This weekly update contains 6 new exploit modules, 3 auxiliary modules and 1 fix.
- Gitlab-shell Code Execution by Brandon Knight exploits CVE-2013-4490
- VMTurbo Operations Manager vmtadmin.cgi Remote Command Execution by Emilio Pinna exploits CVE-2014-5073
- MQAC.sys Arbitrary Write Privilege Escalation by Matt Bergin and Spencer McIntyre exploits CVE-2014-4971
- VirtualBox Guest Additions VBoxGuest.sys Privilege Escalation by Jay Smith and Matt Bergin exploits CVE-2014-2477
- VirtualBox 3D Acceleration Virtual Machine Escape by juan vazquez, Florian Ledoux, and Francisco Falcon exploits CVE-2014-0983
Auxiliary and post modules
- Yokogawa BKBCopyD.exe Client by Unknown
- Wordpress XMLRPC DoS by Christian Mehlmauer and Nir Goldshlager
- Linux Gather Gnome-Commander Creds by David Bloom
Notable Changes and Resolved Issues
- 8839 - The command msfconfole fails to load modules
How to Upgrade
Metasploit Pro is upgraded using the Administration menu and choosing the option Software Upgrade. To see how to upgrade your Metasploit installation, view this video in the Rapid7 Community.
PRO 4.9.3 updates to 4.10.0-2014082003
MSF3 4.9.3 updates to 4.10.0-2014082003