Directory traversal vulnerability in SoftX FTP Client 3.3 and possibly earlier allows remote FTP servers to write arbitrary files via "..\" (dot dot backslash) sequences in a filename.