Changelogs

Acunetix Standard & Premium

RSS Feed

v7.0.20110518 - 18 May 2011

Build v7.0.20110518 - 18th May 2011

Bug Fixes

  • Fixed where the Acusensor Technology files were updated incorrectly.
  • Fixed Access Violation when scan is stopped.
  • Fixed user interface incorrect behaviour.

v7.0.20110406 - 06 Apr 2011

Build v7.0.20110406 - 6th April 2011

New feature

  • AcuSensor details are now exported in the report as well.

Bug Fixes

  • Fixed a bug in cross domain check script.
  • Fixed 2 crashes in the scanner software.
  • Fixed a bug in DOM XSS security check.

v7.0.20110308 - 08 Mar 2011

Build v7.0.20110308 - 8th March 2011

New features

  • Acunetix WVS will parse SVN repositories file structure and crawl it automatically

New security checks

  • ClientAccessPolicy.xml and CrossDomain.xml security checks
  • Git repository security checks
  • Check if htaccess file is readable
  • Nginx PHP Code Execution via FastCGI
  • Nginx buffer underflow vulnerability
  • Nginx PHP FastCGI Code Execution File Upload.

Improvement

Bug fixes

  • Maximum directory depth value was not working properly
  • HTTP limitations were not respected from scripts
  • When scanning a domain with subdomains, in some cases multiple scans were created for the same subdomain
  • Properly handling of situations when a file redirects to itself from http to https.

v7.0.20110209 - 09 Feb 2011

Build v7.0.20110209 - 9th February 2011

New features

  • PCI 2.0 compliance report template
  • CWE/SANS top 25 complaince report template

Improvement

  • Input fields now support wildcards and priorities

Bug fix

  • Fixed: access violation in Client Script analyzer engine

v7.0.20110124 - 24 Jan 2011

Build v7.0.20110124- 24th January 2011

New features

  • New type of XSS test introduced (parameter was set to javascript:…)

Bug fixes

  • Fixed: Scanner crash when scanning https sites with client certificates.
  • Fixed: A number of particular checks were not performed when scanning from crawl results.
  • Fixed: Login Sequence Recorder: different user agent string was sent with XHR.
  • Fixed: Reports were not sent as attachments when scanning a list of URLs from the Scheduler.
  • Fixed: Fixed incorrect error message popup in scheduler “there is already a queue starting a that time when the queues were of different type”
  • Fixed: Crawler MaximumVariationCount was being ignored in the scanner settings.
  • Fixed: eval() security check moved from scanner to crawler.
  • Fixed: Aborting of analysis while executing events in CSA engine not always working.
  • Fixed: CSA engine “Worker already executing” exception.
  • Fixed: In XML or AVDL export CDATA content is no longer encoded.

v7.0.20101216 - 20 Dec 2010

Build v7.0.20101216- 20th December 2010

New features

  • DOM XSS will now report the filename in which the attack was executed
  • DOM XSS checks on document.open, window.open, window.navigate and more

Bug fixes

  • Fixed: Aborting analysis while executing events not always worked in CSA
  • Fixed: CSA engine crashing with “worker already executing” exception
  • Fixed: Crawler was not considering maximum number of variations in case of links from comments
  • Fixed: In some cases during a WSDL service scan, port address query params where not properly used
  • Fixed: False positive for ASP.NET padding oracle test
  • Bugfix: HTML parser; Fixed regex for extracting URLs from HTML comments

v7.0.20101206 - 06 Dec 2010

Build v7.0.20101206- 6th December 2010

New feature

  • Acunetix WVS automatically checks for

    DOM XSS vulnerabilities

Bug fixes

  • Fixed: Get First URL Only option not working correctly because it was still importing links from CSA engine
  • Fixed: “User credentials sent in clear text” was not being reported by crawler in certain circumstances
  • Fixed: Port was being specified in host header even if default ports were being used.

v7.0.20101123 - 23 Nov 2010

Build v7.0.20101123- 23th November 2010

Improvements

  • More updates to the Client Script Analyser (CSA) engine for better Web 2.0 support

Bug fixes

  • Fix: Added port in host header for https in manual browsing
  • Fixed: Crawler not serving pages to Client Script Analyzer engine on request if pages were already queued
  • Fixed: Compare results frame crashed if nodes are expanding while still comparing
  • Fixed: CanonicalizeLink was incorrectly interpreted “..” style links

v7.0.20101115 - 15 Nov 2010

Build v7.0.20101115- 15th November 2010

New features

  • Ability to stop individual running security scripts during a scan

Major Improvements

  • Introduced a good number of CSA engine improvements; better support of JQuery and Web 2.0 applications
  • Introduced a number of new XSS security checks

Bug fixes

  • Fixed: Memory leak in NTLM authentication
  • Fixed: Incorrect interpratation of links with leading “//”
  • Fixed: Access violation crashes in HTTP Sniffer for certain SSL websites

1 19 20 21 24