Acunetix Premium - v10.0.20150921
- Added a new test looking for development configuration files such as Vagrantfile, Gemfile, Rakefile and others
- Added a test for Insecure response with wildcard '*' in Access-Control-Allow-Origin
- Added detection of Cross Site Scripting (XSS) in the mobile-touch event handlers
- Added a test for CVE-2015-5956 - Typo3 Core sanitizeLocalUrl() Non-Persistent Cross-Site Scripting
- Added a test looking for CVE-2015-5603: HipChat for JIRA plugin - Velocity Template Injection
- Added a test looking for vulnerable project dependencies by analyzing the contents of composer.lock
- Added a test for CVE-2015-5161 - XML eXternal Entity Injection (XXE) on PHP FPM (FastCGI Process Manager), affecting various versions of Zend Framework and ZendXML
- Added a test for CVE-2014-0114 – Class Loader Manipulation via Request Parameters affecting Apache Struts 1
- Added a test for CVE-2015-4670: Directory Traversal to Remote Code Execution in AjaxControlToolkit
- Added a test looking for sensitive files such as .mysql_history, .bash_history and others. Acunetix will verify the contents of these files to reduce false positives caused by custom 404s.
- Updated database of WordPress core and plugin vulnerabilities.
- Improved WADL parsing to support more representation types.
- Fixed a false positive in File Inclusion script.
- Fixed an issue causing JSON and XML inputs not being checked for XSS.
- Fixed SSL audit bug that is triggered when server_name extension was not sent to the server during SSL negotiation.