Results 26 to 37 of 37
Thread: How is Blesta?
-
12-20-2013, 06:14 PM #26Junior Guru Wannabe
- Join Date
- Mar 2009
- Location
- Turkey
- Posts
- 45
blesta has updated: http://www.blesta.com/forums/index.php?/forum/16-news/
Usa And Turkey based Shared, Reseller Hosting, VPS www.karincahosting.com
-
12-20-2013, 06:52 PM #27Web Hosting Master
- Join Date
- Jul 2005
- Posts
- 3,784
Funny, when there's a WHMCS security issue, people go crazy. When there's a Blesta security issue, you hardly hear about it.
** Security Update Issued
------------------------------------------------------------
An update for Blesta was just released to address two security vulnerabilities and it is recommended that you update as soon as possible.
* [CORE-931] - Security: XSS vulnerability in client payment process
* [CORE-932] - Security: Potential XSS vulnerabilities in use of Html::concat()Last edited by Tyl3r; 12-20-2013 at 06:56 PM.
-
12-20-2013, 06:56 PM #28Disabled
- Join Date
- Dec 2010
- Location
- 127.0.0.1
- Posts
- 5,732
-
12-20-2013, 07:01 PM #29Web Hosting Master
- Join Date
- Jul 2005
- Posts
- 3,784
-
12-20-2013, 07:36 PM #30Aspiring Evangelist
- Join Date
- Jul 2010
- Location
- Bogotá, Colombia.
- Posts
- 368
-
12-20-2013, 07:41 PM #31Hosting Billing Master
- Join Date
- May 2003
- Location
- California, USA, Earth
- Posts
- 1,098
The issue reported to us didn't appear to be actually exploitable. The other 2 we found. Nothing in the wild. It would be so easy to silently patch things, but we don't sweep anything under the rug.
Rack911 got on that quick. Awesome. Everyone should subscribe to their lists.
-
12-20-2013, 10:13 PM #32Disabled
- Join Date
- Dec 2010
- Location
- 127.0.0.1
- Posts
- 5,732
Would you rather have a XSS issue which can't damage anything serious or would you rather have a issue which allows someone to gain access to your administration area, download backups, download client information, even delete everything via mysql injections or changing files through a link?
Also the XSS couldn't allow anyone to gain admin access. So yes I don't think it is serious.
-
12-20-2013, 10:31 PM #33
-
12-20-2013, 11:16 PM #34Disabled
- Join Date
- Dec 2010
- Location
- 127.0.0.1
- Posts
- 5,732
I know they are both as bad, security wise like a billing system allowed admin access via a XSS, however these aren't high risk like many other systems.
https://www.owasp.org/index.php/Top_10_2010-Main
Open Web Application Security Project believe Injection(s) is the top risk (So I believe injection is a higher risk than a small harmless(ish) xss and it isn't as bad as a Mysql injection)... which other systems have had exploits for which are in the wild.
-
12-20-2013, 11:24 PM #35
If someone hijacked an admin session (for instance), they have access to it all; logins, admin users, servers and so on. Someone using an injection to reveal admin users/emails/passwords (as in the October WHMCS issue) does less in that incarnation. It's foolish to downplay any such security issues as not being as bad, when they are, just in different ways.
What matters is if they're fixed, how quickly, and how well.
Both Blesta and Hostbill seem to be dealing with these strikingly fast, and I'm not seeing complaints about things breaking. Good job, them.Your one stop shop for decentralization
-
12-20-2013, 11:29 PM #36Web Hosting Master
- Join Date
- Mar 2013
- Posts
- 918
What bear said is how I feel. If a company is reporting what they are fixing internally it should not be held against them when it is done in way Hostbill and Blesta has been working on it. I recall a prior thread where it was stated that all software has vulnerabilities and I agree with that statement. The trick is actually, when you have a software company that works hard to actually find and fix the exploits before the exploit is used or becomes public.
-
12-21-2013, 03:24 PM #37Aspiring Evangelist
- Join Date
- Jul 2009
- Posts
- 403
Got a link for that? My Google-fu is not showing me results relevant to that.
Er... never mind. Searching directly in the forums revealed the answer.
It's here for anyone else wondering: http://www.blesta.com/forums/index.p...-shorter-urls/★ Nicholas @ EidolonHost
★ Blesta and InterWorx Reseller. See WebHost Licenses for details.
★ We have Let's Encrypt Support
Similar Threads
-
★ Licensecart ★ Blesta, InterWorx, CraftSRV affordable prices \o/ 10% off Blesta \o/
By Atlanical-Mike in forum Software & Scripts OffersReplies: 0Last Post: 11-04-2013, 08:59 PM -
★ Licensecart ★ Blesta Licenses from $8.50 Monthly & $140 Owned ★ Jump Ship 2 Blesta
By Atlanical-Mike in forum Software & Scripts OffersReplies: 0Last Post: 10-04-2013, 04:35 PM -
★★★ Licensecart ★★★ Blesta Licenses from $8.50! ★★ Best Price! ★★ Blesta Services ★★
By Atlanical-Mike in forum Software & Scripts OffersReplies: 1Last Post: 09-04-2013, 02:59 PM -
blesta
By selbach in forum Hosting Software and Control PanelsReplies: 5Last Post: 10-06-2009, 09:16 AM -
Any one using Blesta?
By leanfarrell in forum Hosting Software and Control PanelsReplies: 0Last Post: 09-24-2009, 10:26 AM