Last updated at Wed, 17 Jan 2024 22:07:38 GMT
Possible Web Service Removal
Metasploit has support for running with a local database, or from a remote web service which can be initialized with
msfdb init --component webservice. Future versions of Metasploit Framework may remove the msfdb remote webservice. Users that leverage this functionality are invited to react on an issue currently on GitHub to inform the maintainers that the feature is used.
New module content (1)
ZoneMinder Snapshots Command Injection
Description: This PR adds an exploit module for an unauthenticated remote code execution vulnerability in the video surveillance software Zoneminder (CVE-2023-26035).
Enhancements and features (1)
- #18440 from adfoster-r7 - This alerts users that the remote web service will be removed. It prompts them to respond to an issue on GitHub if the removal will affect them.
Bugs fixed (1)
Documentation added (1)
- #18524 from bradyjackson - Updates the
modules/payload/android/meterpreter/reverse_tcp.mdexample to use the correct flags when generating a payload.
You can always find more documentation on our docsite at docs.metasploit.com.
As always, you can update to the latest Metasploit Framework with
and you can get more details on the changes since the last blog post from
If you are a
git user, you can clone the Metasploit Framework repo (master branch) for the latest.
To install fresh without using git, you can use the open-source-only Nightly Installers or the
binary installers (which also include the commercial edition).