We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on Vesta 2.0 and expect to release it by the end of 2024. Read more about it: https://vestacp.com/docs/vesta-2-development
Search found 617 matches
- Sat Apr 25, 2020 8:09 am
- Forum: General Discussion
- Topic: New exploit vestacp_exec
- Replies: 3
- Views: 7815
Re: New exploit vestacp_exec
Then there is a second exploit, which allows you to overwrite the link in password reset mail, combine this two exploits and a bit luck (or blindness of an user) and you're in...
- Sun Apr 19, 2020 8:19 am
- Forum: General Discussion
- Topic: Is it possible to install VestCP in a currently working server without breaking something
- Replies: 1
- Views: 2716
Re: Is it possible to install VestCP in a currently working server without breaking something
No, there is no way to get this working properly, you'll need a fresh server to install vesta. But keep in mind that there are currently unpatched security issues: viewtopic.php?f=10&t=19800
- Wed Apr 15, 2020 8:08 pm
- Forum: General Discussion
- Topic: New exploit vestacp_exec
- Replies: 3
- Views: 7815
Re: New exploit vestacp_exec
Basicly, dpeca has already patched the issues on github, but Serghey seems to be offline since a long time - he's the only one who can publish a new version to the repository. Disclaimer: I stopped any work on vesta due to my work on my own fork - just want that users are aware of the possible fixes...
- Fri Apr 10, 2020 8:26 pm
- Forum: General Discussion
- Topic: New exploit -
- Replies: 2
- Views: 4249
Re: New exploit -
In some way already known, but not published to the repository - you'll find all informations here: viewtopic.php?f=10&t=19714
- Thu Mar 26, 2020 7:03 am
- Forum: General Discussion
- Topic: VestaCP 0DAY
- Replies: 17
- Views: 19940
Re: VestaCP 0DAY
Just to add also another security issue: https://cve.mitre.org/cgi-bin/cvename.c ... 2020-10966
@dpeca has already fixed it on GitHub, but @skid seems to be the only one, who can build and release new packages.
@dpeca has already fixed it on GitHub, but @skid seems to be the only one, who can build and release new packages.
- Thu Mar 19, 2020 3:20 pm
- Forum: General Discussion
- Topic: VestaCP 0DAY
- Replies: 17
- Views: 19940
Re: VestaCP 0DAY
You maybe missunderstood me: The fix was implemented for our fork called HestiaCP and is already older than a half year. I just pointed it for the vesta devs, so they can take a look - I do not have any contact to them, also the mod status I have here should have been removed since a longer time :)....
- Thu Mar 19, 2020 2:24 pm
- Forum: General Discussion
- Topic: VestaCP 0DAY
- Replies: 17
- Views: 19940
Re: VestaCP 0DAY
I already pointed on github to a fix for this problem: https://github.com/serghey-rodin/vesta/ ... -600795634
- Sun Jan 26, 2020 7:40 am
- Forum: General Discussion
- Topic: Statement and Goodbye
- Replies: 40
- Views: 53060
Re: Statement and Goodbye
Just for the records, I even wrote you about this back in 2018:
But to be honest: The post looks edited now, even I do not know, if alexy means this post.
But to be honest: The post looks edited now, even I do not know, if alexy means this post.
- Tue Jan 21, 2020 10:30 am
- Forum: General Discussion
- Topic: Statement and Goodbye
- Replies: 40
- Views: 53060
Re: Statement and Goodbye
Main Vesta problems are missing roadmap and any visible working. See: people asking about IPv6 during two years - nothing changes. Over 50 pull requests on Github - no reactions. Too many issues without answers. Of course you're right, with what you write! My point is simply the most important one ...
- Tue Jan 21, 2020 10:05 am
- Forum: General Discussion
- Topic: Statement and Goodbye
- Replies: 40
- Views: 53060
Re: Statement and Goodbye
because you working under hestiacp :) I think that's the real reason. Actually, no. That I work on Hestia was never a secret at any time, was also the reason why I was no longer active here in the forum. My main problem was and is the communication with the community - be it with the past security ...