This update includes 4 new modules, including exploits for Netgear DGB2200B, Java Applets, and Free Float FTP Server. It also includes a new scanner for MediaWiki.
In addition, this update fixes 2 reported issues.
- Netgear DGN2200B pppoe.cgi Remote Command Execution by juan vazquez and Michael Messner exploits OSVDB-90320
- Java Applet Reflection Type Confusion Remote Code Execution by juan vazquez and Jeroen Frijters
- Free Float FTP Server USER Command Buffer Overflow by D35m0nd142 and Doug Prostko exploits OSVDB-69621
Auxiliary and post modules
- MediaWiki SVG XML Entity Expansion Remote File Access by juan vazquez, Christian Mehlmauer, and Daniel Franke exploits OSVDB-92490
- 7896 - Fix an error in show options output in msfconsole
- Fix a bug in the AppScan importer when importing certain files
How to Upgrade
Metasploit Pro is upgraded using the Administration menu and choosing the option Software Upgrade. To see how to upgrade your Metasploit installation, view this video in the Rapid7 Community.
PRO 4.6.0 updates to 4.6.0-2013042401
MSF3 4.6.0 updates to 4.6.0-2013042401