AFTPD 5.4.4 allows remote malicious users to gain sensitive information via a CD (CWD) ~ (tilde) command, which causes a core dump.
aftpd aftpd 5.4.4