Stack-based buffer overflow in the HTTP server in Rhino Software Serv-U Web Client 9.0.0.5 allows remote attackers to cause a denial of service (server crash) or execute arbitrary code via a long Session cookie.
http://secunia.com/advisories/37228
http://www.rangos.de/ServU-ADV.txt