This update includes three new modules, including exploits for Oracle Java, Zabbix Server and SAP NetWeaver HostControl.
In addition, this update also includes five bug fixes.
- Zabbix Server Arbitrary Command Execution by juan vazquez and Nicob exploits CVE-2009-4498
- SAP NetWeaver HostControl Command Injection by juan vazquez and Michael Jordon exploits OSVDB-84821
- Java 7 Applet Remote Code Execution by sinn3r, juan vazquez, jduck, and Unknown exploits CVE-2012-4681
#7199 : Added Spanish targets for Windows 2003 SP1 and 2 for MS08-067
#7158 : Reorganized the PCI report sections to show a table of hosts that were tested and their failure status
#7131 : Improved the display of long strings in HTML reports
#7167 : Made several enhancements to the Compromised Hosts report
#7181 : SSH fingerprint now shows in the Tokens report instead of the SSH private key
- Users can now manually upload loot/evidence to be associated with a host
How to Upgrade
Metasploit Pro is upgraded using the Administration menu and choosing the option Software Upgrade. To see how to upgrade your Metasploit installation, view this video in the Rapid7 Community.
PRO 4.4.0 updates to 2012082901
MSF3 4.4.0 updates to 2012082901