This update includes 10 new modules, including exploits for HP System Management, MongoDB, STUNSHELL, v0pCr3w Web Shell, Novel ZENworks, Ra1NX PubCall, Joomla, and Java CMM. It also includes a new module for Microsoft Word.
In addition, this update fixes 1 issue.
- HP System Management Anonymous Access Code Execution by agix exploits OSVDB-91812
- MongoDB nativeHelper.apply Remote Code Execution by agix exploits CVE-2013-1892
- STUNSHELL Web Shell Remote PHP Code Execution by bwall
- STUNSHELL Web Shell Remote Code Execution by bwall
- v0pCr3w Web Shell Remote Code Execution by bwall
- Novell ZENworks Configuration Management Remote Execution by juan vazquez and James Burton exploits ZDI-13-049
- Ra1NX PHP Bot PubCall Authentication Bypass Remote Code Execution by bwall exploits OSVDB-91663
- Joomla Component JCE File Upload Remote Code Execution by Heyder Andrade and Unknown exploits BID-49338
- Java CMM Remote Code Execution by juan vazquez and Unknown exploits CVE-2013-1493
Auxiliary and post modules
- Microsoft Word UNC Path Injector by SphaZ
- Fix bug in msfupdate on Kali Linux when system locale is not en_US
How to Upgrade
Metasploit Pro is upgraded using the Administration menu and choosing the option Software Upgrade. To see how to upgrade your Metasploit installation, view this video in the Rapid7 Community.
PRO 4.5.3 updates to 4.5.3-2013040301
MSF3 4.5.3 updates to 4.5.3-2013040301