WarFTPd is prone to multiple remote format-string vulnerabilities because the application fails to sanitize user-supplied input before passing it to a formatted-output function. An attacker can exploit these issues to crash the server and possibly to execute arbitrary code within the context of the server, but this has not been confirmed. WarFTPd 1.82.00-RC11 is reported vulnerable prior versions may be vulnerable as well.
Updates are available. Please see the references for details.