Buffer overflow in Mollensoft Lightweight FTP Server 3.6 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long CWD command, as demonstrated in one example by using the "cd" command in an interactive FTP client.
https://exchange.xforce.ibmcloud.com/vulnerabilities/16303
https://exchange.xforce.ibmcloud.com/vulnerabilities/16237
http://securitytracker.com/id?1010328