Changelogs

Acunetix Standard & Premium

RSS Feed

v8.0.20120215 - 16 Feb 2012

Copy Link Copy Link
Build v8.0.20120215 – 16th February 2012 - NEW VERSION

New Features

  • Manipulation of inputs from URL’s
  • Automatic IIS 7 rewrite rule interpretation
  • Support for custom HTTP headers during automated scans
  • Imperva Web Application Firewall integration
  • Multiple instance support for scanning multiple websites in parallel
  • New web-based Scheduler
  • Automatic custom 404 error page recognition and detection
  • Scan settings templates
  • Simplified Scan Wizard
  • Smart memory management
  • Real-time Crawler status
  • Scan termination status included in report
  • Web application coverage report
  • Configuration of log files retention

New Vulnerability Classes Checks

New Web Security Audit Checks

  • Check website content for Bazaar source code repository
  • Check website content for Mercurial source code repository
  • Check website content for source code GIT repository
  • Disclosure of HTML Forms in redirect pages
  • Security audit of alternative PHP cache
  • Check for insecure preg replace in PHP
  • Apache httpOnly Cookie Disclosure
  • Elmah Information Disclosure
  • Checks for Options web server method
  • PHP Hash Collision Denial Of Service
  • Plone&Zope Remote Command Execution
  • Checks for Reverse Proxy bypass
  • CakePHP web application Audit
  • Web applications Configuration File Disclosure
  • phpThumb web application audit
  • Struts2 Remote Code Execution
  • Tiny MCE web application audit
  • Uploadify web application audit
  • Webmail web application audit

Improved the Web Security Audit Scripts for

  • SQL Injection
  • XSS (Cross site scripting)
  • Code Execution
  • CRLF Injection
  • Directory Traversal
  • File Inclusion
  • PHP Code Execution
  • Backup Files
  • Sensitive Text Search
  • Secure Socket Layer configuration
  • Error Messages
  • ASP.NET Application Trace
  • .htaccess File Configuration
  • Http Verb Tampering
  • PHPInfo / PHP Configuration
  • Possible Sensitive Directories Disclosure
  • Possible Sensitive Files Disclosure
  • SQL Injection In Basic Authentication
  • SQL Injection In URI
  • SVN Repository Disclosure
  • Trojan Scripts
  • File Upload Form Audits
  • Generic Oracle Padding
  • Web Form based Authentication
  • LDAP Injection
  • Script Source Code Disclosure
  • XFS and Redir
  • XPath Injection
  • Apache Geronimo Default Administrative Credentials
  • ColdFusion v9 Solr Exposed
  • Error Pages with Path Disclosure
  • Frontpage Authors Passwords
  • Frontpage Extensions Enabled
  • IIS Unicode Directory Traversal
  • JBoss Web Server Configuration
  • Unprotected phpMyAdmin Interface
  • Web Server Version Checks
  • XML External Entity Injection
  • FCKEditor security audit
  • Struts2 XWork Remote Code Execution

Improvements

  • Smart Memory management (ability to scan larger websites)
  • Detection of more web security vulnerability variants

v7.0.20111005 - 05 Oct 2011

Copy Link Copy Link
Build v7.0.20111005 - 5th October 2011

New Features

  • The Client Script Analyzer engine now supports jQuery, jQuery UI, and YUI Library
  • New URL Rewrite option: Match full URI. When enabled, a URL rewrite rule can be matched against the whole URI and not just the path

Improvements

  • Major AcuSensor improvements for PHP
  • Inclusion of more variables discovered by Acusensor during a scan

Bug Fixes

  • Login Sequence Recorder uses the specified Proxy settings correctly

v7.0.20110920 - 20 Sep 2011

Copy Link Copy Link
Build v7.0.20110920 - 20th September 2011

New Security Check

  • Security check for Apache httpd remote denial of service

Improvements

  • Firefox plugin now supports Firefox v.6
  • Inclusion of more variables discovered by Acusensor during a scan

Bug Fixes

  • Fixed HTTP verb tampering security checks with further reduction of false positives
  • Paths edited in HTTP Authentication settings node are being saved correctly
  • Actions menu is appearing correctly in the Small Business Edition

v7.0.20110823 - 23 Aug 2011

Copy Link Copy Link
Build v7.0.20110823 - 23rd August 2011

New Security Checks

  • Complex security check for Timthumb (detects WordPress installations and checks for vulnerable plugins and themes
  • Includes bruteforcing capabilites to look for plugins/themes that contain the Timthumb script
  • Security check for Sun/Oracle GlassFish Server Authentication Bypass (same check includes some additional checks for GlassFish)

Updates

  • Updated Firefox plugin to support Firefox 5

Bug Fix

  • Fixed an enumeration problem while parsing a WSDL with inputs that have a lot of possible values.

v7.0.20110711 - 17 Jul 2011

Copy Link Copy Link
Build v7.0.20110711 - 17th July 2011

New Feature

  • Included IMAGE tag with source in crawler for more detailed crawling data.

Improvements

  • Improved Cross-site scripting checks.
  • Introduced a number of improvements in the Client Script Analyzer (CSA) module for better Web 2.0 crawling.

Bug Fixes

  • Fixed crash in Login Sequence Recorder when accessing specific sites with frames.
  • Fixed Access Violation in fuzzer if XML filetype is selected and set an invalid filename.
  • Fixed issue when authenticating against websites using Digest and NTLM.
  • Fixed a file browser crash if visualizing file during scanning.
  • Fixed a crash when loading saved scans from specific websites.
  • Corrected interpretion of HTML encoding in Crawler.
  • Fixed Access Violation in Fuzzer

v7.0.20110518 - 18 May 2011

Copy Link Copy Link
Build v7.0.20110518 - 18th May 2011

Bug Fixes

  • Fixed where the Acusensor Technology files were updated incorrectly.
  • Fixed Access Violation when scan is stopped.
  • Fixed user interface incorrect behaviour.

v7.0.20110406 - 06 Apr 2011

Copy Link Copy Link
Build v7.0.20110406 - 6th April 2011

New feature

  • AcuSensor details are now exported in the report as well.

Bug Fixes

  • Fixed a bug in cross domain check script.
  • Fixed 2 crashes in the scanner software.
  • Fixed a bug in DOM XSS security check.

v7.0.20110308 - 08 Mar 2011

Copy Link Copy Link
Build v7.0.20110308 - 8th March 2011

New features

  • Acunetix WVS will parse SVN repositories file structure and crawl it automatically

New security checks

  • ClientAccessPolicy.xml and CrossDomain.xml security checks
  • Git repository security checks
  • Check if htaccess file is readable
  • Nginx PHP Code Execution via FastCGI
  • Nginx buffer underflow vulnerability
  • Nginx PHP FastCGI Code Execution File Upload.

Improvement

Bug fixes

  • Maximum directory depth value was not working properly
  • HTTP limitations were not respected from scripts
  • When scanning a domain with subdomains, in some cases multiple scans were created for the same subdomain
  • Properly handling of situations when a file redirects to itself from http to https.

v7.0.20110209 - 09 Feb 2011

Copy Link Copy Link
Build v7.0.20110209 - 9th February 2011

New features

  • PCI 2.0 compliance report template
  • CWE/SANS top 25 complaince report template

Improvement

  • Input fields now support wildcards and priorities

Bug fix

  • Fixed: access violation in Client Script analyzer engine
1 21 22 23 26