releases

Acunetix Web Vulnerability Scanner Product Releases

docs & FAQs

Acunetix technical documentation and FAQ

news

Acunetix Company and Web Security news, & Press Releases

events

Acunetix Webinars, Events and Training around the world

web security zone

Everything you need to know about Web Security

Home » Archive by Author

Articles by

Latest Comparison Report from Larry Suto
February 8, 2010 – 5:43 pm | 16 Comments
Latest Comparison Report from Larry Suto

Last week, Larry Suto published a report entitled “Accuracy and Time Costs of Web Application Security Scanner Report”.  I’ve started to investigate in detail the results from this report. And I’ve found a list of …

e107 CMS system website compromised
January 27, 2010 – 5:19 pm | 9 Comments
e107 CMS system website compromised

As part of my job here at Acunetix, from time to time I analyze source code looking for security problems. Using this information I adjust Acunetix WVS to detect these problems automatically (when it’s possible).
Monday, …

Security is hard
January 22, 2010 – 3:29 pm | No Comment
Security is hard

The year debuted with ‘Operation Aurora‘: Google and over 30 other companies were hit by a spear phishing attack which resulted in theft of intellectual property from Google and probably other companies. Spear phishing is a targeted …

Statistics from the top 1,000,000 websites
January 12, 2010 – 2:00 pm | 7 Comments
Statistics from the top 1,000,000 websites

The next version of Acunetix Web Vulnerability Scanner (version 7), will contain a much more improved HTTP stack.   While testing, we wanted to test the new HTTP stack on as many sites as possible to …

AcuSensor, curl and Zen Cart
December 9, 2009 – 7:10 pm | 7 Comments
AcuSensor, curl and Zen Cart

Recently we’ve released a new build, build number 20091124. This build includes a new AcuSensor check named “curl_exec() url is controlled by user”. This new check will verify if the user can control the URL passed to curl_exec.
In …

PHP “multipart/form-data” denial of service
November 20, 2009 – 7:07 pm | 4 Comments

PHP version 5.3.1 was just released. This release contains a patch for a denial of service condition we’ve reported some time ago.
The problem is related with PHP’s handling of RFC 1867 (Form-based File Upload in …

CubeCart 4 session management bypass leads to administrator access
October 29, 2009 – 8:13 pm | 11 Comments
CubeCart 4 session management bypass leads to administrator access

Release Date: 2009/10/29
Author: Bogdan Calin (bogdan [at] acunetix [dot] com)
Severity: Critical
Vendor Status: Vendor has released an updated version
Release Date: 2009/10/29
Author: Bogdan Calin (bogdan [at] acunetix [dot] com)
Severity: Critical
Vendor Status: Vendor has released …

Statistics from 10,000 leaked Hotmail passwords
October 6, 2009 – 7:54 pm | 198 Comments

An anonymous user posted usernames and passwords for over 10,000 Windows Live Hotmail accounts to web site PasteBin.
PasteBin is currently down for maintenance but I managed to get a copy of the list and quickly …

Security risks associated with utf8_decode and XSS filters
August 14, 2009 – 9:49 pm | 4 Comments
Security risks associated with utf8_decode and XSS filters

BlackHat USA 2009; Eduardo Vela Nava (sirdarckcat) and David Lindsay presented a paper entitled “Our Favorite XSS Filters and How to Attack Them”. Very interesting paper, you should definitely take a look at it.
In this …

Drupal Local File Inclusion Vulnerability
February 27, 2009 – 4:15 pm | 4 Comments
Drupal Local File Inclusion Vulnerability

I was testing our scanner (with AcuSensor enabled) on Drupal (http://www.drupal.org) and the scanner found a possible File Inclusion vulnerability.

As you can see from the screenshot above, the GET variable q was set to start/../../xxx\..\..\end …