This update includes 9 new modules, including exploits for Java, Jenkins, Nagios and PHP-Charts. It also contains new modules for MySQL, Razer Synapse, and capturing system microphones and webcams.
In addition, this update fixes five issues.
- Java Applet AverageRangeStatisticImpl Remote Code Execution by juan vazquez and Unknown exploits CVE-2012-5076
- Java Applet Method Handle Remote Code Execution by juan vazquez and Unknown exploits CVE-2012-5088
- Jenkins Script-Console Java Execution by Spencer McIntyre and jamcut
- Nagios3 history.cgi Host Command Execution by Daniele Martini, Jose Selvi, Unknown, and blasty exploits CVE-2012-6096
- PHP-Charts v1.0 PHP Code Execution Vulnerability by AkaStep and Brendan Coles exploits OSVDB-89334
Auxiliary and post modules
- MYSQL File/Directory Enumerator by Robin Wood
- Multi Manage Record Microphone by sinn3r
- Razer Synapse Password Extraction by Brandon McCann "zeknox", Matt Howard "pasv", and Thomas McCarthy "smilingraccoon"
- Windows Manage Webcam by sinn3r
- Fixed an issue that could cause major performance problems in web scans in Metasploit Pro
- 2100 Fix bug when hitting CTRL+C in IRB
- 7138 Add lower-case HTTP verbs to bypass auth and formatting improvements
- 7239 Add STOP_ON_SUCCESS option to smb_login
- 7269 Fix bug in db_nmap -h
- 7673 Fix "failed to reload" error after db_disconnect
How to Upgrade
Metasploit Pro is upgraded using the Administration menu and choosing the option Software Upgrade. To see how to upgrade your Metasploit installation, view this video in the Rapid7 Community.
PRO 4.5.1 updates to 4.5.1-2013012301
MSF3 4.5.1 updates to 4.5.1-2013012301