Misleading Reports of 0-Day in Acunetix WVS

Reports of a 0-day vulnerability in Acunetix Web Vulnerability Scanner turn out to affect only an old version from 2012 which was subsequently fixed. A blog post has recently come to our attention that claims a successful attack against Acunetix v8 (build 20120704), and in the process “reveal[ed] a new vulnerability”. We want to make […]

Read More →

WordPress Caching Plugins Remote PHP Code Execution

Two very popular WordPress caching plugins: WP Super Cache (4,373,811 downloads) and W3 Total Cache (1,975,480 downloads) have been affected by a vulnerability that allows remote users to execute arbitrary PHP code. The affected versions are: WP Super Cache (version 1.2 and below,  version 1.3.x and up are OK) W3 Total Cache (version 0.9.2.8 and below, version 0.9.2.9 is […]

Read More →

New WordPress Checks in Acunetix Web Vulnerability Scanner v8 build 20130416

This new release of Acunetix Web Vulnerability Scanner version 8, build 20130416, includes new and improved vulnerability checks which target WordPress installations, web applications hosted on Amazon S3, various other web applications. New Functionality Added a test that enumerates valid WordPress usernames using various techniques. Added a test for weak WordPress passwords for the usernames […]

Read More →

Acunetix WVS Update 20130308 – New Security Tests

Apart from the usual bug fixes / new functionality, each Acunetix WVS update generally includes new vulnerability tests or an improvement to existing checks. In this post, I would like to summarize the new security tests added in the latest Acunetix WVS update. Unicode Transformation Issues This new security test is looking for issues that […]

Read More →

Unable to Download Error Whilst Trying to Update Acunetix WVS

Symptoms When trying to update the latest build from Acunetix WVS, you encounter the following error: Unable to download http://www.acunetix.com/download/ fullver8/2013_03_08_01_webvulnscan8.exe. Try again later. More Information Acunetix has recently changed its update mechanism to a new and secure product download system. This update has been implemented in build 20130205. Starting from 8 March 2013, old […]

Read More →

WordPress Pingback Vulnerability

Recently somebody posted on Reddit about a WordPress scanner that is taking advantage of a new WordPress vulnerability. The vulnerability is abusing the Pingback system, which is a well-known feature that’s used by a lot of bloggers. What is a Pingback? Quoting Wikipedia: A pingback is one of three types of linkbacks, methods for Web […]

Read More →