# Current Exploits & Patches - List ONLY



## SPINIKR-RO (Jun 18, 2013)

It is really hard to follow all of these threads and figure out what to lock down next.

Please only post exploits and patches here so people who run these systems can have a streamlined narrative to watch.

6/17/13 SolusVM Zamfoo

6/17/13 SolusVM Patched / Zamfoo (get rid of it)

6/18/13 SolusVM Patched

Current SolusVM Version



> *Latest Beta Version:* 1.14.00 R5
> *Latest Stable Version:* 1.13.05


Currently HostBill WHMCS & SolusVM is under discussion as to still being vulnerable.

No discussion, just listing the events and sources.

// thanks to those in researching and reporting these issues.


----------



## Reece-DM (Jun 19, 2013)

If I recall correctly whmcs and hostbill had released a few patches over the weeks.


----------



## netnub (Jun 19, 2013)

Who wants to bet I can find explotis in solusvm 1.13.5 and 1.14.0 R5?


----------



## Daniel (Jun 19, 2013)

netnub said:


> Who wants to bet I can find explotis in solusvm 1.13.5 and 1.14.0 R5?


If you find an exploit, give it to SolusLabs. If they don't do anything with it, that is not a reason for malicious attacks against companies who are not at fault.


----------



## MartinD (Jun 19, 2013)

netnub said:


> Who wants to bet I can find explotis in solusvm 1.13.5 and 1.14.0 R5?


Stop posting this crap. If you know something, tell Solus. If you don't, stop being an idiot. Last chance before you're shown the door.


----------



## netnub (Jun 19, 2013)

MartinD said:


> Stop posting this crap. If you know something, tell Solus. If you don't, stop being an idiot. Last chance before you're shown the door.


Whoa, step down there. Maybe you should speak with MannDude before you threaten me?


----------



## MartinD (Jun 19, 2013)

netnub said:


> Whoa, step down there. Maybe you should speak with MannDude before you threaten me?


I was going to edit my last post to include something but seeing as you've posted... I'll put it here.

"and don't think running to Curtis will help you here, because it wont."


----------



## netnub (Jun 19, 2013)

MartinD said:


> I was going to edit my last post to include something but seeing as you've posted... I'll put it here.
> 
> "and don't think running to Curtis will help you here, because it wont."


Well, let me give you some advice, you should speak with him first.


----------



## MartinD (Jun 19, 2013)

I think you'll find it's exactly the opposite - any more issues, feel free to PM.

This thread doesn't need derailed any further.


----------



## SPINIKR-RO (Jun 23, 2013)

Post issued earlier alluding to sec issues with SVM/WHMCS module

http://localhost.re/p/solusvm-whmcs-module-316-vulnerability


----------



## SPINIKR-RO (Jun 24, 2013)

Solus WHMCS - security patch http://blog.soluslabs.com/2013/06/24/whmcs-module-update-security/


----------



## SPINIKR-RO (Jun 25, 2013)

SolusVM Patch this morning:

http://blog.soluslabs.com/2013/06/24/security-updates-available-for-all-solusvm-versions-2/

*Current Stable Version:*

1.13.07

*Current Beta Version:*

1.14.00 BETA R7


----------



## SPINIKR-RO (Jun 30, 2013)

6/30/13 - SolusVM



> A new update to SolusVM has been released. SolusVM 1.13.09 & 1.14.00 Beta R9 are now available.
> 
> This release contains minor code fixes and security enhancements/changes as part of our code audit. We suggest you upgrade to the newest version to benefit from the latest changes & enhancements.
> 
> All information on this release will be included in the audit report. More information and the status of our audit will be released as soon as we have confirmation on the start date of the external audit.


----------



## Damian (Jul 1, 2013)

SPINIKR-RO said:


> More information and the status of our audit will be released as soon as we have confirmation on the start date of the external audit.


...wasn't this supposed to have been started last Monday?


----------



## notFound (Jul 1, 2013)

That was the internal audit, they are a bit behind on schedule though from what I hear.


----------



## Reece-DM (Jul 1, 2013)

I know Hostbill released some patches, probably didn't get much of the attention due to Solus getting ram'd hard.

However WHMCS has a CSRF vulnerability which I'm not to sure if its patch, though its been out since 23rd June.


----------

