After the Dan Kaminsky discover DNS Cache poisoning attack that affects almost the entire Internet, at the end of the year new vulnerability, a bit more seriously surprised us …
SSL is broken!
More about this here.
… at the end I wish you a HAPPY NEW YEAR!

After MDaemon vulnerability, I decide to test Merak Mail Server … And the result is vulnerability alike MDaemon, but more difficulty.
Secunia reported this vulnerability and estimate as moderately critical. For me this vulnerability especially in WebMail Pro interface is highly critical.
Here is CVE ID: 2008-5734. Also at National Vulnerability Database (NVD).

After my friend Dejan Levaja find the vulnerability in MDaemon, here is the new vulnerability that I found in MDaemon
More about this you can find at Secunia.