Pine 4.x allows a remote attacker to execute arbitrary commands via an index.html file which executes lynx and obtains a uudecoded file from a malicious web server, which is then executed by Pine.

Buffer overflow in the pop-2d POP daemon in the IMAP package allows remote attackers to gain privileges via the FOLD command.

Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a.k.a. palmetto.

Arbitrary command execution via IMAP buffer overflow in authenticate command.

MIME buffer overflow in email clients, e.g. Solaris mailtool and Outlook.

FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce.

IMAP 4.1 BETA, and possibly other versions, does not properly handle the SIGABRT (abort) signal, which allows local users to crash the server (imapd) via certain sequences of commands, which causes a core dump that may contain sensitive password information.

Race condition in wu-ftpd and BSDI ftpd allows remote attackers to gain root access via the SITE EXEC command.

wu-ftpd 2.4 FTP server does not properly drop privileges when an ABOR (abort file transfer) command is executed during a file transfer, which causes a signal to be handled incorrectly and allows local and possibly remote attackers to read arbitrary files.

Buffer overflow in wu-ftp from PASV command causes a core dump.