Lucene search
Andrea Micalizzi aka rgodZDI-12-106HistoryJun 28, 2012 - 12:00 a.m.
Avaya IP Office Customer Call Reporter ImageUpload Remote Code Execution Vulnerability
2012-06-2800:00:00
Andrea Micalizzi aka rgod
www.zerodayinitiative.com
12
EPSS
0.968
Percentile
99.7%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Avaya IP Office Customer Call Reporter. Authentication is not required to exploit this vulnerability. The specific flaw exists because Avaya IP Office Customer Call Reporter allows unauthenticated users to upload files to the webserver through ImageUpload.ashx. The uploaded files will not be stripped of their file extensions and the directory where they are uploaded to has no scripting restrictions. This flaw can lead the remote code execution under the context of the user running the IP Office Customer Call Reporter, usually NETWORK SERVICE.
Related
exploitdb
exploitdb
metasploit
metasploit
zdt
zdt
Avaya IP Office Customer Call Reporter Command Execution
2012-10-09 00:00:00
packetstorm
packetstorm
Avaya IP Office Customer Call Reporter Command Execution
2012-10-08 00:00:00
checkpoint_advisories
checkpoint_advisories
cvelist
cvelist
CVE-2012-3811
2012-07-03 19:00:00
securityvulns
securityvulns
Avaya IP Office Customer Call Reporter code execution
2012-07-09 00:00:00
nvd
nvd
CVE-2012-3811
2012-07-03 19:55:04
saint
saint
Avaya IP Office Customer Call Reporter ImageUpload.ashx file upload
2012-10-22 00:00:00
Avaya IP Office Customer Call Reporter ImageUpload.ashx file upload
2012-10-22 00:00:00
Avaya IP Office Customer Call Reporter ImageUpload.ashx file upload
2012-10-22 00:00:00
prion
prion
Unrestricted file upload
2012-07-03 19:55:00
cve
cve
CVE-2012-3811
2012-07-03 19:55:04