Cerberus FTP 1.5 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long (1) username, (2) password, or (3) PASV command.
https://exchange.xforce.ibmcloud.com/vulnerabilities/6728
http://archive.cert.uni-stuttgart.de/archive/bugtraq/2001/07/msg00070.html