ftp/weex suffers from a remote format string security bug.
Someone who controls an FTP server that weex will log in to can
set up malicious data in the account that weex will use, and that
will cause a format string bug that will allow remote code
execution. It will only happen when weex is first run or when its
cache files are rebuilt with the -r option, though.
This behaviour is verified in versions 2.6.1 and 22.214.171.124
Fix: See: http://critical.ch/weex.log