Page 1 of 6 1234 ... LastLast
Results 1 to 40 of 213
  1. #1

    Exclamation WHMCS Security Advisory TSR-2013-009

    A scheduled Targeted Security Release has been issued for all supported versions of WHMCS. We recommend upgrading as soon as possible.

    Please refer to the release announcement for full details.

    http://blog.whmcs.com/?t=81890
    WHMCompleteSolution
    The Complete Client Management, Billing & Support System
    www.whmcs.com

  2. Thread Summary WHMCS issued a Targeted Security Release on 11/21/13 to deal with many of the security problems that have plagued it over the last while.

    Details and downloads available at http://blog.whmcs.com/?t=81890.

    Some reports of problems after patch installation so use caution to ensure you are using the correct patch for the version of WHMCS you have (2 different patch release files exist). A full release install is also available.

    WHMCS has said they will provide info on the specifics of the security fixes included in the patch later.

    Contributors: FrancesK

  3. #2
    Join Date
    Mar 2011
    Location
    Scotland
    Posts
    90
    Quote Originally Posted by WHMCS-Matt View Post
    A scheduled Targeted Security Release has been issued for all supported versions of WHMCS. We recommend upgrading as soon as possible.

    Please refer to the release announcement for full details.

    http://blog.whmcs.com/?t=81890
    Top work Matt, can see this is a fairly large update so it's nice that you are working on it the best you can.

  4. #3
    Join Date
    Oct 2010
    Posts
    4,694
    Subscribing to this thread - and thank you for the update-release.
    James

    Interested in which hosts I'd recommend? Unmanaged VPS Reviews | Managed VPS Reviews

  5. #4
    Join Date
    Jun 2011
    Posts
    2,286
    I was getting worried, hadn't see any security updates in a while. Updated anyways.

  6. #5
    2 unrelated servers went down after incremental update. Both display blank white page with php warnings. (includes/licensefunctions.php): failed to open stream: No such file or directory in dbconnect.php)
    (/includes/class.phpmailer.php): failed to open stream: No such file or directory in functions.php)
    Replacing files manually now from the full package.
    █ cmsbased.net - web hosting templates
    █ WHMCS + WordPress Integrated. Automatic template sync.
    █ Beautiful responsive designs and advanced CMS and SEO functionality.

  7. #6
    Join Date
    Sep 2002
    Posts
    900
    18 resolved issues were discovered by the WHMCS development team as part of an ongoing security audit.
    Good to see actual progress is being made on this.

  8. #7
    Upgrade completed. Now get a white screen when trying to access WHMCS.

  9. #8
    Join Date
    Oct 2010
    Posts
    4,694
    Quote Originally Posted by Cmsbased View Post
    Both display blank white page with php warnings. (includes/licensefunctions.php): failed to open stream: No such file or directory in dbconnect.php)
    Quote Originally Posted by harrip01 View Post
    Upgrade completed. Now get a white screen when trying to access WHMCS.
    Oh dear. {Holds off applying the update for a little while.}

    Has anyone done a patch update and not had this problem?

    @Cmsbased - did a full upgrade solve your problem? (So, is it that the patch missed some files, or that 5.2.13 has a problem?)
    James

    Interested in which hosts I'd recommend? Unmanaged VPS Reviews | Managed VPS Reviews

  10. #9
    Join Date
    Apr 2013
    Location
    At My Desk
    Posts
    530
    Quote Originally Posted by harrip01 View Post
    Upgrade completed. Now get a white screen when trying to access WHMCS.
    This is why its best to wait and not rush to update after all the problems they have with them.
    Stop, Think and then React. Not React, Stop and then Think

  11. #10
    Quote Originally Posted by victormeldrew View Post
    This is why its best to wait and not rush to update after all the problems they have with them.
    Yup. Best to leave installs open to vulnerabilities for a while huh?!

  12. #11
    Join Date
    Dec 2010
    Location
    127.0.0.1
    Posts
    5,387
    Well done Matt, wasn't sure if you'd explain Blesta found some vulnerabilities. Hope you compensate them for their private disclosure. Sounds like the right path to stable .

