Full title: HP ProCurve Manager SNAC UpdateDomainControllerServlet File Upload Category: remote exploits Platform: windows This Metasploit module exploits a path traversal flaw in the HP ProCurve Manager SNAC Server. The vulnerability in the UpdateDomainControllerServlet allows an attacker to upload arbitrary files, just having into account binary writes aren't allowed. Additionally, authentication can be bypassed in order to upload the file. This Metasploit module has been tested successfully on the SNAC server installed with HP ProCurve Manager 4.0. # 0day.today @ http://0day.today/