New Functionality
- Introduced a new compliance report for OWASP Top 10 2013
- Introduced detection of AngularJS template injections
- Added detection of Adobe ColdFusion critical vulnerability APSA13-03 (CVE-2013-3336)
- Added detection of nginx stack-based buffer overflow (CVE-2013-2028)
- Added detection of Horde/IMP Plesk Webmail Exploit
- Added detection of missing X-Frame-Options header (used to prevent Clickjacking attacks)
- Added a test checking for Basic Authentication over HTTP
- Added a test checking for Flask Debug Mode
- Added a test checking for Struts2/XWork Remote Code Execution
- Added detection of MediaWiki Chunked Uploads Security Check Bypass
- Added detection for Plupload XSS vulnerability (included in WordPress versions 3.5, 3.4.2, 3.4.1, 3.4, 3.3.3 and 3.3.2 and other applications)
Improvements
- Reduced false positives in XSS detection
- Improvements to Web Server Default Welcome Page script
- Reduced false positives reported by Blind SQL Injection
- Improvements in the detection of Sensitive Directories
- Added patterns for Python error messages and stack traces in the Text Search script.
Bug Fixes
- Fixed an issue in PHP AcuSensor
- In some situations, the Login Sequence Recorder misidentified connections to HTTPs sites when working through the Acunetix Web Vulnerability Scanner proxy
- Fixed crash in the crawler when external JavaScript files where processed from a site with AcuSensor enabled
- Fixed a false positive in Microsoft IIS Tilde Directory Enumeration
- Fixed issues where scheduled scans with recursion are not rescheduled if they cannot start because of scan restrictions
- Fixed a bug with Amazon S3 Public Buckets audit KB items being reported multiple times.
0 comments:
Post a Comment