This week's release includes 1 exploit modules and 0 auxiliary and post-exploitation modules.
- Symantec Web Gateway 5 restore.php Post Authentication Command Injection by sinn3r and Egidio Romano exploits CVE-2014-7285
Notable Fixes and Changes
- PR #4796: Fixed a bug with BrowserExploitServer and incompatable payloads
- PR #4810: Added support for job renaming in msfconsole
- PR #4816: Switched to rb-readline-r7 to fix tab completion in msfconsole
- PR #4828: Fixed SSL support for http_login
- PR #4829: Updated the OWA brute force module to include the /ews/ path
- PR #4835: Added new hex format for msfvenom
- PR #4836: Added a module for Solarwinds Core Orion Service
- PR #4838: Fixed reverse_http listening service issue
- PR #4844: Extended Printer Job Language (PJL) support
- PR #4857: Added a module for Symantec Web Gateway
- PR #4860: Added a module for an unpatched Seagate vulnerability
- PR #4870: Updated MIPS platform payloads in Metasm
- Pro: Previously, Notification Center would not update the count if you were on the Projects page. It now correctly updates its count regardless of where you are in the application.
Upgrading after December 23, 2014
If you did not update to Metasploit 4.11.0 prior to December 23, 2014, you will need to read this handy blog from erayymz to learn how to successfully update your Metasploit instance: HOTFIX: Metasploit Startup Issues After Upgrading to 4.11.0 (Update 2014122301). The standard method that you use to update Metasploit will not work if you are updating after December 23, so it is critical that you update Metasploit using the steps outlined in the blog.
How to Upgrade
To upgrade Metasploit Pro, go to the Administration menu and select the Software Updates option. To see how to upgrade your Metasploit installation, view this video.
PRO 4.11.1 updates to 4.11.1-2015030501
MSF3 4.11.1 updates to 4.11.1-2015030501