Directory traversal vulnerability in TYPSoft FTP server 0.97.1 and earlier allows a remote authenticated user (possibly anonymous) to list arbitrary directories via a .. in a LIST (ls) command ending in wildcard *.* characters.

TYPSoft FTP 0.95 allows remote attackers to cause a denial of service (CPU consumption) via a "../../*" argument to (1) STOR or (2) RETR.