A vulnerability allows remote attackers to execute arbitrary code on systems with affected installations of BakBone NetVault Reporter. User interaction is not required to exploit this vulnerability. BakBone NetVault Reporter version 3.5 prior to Update4 is susceptible.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/58060/ZDI-07-044.txt
Source: https://packetstormsecurity.com/files/58060/Zero-Day-Initiative-Advisory-07-044.html