MDaemon POP server 6.0.7 and previous versions allows remote authenticated users to cause a denial of service (crash) via a (1) DELE or (2) UIDL with a negative number.
alt-n mdaemon