The Rapid7 Metasploit development team discusses (and demonstrates!) ongoing Metasploit work and features during their bimonthly sprint meeting, including the following NEW modules:

* Pandora FMS Events Remote Command Execution (CVE-2020-13851)
* Plex Unpickle Dict Windows RCE (CVE-2020-5741)
* ZenTao Pro 8.8.2 Remote Code Execution (CVE-2020-7361)
* SAP Unauthenticated WebService User Creation (CVE-2020-6287)

Also included in this recording are demonstrations of all the above modules!!

And there’s some enhancements and bug fixes we cover, too!

Also, our new web app that we’ve been building called AttackerKB (Attacker Knowledge Base) is NOW IN OPEN BETA!!! AttackerKB is a new resource to highlight hacker community knowledge on which vulns matter most — and why! You can check out the site yourself at https://attackerkb.com! For more details, you can find our recent “Meet AttackerKB” post at https://blog.rapid7.com/.

See all the latest modules, PRs, Metasploit blogs, and contributors at https://metasploit.com.

source