FreshFTP 5.36 Directory Traversal

`Vulnerability ID: HTB22628  
Reference: http://www.htbridge.ch/advisory/directory_traversal_vulnerability_in_freshftp.html  
Product: FreshFTP  
Vendor: FreshWebMaster ( http://www.freshwebmaster.com )   
Vulnerable Version: 5.36 and Probably Prior Versions  
Vendor Notification: 27 September 2010   
Vulnerability Type: Directory Traversal Vulnerability  
Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response  
Risk level: High   
Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/)   
  
Vulnerability Details:  
When exploited, this vulnerability allows an anonymous attacker to write files to specified locations on a user's system.  
  
The FTP client does not properly sanitise filenames containing directory traversal sequences that are received from an FTP server, for example  
file named as "..\..\..\..\..\..\..\somefile.exe".  
  
By tricking a user to download a directory from a malicious FTP server that contains files with backslash directory traversal sequences in their filenames,   
an attacker can potentially write files into a user's Startup folder to execute malicious code when the user logs on.  
  
  
`