CVE-2013-5221

The mobile-upload feature in Esri ArcGIS for Server 10.1 through 10.2 allows remote authenticated users to upload .exe files by leveraging (1) publisher or (2) administrator privileges.

Date published : 2013-09-24

http://support.esri.com/en/downloads/patches-servicepacks/view/productid/66/metaid/2009

http://support.esri.com/en/knowledgebase/techarticles/detail/41497