Directory traversal vulnerability in the FTP server in Rhino Software Serv-U File Server 7.0.0.1 through 7.4.0.1 allows remote attackers to create arbitrary directories via a \.. (backslash dot dot) in an MKD request.
http://secunia.com/advisories/34329
https://exchange.xforce.ibmcloud.com/vulnerabilities/49258