Pwnie Awards 2017

2020 Nomination for Best Server-Side Bug

Remote Code Execution in qmail

Georgi Guninski, Qualys Security Advisory Team

Integer overflow in the stralloc_readyplus function in qmail, when running on 64 bit platforms with a large amount of virtual memory, allows remote attackers to execute arbitrary code.

Remote Code Execution in qmail, CVE-2005-1513