Zero Day Initiative Advisory 12-174 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP SiteScope. Authentication is not required to exploit this vulnerability. The specific flaw is a directory traversal in the UploadFilesHandler url that allows you to upload files to the server into a directory on the server that allows for scripting. This vulnerability could lead to remote code execution under the context of the current process.
4ee84abc0ed60faa0ef4eaf23e562588e583a3ba9fdbd25999ffb6342ecf1e64