NetWin SurgeFTP prior to 1.1h allows a remote attacker to cause a denial of service (crash) via an 'ls ..' command.Referenceshttp://www.securityfocus.com/archive/1/165816https://exchange.xforce.ibmcloud.com/vulnerabilities/6168http://www.secadministrator.com/Articles/Index.cfm?ArticleID=20200http://netwinsite.com/surgeftp/manual/updates.htmhttp://www.securityfocus.com/bid/2442
