Pentest Tools

Acunetix Web Vulnerability Scanner Version 9 – Web Application Security Testing

This topic contains 0 replies, has 1 voice, and was last updated by  shinney7 7 years, 5 months ago.

  • Author
    Posts
  • #2505

    shinney7
    Participant

    Acunetix Web Vulnerability Scanner (WVS) is an automated web application security testing tool that audits your web applications by checking for exploitable hacking vulnerabilities. Automated scans may be supplemented and cross-checked with the variety of manual tools to allow for comprehensive web site and web application penetration testing.

    Changelog v9.20140206
    New Functionality in Acunetix Web Vulnerability Scanner v9

    Added a test for Joomla! JomSocial component < 3.1.0.1 – Remote code execution
    Added a test for a MediaWiki Remote Code Execution vulnerability affecting versions older than 1.22.2,1.21.5 and 1.19.11
    Added a test for Minify arbitrary file disclosure
    Added a test for Ektron CMS admin account takeover
    Added a test for Zabbix SQL injection vulnerability
    Added a test for IBM Web Content Manager XPath Injection
    Added a test for YUI library uploader.swf cross site scripting vulnerability. This library is included in many web applications, including vBulletin v4 and v5
    Added a test for Horde Remote Code Execution
    Added a test for Joomla! JCE Arbitrary File Upload
    Added a test for Oracle Reports vulnerabilities. These vulnerabilities allow an attacker to gain remote shell on the affected server
    Added a test for XXE vulnerabilities in OpenID implementations, which is able to detect XXE vulnerabilities similar to the one found on Facebook recently
    A knowledge base item is added each time a known web application is detected (e.g. WordPress web application was detected in directory /blog/)

    Improvements

    Scanning of WordPress sites has been made more efficient
    Improved coverage of ASP.NET based websites
    Improved XSS testing script

    Bug Fixes

    Fixed bug in the pagination of the Scheduler Web Interface
    The Login Sequence Recorder was ignoring the maximum size HTTP option
    Fixed an issue causing the crawler to create multiple entries of the same custom cookie.
    Fixed a bug causing the HTTP sniffer to always listen on localhost
    Fixed a bug in the console application preventing scanning from older saved crawl results.
    Fixed a crash caused at start-up caused by the DeepScan agent not starting.


    Download Acunetix Scanner 9

You must be logged in to reply to this topic.