Acunetix Web Vulnerability Scanner Version 9 - Web Application Security Testing Tool
Acunetix Web Vulnerability Scanner (WVS) is an automated web application security testing tool that audits your web applications by checking for exploitable hacking vulnerabilities. Automated scans may be supplemented and cross-checked with the variety of manual tools to allow for comprehensive web site and web application penetration testing.
Changelog v9.20140206
New Functionality in Acunetix Web Vulnerability Scanner v9
- Added a test for Joomla! JomSocial component < 3.1.0.1 – Remote code execution
- Added a test for a MediaWiki Remote Code Execution vulnerability affecting versions older than 1.22.2,1.21.5 and 1.19.11
- Added a test for Minify arbitrary file disclosure
- Added a test for Ektron CMS admin account takeover
- Added a test for Zabbix SQL injection vulnerability
- Added a test for IBM Web Content Manager XPath Injection
- Added a test for YUI library uploader.swf cross site scripting vulnerability. This library is included in many web applications, including vBulletin v4 and v5
- Added a test for Horde Remote Code Execution
- Added a test for Joomla! JCE Arbitrary File Upload
- Added a test for Oracle Reports vulnerabilities. These vulnerabilities allow an attacker to gain remote shell on the affected server
- Added a test for XXE vulnerabilities in OpenID implementations, which is able to detect XXE vulnerabilities similar to the one found on Facebook recently
- A knowledge base item is added each time a known web application is detected (e.g. WordPress web application was detected in directory /blog/)
Improvements
- Scanning of WordPress sites has been made more efficient
- Improved coverage of ASP.NET based websites
- Improved XSS testing script
Bug Fixes
- Fixed bug in the pagination of the Scheduler Web Interface
- The Login Sequence Recorder was ignoring the maximum size HTTP option
- Fixed an issue causing the crawler to create multiple entries of the same custom cookie.
- Fixed a bug causing the HTTP sniffer to always listen on localhost
- Fixed a bug in the console application preventing scanning from older saved crawl results.
- Fixed a crash caused at start-up caused by the DeepScan agent not starting.