SmarterMail Build 9406 and earlier is vulnerable to arbitrary file upload. An unauthenticated attacker can upload arbitrary files to any location on the mail server, potentially enabling remote code execution.