Computer Security
[EN] securityvulns.ru no-pyccku


Avaya IP Office Customer Call Reporter code execution
Published:09.07.2012
Source:
SecurityVulns ID:12457
Type:remote
Threat Level:
7/10
Description:It's possible to upload executable files via ImageUpload.ashx
Affected:AVAYA : Avaya IP Office Customer Call Reporter 7.0
CVE:CVE-2012-3811 (Unrestricted file upload vulnerability in ImageUpload.ashx in the Wallboard application in Avaya IP Office Customer Call Reporter 7.0 before 7.0.5.8 Q1 2012 Maintenance Release and 8.0 before 8.0.9.13 Q1 2012 Maintenance Release allows remote attackers to execute arbitrary code by uploading an executable file and then accessing it via a direct request.)
Original documentdocumentZDI, ZDI-12-106 : Avaya IP Office Customer Call Reporter ImageUpload Remote Code Execution Vulnerability (09.07.2012)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod