This weekly update brings eleven new modules, and one new resource script, including exploits for WANGKONGBAO, Novell ZENworks, Hotshot, Basilic, Java, Hastymail, TikiWiki, IBM Rational ClearQuest, AdminStudo, Umbraco CMS, and Poison Ivy.
- WANGKONGBAO CNS-1000 and 1100 UTM Directory Traversal by Dillon Beresford exploits EDB-19526
- Novell ZENworks Configuration Management Preboot Service Remote File Access by Luigi Auriemma and juan exploits CVE-2012-2215
- WPAD.dat File Server by et impliments the WPAD MITM attack
- Java Applet Field Bytecode Verifier Cache Remote Code Execution by sinn3r, juan vazquez, Stefan Cornelius, littlelightlittlefire, and mihi exploits CVE-2012-1723
- Basilic 1.5.14 diff.php Arbitrary Command Execution by sinn3r, juan, and lcashdollar exploits BID-54234
- Hastymail 2.1.1 RC1 Command Injection by juan vazquez and Bruno Teixeira exploits CVE-2011-4542
- Tiki Wiki 8.3 unserialize() PHP Code Execution by juan vazquez and EgiX exploits CVE-2012-0911
- IBM Rational ClearQuest CQOle Remote Code Execution by juan vazquez and rgod exploits CVE-2012-0708
- AdminStudio LaunchHelp.dll ActiveX Arbitrary Code Execution by juan and rgod exploits CVE-2011-2657
- Umbraco CMS Remote Command Execution by juan vazquez and Toby Clarke exploits Ubraco bug #18192
- Poison Ivy 2.3.2 C&C Server Buffer Overflow by juan vazquez, Andrzej Dereszowski, and Gal Badishi exploits an unclassified vulnerability in Poison Ivy
How to Upgrade
Metasploit Pro is upgraded using the Administration menu and choosing the option Software Upgrade. To see how to upgrade your Metasploit installation, view this video in the Rapid7 Community.
PRO 4.3.0 (any revision) updates to 2012071101
MSF3 4.3.0 (any revision) updates to 2012071101