Format string vulnerability in Pablo FTP Server 1.5, 1.3, and possibly other versions, allows remote attackers to cause a denial of service and possibly execute arbitrary code via format strings in the USER command.

Directory traversal vulnerability in Pablo FTP server 1.0 build 9 and earlier allows remote authenticated users to list arbitrary directories via "..\" (dot-dot backslash) sequences in a LIST command.