Acunetix Premium - v12.0.190515149

New Features

• Network Scanning via OpenVAS integration
• Introduced support for IPv6 domains (IPv6 addresses not supported yet)
• Dynamic resource allocation for when multiple scanners are started on the same machine
• Improved resource usage for string comparison functions
• Selenium scripts can now be used as import files

New Vulnerability Checks

• NEW check for Memcached Unauthorized Access Vulnerability
• NEW check for Redis Unauthorized Access Vulnerability
• NEW check for SAP ICF /sap/public/info sensitive information disclosure
• NEW check for SAP NetWeaver server info information disclosure
• NEW check for SAP NetWeaver ConfigServlet remote command execution
• NEW check for SAP Portal directory traversal vulnerability
• NEW check for SAP NetWeaver ipcpricing server side request forgery
• NEW check for SAP Management Console list logfiles
• NEW check for SAP Management Console get user list
• NEW check for SAP NetWeaver server info information disclosure
• NEW check for SAP Knowledge Management and Collaboration (KMC) incorrect permissions
• NEW check for SAP NetWeaver Java AS WD_CHAT information disclosure vulnerability
• NEW check for SAP weak/predictable user credentials
• NEW check for OpenCms Solr XML External Entity (XXE) vulnerability
• NEW check for Confluence Widget Connector SSTI
• New check for Ruby source code disclosure
• NEW check for Python source code disclosure
• Added new WordPress Core and WordPress Plugins vulnerability checks
• Added new Drupal Core vulnerability checks
• Added new Joomla Core vulnerability checks

Updates

• Multiple improvements to the detection of Blind SQL Injection
• Improved the Error Messages vulnerability check
• Improved the Adobe Experience Manager tests
• Improved detection of Java Deserialization and Mongo alert deduplication
• Improved detection of Rails accept file content disclosure
• Updated alert details for Oracle WebLogic Remote Code Execution via T3 (CVE-2018-3245)
• Improved detection of Confluence
• Improved PHP AcuSensor when used on nginx
• Improved detection of PHP code injection
• Updated Directory Traversal Check to make fewer requests
• Multiple improvements to DeepScan and the LSR
• Implemented support for WebSockets in LSR and Deepscan

Fixes

• Fixed a few crashes
• Fixed issue causing Postcrawl scripts to not be executed on folders
• Fixed: Custom cookies could be used twice when the application sets the same cookies
• Cookie processing now ignores leading . in domain
• Fixed issue with LSR when used on Internet Explorer
• Fixed issue with HTTP Authentication
• Fixed false positive in Struts_RCE_S2-052_CVE-2017-9805
• Fixed severity level for CSRF vulnerability check
• Fixed False Negative in Mercurial repository found check
• Fixed issue causing site structure not to be updated with locations identified by vulnerability scripts