We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
New exploit vestacp_exec
Re: New exploit vestacp_exec
Basicly, dpeca has already patched the issues on github, but Serghey seems to be offline since a long time - he's the only one who can publish a new version to the repository.
Disclaimer: I stopped any work on vesta due to my work on my own fork - just want that users are aware of the possible fixes of the current exploits.
viewtopic.php?f=10&t=19714
Disclaimer: I stopped any work on vesta due to my work on my own fork - just want that users are aware of the possible fixes of the current exploits.
viewtopic.php?f=10&t=19714
Re: New exploit vestacp_exec
I see video for this exploit. I think to use this exploit you must have on server user account and ftp service. It correct? If yes - no problem for single-user server.
Re: New exploit vestacp_exec
Then there is a second exploit, which allows you to overwrite the link in password reset mail, combine this two exploits and a bit luck (or blindness of an user) and you're in...