This weekly update contains 3 new exploit modules, 1 auxiliary modules and 1 fix.
- D-Link info.cgi POST Request Buffer Overflow by Craig Heffner and Michael Messner exploits OSVDB-108249
- D-Link HNAP Request Remote Buffer Overflow by Craig Heffner and Michael Messner exploits CVE-2014-3936
- D-Link Unauthenticated UPnP M-SEARCH Multicast Command Injection by Michael Messner and Zachary Cutlip
Auxiliary and post modules
- Flash "Rosetta" JSONP GET/POST Response Disclosure by Michele Spagnuolo and joev exploits CVE-2014-4671
Notable Changes and Resolved Issues
- 8828 - Description leak from meterpreter.rb
How to Upgrade
Metasploit Pro is upgraded using the Administration menu and choosing the option Software Upgrade. To see how to upgrade your Metasploit installation, view this video in the Rapid7 Community.
PRO 4.9.3 updates to 4.9.3-2014071601
MSF3 4.9.3 updates to 4.9.3-2014071601