Format string vulnerability in War FTP Daemon (warftpd) 1.82 RC 12 allows remote authenticated users to cause a denial of service (crash) via format string specifiers in a LIST command.
http://www.warftp.org/index.php?menu=338&cmd=show_article&article_id=1003
http://archives.neohapsis.com/archives/bugtraq/2009-09/0105.html