Identify the Heartbleed Bug with Acunetix Vulnerability Scanner

Latest Acunetix release scans for Heartbleed Bug

Yesterday, an update has been released for Acunetix Vulnerability Scanner which includes a test for a critical OpenSSL vulnerability named The Heartbleed Bug (CVE-2014-0160). Quote from the report: The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software … [+]

Automatic detection of XXE vulnerabilities in OpenID implementations using Acunetix AcuMonitor

Automatic detection of XXE vulnerabilities in OpenID implementations using Acunetix AcuMonitor

Reginaldo Silva recently uncovered a very interesting bug affecting Facebook (and received $33,500 for this discovery). The bug is caused by improper handling of XML documents in OpenID implementations causing XML External Entity Expansion vulnerabilities. He mentioned in his article … [+]

New security tests added to Acunetix Web Vulnerability Scanner

New Security Checks Added to Acunetix Web Vulnerability Scanner

The latest build of Acunetix Web Vulnerability Scanner includes a lot of changes and new security tests. Here is a short summary of the most interesting tests we’ve just added. 1. Vulnerable JavaScript libraries Acunetix Web Vulnerability Scanner can now identify … [+]

Latest WVS v9 build with new DOM XSS checks that can be injected in HTTP GET parameters

Latest Improvements in the Detection of DOM XSS Vulnerabilities

The latest build of Acunetix Web Vulnerability Scanner (Build 20131023) released yesterday, contains important improvements in the detection of DOM XSS vulnerabilities. Our DeepScan technology was also further strengthened in this build. Take the following piece of code for example: … [+]

Critical vulnerabilities discovered in Gazelle and TBDEV.net

Critical vulnerabilities discovered in Gazelle and TBDEV.net

Gazelle and TBDEV.NET are the most popular web applications used as BitTorrent trackers. A BitTorrent tracker is an application that assists in the communication between peers using the BitTorrent protocol. BitTorrent trackers can be public/open where anybody can join or … [+]

Server Side Request Forgery Vulnerability

Server Side Request Forgery Vulnerability

What is Server Side Request Forgery (SSRF)? Server Side Request Forgery (SSRF) is a vulnerability that appears when an attacker has the ability to create requests from the vulnerable server. Usually, Server Side Request Forgery (SSRF) attacks target internal systems … [+]

Automated Detection of Host Header Attacks

Automated Detection of Host Header Attacks

Automated scanning for certain classes of vulnerabilities is now possible with AcuMonitor, a service available for Acunetix Web Vulnerability Scanner version 9. One of these new classes of vulnerabilities is Host Header attacks. To display the contents of a website, … [+]

Detect Email Header Injection Vulnerabilities with Acunetix WVS v9

Email Header Injection Web Vulnerability

What is Email Header Injection? Email Header Injection is a web security vulnerability exploited by spammers to send email anonymously. It occurs in web applications that do not properly sanitize user input when preparing and sending email messages. Email Header … [+]

XML External Entity (XXE) Vulnerabilities

XML External Entity (XXE) Vulnerabilities

The XML standard defines a concept of an external general parsed entity (also shortened to external entity) that can access local or remote content via a declared system identifier. During XML parsing, the XML processor will replace such entities with … [+]

Known vulnerabilities found in popular WordPress plugins

WordPress Caching Plugins Remote PHP Code Execution

Two very popular WordPress caching plugins: WP Super Cache (4,373,811 downloads) and W3 Total Cache (1,975,480 downloads) have been affected by a vulnerability that allows remote users to execute arbitrary PHP code. The affected versions are: WP Super Cache (version 1.2 and below, … [+]