Authors: Sandro Tolksdorf of usd AG. and h00die-gr3y [email protected]
Type: Auxiliary
Pull request: #19582 contributed by h00die-gr3y
Path: gather/acronis_cyber_protect_machine_info_disclosure
AttackerKB reference: CVE-2022-3405
Description: Adds an auxiliary module which exploits Sensitive information disclosure due to an improper authentication vulnerability in Acronis Cyber Protect 15 before build 29486 and Acronis Cyber Backup 12.5 before build 16545.
Authors: WackyH4cker and h00die
Type: Auxiliary
Pull request: #19654 contributed by h00die
Path: scanner/http/strapi_3_password_reset
AttackerKB reference: CVE-2019-18818
Description: Adds a module that lets you leverage the mishandling of a password reset request for Strapi CMS version 3.0.0-beta.17.4, which results in the ability to change the password of the admin user.
Authors: Florent Sicchio, Hugo Clout, and ostrichgolf
Type: Exploit
Pull request: #19531 contributed by ostrichgolf
Path: linux/http/projectsend_unauth_rce
Description: Adds a new exploit module targeting ProjectSend versions r1335 through r1605. The module exploits an improper authorization vulnerability, allowing unauthenticated RCE by manipulating the application's configuration settings.
Authors: David Batley, RageLtMan rageltman@sempervictus, Rick de Jager, Ryan Emmons, Simone Margaritelli, and Spencer McIntyre
Type: Exploit
Pull request: #19630 contributed by remmons-r7
Path: multi/misc/cups_ipp_remote_code_execution
AttackerKB reference: CVE-2024-47176
Description: This adds an exploit for CUPS, where a remote attacker can advertise a malicious printing service that when used will execute a command on the printing client.
smb_version
module to detect the host OS version when SMB 1 is disabled.None
You can find the latest Metasploit documentation on our docsite at docs.metasploit.com.
As always, you can update to the latest Metasploit Framework with msfupdate
and you can get more details on the changes since the last blog post from
GitHub:
If you are a git
user, you can clone the Metasploit Framework repo (master branch) for the latest.
To install fresh without using git, you can use the open-source-only Nightly Installers or the
commercial edition Metasploit Pro