An updated build for Acunetix WVS Version 6.5 has been released with a number of improvements, bug fixes, and most important of all, a good number of new security checks. New: New security checks of AcuSensor Technology curl_exec() url is controlled by user PHP preg_replace…
PHP "multipart/form-data" denial of service
PHP version 5.3.1 was just released. This release contains a patch for a denial of service condition we’ve reported some time ago. The problem is related with PHP’s handling of RFC 1867 (Form-based File Upload in HTML). When you send a POST request to a…
US Air Force uses Acunetix WVS to identify and mitigate web application vulnerabilities
The US Air Force’s mission is to fly, fight and win… in air, space and Cyberspace. US Air Force has an elite force defending people from millions of cyber attacks every day in their newest battlefield; Cyberspace. In a battle field, you’re always a target,…
Looking back at 2009 through SQL Injection goggles
The earliest public mention I could find of SQL Injection (‘piggybacking SQL statements’ as the author put it) was from someone who called himself Rain Forest Puppy (RFP). In 1998 RFP wrote an article for Phrack Magazine (Volume 9, Issue 54) in which he talks…
Sites Infected with Website Malware Every 3.6 Seconds
A lot of web sites out there have an array of vulnerabilities and your site could easily be one of them! A recent study based on the first six months of this year found that every 3.6 seconds a new web site is infected. That…
CubeCart 4 session management bypass leads to administrator access
Release Date: 2009/10/29 Author: Bogdan Calin (bogdan [at] acunetix [dot] com) Severity: Critical Vendor Status: Vendor has released an updated version Release Date : 2009/10/29 Author : Bogdan Calin (bogdan [at] acunetix [dot] com) Severity : Critical Vendor Status : Vendor has released an updated…
Acunetix WVS Version 6.5 build 20091027 released
An updated build for Acunetix WVS Version 6.5 has been released. It includes a number of bug fixes. Bug fixes: Fixed: Redirect on LoginSequenceStep was not followed correctly Fix in URL Rewrite module to remove GetVars before matching rules How to upgrade: On starting up…
Acunetix WVS Version 6.5 build 20091012 released
An updated build for Acunetix WVS Version 6.5 has been released with some bug fixes. Bug fixes: Fixed: Memory leak when invoking state change handler Fixed: Item index for an item which has just been inserted fails in the Browserframe Fixed: Error in indexing the…
Secure Password Recommendations and Research
You have a lot of things you try to keep secure, and some of them you simply have to put in other people’s hands because you can’t do it on our own (like your website *hint hint*). However, there are some things you do have…