  13. #12
    It was an ftp client issue and reupload fixed it. Also note that 5.1 patch is listed on top and I was about to download it first. 5.2 is listed second as less important. This is very confusing if you do not pay extra attention.
    █ cmsbased.net - web hosting templates
    █ WHMCS + WordPress Integrated. Automatic template sync.
    █ Beautiful responsive designs and advanced CMS and SEO functionality.

  14. #13
    Quote Originally Posted by harrip01 View Post
    Upgrade completed. Now get a white screen when trying to access WHMCS.
    My error. I thought there was two patches released. Upgrading worked fine when only one patch was applied!

  15. #14
    Join Date
    Aug 2009
    Location
    Montreal
    Posts
    1,606
    No issues here yet after applying the patch.
    CrocWeb :: Canadian Web Hosting
    Accelerate your website, maximum performance!
    www.crocweb.com :: Since 2009 (Montreal, Quebec)

  16. #15
    Join Date
    Oct 2010
    Posts
    4,694
    Phew /10char
    James

    Interested in which hosts I'd recommend? Unmanaged VPS Reviews | Managed VPS Reviews

  17. #16
    Join Date
    May 2009
    Location
    Midworld
    Posts
    1,814
    Patched without problems. Still it makes sense to have a test install for any upgrades/changes.

  18. #17
    Join Date
    Sep 2002
    Posts
    900
    Quote Originally Posted by JamesOakley View Post
    Has anyone done a patch update and not had this problem?
    I have not experienced this problem patching from 5.2.12 to 5.2.13.

    However, when responding to tickets, WHMCS says that the status of the ticket has changed and suggests that another admin or the client has added a response to the ticket. This is not the case since there are no other admins logged in and the client is a test account.

  19. #18
    Join Date
    Apr 2013
    Location
    Middletown, USA
    Posts
    2,071
    upgraded and work fine.
    ServerSub.com - Managed and Unmanaged Virtual & Dedicated Server|XenServer Windows & Linux VPS
    - New York City|Miami|Singapore|Hong Kong|UK|Netherlands|Germany|France|Canada​|Lithuania|Dallas
    - VPS and Dedicated Servers in 11 Global location 100% Pure SSD Reseller & Shared Host
    cPanel NOC| Microsoft SPLA| PayPal, Credit Card, Bitcoin, Skrill, Payza, WebMoney, PerfectMoney Accepted!

  20. #19
    Quote Originally Posted by httpEasy View Post
    Patched without problems. Still it makes sense to have a test install for any upgrades/changes.
    When patching, I recommend tar up the last version just incase I need to rollback.

    For major upgrades it makes to have the test install as httpEasy suggested. I'm sure Matt can provide a test license.

    Good luck!

  21. #20
    Upgraded!
    Thankssss....
    ☆☆ AskForHost Web Hosting☆☆
    ►►Buffalo NY USA, Dallas USA, Amsterdam NL EU, London UK EU based Shared and Reseller Web Hosting◄◄
    ►►
    Affordable VPS and Dedicated Server Provider◄◄

  22. #21
    Join Date
    Aug 2003
    Location
    Edinburgh/London
    Posts
    4,902
    I think there's a bug with the currency symbols. I've dropped them a ticket to verify.
    miniVPS - UK Based Value and Premium VPS Servers!
    Xavvo.com Innovative Hosting for Innovative People!

  23. #22
    Join Date
    May 2004
    Location
    World Wide Web
    Posts
    1,129
    Subscribed to this thread
    Real Value Hosting - Every day hosting solutions since 2003
    Shared Hosting Reseller Hosting VPS Dedicated Servers True 24 x 7 x 365 Support

  24. #23
    There is a free dev license that comes along with regular license. However it is hard to simulate all the conditions like 3rd party addons, php config and ioncube versions, mod security, database content, etc. Full backup needs to be completed before any update takes place.

  25. #24
    Join Date
    Oct 2010
    Posts
    4,694
    Intellisearch doesn't seem to be working in the admin area
    James

    Interested in which hosts I'd recommend? Unmanaged VPS Reviews | Managed VPS Reviews

  26. #25
    Join Date
    Dec 2010
    Location
    127.0.0.1
    Posts
    5,387
    upgraded my customers. (uploaded right patch and then saw 14 and uploaded wrong patch) God why can't whmcs do two sections.
    Last edited by Licensecart-Mike; 11-21-2013 at 06:28 AM.

