Acunetix原廠最新發佈消息-資安軟體/研究分析軟體/心理學軟體/新永資訊有限公司

Acunetix專區

Acunetix原廠最新發佈消息

最新消息
 
  • Acunetix update introduces Node.js AcuSensor, target knowledgebase,
        and multiple unrestricted access vulnerability checks

    Acunetix更新並介紹適用於Node.js的 AcuSensor、以及目標知識庫和多個無受限制的漏洞檢測功能
    A new Acunetix update has been released for Windows, Linux, and macOS: 13.0.210129162.

    This Acunetix update introduces AcuSensor for Node.js and a feature called target knowledgebase, which holds data from past scans and helps improve future scans. We also made fully qualified domain names more prominent in the Acunetix UI. This update also includes checks for unrestricted access to a number of well-known applications. In addition, there are numerous updates and fixes, all of which are available for all editions of Acunetix.

    New Features
    New AcuSensor for Node.js
    New target knowledgebase records scan data – this data is then used to improve future scans
    New FQDN and target filter in the Grouped Vulnerabilities page
    New FQDN column in the Targets page
    New Vulnerability Checks
    New test for unrestricted access to the Prometheus interface
    New test for unrestricted access to Prometheus metrics
    New test for unrestricted access to Golang expvar
    New test for unrestricted access to the Node.js status-monitor page
    New test for unrestricted access to the HAProxy stats page
    New test for unrestricted access to the Nginx stub_status page
    New test for unrestricted access to the Nginx nginx-module-vts status page
    New test for unrestricted access to the Traefik dashboard
    New test for unrestricted access to Kafka monitoring
    New test for unrestricted access to the Netdata dashboard
    New test for Typo3 Admin publicly accessible
    New test for Typo3 sensitive files
    Updated WordPress plugin checks
    Updated Drupal core checks
    Updates
    Simplified User Profile page
    Improved handling of HTML comments
    Improved processing of sites using dynamic links
    Improved parsing of JavaScript for new paths
    The form input type is taken into consideration when processing forms
    Scanner now supports NTLM authentication for proxy authentication
    Multiple DeepScan updates
    Comprehensive report updated to use time zone configured for the Acunetix user
    Added setting in settings.xml to choose the SSL cipher to be used by the scanner
    Integrated LSR logs are now stored for troubleshooting purposes
    Notify user when a client certificate is required but not configured for the target
    Improvements in macOS installation
    The PHP AcuSensor will now include stack traces
    Multiple LSR/BLR updates
    Fixes
    Filter items sorted alphabetically
    Fixed a minor UI glitch in the multi-engine registration page
    Multiple fixes in SlowLoris detection
    Fixed scanner crashes
    Fixed a CSV injection in target export
    Fixed UI issues in the Target Groups page
    Fixed formatting for issues pushed to Jira
    Fixed issue when installing on Centos 8
    Upgrade to the Latest Build
    If you are already using Acunetix build 13.x, you can initiate the automatic upgrade from the new build notification in the Acunetix UI > About page.

    If you are using Acunetix build 12.x or earlier, you need to download Acunetix from here. Use your Acunetix license key to download and activate your product.

  •  Acunetix update introduces support for macOS Big Sur, support for ShadowRoot,
        improved CSRFtoken handling, and new vulnerability checks
         Acunetix最新漏洞檢測並更新支援macOS Big Sur、ShadowRoot,以及對CSRF處理進行改進。
           A new Acunetix update has been released for Windows, Linux and macOS: 13.0.201217092.

          This Acunetix update introduces support for macOS Big Sur, ShadowRoot, and includes a substantial improvement in the
          handling of CSRF tokes.It also introduces the detection of web cache poisoning DoS, client-side prototype pollution,
          vulnerabilities in Zabbix, TYPO3, Oracle WebLogic,AP IGS, Odoo, and Apache Unomi MVEL. In addition,
          there are numerous updates and fixes, all of which are available for all editions of Acunetix.

    New Features

    Big improvement of CSRF token handling
    Added support for ShadowRoot
    Added support for macOS Big Sur

    New Vulnerability Checks

    New test for Zabbix authentication bypass / guest user
    New test for TYPO3 admin publicly accessible
    New test for TYPO3 debug mode enabled
    New test for Oracle WebLogic remote code execution via IIOP
    New test for web cache poisoning DoS
    New test for client-side prototype pollution
    Improved web cache poisoning test
    New test for SAP IGS XXE (CVE-2018-2392, CVE-2018-2393)
    New test for Odoo LFI (CVE-2019-14322)
    New test for Unrestricted access to Odoo DB manager
    New test for Apache Unomi MVEL RCE (CVE-2020-13942)

    Updates

    Updated the UI for the multi-engine system
    Multiple updates to the PHP AcuSensor
    Multiple updates to the Login Sequence Recorder
    Scanning engine updated to support the use of a proxy server with NTLM authentication

    Fixes

    Fixed an issue that caused the browser to fail to launch on Kali
    Fixed an issue that caused the AcuSensor not found message to not be displayed
    Fixed a false positive in the following test: Zend Framework LFI via XXE
    Fixed a false positive in the following test: directory traversal
    Fixed a false positive in the following test: cookie(s) with missing, inconsistent, or contradictory properties
    Fixed a false positive in the following test: Apache Struts2 remote command execution (S2-052)
    Fixed an issue with highlighting of a vulnerability in a response
    Fixed an issue in the following test: Slow Loris
    Fixed an issue in the WADL importer
    Fixed a crash in the scanner
    Fixed minor issues in the Comprehensive Report
    Fixed an issue causing Acunetix to lose license information
    Upgrade to the Latest Build
    If you are already using Acunetix build 13.x, you can initiate the automatic upgrade from the new build notification in the Acunetix UI > About page.

    If you are using Acunetix build 12.x or earlier, you need to download Acunetix from here. Use your Acunetix license key to download and activate your product.

公司資訊

立即聯繫

透過以下方式迅速的聯絡我們

2018© Copyright All Rights Reserved

蘋果網頁設計
資安軟體量身規劃資訊安全零死角,提供有效方案,以期協助企業運用新科技改善及提升其商業服務及價值,資安軟體達到運用新科技最佳化商業營運及價值的目標。秉持讓客戶可以安心、輕鬆、有效的享用現代科技有線網路。資安軟體秉持讓客戶可以安心、輕鬆、有效的享用現代科技有線網路