v8.0.20120423 - 23 Apr 2012
Copy Link
Copy Link
Build v8.0.20120423 – 23rd April 2012
New Feature
- Automatic verification of discovered web vulnerabilities.
v8.0.20120326 - 26 Mar 2012
Copy Link
Copy Link
Build v8.0.20120326 – 26th March 2012
New Security Checks
- Acunetix WVS 8 runs security tests for Joomla 1.6.x/1.7.x/2.5.x Privilege Escalation
- Acunetix WVS 8 provides security tests Joomla 1.7/2.5 Core SQL Injection
Improvements
- More advanced security checks for MongoDB and Rails Mass Assignment.
Bug Fixes
- The crash in the Login Sequence Recorder has been fixed.
- The Login Sequence Recorder is accurately parsing websites which send back GZIP encoded content, even if it was not specified in the Accept-Encoding header.
- The Acunetix Reporter has improved the handling of missing scans reports.
- The Acunetix Reporter Console supports spaces within the specified parameters.
- The Acunetix Reporter accepts longer input names.
v8.0.20120305 - 07 Mar 2012
Copy Link
Copy Link
Build v8.0.20120305 – 07th March 2012
New Security Checks
- Scanning of Web Statistics Software Applications such as AWStats and Webalizer. Acunetix WVS crawls the result pages of your website(s) statistics software application and notifies you if sensitive data is disclosed in such pages.
- Automatic checks for ASP Code injection vulnerability.
- Further security checks for SQLite Databases.
- Security checks for Rails Mass Assignment.
New Features
- Ability to stop the website crawling and proceed with the scan at anytime.
- Posibility to choose a scan report template that you would like to use when scheduling a scan.
Improvements
- Scripts are being executed faster thus the scans are taking less time to complete.
- Improved security scripts for Blind SQL injection, Remote File Inclusion XSS, File Inclusion and Directory Traversal.
- If a variant check for a specific vulnerability times out, the next variant checks assigned for that type of vulnerability will be launched automatically.
Bug fixes
- Crawler: input encoding was not correct for _EVENTTARGET = and /
- Ansi string was not working correctly when using specific languages other than English.
v8.0.20120215 - 16 Feb 2012
Copy Link
Copy Link
Build v8.0.20120215 – 16th February 2012 - NEW VERSION
New Features
- Manipulation of inputs from URL’s
- Automatic IIS 7 rewrite rule interpretation
- Support for custom HTTP headers during automated scans
- Imperva Web Application Firewall integration
- Multiple instance support for scanning multiple websites in parallel
- New web-based Scheduler
- Automatic custom 404 error page recognition and detection
- Scan settings templates
- Simplified Scan Wizard
- Smart memory management
- Real-time Crawler status
- Scan termination status included in report
- Web application coverage report
- Configuration of log files retention
New Vulnerability Classes Checks
- HTTP Parameter Pollution
- MongoDB Injection
- NodeJs Injection
- Expression Language Injection
New Web Security Audit Checks
- Check website content for Bazaar source code repository
- Check website content for Mercurial source code repository
- Check website content for source code GIT repository
- Disclosure of HTML Forms in redirect pages
- Security audit of alternative PHP cache
- Check for insecure preg replace in PHP
- Apache httpOnly Cookie Disclosure
- Elmah Information Disclosure
- Checks for Options web server method
- PHP Hash Collision Denial Of Service
- Plone&Zope Remote Command Execution
- Checks for Reverse Proxy bypass
- CakePHP web application Audit
- Web applications Configuration File Disclosure
- phpThumb web application audit
- Struts2 Remote Code Execution
- Tiny MCE web application audit
- Uploadify web application audit
- Webmail web application audit
Improved the Web Security Audit Scripts for
- SQL Injection
- XSS (Cross site scripting)
- Code Execution
- CRLF Injection
