There are 4 CVE entries that match your search.
||Directory traversal vulnerability in pure-FTPd 1.0.22 and possibly
other versions, when running on SUSE Linux Enterprise Server and
possibly other operating systems, when the Netware OES remote server
feature is enabled, allows local users to overwrite arbitrary files
via unknown vectors.
||The STARTTLS implementation in ftp_parser.c in Pure-FTPd before 1.0.30
does not properly restrict I/O buffering, which allows
man-in-the-middle attackers to insert commands into encrypted FTP
sessions by sending a cleartext command that is processed after TLS is
in place, related to a "plaintext command injection" attack, a similar
issue to CVE-2011-0411.
||The glob implementation in Pure-FTPd before 1.0.32, and in libc in
NetBSD 5.1, does not properly expand expressions containing curly
brackets, which allows remote authenticated users to cause a denial of
service (memory consumption) via a crafted FTP STAT command.
||The accept_client function in PureFTPd 1.0.18 and earlier allows
remote attackers to cause a denial of service by exceeding the maximum
number of connections.