A signature program at Penn State Greater Allegheny, implemented to give students, faculty and staff the digital skills to communicate, solve problems and create new knowledge, is front and center in the University’s remote learning period.

Penn State Campus Recreation is now offering a library of more than 50 workouts online through YouTube as well as live classes that are held every business day on the Penn State Campus Recreation Instagram. Group fitness instructor Alexis "Lexi" Neimeyer talked about her experience on the transition to virtual fitness classes.

Nearly 30 disability rights and education advocacy organizations have launched a new resource hub and online network designed to help special educators during the coronavirus crisis.

Penn State Harrisburg faculty share their experiences – the challenges, triumphs and innovations – as they are adapting lesson plans and teaching processes during this time of social distancing.

We talk a lot about blended learning opportunities in my district, asking ourselves whether we are offering the most beneficial learning opportunities for both staff and students. We're looking to provide quality online learning resources to students when they are outside of our classrooms, as well

Within days of the University's shift to remote learning, faculty, instructors and teaching assistants in the Department of Geography moved 35 resident instruction courses into remote delivery mode to teach 1,947 students.

To continue supporting Penn State faculty’s remote teaching, Teaching and Learning with Technology is offering virtual office hours each day during the week of March 16. During these sessions, instructors can get help with transitioning their courses from a residential format to remote.

The Sokolov-Miller Family Financial and Life Skills Center at Penn State has a slate of programming for Financial Literacy Month this April and is offering help to anyone in the University community who is anxious about their financial future.

The access was being sold on a Russian-language marketplace. The affected airport system was available on the open internet and may have been secured with a weak password.

The Weather Risk Management Club has continued meeting via Zoom during the remote learning period, carrying on their work examining the impacts of severe weather events on the economy.

Given the continuing challenge and uncertainty of the coronavirus pandemic and to protect the health of students, faculty and staff, Penn State has made the decision to extend virtual delivery of courses into the summer. Further, the University will adjust tuition for the summer sessions in light of the ongoing pandemic and the persistent fiscal strain it is causing across Pennsylvania and the country.

As many of us are learning to navigate the changing world we are living in amid the COVID-19 outbreak, and as we care for our loved ones, friends, and our community, many of us now find ourselves working and studying from home much more than we did before. As an [...]

Working remotely? A list of 5 ways to spend your down time was published on SAS Users.

As many of us are learning to navigate the changing world we are living in amid the COVID-19 outbreak, and as we care for our loved ones, friends, and our community, many of us now find ourselves working and studying from home much more than we did before. As an [...]

Working remotely? A list of 5 ways to spend your down time was published on SAS Users.

Work From Home: Domestic interruptions or family and home-related tasks can be a massive deterrent for remote employees. For instance, cooking or organizing food, house help, and other chores can take a ton of time and energy.

To help you out, Windows has BitLocker, Macs have FileVault, and Linux has LUKS and cryptsetup, which can be used to create encrypted drives and partitions.

Teams enables teachers and students to connect over video-enabled remote classrooms, offering a host of interactive and collabora-tive tools on one platform

Attackers are pivoting their existing infrastructure for the distribution of ransomware, phishing emails, and other malware, leveraging COVID-19 keywords that get us to click on links or open emails.

HP Smart Tank 530 delivers hassle-free, reliable printing at an affordable price. It is designed to provide good ink tank experience and print quality for home users.

This Metasploit module exploits a type confusion vulnerability found in the ActiveX component of Adobe Flash Player. This vulnerability was found exploited in the wild in November 2013. This Metasploit module has been tested successfully on IE 6 to IE 10 with Flash 11.7, 11.8 and 11.9 prior to 11.9.900.170 over Windows XP SP3 and Windows 7 SP1.

This Metasploit module exploits a vulnerability found in the ActiveX component of Adobe Flash Player before 12.0.0.43. By supplying a specially crafted swf file it is possible to trigger an integer underflow in several avm2 instructions, which can be turned into remote code execution under the context of the user, as exploited in the wild in February 2014. This Metasploit module has been tested successfully with Adobe Flash Player 11.7.700.202 on Windows XP SP3, Windows 7 SP1 and Adobe Flash Player 11.3.372.94 on Windows 8 even when it includes rop chains for several Flash 11 versions, as exploited in the wild.

UCanCode has active-x vulnerabilities which allow for remote code execution and denial of service attacks.

Adobe Flash Active-X plugin version 28.0.0.137 remote code execution proof of concept exploit.

This Metasploit module exploits the Windows OLE automation array remote code execution vulnerability. The vulnerability exists in Internet Explorer 3.0 until version 11 within Windows 95 up to Windows 10.

Microsoft Windows SMB version 3.1.1 suffers from a code execution vulnerability.

