Format string vulnerability in War FTP Daemon (warftpd) 1.82 RC 12 allows remote authenticated users to cause a denial of service (crash) via format string specifiers in a LIST command.

Unspecified vulnerability in War FTP Daemon (warftpd) 1.82, when running as a Windows service, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors related to log messages and the "internal log handler to the Windows Event log."

War FTP Daemon (WarFTPd) 1.82.00-RC11 allows remote authenticated users to cause a denial of service via a large number of "%s" format strings in (1) CWD, (2) CDUP, (3) DELE, (4) NLST, (5) LIST, (6) SIZE, and possibly other commands. NOTE: it is possible that vector 1 is an off-by-one variant or incomplete fix of CVE-2005-0312.

Buffer overflow in WDM.exe in WarFTPD allows remote attackers to execute arbitrary code via unspecified arguments, as demonstrated by the Infigo FTPStress Fuzzer.

Buffer overflow in War FTPd 1.6x allows users to cause a denial of service via long MKD and CWD commands.

Macros in War FTP 1.70 and 1.67b2 allow local or remote attackers to read arbitrary files or execute commands.

War FTP Daemon 1.70 allows remote attackers to cause a denial of service by flooding it with connections.

Buffer overflow in War FTP allows remote execution of commands.