Acunetix Web Vulnerability Scanner v9, build 20140206 includes several new tests for vulnerabilities on well-known web applications

Acunetix Web Vulnerability Scanner version 9, build 20140206 is able to scan WordPress more efficiently, and includes various new checks for vulnerabilities in well-known systems such as MediaWiki, IBM Web Content Manager, Joomla! and Oracle.

New Functionality in Acunetix Web Vulnerability Scanner v9

• Added a test for Joomla! JomSocial component < 3.1.0.1 – Remote code execution
• Added a test for a MediaWiki Remote Code Execution vulnerability affecting versions older than 1.22.2,1.21.5 and 1.19.11
• Added a test for Minify arbitrary file disclosure 
• Added a test for Ektron CMS admin account takeover
• Added a test for Zabbix SQL injection vulnerability
• Added a test for IBM Web Content Manager XPath Injection
• Added a test for YUI library uploader.swf cross site scripting vulnerability. This library is included in many web applications, including vBulletin v4 and v5
• Added a test for Horde Remote Code Execution
• Added a test for Joomla! JCE Arbitrary File Upload
• Added a test for Oracle Reports vulnerabilities. These vulnerabilities allow an attacker to gain remote shell on the affected server
• Added a test for XXE vulnerabilities in OpenID implementations, which is able to detect XXE vulnerabilities similar to the one found on Facebook recently
• A knowledge base item is added each time a known web application is detected (e.g. WordPress web application was detected in directory /blog/)

Improvements

• Scanning of WordPress sites has been made more efficient
• Improved coverage of ASP.NET based websites
• Improved XSS testing script

Bug Fixes

• Fixed bug in the pagination of the Scheduler Web Interface
• The Login Sequence Recorder was ignoring the maximum size HTTP option
• Fixed an issue causing the crawler to create multiple entries of the same custom cookie.
• Fixed a bug causing the HTTP sniffer to always listen on localhost
• Fixed a bug in the console application preventing scanning from older saved crawl results.
• Fixed a crash caused at start-up caused by the DeepScan agent not starting.

How to Upgrade

If you are running Acunetix Web Vulnerability Scanner v9, you will be notified that a new build is available to download when you start the application. Navigate to the General > Program Updates node in the Tools explorer, click on Download and Install the new build.

If you are running Acunetix WVS 8, you should follow the upgrade instructions available in the “Upgrading from a previous version of Acunetix Web Vulnerability Scanner” in the Acunetix WVS user manual.

You can see the complete Acunetix WVS change log here.

THE AUTHOR

Nicholas Sciberras
Principal Program Manager
LinkedIn

As the Principal Program Manager, Nicholas is passionate about IT security and technology at large. Prior to joining Acunetix in 2012, Nicholas spent 12 years at GFI Software, where he managed the email security and anti-spam product lines, led multiple customer service teams, and provided technical training.