Directory traversal vulnerability in Serv-U before 9.2.0.1 allows remote authenticated users to read arbitrary files via unspecified vectors.
http://secunia.com/advisories/37847
http://www.securityfocus.com/bid/37414
http://www.serv-u.com/releasenotes/