Last updated at Wed, 17 Jan 2024 22:07:38 GMT
Possible Web Service Removal
Metasploit has support for running with a local database, or from a remote web service which can be initialized with msfdb init --component webservice. Future versions of Metasploit Framework may remove the msfdb remote webservice. Users that leverage this functionality are invited to react on an issue currently on GitHub to inform the maintainers that the feature is used.
New module content (1)
ZoneMinder Snapshots Command Injection
Authors: UnblvR and whotwagner
Type: Exploit
Pull request: #18434 contributed by whotwagner
Path: unix/webapp/zoneminder_snapshots
Description: This PR adds an exploit module for an unauthenticated remote code execution vulnerability in the video surveillance software Zoneminder (CVE-2023-26035).
Enhancements and features (1)
- #18440 from adfoster-r7 - This alerts users that the remote web service will be removed. It prompts them to respond to an issue on GitHub if the removal will affect them.
Bugs fixed (1)
- #18532 from adfoster-r7 - Fixes db2 scanner module crashes.
Documentation added (1)
- #18524 from bradyjackson - Updates the
modules/payload/android/meterpreter/reverse_tcp.mdexample to use the correct flags when generating a payload.
You can always find more documentation on our docsite at docs.metasploit.com.
Get it
As always, you can update to the latest Metasploit Framework with msfupdate
and you can get more details on the changes since the last blog post from
GitHub:
If you are a git user, you can clone the Metasploit Framework repo (master branch) for the latest.
To install fresh without using git, you can use the open-source-only Nightly Installers or the
binary installers (which also include the commercial edition).
