Unspecified vulnerability in glFTPd before 2.01 RC5 allows remote attackers to bypass IP checks via a crafted DNS hostname, possibly a hostname that appears to be an IP address.
The privpath directive in glftpd 1.18 allows remote attackers to bypass access restrictions for directories by using the file name completion capability.