IglooFTP PRO 3.8 and possibly earlier versions suffers from multiple client side vulnerabilities including the banner, username, password, and account SMTP parameters. Related proof of concept exploit here.
be6ba59a065b4bbfe9a8f5feb2cda1345218b4d6b7fbaca76ce60f31f06aaf3d