  27. #26
    Join Date
    Nov 2009
    Location
    The Netherlands
    Posts
    219
    Upgrade done without any problems so far

    Had a little issue but that seemed to be cache related.
    LiteServer.nl // Where quality meets you
    Providing: KVM and OpenVZ SSD/SSD-Cached VPSes | Dedicated Servers | Managed Services
    We operate AS60404
    Located in the center of The Netherlands

  28. #27
    Join Date
    Mar 2003
    Location
    Canada
    Posts
    8,910
    Awesome.

    Upgraded and now it's rejecting our admin passwords... Everything else seems fine.
    Patrick William | RACK911 Labs | Software Security Auditing
    400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com

    www.HostingSecList.com - Security notices for the hosting community.

  29. #28
    Join Date
    Dec 2007
    Location
    LocalHost
    Posts
    1,303
    I do not have active support, and after upgrade I am getting following error
    You are using an Owned License for which the support & updates validity period expired before this release. Therefore in order to use this version of WHMCS, you first need to renew your support & updates access. You can do this from our client area @ www.whmcs.com/members/clientarea.php
    how to solve this!!!
    YagHost - Pure SSD Hosting | Since 2007 | Average Response Time: 15 min
    Web Hosting | Reseller Hosting | Managed VPS Hosting
    99.9% Server Uptime Guarantee | 24/7 Rapid Response Tech Support | 30 Day Money Back Guarantee
    LopHost.com - Web Hosting Tutorials

  30. #29
    Quote Originally Posted by Martin-D View Post
    I think there's a bug with the currency symbols. I've dropped them a ticket to verify.
    Yes, if order placed with not default currency, then correct amount is shown with default currency symbol.
    For example, if default currency is EUR and customer placed order with 150USD, then order/invoice is generated with 150EUR, which is not correct.

    We have also opened support ticket with WHMCS regarding this issue.

  31. #30
    Join Date
    Dec 2010
    Location
    127.0.0.1
    Posts
    5,387
    Quote Originally Posted by ravi_9793 View Post
    I do not have active support, and after upgrade I am getting following error


    how to solve this!!!
    You'll have to pay for support again.

  32. #31
    Join Date
    Mar 2006
    Location
    Servers
    Posts
    1,588
    Intelligent Search is not working anymore. Giving error:

    "Invalid Token"
    QHoster.com - Web Hosting with DDoS Protection | Shared & Reseller in Europe/North America
    Linux/Windows RDP VPS 13 Locations : UK, US (5 states), Mexico, Canada, Bulgaria, Lithuania,
    Italy, France, Germany,Netherlands, Switzerland, Rissia, Singapore | OpenVPN/PPTP Enabled
    INSTANT | PayPal, Skrill, Payza, Bitcoin, WebMoney, Perfect Money, Ukash, CashU, paysafecard

  33. #32
    Join Date
    Jul 2009
    Location
    New Zealand
    Posts
    2,320
    great job Matt!
    QuickWeb™ -We Host Servers Like a Boss!
    New Zealand - USA - UK - Germany Virtual Servers
    Worldwide hosting provider with proven 24x7 and 25-Minute Support!
    www.quickweb.co.nz and GETVZ - Complete VPS Package with SSD Drive

  34. #33
    Join Date
    Dec 2007
    Location
    LocalHost
    Posts
    1,303
    Quote Originally Posted by CW Mike View Post
    You'll have to pay for support again.
    But I have applied last few updated without any issues.

    They should have mentioned this on their blog. And should not have allowed me to download the file.

    When they have something for active support/updates licence only, they release from client area. Members need to login and then download the updates file.

    I guess this is for all WHMCS license using 5.1.13 and 5.2.12
    I was running 5.2.12
    Last edited by YagHost-Ravi; 11-21-2013 at 06:38 AM.
    YagHost - Pure SSD Hosting | Since 2007 | Average Response Time: 15 min
    Web Hosting | Reseller Hosting | Managed VPS Hosting
    99.9% Server Uptime Guarantee | 24/7 Rapid Response Tech Support | 30 Day Money Back Guarantee
    LopHost.com - Web Hosting Tutorials

  35. #34
    Join Date
    Dec 2010
    Location
    127.0.0.1
    Posts
    5,387
    Quote Originally Posted by ravi_9793 View Post
    But I have applied last few updated without any issues.

