The latest update of Acunetix WVS is due to be released tomorrow.
Build 20130619 of Version 8 of the Web Vulnerability Scanner will introduce various improvements to detect vulnerabilities in a variety of web products. The latest build will also provide improvements to reduce the number of false positives and address some important bug fixes.
• New report for OWASP Top 10 2013 Web Application Security compliance
• Introduced detection of AngularJS template injections
• Added detection of Adobe ColdFusion critical vulnerability APSA13-03 (CVE-2013-3336)
• Added detection of nginx stack-based buffer overflow (CVE-2013-2028)
• Added detection of Horde/IMP Plesk Webmail Exploit
• Added detection of missing X-Frame-Options header (used to prevent Clickjacking attacks)
• Added a test checking for Basic Authentication over HTTP
• Added a test checking for Flask Debug Mode
• Added a test checking for Struts2/XWork Remote Code Execution
• Added detection of MediaWiki Chunked Uploads Security Check Bypass
• Added detection for Plupload XSS vulnerability (included in WordPress versions 3.5, 3.4.2, 3.4.1, 3.4, 3.3.3 and 3.3.2 and other applications)
• Reduced false positives in XSS detection
• Reduced false positives reported by Blind SQL Injection
• Improvements to Web Server Default Welcome Page script
• Improvements in the detection of Sensitive Directories
• Added patterns for Python error messages and stack traces in the Text Search script.
• Fixed an issue in PHP AcuSensor
• Fixed a false positive in Microsoft IIS Tilde Directory Enumeration
• Fixed issues where scheduled scans with recursion are not rescheduled if they cannot start because of scan restrictions
• Fixed a bug with Amazon S3 Public Buckets audit KB items being reported multiple times
To upgrade your Acunetix Web Vulnerability Scanner navigate within your scanner software to the Tools Explorer and select ‘General’ then ‘Program Updates’ which will lead to options to ‘Download’ and ‘Install’.