This update includes nine new modules, including exploits for ManageEngine, ClanSphere, WinRM, and Metasploit.
In addition, this update fixes two reported issues.
- ManageEngine Security Manager Plus 5.5 build 5505 SQL Injection by sinn3r, egyp7, and xistence exploits BID-56138
- HP Operations Agent Opcode coda.exe 0x34 Buffer Overflow by juan vazquez and Luigi Auriemma exploits ZDI-12-114
- HP Operations Agent Opcode coda.exe 0x8c Buffer Overflow by juan vazquez and Luigi Auriemma exploits ZDI-12-115
Auxiliary and Post modules
- ClanSphere 2011.3 Local File Inclusion Vulnerability by sinn3r and blkhtc0rp exploits OSVDB-86720
- ManageEngine DeviceExpert 5.6 ScheduleResultViewer FileName Traversal by sinn3r and rgod exploits OSVDB-80262
- ManageEngine SecurityManager Plus 5.5 Directory Traversal by sinn3r and blkhtc0rp exploits OSVDB-86563
- WinRM Authentication Method Detection by thelightcosine
- WinRM Login Utility by thelightcosine exploits CVE-1999-0502
- Metasploit pcap_log Local Privilege Escalation by 0a29406d9794e4f9b30b3c5d6702c708 exploits BID-54472
#7350 : Fixed reverse_tcp / bind_tcp over routed reverse_https connections.
#7376 : Fixed module search by platform.
How to Upgrade
Metasploit Pro is upgraded using the Administration menu and choosing the option Software Upgrade. To see how to upgrade your Metasploit installation, view this video in the Rapid7 Community.
PRO 4.4.0 updates to 2012103101
MSF3 4.4.0 updates to 2012103101