    They should have mentioned this on their blog. And should not have allowed me to download the file.
    Yeah it's like a new version to apply the updates you have to pay for their support, you can move the 5.2.12 files back and you should be online.
    The only issue with a Owned license.

  36. #35
    Join Date
    Oct 2004
    Posts
    627
    Quote Originally Posted by JamesOakley View Post
    Intellisearch doesn't seem to be working in the admin area
    same here, is here any upgrade that does not cause any issues?

  37. #36
    Join Date
    Aug 2003
    Location
    Edinburgh/London
    Posts
    4,902
    Quote Originally Posted by PeterPP View Post
    same here, is here any upgrade that does not cause any issues?
    It's only an issue in 5.2.13, the intelligent search still works correctly in 5.1.14
    miniVPS - UK Based Value and Premium VPS Servers!
    Xavvo.com Innovative Hosting for Innovative People!

  38. #37
    We are currently investigating reports of an issue with currency switching in the update.

    Regarding the intelligent search however, I haven't seen any confirmed issues with that so far. Please ensure you have updated any custom admin templates and cleared your browser cache.

    Matt
    WHMCompleteSolution
    The Complete Client Management, Billing & Support System
    www.whmcs.com

  39. #38
    Join Date
    Mar 2003
    Location
    Canada
    Posts
    8,910
    Anyone else have issues logging in if their password contains special characters? Some of our passwords include characters like:

    ? * ' -

    Everything else looks OK, except people with those passwords cannot log in... argh.

    Edit:

    Manually reset our passwords via MySQL and can log in again...
    Last edited by Patrick; 11-21-2013 at 06:56 AM.
    Patrick William | RACK911 Labs | Software Security Auditing
    400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com

    www.HostingSecList.com - Security notices for the hosting community.

  40. #39
    Join Date
    Dec 2007
    Location
    LocalHost
    Posts
    1,303
    Quote Originally Posted by CW Mike View Post
    Yeah it's like a new version to apply the updates you have to pay for their support, you can move the 5.2.12 files back and you should be online.
    The only issue with a Owned license.
    When WHMCS release anything for active support / updates license only, they release from member area.

    Users are asked to login at whmcs.com and if they have active license, they can download the file.

    But WHMCS release security updates for all irrespective of active support / updates. They post public download link on their forum and blog (just like this release).

    I myself have applied few security patch in past although my whmcs license wasn't having active support / update.
    Last edited by YagHost-Ravi; 11-21-2013 at 06:51 AM.
    YagHost - Pure SSD Hosting | Since 2007 | Average Response Time: 15 min
    Web Hosting | Reseller Hosting | Managed VPS Hosting
    99.9% Server Uptime Guarantee | 24/7 Rapid Response Tech Support | 30 Day Money Back Guarantee
    LopHost.com - Web Hosting Tutorials

  41. #40
    Join Date
    Aug 2003
    Location
    Edinburgh/London
    Posts
    4,902
    The currency issue is sorted with a patch (for both versions). The intelligent search issue is also resolved with a hard refresh/cache clearing.
    miniVPS - UK Based Value and Premium VPS Servers!
    Xavvo.com Innovative Hosting for Innovative People!

Page 1 of 6 1234 ... LastLast

Similar Threads

  1. cPanel - TSR-2013-0010 Announcement (Security Updates)
    By Patrick in forum Hosting Security and Technology
    Replies: 5
    Last Post: 10-26-2013, 03:48 PM
  2. cPanel TSR Advisory TSR-2013-0009
    By Steven in forum Hosting Security and Technology
    Replies: 15
    Last Post: 08-29-2013, 10:41 PM
  3. cPanel Security Advisory 8-20-2013 (PHP 5.4.18 - EasyApache)
    By Patrick in forum Hosting Security and Technology
    Replies: 5
    Last Post: 08-23-2013, 04:09 AM
  4. cPanel Security Advisory CVE-2013-2765
    By Technolojesus in forum Hosting Security and Technology
    Replies: 0
    Last Post: 07-22-2013, 06:14 PM
  5. cPanel Security Disclosure TSR-2013-0007
    By Technolojesus in forum Hosting Security and Technology
    Replies: 12
    Last Post: 06-26-2013, 09:05 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •