Open TFTP Server < 1.66 - Remote Code Execution via Format String in TFTP Error Packet
Format string vulnerability in the logMess function in TFTP Server SP 1.66 and earlier allows remote attackers to perform a denial of service or execute arbitrary code via format string sequences in a TFTP error packet.