This weekly update contains 5 new exploit modules and 4 auxiliary/post modules.
- Railo Remote File Include by Bryan Alexander and bperry exploits CVE-2014-5468
- GDB Server Remote Payload Execution by joev
- ManageEngine Eventlog Analyzer Arbitrary File Upload by Pedro Ribeiro and h0ng10 exploits CVE-2014-6037
- SolarWinds Storage Manager Authentication Bypass by juan vazquez and rgod exploits ZDI-14-299
- ManageEngine Desktop Central StatusUpdate Arbitrary File Upload by Pedro Ribeiro exploits CVE-2014-5005
Auxiliary and post modules
- Apple TV Image Remote Control by sinn3r and 0a29406d9794e4f9b30b3c5d6702c708
- Apple TV Video Remote Control by sinn3r and 0a29406d9794e4f9b30b3c5d6702c708
- AppleTV AirPlay Login Utility by 0a29406d9794e4f9b30b3c5d6702c708 and thelightcosine
- Arris DG950A Cable Modem Wifi Enumeration by Deral "Percent_X" Heiland
How to Upgrade
Metasploit Pro is upgraded using the Administration menu and choosing the option Software Upgrade. To see how to upgrade your Metasploit installation, view this video in the Rapid7 Community.
PRO 4.10.0 updates to 4.10.0-2014091001
MSF3 4.10.0 updates to 4.10.0-2014091001