KLog Server 2.4.1 allows OS command injection via shell metacharacters in the actions/authenticate.php user parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Spamsniper 5.0 ~ 5.2.7 contain a stack-based buffer overflow vulnerability caused by improper boundary checks when parsing MAIL FROM command. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.