Unspecified vulnerability in NetWin Webmail 3.1s-1 in SurgeMail before 3.8i2 has unknown impact and remote attack vectors, possibly a format string vulnerability that allows remote code execution.
https://exchange.xforce.ibmcloud.com/vulnerabilities/34217
http://www.vupen.com/english/advisories/2007/1755
http://www.securityfocus.com/bid/23908
http://www.netwinsite.com/surgemail/help/updates.htm