This new release of Acunetix Web Vulnerability Scanner version 8 – build 20130308– includes a number of new security tests, most of which are product-specific, as well as various improvements in Cross-Site Scripting (XSS) checks and various bug fixes in the scan scheduler.

New Functionality

  • Added a test for Kayako Fusion v4.51.1891 – Multiple Web Vulnerabilities
  • Added various tests for Apache Tomcat
  • Added a test for CKEditor 4.0.1 Cross-Site Scripting vulnerability
  • Added a test for Moveable Type 4.x Unauthenticated Remote Command Execution
  • Implemented detection of Virtual Hosts on the target server
  • Implemented jQuery 1.9 support
  • Added a test for subversion 1.7 (.svn) repositories
  • Added a test for Parallels Plesk SQL Injection Vulnerability (CVE-2012-1557).
  • Implemented some tests looking for various Unicode transformation issues such as Best-Fit Mappings, Overlong byte sequences and Ill-Formed Sub-sequences
  • Added header input schemes for folders
  • Added identification of file names in input scheme parameter values. Any file names detected are subsequently crawled

Improvements

  • Various improvements to XSS tests
  • Improved Possible_Sensitive_Directories script
  • Improved jQuery attr() support
  • Improved Virtual Host Directory Listing test
  • The report of 404 – Page Not Found now instructs users to checks the Referrers tab for a list of pages linking to the broken link

Bug Fixes

  • Fixed a crash that occurs infrequently when configuring a scheduled scan
  • Fixed various minor issues in the scan scheduler

How to Upgrade

When you start Acunetix WVS 8, you will be notified that a new build is available to download. Navigate to the General > Program Updates node in the Tools explorer, click on Download and Install the new build.

You can see the complete Acunetix WVS change log here. If you have any technical questions, feel free to email the Acunetix Team on support@acunetix.com. If you have any sales related questions or are interested in becoming an Acunetix Reseller, email the Sales Team on sales@acunetix.com.

Make sure you keep up to date with the latest website security and Acunetix news by reading the Acunetix Blog, taking part on the Acunetix Facebook Page, and following us on Twitter.

SHARE THIS POST
THE AUTHOR
Nicholas Sciberras
Principal Program Manager
As the Principal Program Manager, Nicholas is passionate about IT security and technology at large. Prior to joining Acunetix in 2012, Nicholas spent 12 years at GFI Software, where he managed the email security and anti-spam product lines, led multiple customer service teams, and provided technical training.