We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
Search found 617 matches
- Sat Apr 25, 2020 8:09 am
- Forum: General Discussion
- Topic: New exploit vestacp_exec
- Replies: 3
- Views: 6662
Re: New exploit vestacp_exec
Then there is a second exploit, which allows you to overwrite the link in password reset mail, combine this two exploits and a bit luck (or blindness of an user) and you're in...
- Sun Apr 19, 2020 8:19 am
- Forum: General Discussion
- Topic: Is it possible to install VestCP in a currently working server without breaking something
- Replies: 1
- Views: 2312
Re: Is it possible to install VestCP in a currently working server without breaking something
No, there is no way to get this working properly, you'll need a fresh server to install vesta. But keep in mind that there are currently unpatched security issues: viewtopic.php?f=10&t=19800
- Wed Apr 15, 2020 8:08 pm
- Forum: General Discussion
- Topic: New exploit vestacp_exec
- Replies: 3
- Views: 6662
Re: New exploit vestacp_exec
Basicly, dpeca has already patched the issues on github, but Serghey seems to be offline since a long time - he's the only one who can publish a new version to the repository. Disclaimer: I stopped any work on vesta due to my work on my own fork - just want that users are aware of the possible fixes...
- Fri Apr 10, 2020 8:26 pm
- Forum: General Discussion
- Topic: New exploit -
- Replies: 2
- Views: 3450
Re: New exploit -
In some way already known, but not published to the repository - you'll find all informations here: viewtopic.php?f=10&t=19714
- Thu Mar 26, 2020 7:03 am
- Forum: General Discussion
- Topic: VestaCP 0DAY
- Replies: 17
- Views: 16731
Re: VestaCP 0DAY
Just to add also another security issue: https://cve.mitre.org/cgi-bin/cvename.c ... 2020-10966
@dpeca has already fixed it on GitHub, but @skid seems to be the only one, who can build and release new packages.
@dpeca has already fixed it on GitHub, but @skid seems to be the only one, who can build and release new packages.
- Thu Mar 19, 2020 3:20 pm
- Forum: General Discussion
- Topic: VestaCP 0DAY
- Replies: 17
- Views: 16731
Re: VestaCP 0DAY
You maybe missunderstood me: The fix was implemented for our fork called HestiaCP and is already older than a half year. I just pointed it for the vesta devs, so they can take a look - I do not have any contact to them, also the mod status I have here should have been removed since a longer time :)....
- Thu Mar 19, 2020 2:24 pm
- Forum: General Discussion
- Topic: VestaCP 0DAY
- Replies: 17
- Views: 16731
Re: VestaCP 0DAY
I already pointed on github to a fix for this problem: https://github.com/serghey-rodin/vesta/ ... -600795634
- Sun Jan 26, 2020 7:40 am
- Forum: General Discussion
- Topic: Statement and Goodbye
- Replies: 40
- Views: 42808
Re: Statement and Goodbye
Just for the records, I even wrote you about this back in 2018:
But to be honest: The post looks edited now, even I do not know, if alexy means this post.
But to be honest: The post looks edited now, even I do not know, if alexy means this post.
- Tue Jan 21, 2020 10:30 am
- Forum: General Discussion
- Topic: Statement and Goodbye
- Replies: 40
- Views: 42808
Re: Statement and Goodbye
Main Vesta problems are missing roadmap and any visible working. See: people asking about IPv6 during two years - nothing changes. Over 50 pull requests on Github - no reactions. Too many issues without answers. Of course you're right, with what you write! My point is simply the most important one ...
- Tue Jan 21, 2020 10:05 am
- Forum: General Discussion
- Topic: Statement and Goodbye
- Replies: 40
- Views: 42808
Re: Statement and Goodbye
because you working under hestiacp :) I think that's the real reason. Actually, no. That I work on Hestia was never a secret at any time, was also the reason why I was no longer active here in the forum. My main problem was and is the communication with the community - be it with the past security ...