This weekly update brings eight new modules, which include exploits for OpenOffice, Symantec Web Gateway, WeBid, appRain, ispVM, MPlayer, QuickShare, and RabidHamster.
Additionally, this update resolves an XSS issue reported by Everardo Padilla (thanks Everardo!), as well as a handful of usability bugs in the Campaign, Task Chain, and WebApp components.
Resolved Bugs & Changes
- Issue #6925 : XSS under the "Vulnerabilities" section.
- Issue #3962 : linux/x86/meterpreter can't drop to shell
- Issue #6827 : "RuggedCom Telnet Password Generator" Module
- Issue #6910 : Web App - Vuln View triggers UTF8 encoding error on view
- Issue #6732 : Deleting first item destroys task chain state
- Issue #6932 : Screenshot missing on upper right of host page after capture
- Issue #6930 : Select all checkbox on hosts page remains checked after mass applying tags
- Issue #6931 : In firefox, min-width on workspaces#index is not large enough to fit news pane and left table
- Issue #6820 : Exploit excluded ports should support space seperated lists
- Issue #6929 : Search field placeholder not aligned in ie9
- Issue #6928 : "Searching tags..." placeholder sometimes does not render correctly
- Issue #6926 : Entering a duplicate tag shows a blank error message
- Issue #6821 : Allow JtR modules to be run from the modules tab
- Issue #5025 : Link to the user guides and other PDFs from within a help page
- Issue #6923 : Select all on web app vulns page does nothing
- Issue #6919 : Double confirmation on task chain creation
- Issue #6917 : Task chains search bar not in header
- Issue #6918 : Search auto-hide does not work properly in loots page
- Issue #6900 : Projects should have a tooltip with their full name, especially when the project names is wider than the dropdown div
- Issue #6914 : adding credential causes Internal Server Error
- Issue #6899 : Give projects a sub menu with their tab-bar equivalents
- Issue #6780 : Clear all/selected tasks option
- Issue #6817 : Process still runs after error appears
- Issue #6533 : Disable Nexpose button when nexpose is not connected
- Issue #6896 : Proejcts Search Results should be in datatables in search-fix branch
How to Upgrade
Metasploit Pro is upgraded using the Administration menu and choosing the option Software Upgrade. To see how to upgrade your Metasploit installation, view this video in the Rapid7 Community.
PRO 4.3.0 2012052303 updates to 2012053002
MSF3 4.3.0 2012052303 updates to 2012053002