Running your own zpanel instance

[wlanboy]

After reading this discussion I am not sure if they should not start an audit.


I can execute daemon.php located in /etc/zpanel/panel/bin/daemon.php via webBrowser.

http://IPADDRESS/bin/daemon.php

The issue is fixed. So they respond well - but such things should not be accessible at all.

 

[Echelon]

Didn't the developers have a public meltdown though during the process?

Regardless of the circumstance, the last thing I'd want to have to worry about is getting blasted for bringing up concerns to a vendor at any time. Granted, this has been one summer and fall for the record books when it comes to security issues, but at the end of the day, the last thing a vendor should ever do is explode at their "clients", even if the product comes with no cost associated.