This weekly update contains 4 new exploit modules, 1 new auxiliary modules and 1 new fix.
- Cogent DataHub Command Injection by juan vazquez and John Leitch exploits ZDI-14-136
- HP AutoPass License Server File Upload by juan vazquez and rgod exploits ZDI-14-195
- MS13-097 Registry Symlink IE Sandbox Escape by juan vazquez and James Forshaw exploits CVE-2013-5045
- MS14-009 .NET Deployment Service IE Sandbox Escape by juan vazquez and James Forshaw exploits CVE-2014-0257
Auxiliary and post modules
- Cerberus FTP Server SFTP Username Enumeration by Matt Byrne and Steve Embling exploits BID-67707
Notable Changes and Resolved Issues
- 8815 - NoMethodError undefined method length for nil:NilClass with struts_code_exec_parameters.rb
How to Upgrade
Metasploit Pro is upgraded using the Administration menu and choosing the option Software Upgrade. To see how to upgrade your Metasploit installation, view this video in the Rapid7 Community.
PRO 4.9.3 updates to 4.9.3-2014070201
MSF3 4.9.3 updates to 4.9.3-2014070201