LW-N605R devices allow remote code execution via shell metacharacters in the HOST field of the ping feature at adm/systools.asp. Authentication is needed but the default password of admin for the admin account may be used in some cases.

The Telerik UI for ASP.NET AJAX insecurely deserializes JSON objects in a manner that results in arbitrary remote code execution on the software's underlying host.

This Metasploit module exploits a vulnerability that allows remote attackers to execute arbitrary code on vulnerable installations of Apache Shiro version 1.2.4.

This Metasploit module exploits an expression language remote code execution flaw in the Primefaces JSF framework. Primefaces versions prior to 5.2.21, 5.3.8 or 6.0 are vulnerable to a padding oracle attack, due to the use of weak crypto and default encryption password and salt.

Citrix Application Delivery Controller and Citrix Gateway directory traversal remote code execution exploit.

FIBARO System Home Center version 5.021 suffers from cross site scripting and remote file inclusion vulnerabilities.

PhreeBooks ERP version 5.2.5 suffers from a remote command execution vulnerability.

This Metasploit module exploits a vulnerability in the Kentico CMS platform versions 12.0.14 and earlier. Remote command execution is possible via unauthenticated XML requests to the Staging Service SyncServer.asmx interface ProcessSynchronizationTaskData method stagingTaskData parameter. XML input is passed to an insecure .NET deserialize call which allows for remote command execution.

The HC.Server service in Hosting Controller HC10 10.14 allows an Invalid Pointer Write DoS if attackers can reach the service on port 8794. In addition this can potentially be leveraged for post exploit persistence with SYSTEM privileges, if physical access or malware is involved. If a physical attacker or malware can set its own program for the service failure recovery options, it can be used to maintain persistence. Afterwards, it can be triggered by sending a malicious request to DoS the service, which in turn can start the attackers recovery program. The attackers program can then try restarting the affected service to try an stay unnoticed by calling "sc start HCServerService". Services failure flag recovery options for "enabling actions for stops or errors" and can be set in the services "Recovery" properties tab or on the command line. Authentication is not required to reach the vulnerable service, this was tested successfully on Windows 7/10.

Prestashop versions 1.7.6.4 and below suffer from code execution, cross site request forgery, and cross site scripting vulnerabilities.

DCNM exposes a file upload servlet (FileUploadServlet) at /fm/fileUpload. An authenticated user can abuse this servlet to upload a WAR to the Apache Tomcat webapps directory and achieve remote code execution as root. This module exploits two other vulnerabilities, CVE-2019-1619 for authentication bypass on versions 10.4(2) and below, and CVE-2019-1622 (information disclosure) to obtain the correct directory for the WAR file upload. This module was tested on the DCNM Linux virtual appliance 10.4(2), 11.0(1) and 11.1(1), and should work on a few versions below 10.4(2). Only version 11.0(1) requires authentication to exploit (see References to understand why).

FileThingie version 2.5.7 suffers from a remote shell upload vulnerability.

Linear eMerge E3 versions 1.00-06 and below arbitrary file upload remote root code execution exploit.

Optergy versions 2.3.0a and below authenticated file upload remote root code execution exploit.

This Metasploit module exploits an underflow vulnerability in PHP-FPM versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 of PHP-FPM on Nginx. Only servers with certain Nginx + PHP-FPM configurations are exploitable. This is a port of the original neex's exploit code (see refs). First, it detects the correct parameters (Query String Length and custom header length) needed to trigger code execution. This step determines if the target is actually vulnerable (Check method). Then, the exploit sets a series of PHP INI directives to create a file locally on the target, which enables code execution through a query string parameter. This is used to execute normal payload stagers. Finally, this module does some cleanup by killing local PHP-FPM workers (those are spawned automatically once killed) and removing the created local file.

rConfig version 3.93 suffers from an authenticated ajaxAddTemplate.php remote code execution vulnerability.

rConfig version 3.9.4 suffers from a search.crud.php remote command injection vulnerability.

Pandora FMS version 7.0NG suffers from a net_tools.php remote code execution vulnerability.

This Metasploit module exploits a vulnerability found in Pandora FMS 7.0NG and lower. net_tools.php in Pandora FMS 7.0NG allows remote attackers to execute arbitrary OS commands.

This Metasploit module exploits one of two PHP injection vulnerabilities in the ThinkPHP web framework to execute code as the web user. Versions up to and including 5.0.23 are exploitable, though 5.0.23 is vulnerable to a separate vulnerability. The module will automatically attempt to detect the version of the software. Tested against versions 5.0.20 and 5.0.23 as can be found on Vulhub.

CentOS-WebPanel.com Control Web Panel (CWP) version 0.9.8.836 suffers from a remote command execution vulnerability.