This weekly update contains 2 new exploit modules and 6 auxiliary/post modules.
- Phpwiki Ploticus Remote Code Execution by Benjamin Harris and us3r777 exploits CVE-2014-5519
- GetSimpleCMS PHP File Upload Vulnerability by Ahmed Elhady Mohamed exploits OSVDB-93034
Auxiliary and post modules
- AlienVault Authenticated SQL Injection Arbitrary File Read by Chris Hebert exploits OSVDB-106815
- UDP Empty Prober by Jon Hart
- Wordpress XML-RPC Username/Password Login Scanner by Cenk Kalpakoglu exploits CVE-1999-0502
- Linux Gather 802-11-Wireless-Security Credentials by Cenk Kalpakoglu
- Windows Gather Remote Desktop Connection Manager Saved Password Extraction by Tom Sellers
- Windows Gather Applied Patches by mubix and zeroSteiner
How to Upgrade
Metasploit Pro is upgraded using the Administration menu and choosing the option Software Upgrade. To see how to upgrade your Metasploit installation, view this video in the Rapid7 Community.
PRO 4.10.0 updates to 4.10.0-2014092401
MSF3 4.10.0 updates to 4.10.0-2014092401