAO.html