Format string vulnerability in Crob FTP Server 2.60.1 allows remote attackers to cause a denial of service (crash) via "%s" or "%n" sequences in (1) the username during login, or other FTP commands such as (2) dir.
https://exchange.xforce.ibmcloud.com/vulnerabilities/12834
http://www.crob.net/studio/ftpserver/