Full title: HP Managed Printing Administration jobAcct Remote Command Execution Category: remote exploits Platform: windows This Metasploit module exploits an arbitrary file upload vulnerability on HP Managed Printing Administration 2.6.3 (and before). The vulnerability exists in the UploadFiles() function from the MPAUploader.Uploader.1 control, loaded and used by the server. The function can be abused via directory traversal and null byte injection in order to achieve arbitrary file upload. # 0day.today @ http://0day.today/