Acunetix 10 (build 20151125) has been released. This new build checks for insecure DNS records, insecure CORS configurations, Rails web applications running in development mode, web applications running Tornado and Pyramid in debug mode and various new and updated vulnerability checks including one for vBulletin 5 RCE. Below is the full list of updates.

New Features

  • Added a test looking for insecure CORS configurations.
  • Added a test looking for CVE-2014-7829 – Arbitrary file existence disclosure in Action Pack.
  • Added a test looking for Rails application running in development mode.
  • Added a test looking for CVE-2015-7808 vBulletin 5 PreAuth RCE.
  • Added a test looking for Insecure DNS records
  • Added a test looking for Spring Boot Actuator
  • Added a test looking for Tornado Debug mode
  • Added a test looking for Pyramid Debug mode
  • Implemented PHP object deserialization of user-supplied data
  • Added a test looking for older versions of the ZeroClipboard SWF library that are vulnerable to a cross-site scripting vulnerability.


  • Updated WordPress plugins and WordPress core checks.
  • Improved tests for possible sensitive directories and sensitive files.
  • Improved Apache Axis audit script.
  • Added a test for Java object deserialization of user-supplied data
  • Various improvements for XSS detection.
  • Improved HTML structural parser and added allow to robots.txt parser
  • Added support for WADL files when served using content-type application/vnd.sun.wadl+xml

Bug Fixes

  • Fixed crash cause during auto session detection.
  • Security fix for privilege escalation reported by security researcher Daniele Linguaglossa

How to Upgrade

If you are running Acunetix Web Vulnerability Scanner v10, you will be notified that a new build is available to download when you start the application. Navigate to the General > Program Updates node in the Tools explorer, click on Download and Install the new build.

If you are running Acunetix WVS v8 or v9, you should follow the upgrade instructions available in the “Upgrading from a previous version of Acunetix Web Vulnerability Scanner” in the Acunetix WVS user manual.

You can see the complete Acunetix WVS change log here. If you have any technical questions, feel free to email the Acunetix Support Team.

Nicholas Sciberras
Principal Program Manager
As the Principal Program Manager, Nicholas is passionate about IT security and technology at large. Prior to joining Acunetix in 2012, Nicholas spent 12 years at GFI Software, where he managed the email security and anti-spam product lines, led multiple customer service teams, and provided technical training.