Format string vulnerability in qwik-smtpd.c in QwikMail SMTP (qwik-smtpd) 0.3 and earlier allows remote attackers to execute arbitrary code via format specifiers in the (1) clientRcptTo array, and the (2) Received and (3) messageID variables, possibly involving HELO and hostname arguments.
https://exchange.xforce.ibmcloud.com/vulnerabilities/17917
http://www.vupen.com/english/advisories/2007/0687
http://www.securityfocus.com/archive/1/460600/100/0/threaded
http://unl0ck.info/advisories/qwik-smtpd.txt
http://securitytracker.com/id?1012016