Acunetix Premium - v10.0.20150921

New Features

• Added a new test looking for development configuration files such as Vagrantfile, Gemfile, Rakefile and others
• Added a test for Insecure response with wildcard '*' in Access-Control-Allow-Origin
• Added detection of Cross Site Scripting (XSS) in the mobile-touch event handlers
• Added a test for CVE-2015-5956 - Typo3 Core sanitizeLocalUrl() Non-Persistent Cross-Site Scripting
• Added a test looking for CVE-2015-5603: HipChat for JIRA plugin - Velocity Template Injection
• Added a test looking for vulnerable project dependencies by analyzing the contents of composer.lock
• Added a test for CVE-2015-5161 - XML eXternal Entity Injection (XXE) on PHP FPM (FastCGI Process Manager), affecting various versions of Zend Framework and ZendXML
• Added a test for CVE-2014-0114 – Class Loader Manipulation via Request Parameters affecting Apache Struts 1
• Added a test for CVE-2015-4670: Directory Traversal to Remote Code Execution in AjaxControlToolkit
• Added a test looking for sensitive files such as .mysql_history, .bash_history and others. Acunetix will verify the contents of these files to reduce false positives caused by custom 404s.

Improvements

• Updated database of WordPress core and plugin vulnerabilities.
• Added more checks for vulnerable JavaScript libraries.
• Improved WADL parsing to support more representation types.

Bug Fixes

• Fixed some false positives in JavaScript libraries audit.
• Fixed a false positive in File Inclusion script.
• Fixed an issue causing JSON and XML inputs not being checked for XSS.
• Fixed SSL audit bug that is triggered when server_name extension was not sent to the server during SSL negotiation.