Note — This post applies to an older version of Acunetix
An updated build of Acunetix WVS Version 6.5 has been released with a number of new security checks, improvements and bug fixes.
New security checks:
- 8.3 DOS filename source code disclosure
- Apache Tomcat Directory Host Appbase authentication bypass vulnerability
- Apache Tomcat WAR File directory traversal vulnerability
- Apache stronghold-info enabled
- Apache stronghold-status enabled
- ColdFusion 9 Solr Service exposed
- Error page path disclosure
- Error page web server version disclosure
- File inclusion RFI list
- Checks for multiple vulnerabilities in XAMPP
- Server-Side Includes (SSI) injection on Unix
- Server-Side Includes (SSI) injection on Windows
- ASP.NET error messages when requesting URL like |.aspx
- Added more variants to FCKeditor arbitrary file upload
- Updated cross site scripting in path security checks
- Updated directory listing security checks
- Updated directory traversal on Unix security checks
- Updated file upload security checks
- Updated LDAP injection security checks
- Updated possible sensitive files security checks
- Updated XPath injection security checks
- Workaround for window.open used with NULL parameter
- Notify elements that they are unbidden
- Notify form if an input was removed
- Include select element values in submitted data
- Fixed: HttpProt was sending content length with CONNECT
- Fixed: Crawler didn’t consider post data for links from CSA engine; some where ignored
- Fixed: Login sequence recorder was sending requests synchronously
How to upgrade to build 20100203:
On starting up Acunetix WVS, a pop up window will automatically notify you that a more recent build is available for download. To download the latest build, navigate to General > Program Updates node in the Tools explorer, and click on Download and Install new build.
Click here for the complete Acunetix WVS change log.
Contact us on email@example.com for any technical queries, and on firstname.lastname@example.org for any sales queries.
Get the latest content on web security
in your inbox each week.