CVE-2014-8270 Information

Description

BMC Track-It! 11.3 allows remote attackers to gain privileges and execute arbitrary code by creating an account whose name matches that of a local system account then performing a password reset.

Reference

http://support.numarasoftware.com/support/articles.asp?how=20AND20&mode=detail&kcriteria=7508&ID=7654 http://www.zerodayinitiative.com/advisories/ZDI-14-419/