Acunetix Premium - v11.0.173131028

New Features and Vulnerability Tests

• Added support for Selenium scripts as Target Import files
• Introduced various vulnerability checks for CMS Made Simple including:
  • PHP Remote File Inclusion (RFI) in version 0.10 (CVE-2005-2846)
  • SQL Injection in version 1.0.5 and earlier (CVE-2007-2473)
  • Directory Traversal in version 1.8.1 and earlier (CVE-2010-2797)
  • Web Server Cache Poisoning in versions 2.1.3 and earlier and 1.12.2 and earlier (CVE-2016-2784)
  • Cross Site Request Forgery (CSRF) in version 2.1.6 and earlier (CVE-2016-7904)
  • Cross Site Scripting (XSS) in version 2.1.6 and earlier (CVE-2017-6555)
  • Cross Site Scripting (XSS) in version 2.1.6 (CVE-2017-6556)
  • Local File Inclusion in version 2.1.6 and earlier

Improvements

• Various minor UI updates
• Improved handling of aborted scans for Targets with Continuous scanning enabled
• Increased Custom Cookie size limit from 512 bytes to 10Kb (2Kb for Acunetix Online)
• Added new email templates
• Email notification now indicates if a scan has failed
• Multiple minor updates to the reports
• Updated the Error Message script to show full JAVA error messages
• Tech Admin role can now create and alter Scan types.

Fixes

• Scan Comparison was incorrectly switching the order of the scans
• Scan Comparison was incorrectly comparing with Allowed host
• Fixed bug in the licensed user limit
• Fixed bug causing scans to fail when the LSR contains Unicode characters
• Multiple fixes in XML export
• Multiple fixes in F5 WAF rules export
• Fixed 2 minor security issues in web interface
• 2 fixes affecting incorrect vulnerability count in Dashboard
• Fixed the retesting of vulnerabilities for Targets requiring manual intervention
• Fixed the Targets page incorrectly showing that the Target is being scanned, when an ongoing scan is deleted.