Directory traversal vulnerability in CrossFTP Pro 1.65a, and probably earlier, allows remote FTP servers to write arbitrary files via a "..\" (dot dot backslash) in a filename.
https://exchange.xforce.ibmcloud.com/vulnerabilities/62549
http://www.securityfocus.com/bid/44070
http://www.htbridge.ch/advisory/directory_traversal_vulnerability_in_crossftp_pro.html