Acunetix Premium - v10.0.20151125

New Features

  • Added a test looking for insecure CORS configurations.
  • Added a test looking for CVE-2014-7829 – Arbitrary file existence disclosure in Action Pack.
  • Added a test looking for Rails application running in development mode.
  • Added a test looking for CVE-2015-7808 vBulletin 5 PreAuth RCE.
  • Added a test looking for Insecure DNS records
  • Added a test looking for Spring Boot Actuator
  • Added a test looking for Tornado Debug mode
  • Added a test looking for Pyramid Debug mode
  • Implemented PHP object deserialization of user-supplied data
  • Added a test looking for older versions of the ZeroClipboard SWF library that are vulnerable to a cross-site scripting vulnerability.

Improvements

  • Updated WordPress plugins and WordPress core checks.
  • Improved tests for possible sensitive directories and sensitive files.
  • Improved Apache Axis audit script.
  • Added a test for Java object deserialization of user-supplied data
  • Various improvements for XSS detection.
  • Improved HTML structural parser and added allow to robots.txt parser
  • Added support for WADL files when served using content-type application/vnd.sun.wadl+xml

Bug Fixes

  • Fixed crash cause during auto session detection.
  • Security fix for privilege escalation reported by security researcher Daniele Linguaglossa