Metasploit 4.7.0 Update 2013090401

Document created by Brandon Turner Employee on Sep 3, 2013
Version 1Show Document
  • View in full screen mode

Summary

This update includes 11 new modules, including exploits for VMWare SPIP, HP LoadRunner, Firefox and Internet Explorer.  It also includes new modules for OSX and Windows.

 

In addition, this update fixes 34 issues.

 

Module Changes

Exploit modules

 

Auxiliary and post modules

 

Notable Changes and Resolved Issues

  • 8313 - Print where store_loot files are stored
  • 8314 - Use OptPath instead of OptString to load files
  • 8315 - Fix unhandled exceptions when running JohnTheRipper
  • 8316 - Escape dots in modules
  • 8317 - Fix double slash in svn_wcdb_scanner.db
  • 8318 - Fix normalize_uri bug in lotus_domino_version
  • 8319 - Disable BLANK_PASSWORDS for ektron_cms400net.rb
  • 8322 - Properly check for nil response from send_request_raw in sap_mgmt_con_instanceproperties
  • 8323 - Properly check for nil response from send_request_raw in xdb_sid_brute
  • 8324 - Properly check for nil response from send_request_raw in spy_sid
  • 8325 - Properly check for nil response from send_request_raw in lotus_domino_hashes
  • 8328 - Properly check for nil response from send_request_raw in web_vulndb
  • 8329 - Properly check for nil response from send_request_raw in vmware_server_dir_trav
  • 8330 - Properly check for nil response from send_request_raw in sevone_enum
  • 8331 - Properly check for nil response from send_request_raw in rails_mass_assignment
  • 8332 - Properly check for nil response from send_request_raw in novell_mdm_creds
  • 8333, 8334 - Properly check for nil response from send_request_raw in nginx_source_disclosure
  • 8336 - Properly check for nil response from send_request_raw in majordomo2_directory_traversal
  • 8337, 8338 - Properly check for nil response from send_request_raw in litespeed_source_disclosure
  • 8339 - Properly check for nil response from send_request_raw in dolibarr_login
  • 8340 - Properly check for nil response from send_request_raw in dir_webdav_unicode_bypass
  • 8341 - Properly check for nil response from send_request_raw in barracuda_directory_traversal
  • 8342 - Properly check for nil response from send_request_raw in axis_local_file_include
  • 8343 - Properly check for nil response from send_request_cgi in external_ip
  • 8344, 8345 - Validate datastore option YEAD in corpwatch_lookup_name
  • 8346 - Properly check for nil response from send_request_cgi in osb_execqr3
  • 8347 - Properly check for nil response from send_request_cgi in osb_execqr2
  • 8348 - Properly check for nil response from send_request_raw in typo3_sa_2010_020
  • 8349 - Properly check for nil response from send_request_cgi in jboss_seam_exec
  • 8350 - Properly check for nil response from send_request_cgi in edirectory_edirutil
  • 8359 - Fix bug when creating an exe with a META-INF folder present

 

How to Upgrade

Metasploit Pro is upgraded using the Administration menu and choosing the option Software Upgrade. To see how to upgrade your Metasploit installation, view this video in the Rapid7 Community.

 

Version Information

PRO 4.7.0 updates to 4.7.0-2013090401

MSF3 4.7.0 updates to 4.7.0-2013090401

Attachments

    Outcomes