The server in Brocade Network Advisor before 12.1.0, as used in EMC Connectrix Manager Converged Network Edition (CMCNE), HP B-series SAN Network Advisor, and possibly other products, allows remote attackers to execute arbitrary code by using a servlet to upload an executable file.
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
| Link | Tags |
|---|---|
| https://www.exploit-db.com/exploits/42702/ | exploit |
| http://www.securitytracker.com/id/1029485 | vdb entry |
| http://www.attrition.org/pipermail/vim/2014-January/002755.html | mailing list |
| http://www.zerodayinitiative.com/advisories/ZDI-13-283/ | |
| http://archives.neohapsis.com/archives/bugtraq/2013-12/0053.html | mailing list |
| http://marc.info/?l=bugtraq&m=138723620521347&w=2 | vendor advisory |
| https://www.exploit-db.com/exploits/42701/ | exploit |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/90728 | vdb entry |
| http://secunia.com/advisories/56143 | third party advisory |