The web service framework in Cisco WAAS Software 4.x and 5.x before 5.0.3e, 5.1.x before 5.1.1c, and 5.2.x before 5.2.1 in a Central Manager (CM) configuration allows remote attackers to execute arbitrary code via a crafted POST request, aka Bug ID CSCuh26626.
https://exchange.xforce.ibmcloud.com/vulnerabilities/86121
http://www.securitytracker.com/id/1028851
http://www.securityfocus.com/bid/61542
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130731-waascm
http://secunia.com/advisories/54372