Buffer overflow in TYPSoft FTP Server 1.1 allows remote authenticated users to cause a denial of service (application crash) via a long string in an APPE command.

TYPSoft FTP Server 1.10 allows remote authenticated users to cause a denial of service (crash) by sending an APPE (append) command immediately followed by a DELE (delete) command without sending file data in between these two commands.

TYPSoft FTP Server 1.11 allows remote attackers to cause a denial of service (CPU consumption) by sending an ABOR (abort) command without an active file transfer.

Typsoft FTP Server 1.11, with "Sub Directory Include" enabled, allows remote attackers to cause a denial of service (crash) by sending multiple RETR commands. NOTE: it was later reported that 1.10 is also affected.

TYPSoft FTP Server 1.10 allows remote authenticated users to cause a denial of service (CPU consumption) via "//../" arguments to (1) mkd, (2) xmkd, (3) dele, (4) size, (5) retr, (6) stor, (7) appe, (8) rnfr, (9) rnto, (10) rmd, or (11) xrmd, as demonstrated using "//../qwerty".

TYPSoft FTP Server 1.10 allows remote attackers to cause a denial of service (CPU consumption) via an empty USER name.

Directory traversal vulnerability in TYPSoft FTP Server 0.99.8 allows local users to list the contents of arbitrary directories via a ... (dot dot dot) in the cd/CWD command.

Directory traversal vulnerability in TYPSoft FTP server 0.97.1 and earlier allows a remote authenticated user (possibly anonymous) to list arbitrary directories via a .. in a LIST (ls) command ending in wildcard *.* characters.

TYPSoft FTP 0.95 allows remote attackers to cause a denial of service (CPU consumption) via a "../../*" argument to (1) STOR or (2) RETR.

Directory traversal vulnerability in TYPSoft FTP Server 0.85 allows remote attackers to read arbitrary files via (1) a .. (dot dot) in a GET command, or (2) a ... in a CWD command.