releases

Acunetix Web Vulnerability Scanner Product Releases

docs & FAQs

Acunetix technical documentation and FAQ

news

Acunetix Company and Web Security news, & Press Releases

events

Acunetix Webinars, Events and Training around the world

web security zone

Everything you need to know about Web Security

Home » Archive by Category

Articles in news

PHP “multipart/form-data” denial of service
November 20, 2009 – 7:07 pm | 4 Comments

PHP version 5.3.1 was just released. This release contains a patch for a denial of service condition we’ve reported some time ago.
The problem is related with PHP’s handling of RFC 1867 (Form-based File Upload in …

US Air Force uses Acunetix WVS to identify and mitigate web application vulnerabilities
November 16, 2009 – 7:03 pm | 4 Comments

The US Air Force’s mission is to fly, fight and win… in air, space and Cyberspace.  US Air Force has an elite force defending people from millions of cyber attacks every day in their newest …

Looking back at 2009 through SQL Injection goggles
November 11, 2009 – 8:00 pm | 4 Comments
Looking back at 2009 through SQL Injection goggles

The earliest public mention I could find of SQL Injection (‘piggybacking SQL statements’ as the author put it) was from someone who called himself Rain Forest Puppy (RFP). In 1998 RFP wrote an article for …

CubeCart 4 session management bypass leads to administrator access
October 29, 2009 – 8:13 pm | 11 Comments
CubeCart 4 session management bypass leads to administrator access

Release Date: 2009/10/29
Author: Bogdan Calin (bogdan [at] acunetix [dot] com)
Severity: Critical
Vendor Status: Vendor has released an updated version
Release Date: 2009/10/29
Author: Bogdan Calin (bogdan [at] acunetix [dot] com)
Severity: Critical
Vendor Status: Vendor has released …

Statistics from 10,000 leaked Hotmail passwords
October 6, 2009 – 7:54 pm | 198 Comments

An anonymous user posted usernames and passwords for over 10,000 Windows Live Hotmail accounts to web site PasteBin.
PasteBin is currently down for maintenance but I managed to get a copy of the list and quickly …

SQL injection used in the largest data security breach in U.S. history to date
August 20, 2009 – 8:32 pm | 6 Comments

Three men, responsible for the largest data security breach in U.S. history, stole 130 million credit and debit card numbers from five leading companies.  They took advantage of a coding error, and allegedly used a …

2 of SANS’s top 25 most dangerous programming errors led to more than 1.5 million website security breaches in 2008
July 14, 2009 – 4:50 pm | 2 Comments

Earlier on this year, a report from SANS institute showed that two of the twenty five most dangerous programming errors, led to more than 1.5 million website security breaches in 2008.  The report is a …

Every website is a target; hacktivism
June 25, 2009 – 7:42 pm | No Comment

As stated in previous blog posts, hackers don’t just hack websites to steal online databases and credit card details.  Hacktivism, where innocent websites are defaced from malicious users to transmit their political view or opinion, …

U.S. Dept. of Defence publishes attack details of two successful U.S. Army web servers breaches
June 1, 2009 – 9:24 pm | No Comment

Department of Defence and other investigators, are investigating two U.S. Army web server breaches which were never publicly disclosed.
On 19th September 2007, and 26th January 2008, a Turkish hacker group known as “m0sted” successfully probed …

Acunetix on Twitter
May 29, 2009 – 9:56 pm | 2 Comments

We have created a twitter account for Acunetix. We plan to use this for announcements, as well as product release notifications.
Follow us on Twitter http://www.twitter.com/acunetix