CVE-2023-40747

CVE-2023-40747 affects A.K.I Software PMailServer/PMailServer2 CGIs within the Internal Simple Webserver. The vulnerability is a directory traversal that could allow a remote attacker to access arbitrary files outside the DocumentRoot. Affected CGIs include pmc.exe, and the vulnerability is assoc...

CVE-2023-40747

Directory traversal vulnerability exists in A.K.I Software's PMailServer/PMailServer2 products' CGIs included in Internal Simple Webserver. If this vulnerability is exploited, a remote attacker may access arbitrary files outside DocumentRoot...

CVE-2023-40747

Directory traversal vulnerability exists in A.K.I Software's PMailServer/PMailServer2 products' CGIs included in Internal Simple Webserver. If this vulnerability is exploited, a remote attacker may access arbitrary files outside DocumentRoot...

CVE-2023-40160

CVE-2023-40160 involves a directory traversal in the Mailing List Search CGI (pmmls.exe) of A.K.I Software PMailServer/PMailServer2. The vulnerability may allow a remote attacker to obtain arbitrary files on the server. Affected CGI is pmmls.exe (and related PMailServer/PMailServer2 components). ...

CVE-2023-39933

Insufficient verification vulnerability exists in Broadcast Mail CGI pmc.exe included in A.K.I Software's PMailServer/PMailServer2 products. If this vulnerability is exploited, a user who can upload files through the product may execute an arbitrary executable file with the web server's execution...

CVE-2023-39933

Insufficient verification vulnerability exists in Broadcast Mail CGI pmc.exe included in A.K.I Software's PMailServer/PMailServer2 products. If this vulnerability is exploited, a user who can upload files through the product may execute an arbitrary executable file with the web server's execution...

CVE-2023-39933

CVE-2023-39933 affects A.K.I Software PMailServer/PMailServer2, specifically the Broadcast Mail CGI (pmc.exe). The vulnerability is described as Insufficient verification, enabling an attacker who can upload files through the product to execute an arbitrary executable with the web server’s privil...

CVE-2023-39223

CVE-2023-39223 is a stored cross-site scripting vulnerability in CGIs included with A.K.I Software’s PMailServer and PMailServer2. Multiple sources describe an arbitrary script execution in a logged-in user’s browser when the CGI handling user input is exploited. The JVN entry lists affected CGIs...

CVE-2023-39223

Stored cross-site scripting vulnerability exists in CGIs included in A.K.I Software's PMailServer/PMailServer2 products. If this vulnerability is exploited, an arbitrary script may be executed on a logged-in user's web browser...

Multiple vulnerabilities in CGIs of PMailServer and PMailServer2

Overview CGIs included with PMailServer and PMailServer2 provided by A.K.I Software contain multiple vulnerabilities listed below. Stored cross-site scripting vulnerability CWE-79 - CVE-2023-39223 Insufficient verification vulnerability in Broadcast Mail CGI pmc.exe CWE-434 - CVE-2023-39933...

JVN#92720882: Multiple vulnerabilities in CGIs of PMailServer and PMailServer2

CGIs included with PMailServer and PMailServer2 provided by A.K.I Software contain multiple vulnerabilities listed below. Stored cross-site scripting vulnerability CWE-79 - CVE-2023-39223 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N| Base Score: 5.4 CVS...