- Joomla HTTP Header Unauthenticated Remote Code Execution by Christian Mehlmauer and Marc-Alexandre Montpas exploits CVE-2015-8562
Auxiliary and Post-Exploitation Modules
- Android Stock Browser Iframe DOS by Jean Pascal Pereira and Jonathan Waggoner exploits CVE-2012-6301
- NTP "NAK to the Future" by Jon Hart and Matthew Van Gundy of Cisco ASIG exploits CVE-2015-7871
- Redis File Upload by Jon Hart and Nixawk
- MS15-134 Microsoft Windows Media Center MCL Information Disclosure by sinn3r and Francisco Falcon exploits CVE-2015-6127
- Post Windows Gather NTDS.DIT Location by Stuart Morgan
Notable Fixes and Changes
- PR #6111: Added Android geo/cell interval collection
- PR #6408: Added JSON output for the info command
- PR #6356: Added NTDS.DIT location finder
- PR #6319: Added Redis file upload exploit
- PR #6237: Added Android stock browser DoS module
- PR #6179: Added NTP "NAK to the Future" auxiliary module
- PR #6292: Added z/OS reverse shell payload
- PR #6367: Added Windows Media Center MCL information disclosure
- PR #6355: Added Joomla HTTP header exploit
- PR #6373: Added Joomla mixin
- Pro: MS-735: The application will no longer display an error when you attempt to import a target list that contains duplicate email addresses. Instead, the application will import the last entry in the CSV file for the duplicate email address.
Offline Update File
To download the offline file for this update, go to http://updates.metasploit.com/packages/e8ad1d648dd6c10da96e61c4ca43069570488f13. bin.
Upgrading after December 23, 2014
If you did not update to Metasploit 4.11.0 prior to December 23, 2014, you will need to read this handy blog from Eray Yilmaz to learn how to successfully update your Metasploit instance: HOTFIX: Metasploit Startup Issues After Upgrading to 4.11.0 (Update 2014122301). The standard method that you use to update Metasploit will not work if you are updating after December 23, so it is critical that you update Metasploit using the steps outlined in the blog.
How to Upgrade
To upgrade Metasploit Pro, go to the Administration menu and select the Software Updates option. To see how to upgrade your Metasploit installation, view this video.
PRO 4.11.5 updates to 4.11.5-2016010401