Apache Pony Mail 0.6c up to and including 0.8b allows remote malicious users to bypass authentication.
apache pony mail 0.7b
apache pony mail 0.8b
apache pony mail 0.6c