Changelogs

Acunetix Standard & Premium

RSS Feed

v6.5.20100601 - 19 Apr 2010

Copy Link Copy Link
Build v6.5.20100601 - 19th April 2010

New Feature

  • Added OWASP top 10 2010 report template

Bug Fix

  • Fixed: Proxy crashes when processing some specific SSL traffic

v6.5.20100419 - 19 Apr 2010

Copy Link Copy Link
Build v6.5.20100419 - 19th April 2010

Bug Fix

  • Fixed: Access violation when the application exits

v6.5.20100407 - 07 Apr 2010

Copy Link Copy Link
Build v6.5.20100407 - 7th April 2010

Bug Fixes

  • Fixed: Login Sequence Recorder was not using client certificates when recording a login sequence
  • Fixed: Login Sequence Recorder was not using the configured User Agent string
  • Fixed: HTTP Sniffer was not handling some specific web authentication properly

v6.5.20100303 - 03 Mar 2010

Copy Link Copy Link
Build v6.5.20100303 - 3rd March 2010

New feature

  • Added a new option to export results to HTTP Fuzzer

New Security Checks

  • Test for XML External Entity Injection
  • Test for XML Injection

Improvements

  • Improved directory traversal vulnerability check
  • Improved Cross-site Scripting (XSS) vulnerability checks

Bug Fixes

  • Fixed: access violation when the application exists
  • Fixed: access violation when protocol was terminated in NotifyCaller function in LSR
  • Fixed: AbortVulnXML OnFirstAlert was not imported from settings
  • Fixed: Form values were not encoded correctly when submitted from JavaScript (CSA engine)

v6.5.20100210 - 10 Feb 2010

Copy Link Copy Link
Build v6.5.20100210 - 10th February 2010

New security check

  • Test for Cross Site Scripting in the Referrer header

Improvement

  • Acunetix Firefox extension now supports latest Firefox release

Bug Fixes

  • Crawler: Html decode form inputs before usage
  • Fixed an infinite recursion when crawler reported an external link from the same host but on a different port
  • Fixed an issue with the crawler with parsing robots.txt file
  • Web Services scanner: Fixed parsing of WSDL files with attributes

v6.5.20100203 - 03 Feb 2010

Copy Link Copy Link
Build v6.5.20100203 - 3rd February 2010

New security checks

  • 8.3 DOS filename source code disclosure
  • Apache Tomcat Directory Host Appbase authentication bypass vulnerability
  • Apache Tomcat WAR File directory traversal vulnerability
  • Apache stronghold-info enabled
  • Apache stronghold-status enabled
  • ColdFusion 9 Solr Service exposed
  • Error page path disclosure
  • Error page web server version disclosure
  • File inclusion RFI list
  • Checks for multiple vulnerabilities in XAMPP
  • Server-Side Includes (SSI) injection on Unix
  • Server-Side Includes (SSI) injection on Windows
  • ASP.NET error messages when requesting URL like |.aspx

Improvements

  • Added more variants to FCKeditor arbitrary file upload
  • Updated cross site scripting in path security checks
  • Updated directory listing security checks
  • Updated directory traversal on Unix security checks
  • Updated file upload security checks
  • Updated LDAP injection security checks
  • Updated possible sensitive files security checks
  • Updated XPath injection security checks

Bug Fixes

  • Workaround for window.open used with NULL parameter
  • Notify elements that they are unbidden
  • Notify form if an input was removed
  • Include select element values in submitted data
  • Fixed: HttpProt was sending content length with CONNECT
  • Fixed: Crawler didn’t consider post data for links from CSA engine; some where ignored
  • Fixed: Login sequence recorder was sending requests synchronously

v6.5.20100111 - 11 Jan 2010

Copy Link Copy Link
Build v6.5.20100111 - 11th January 2010

New security checks

  • Test for File Upload IIS bug filename.asp;.jpg
  • Test for WP-Forum 2.3 vulnerabilities
  • JBoss rmi ping (network script)

Bug Fixes

  • Bugfix: Modified forms notifications from CSA
  • Bugfix: CSA: Workaround for window.open with null parameters
  • Fixed: In some specific scenarios the scheduler queue was restarting on its own
  • Fixed: Node was not expanding automatically when manually adding a new logout link in the LSR

v6.5.20091215 - 15 Dec 2009

Copy Link Copy Link
Build v6.5.20091215 - 15th December 2009

New security checks

  • JBoss BSHDeployer MBean
  • JBoss checks from RedTeam’s paper
  • JBoss HttpAdaptor JMXInvokerServlet
  • JBoss Server MBean
  • JBoss ServerInfo MBean
  • JBoss Web Console JMX Invoker
  • phpShop v0.8.1 Multiple Vulnerabilities
  • Invision Power Board <= v3.0.4 Local PHP File Inclusion and SQL Injection

Improvements

  • Improved Blind SQL injection tests to reduce false positives
  • Added better JBoss server detection
  • Better detection for Postgre SQL injections

Bug Fixes

  • Fixed: GUI crashes when specific settings are changed in the Port Scanner node
  • Fixed: Login Sequence recorder was retaining post data when redirecting to the same page

v6.5.20091130 - 30 Nov 2009

Copy Link Copy Link
Build v6.5.20091130 - 30th November 2009

Bug Fixes

  • Fixed: crash in TM_MultiRequest_Parameter_Manipulation module
  • Fixed: bug in crawler related with GetVar encoding
1 21 22 23 24