Linux eXtremail versions 1.5-8 and below hold a format string vulnerability in its logging mechanism. Exploiting this can allow for arbitrary code execution or a denial of service on the server.
9f300aec91de3f79ec8ad7dea040e62aded97cd4340b3ea05a7067bc03e93163