Get a demo
AppSec with Zero Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Changelogs

Invicti Standard

RSS Feed

18 Mar 2015

Copy Link
NEW WEB SECURITY TEST Added Bash Command Injection Vulnerability (Shellshock Bug) check. NEW FEATURE Added exploitation support for Remote Code Evaluation and Command Injection engines. FIX Fixed a bug in WSDL parser that crashes application when a type is recursively referenced.

NEW WEB SECURITY TEST

  • Added Bash Command Injection Vulnerability (Shellshock Bug) check.

NEW FEATURE

  • Added exploitation support for Remote Code Evaluation and Command Injection engines.

FIX

  • Fixed a bug in WSDL parser that crashes application when a type is recursively referenced.

18 Mar 2015

Copy Link
NEW WEB SECURITY TEST Added Insecure Transportation Security Protocol Supported (SSLv3) vulnerability check (POODLE vulnerability) BUG FIXES Fixed a specific issue where generic email addresses were not being reported. Fixed form authentication configuration wizard problem where it couldn’t handle pages with popups. Fixed an issue where Invicti was crashing when the application is closed during …

NEW WEB SECURITY TEST

BUG FIXES

  • Fixed a specific issue where generic email addresses were not being reported.

  • Fixed form authentication configuration wizard problem where it couldn’t handle pages with popups.

  • Fixed an issue where Invicti was crashing when the application is closed during report generation.

  • Fixed a crash which occurs on systems where Trebuchet MS font is missing

  • Fixed 2 Heartbleed engine bugs.

09 Mar 2015

Copy Link
BUG FIXES Fixed a bug in custom URL rewrite detection where encoded URL paths are not matched with the provided patterns. Fixed a bug that occurs while displaying details of an XSS vulnerability discovered on a redirected page.

BUG FIXES

  • Fixed a bug in custom URL rewrite detection where encoded URL paths are not matched with the provided patterns.

  • Fixed a bug that occurs while displaying details of an XSS vulnerability discovered on a redirected page.

09 Mar 2015

Copy Link
BUG FIXES Fixed a critical bug which crashes DOM Parser and DOM XSS processes on Windows 8.1 systems with KB3000850 update installed Fixed a bug in recrawler where the current concurrent connection count isn’t honored Fixed a bug in multipart/form-data parser to read parameter names with semicolons correctly Fixed a bug in multipart/form-data parser to …

BUG FIXES

  • Fixed a critical bug which crashes DOM Parser and DOM XSS processes on Windows 8.1 systems with KB3000850 update installed

  • Fixed a bug in recrawler where the current concurrent connection count isn’t honored

  • Fixed a bug in multipart/form-data parser to read parameter names with semicolons correctly

  • Fixed a bug in multipart/form-data parser to recognize the request body even if there are no parameters present

  • Fixed a bug where a form with multipart/form-data encoding type is incorrectly parsed with a POST method rather than a GET

  • Fixed an issue with DOM Parser to better simulate radio/check boxes with click event handlers attached

  • Fixed an issue with HTTP request parser to recognize the correct HTTP method with POST requests containing an empty request body

  • Fixed an issue where Content-Length header is not set to 0 with empty request bodies

  • Fixed an issue where some requests discovered using DOM Parser with POST HTTP method are recognized as GET requests

  • Fixed an issue with ASP.NET View State response viewer to show the View State data on cases where id attribute of input tag is missing

  • Fixed an ASP.NET View State parser issue occurs while reading .NET 1.x View States