Shuji Shimizu

**Name of the Vulnerable Software and Affected Versions** A.K.I Software's PMailServer/PMailServer2 products (affected versions not specified) **Description** A stored cross-site scripting issue exists in the CGIs included in the products. This could allow an arbitrary script to be executed on a logged-in user's web browser if exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PMailServer/PMailServer2 (affected versions not specified) **Description** An insufficient verification vulnerability exists in the Broadcast Mail CGI (pmc.exe) included in A.K.I Software's PMailServer/PMailServer2 products. If this vulnerability is exploited, a user who can upload files through the product may execute an arbitrary executable file with the web server's execution privilege. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** A.K.I Software's PMailServer/PMailServer2 products (affected versions not specified) **Description** A directory traversal vulnerability exists in the Mailing List Search CGI (pmmls.exe) included in the products. This vulnerability can be exploited by a remote attacker to obtain arbitrary files on the server. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.