On March 2, 2007 the following was posted on the WordPress blog: Long story short: If you downloaded WordPress 2.1.1 within the past 3-4 days, your files may include a security exploit that was added by a cracker, and you should upgrade all of your…
How XSS can lead to a Windows Domain compromise
Many times internal web applications are excluded from the scrutinity that external ones are subjected to. It is often assumed that attackers are on the external side of the network and therefore do not have access to any internal resources. In turn this usually leads…
Acunetix WVS Scripting reference available
With Acunetix WVS version 6, Acunetix introduced a Port Scanner and Network Alerts. When scanning a website, a port scan against the web server can be launched (optional) and once open ports are found specific network security tests are launched against the network service running…
SQL Injection in Mambo found with Acunetix AcuSensor Technology
This post shows how with Acunetix AcuSensor Technology improves scanning reliability by using sensors placed inside the web application being scanned. It also proves that with this technology, one can detect SQL injections in INSERT statements. Such vulnerabilities cannot be found using a typical web…
Facebook Worm on the Loose
A worm abusing Facebook‘s messaging system is making rounds between friends. It consists of an executable worm known as Koobface that runs on the victim’s computer and searches for Facebook cookies on his or her computer. It will then use these cookies to hijack an…
Acunetix releases Acunetix Web Vulnerability Scanner Version 6
We are proud to announce the launch of Acunetix Web Vulnerability Scanner Version 6. With this latest version, Acunetix is launching the new cutting edge AcuSensor Technology, which basically consists of application sensors that allow developers to identify many more vulnerabilities than when using a…
Acunetix Launches New Revolutionary Web Application Scanning Technology
Innovative AcuSensor Technology sets new standards in Web Vulnerability Scanning London, 29 October 2008 – Acunetix (www.acunetix.com), a pioneer on web application security scanning technology, has announced the release of the cutting edge AcuSensor Technology with the launch of version 6.0 of Acunetix Web Vulnerability Scanner,…
Running AcuSensor Injector on Windows Server 2008
If you try to run AcuSensor Injector on Windows Server 2008 you will receive the error “Error populating websites, Unknown error (0x80005000)”. AcuSensor Injector is using Active Directory Service Interfaces (ADSI) to construct a list of websites and virtual directories. ADSI is not available by…
Looking back at how Microsoft UK events website got hacked in 2007
Back in 2007, the partner event registration page of the Microsoft UK events website has been defaced by a hacker who managed to discover and exploit a web application vulnerability in one of the parameters used by the form on the website. Read more in…