cxs

New cxs v3.23

Changes:

  • Added the following to Script Version Scanning:
    CubeCart
  • Fixed cxs Watch in DA where new account creation was not automatically detected
  • HTTP::Tiny upgraded to v0.036

New cxs v3.22

Changes:

  • Added the following to Script Version Scanning:
  • AbanteCart, AEF, b2evolution, CMS Made Simple, CodeIgnitor, Concrete5, Dotclear, e107, Elgg, Feng Office, HESK, Jcow CE, MODX Evolution, MODX Revolution, Noahs Classifieds, OSClass, ownCloud, Oxwall, Piwigo, Piwik, Seo Panel, Serendipity, StatusNet, TomatoCart, Xoops, ZenPhoto, Zikula
  • Added the following popular WordPress extensions to Script Version Scanning:
    WP Sociable
    WP Share This
    WP WP Super Cache
    WP All In One WP Security & Firewall
    WP BulletProof Security
    WP FD Feedburner
    WP Google Adsense Plugin
    WP WordPress Simple Paypal Shopping Cart
    WP WordPress eShop
    WP WordPress s2Member
    WP UpdraftPlus
    WP BackUpWordPress
  • Added the following popular Joomnla extensions to Script Version Scanning:
    Joomla Akeeba
    Joomla AllVideos
    Joomla CDN for Joomla
    Joomla Community Builder
    Joomla JEvents
    Joomla Jomsocial
    Joomla K2
    Joomla Kunena
    Joomla Phoca Gallery
    Joomla sh404SEF
    Joomla Simple Image Gallery
    Joomla Xmap
  • Exploit fingerprint definitions database additions

New cxs v3.21

Changes:

  • Disable Script Version Scanning for web script scanning (cxscgi.sh) as it does not apply
  • Perl module Storable added to the required list
  • Added ten of the most popular WordPress extensions to Script Version Scanning:
    WP Akismet Ext v2
    WP Better WP Security Ext v3
    WP Contact Form 7 Ext v3
    WP Facebook Ext
    WP Google XML Sitemaps Ext v3
    WP Jetpack Ext v2
    WP NextGEN Gallery Ext v2
    WP Seo Ext
    WP W3 Total Cache Ext
    WP WooCommerce Ext v2
  • Added ten of the most popular Joomla extensions to Script Version Scanning:
    Joomla Advanced Module Manager Ext v4
    Joomla JCE Ext v2
    Joomla RAntiSpam Ext v3
    Joomla Joomla LiveHelpNow Chat Ext v2
    Joomla Rapid Contact Ext
    Joomla Asynchronous Google Analytics Ext v2
    Joomla Google Maps Ext v3
    Joomla Sourcerer Ext v4
    Joomla Tabs Ext v3
    Joomla Modules Anywhere Ext v3
  • Added the following to Script Version Scanning:
    OpenCart, Nucleus CMS, Open Classifieds, LimeSurvey, ClipBucket, WHMCS, Coppermine Photo Gallery
  • Exploit fingerprint definitions database additions

New cxs v3.20

Changes:

  • Changed –options [s] to be –[no]sversionscan (Script Version Scanning) to make it independent of –[no]exploitscan, allowing a fast scan for old script installs. This option is enabled by default. Use –nosversionscan to disable
  • Added the following to Script Version Scanning (see cxs POD):
    Typo3, Invision Power Board, WebCalendar, MyBB, Dolphin, SMF, OpenX Source, SugarCRM Community Edition, Contao CMS, PrestaShop, PHP-Fusion, phpPgAdmin, SquirrelMail, Roundcube, Kayako, osTicket
  • Added new –soptions [a] for –[no]sversionscan to report all versions of found scripts, not just old versions
  • Added new –soptions [d] for –[no]sversionscan to report the directory containing the script, not the trigger file
  • Exploit fingerprint definitions database additions

New cxs v3.13

Changes:

  • UI button style modifications
  • Added phpList, Moodle, Magento Community Edition and MediaWiki version checking to –options [s]
  • Modified POD to screen wrap HTML code more effectively

 

New cxs v3.12

Changes:

  • Fixed cxs uninstaller removing csf UI files on cPanel installs
  • Added phpBB version checking to –options [s]. This requires the perl modules DBI and DBD::mysql to be installed
  • Added phpMyAdmin, Zen Cart, osCommerce and VirtueMart version checking to –options [s]

 

New cxs v3.11

Changes:

  • Added to RECOMMENDATIONS to still run a regular scan without –ctime [hours] to ensure new scan techniques and exploit signatures are used to check all existing files
  • Fixed directory creation on installation for unofficial DA plugin
  • Improved performance of file slurping and therefore scanning
  • Added new –options [s] that will search for a few common web script installations and report if older than the latest version on record. See documentation for more information
  • Exploit fingerprint definitions database additions

 

New cxs v3.10

Changes:

  • Changed –throttle [num] to prevent throttling triggering a –timemax [secs] timeout
  • Added detection for some PHP JPEG and TIFF EXIF exploits
  • Improvements to image and zip file type detection
  • Exploit fingerprint definitions database additions

New cxs v3.09

Changes:

  • Improvements to Virtuozzo/OpenVZ system detection where /proc/vz/veinfo does not exist
  • Added TimeStamp to the top of the scan report
  • If /etc/csuibuttondisable exists then the UI buttons will revert for those that cannot cope with the themed ones

 

New cxs v3.08

Changes:

 

  • Implemented new cxswatch log tail code
  • UI display changes
  • Exploit fingerprint definitions database additions