Search found 617 matches
- Sat Apr 25, 2020 8:09 am
- Forum: General Discussion
- Topic: New exploit vestacp_exec
- Replies: 3
- Views: 7011
Re: New exploit vestacp_exec
Then there is a second exploit, which allows you to overwrite the link in password reset mail, combine this two exploits and a bit luck (or blindness of an user) and you're in...
- Sun Apr 19, 2020 8:19 am
- Forum: General Discussion
- Topic: Is it possible to install VestCP in a currently working server without breaking something
- Replies: 1
- Views: 2533
Re: Is it possible to install VestCP in a currently working server without breaking something
No, there is no way to get this working properly, you'll need a fresh server to install vesta. But keep in mind that there are currently unpatched security issues: viewtopic.php?f=10&t=19800
- Wed Apr 15, 2020 8:08 pm
- Forum: General Discussion
- Topic: New exploit vestacp_exec
- Replies: 3
- Views: 7011
Re: New exploit vestacp_exec
Basicly, dpeca has already patched the issues on github, but Serghey seems to be offline since a long time - he's the only one who can publish a new version to the repository. Disclaimer: I stopped any work on vesta due to my work on my own fork - just want that users are aware of the possible fixes...
- Fri Apr 10, 2020 8:26 pm
- Forum: General Discussion
- Topic: New exploit -
- Replies: 2
- Views: 3759
Re: New exploit -
In some way already known, but not published to the repository - you'll find all informations here: viewtopic.php?f=10&t=19714
- Thu Mar 26, 2020 7:03 am
- Forum: General Discussion
- Topic: VestaCP 0DAY
- Replies: 17
- Views: 17912
Re: VestaCP 0DAY
Just to add also another security issue: https://cve.mitre.org/cgi-bin/cvename.c ... 2020-10966
@dpeca has already fixed it on GitHub, but @skid seems to be the only one, who can build and release new packages.
@dpeca has already fixed it on GitHub, but @skid seems to be the only one, who can build and release new packages.
- Thu Mar 19, 2020 3:20 pm
- Forum: General Discussion
- Topic: VestaCP 0DAY
- Replies: 17
- Views: 17912
Re: VestaCP 0DAY
You maybe missunderstood me: The fix was implemented for our fork called HestiaCP and is already older than a half year. I just pointed it for the vesta devs, so they can take a look - I do not have any contact to them, also the mod status I have here should have been removed since a longer time :)....
- Thu Mar 19, 2020 2:24 pm
- Forum: General Discussion
- Topic: VestaCP 0DAY
- Replies: 17
- Views: 17912
Re: VestaCP 0DAY
I already pointed on github to a fix for this problem: https://github.com/serghey-rodin/vesta/ ... -600795634
- Sun Jan 26, 2020 7:40 am
- Forum: General Discussion
- Topic: Statement and Goodbye
- Replies: 40
- Views: 46817
Re: Statement and Goodbye
Just for the records, I even wrote you about this back in 2018:
But to be honest: The post looks edited now, even I do not know, if alexy means this post.
But to be honest: The post looks edited now, even I do not know, if alexy means this post.
- Tue Jan 21, 2020 10:30 am
- Forum: General Discussion
- Topic: Statement and Goodbye
- Replies: 40
- Views: 46817
Re: Statement and Goodbye
Main Vesta problems are missing roadmap and any visible working. See: people asking about IPv6 during two years - nothing changes. Over 50 pull requests on Github - no reactions. Too many issues without answers. Of course you're right, with what you write! My point is simply the most important one ...
- Tue Jan 21, 2020 10:05 am
- Forum: General Discussion
- Topic: Statement and Goodbye
- Replies: 40
- Views: 46817
Re: Statement and Goodbye
because you working under hestiacp :) I think that's the real reason. Actually, no. That I work on Hestia was never a secret at any time, was also the reason why I was no longer active here in the forum. My main problem was and is the communication with the community - be it with the past security ...