PlatinumFTPServer 1.0.6 Dot-Dot-Slash Directory Traversal Vulnerability

                                                source: http://www.securityfocus.com/bid/6554/info

PlatinumFTPserver is an FTP server for Microsoft Windows systems. It is commercially available, and distributed by PlatinumFTP.

A directory traversal vulnerability has been reported in PlatinumFTPserver. The program does not sufficiently handle dot-dot-slash input, which could result in an attacker gaining access to unauthorized resources. 

dir ..\directory

where directory represents a directory outside the FTP root.

del ..\file

where file represents a file outside the FTP root.