Directory traversal vulnerability in Conti FTPServer 1.0 Build 2.8 allows remote attackers to read arbitrary files and list arbitrary directories via a .. (dot dot) in a filename argument.

Conti FTPServer 1.0 Build 2.8 stores user passwords in cleartext in MyServerSettings.ini, which allows local users to obtain sensitive information by reading this file.