SLMail 3.1 and 3.2 allows local users to access any file in the NTFS file system when the Remote Administration Service (RAS) is enabled by setting a user's Finger File to point to the target file, then running finger on the user.

Buffer overflow in SLmail 3.x allows attackers to execute commands using a large FROM line.

Denial of service in Slmail v2.5 through the POP3 port.