Added a check for Open Flash Chart ‘ofc_upload_image.php’ Remote PHP Code Execution Vulnerability which affects various web applications including WordPress plugins, Joomla! components, piwik, and others
Added a script which checks for various known Drupal vulnerabilities (in Drupal modules and Drupal core)
Added a test for SFTP/FTP credentials exposure. Various SFTP/FTP clients are storing connection credentials in plain text files (such as sftp-config.json, recentservers.xml, etc.) that are later uploaded on the web server
Added a test for Parallels Plesk SSO (Single sign-on) XXE (XML External Entity) and XSS (Cross-Site Scripting) vulnerabilities
Added a test for systems running PHP versions < 5.5.12, 5.4.28 (multiple vulnerabilities fixed in these versions including the Heartbleed bug affecting PHP)
Added a test looking if the Elasticsearch service is accessible
Added a test for Elasticsearch remote code execution
Added a test for nginx SPDY heap buffer overflow (CVE-2014-0133)