Fixed
Pro: Fixed an error when importing results from Nexpose.
Pro: Fixed an error being shown to the user when visiting multiple pages without logging out.
Pro: Fixed a
User must existerror message appearing when using thepro_exploitcommand in themsfpro.PR 19209 - Updates multiple file format exploits to show the default settings to users when running
show options.PR 19211 - Fixes an issue were the database management logic would default a model's
updated_atvalue to incorrectly be set to thecreated_atvalue.PR 19227 - Fixed an issue in
Moodle::Login.moodle_loginthat reported a false negative when logging in with user's credentials.
Modules
PR 18646 - Add osx aarch64 exec payload.
PR 18652 - Add osx aarch64 shell reverse tcp payload.
PR 18776 - Add osx aarch64 bind tcp payload.
PR 19103 - This adds an unauthenticated directory traversal and a SQLi exploit against the Jasmin ransomware web panel.
PR 19150 - Unauthenticated Command Injection Module for Progress Flowmon CVE-2024-2389.
PR 19151 - Privilege escalation module for Progress Flowmon unpatched feature.
PR 19208 - This adds an exploit module that leverages a vulnerability in the WordPress Hash Form – Drag & Drop Form Builder plugin (CVE-2024-5084) to achieve remote code execution. Versions up to and including 1.1.0 are vulnerable. This allows unauthenticated attackers to upload arbitrary files, including PHP scripts, due to missing file type validation in the
file_upload_actionfunction.