ZDaemon 1.08.07 and earlier allows remote attackers to cause a denial of service (daemon crash) via a crafted type 6 command, which triggers a NULL pointer dereference.
https://exchange.xforce.ibmcloud.com/vulnerabilities/43946
http://www.securityfocus.com/archive/1/494634/100/0/threaded
http://securityreason.com/securityalert/4043
http://secunia.com/advisories/31185