- Directory Traversal
- File Inclusion
- PHP Code Execution
- Backup Files
- Sensitive Text Search
- Secure Socket Layer configuration
- Error Messages
- ASP.NET Application Trace
- .htaccess File Configuration
- Http Verb Tampering
- PHPInfo / PHP Configuration
- Possible Sensitive Directories Disclosure
- Possible Sensitive Files Disclosure
- SQL Injection In Basic Authentication
- SQL Injection In URI
- SVN Repository Disclosure
- Trojan Scripts
- File Upload Form Audits
- Generic Oracle Padding
- Web Form based Authentication
- LDAP Injection
- Script Source Code Disclosure
- XFS and Redir
- XPath Injection
- Apache Geronimo Default Administrative Credentials
- ColdFusion v9 Solr Exposed
- Error Pages with Path Disclosure
- Frontpage Authors Passwords
- Frontpage Extensions Enabled
- IIS Unicode Directory Traversal
- JBoss Web Server Configuration
- Unprotected phpMyAdmin Interface
- Web Server Version Checks
- XML External Entity Injection
- FCKEditor security audit
- Struts2 XWork Remote Code Execution
Improvements
- Smart Memory management (ability to scan larger websites)
- Detection of more web security vulnerability variants
v7.0.20111005 - 05 Oct 2011
Copy Link
Copy Link
Build v7.0.20111005 - 5th October 2011
New Features
- The Client Script Analyzer engine now supports jQuery, jQuery UI, and YUI Library
- New URL Rewrite option: Match full URI. When enabled, a URL rewrite rule can be matched against the whole URI and not just the path
Improvements
- Major AcuSensor improvements for PHP
- Inclusion of more variables discovered by Acusensor during a scan
Bug Fixes
- Login Sequence Recorder uses the specified Proxy settings correctly
v7.0.20110920 - 20 Sep 2011
Copy Link
Copy Link
Build v7.0.20110920 - 20th September 2011
New Security Check
- Security check for Apache httpd remote denial of service
Improvements
- Firefox plugin now supports Firefox v.6
- Inclusion of more variables discovered by Acusensor during a scan
Bug Fixes
- Fixed HTTP verb tampering security checks with further reduction of false positives
- Paths edited in HTTP Authentication settings node are being saved correctly
- Actions menu is appearing correctly in the Small Business Edition
v7.0.20110823 - 23 Aug 2011
Copy Link
Copy Link
Build v7.0.20110823 - 23rd August 2011
New Security Checks
- Complex security check for Timthumb (detects WordPress installations and checks for vulnerable plugins and themes
- Includes bruteforcing capabilites to look for plugins/themes that contain the Timthumb script
- Security check for Sun/Oracle GlassFish Server Authentication Bypass (same check includes some additional checks for GlassFish)
Updates
- Updated Firefox plugin to support Firefox 5
Bug Fix
- Fixed an enumeration problem while parsing a WSDL with inputs that have a lot of possible values.
v7.0.20110711 - 17 Jul 2011
Copy Link
Copy Link
Build v7.0.20110711 - 17th July 2011
New Feature
- Included IMAGE tag with source in crawler for more detailed crawling data.
Improvements
- Improved Cross-site scripting checks.
- Introduced a number of improvements in the Client Script Analyzer (CSA) module for better Web 2.0 crawling.
Bug Fixes
- Fixed crash in Login Sequence Recorder when accessing specific sites with frames.
- Fixed Access Violation in fuzzer if XML filetype is selected and set an invalid filename.
- Fixed issue when authenticating against websites using Digest and NTLM.
- Fixed a file browser crash if visualizing file during scanning.
- Fixed a crash when loading saved scans from specific websites.
- Corrected interpretion of HTML encoding in Crawler.
- Fixed Access Violation in Fuzzer
v7.0.20110518 - 18 May 2011
Copy Link
Copy Link
Build v7.0.20110518 - 18th May 2011
Bug Fixes
- Fixed where the Acusensor Technology files were updated incorrectly.
- Fixed Access Violation when scan is stopped.
- Fixed user interface incorrect behaviour.