Changelog v9.20140206
New Functionality in Acunetix Web Vulnerability Scanner v9
- Added a test for Joomla! JomSocial component < 3.1.0.1 – Remote code execution
- Added a test for a MediaWiki Remote Code Execution vulnerability affecting versions older than 1.22.2,1.21.5 and 1.19.11
- Added a test for Minify arbitrary file disclosure
- Added a test for Ektron CMS admin account takeover
- Added a test for Zabbix SQL injection vulnerability
- Added a test for IBM Web Content Manager XPath Injection
- Added a test for YUI library uploader.swf cross site scripting vulnerability. This library is included in many web applications, including vBulletin v4 and v5
- Added a test for Horde Remote Code Execution
- Added a test for Joomla! JCE Arbitrary File Upload
- Added a test for Oracle Reports vulnerabilities. These vulnerabilities allow an attacker to gain remote shell on the affected server
- Added a test for XXE vulnerabilities in OpenID implementations, which is able to detect XXE vulnerabilities similar to the one found on Facebook recently
- A knowledge base item is added each time a known web application is detected (e.g. WordPress web application was detected in directory /blog/)
- Scanning of WordPress sites has been made more efficient
- Improved coverage of ASP.NET based websites
- Improved XSS testing script
- Fixed bug in the pagination of the Scheduler Web Interface
- The Login Sequence Recorder was ignoring the maximum size HTTP option
- Fixed an issue causing the crawler to create multiple entries of the same custom cookie.
- Fixed a bug causing the HTTP sniffer to always listen on localhost
- Fixed a bug in the console application preventing scanning from older saved crawl results.
- Fixed a crash caused at start-up caused by the DeepScan agent not starting.
Post a Comment