This weekly update brings ten new modules, which include exploits for PHP and Java, S40, various PHP applications, Apache Struts, Citrix, and the GIMP. This update also adds the pcAnywhere data protocol module to the regular menu of Bruteforce-able protocols, and resolves ten other outstanding issues.
- Hashtable Collisions
- S40 0.4.2 CMS Directory Traversal Vulnerability
- pcAnywhere Login Scanner
- Log1 CMS writeInfo() PHP Code Injection
- PHP Volunteer Management System v1.0.2 Arbitrary File Upload Vulnerability
- Apache Struts Remote Command Execution
- Citrix Provisioning Services 5.6 SP1 Streamprocess Opcode 0x40020004 Buffer Overflow
- Citrix Provisioning Services 5.6 SP1 Streamprocess Opcode 0x40020002 Buffer Overflow
- Citrix Provisioning Services 5.6 SP1 Streamprocess Opcode 0x40020006 Buffer Overflow
- GIMP script-fu Server Buffer Overflow
Resolved Bugs & Changes
- Issue #6749 : "Select All" button for session selection sometimes doesn't.
- Issue #6937 : Campaign always thinks SMTP user/pass is set and fails to authenticate
- Issue #6853 : Inaccessible Nexpose host throws stack trace when scan is run
- Issue #6854 : NilClass error when adding a new non-existent nexpose host
- Issue #6548 : pro.workspace_add and pro.project_add fail: undefined method `id' for "user":String
- Issue #6848 : VPN Pivot always uses DHCP even when static IP is specified
- Issue #6941 : Add 64 bit meterpreter to the list of persistent payloads
- Issue #6934 : Bruteforce raises exception
- Issue #3271 : Implement PCAnywhere Bruteforce
- Issue #6910 : Web App - Vuln View sometimes triggers UTF8 encoding error on view
- Issue #6732 : Deleting first item destroys task chain state
How to Upgrade
Metasploit Pro is upgraded using the Administration menu and choosing the option Software Upgrade. To see how to upgrade your Metasploit installation, view this video in the Rapid7 Community.
After you update Metasploit Pro, the menu and update page may not display correctly. To resolve this issue, you must clear your browser's cache for user interface to load correctly.
PRO 4.3.0 2012053002 updates to 2012060601
MSF3 4.3.0 2012052303 updates to 2012060601