Pyftpd is vulnerable to denial of service and information disclosure. The vulnerability existed because logs files with predictable names in a temporary directory are created, which allows local users to cause a denial of service and obtain sensitive information.