Monthly Archives: December 2013

Now Available: VPS in all locations

With the increasing demand for virtual servers in more locations than just our Dallas, Texas location, we have expanded our KVM VPS offerings to the following locations at this time:

Dallas, Texas (central US)

Lenoir, North Carolina (east coast US)

Coventry, United Kingdom

All 3 locations will feature the same specifications as our current Dallas, Texas offerings for both fully managed virtual servers as well as self managed virtual servers. Managed virtual servers (VPS) will still include free WHMCS/ClientExec, setup & configuration, daily Idera R1Soft backups as well as free migrations.

You can view our managed & self managed KVM virtual servers here:  http://www.veerotech.net/vps/

During the ordering process, you will have the option to choose the location you’d like to have your new VPS provisioned in.

WHMCS Security Advisory TSR-2013-010

WHMCS has released a new update for all supported versions of WHMCS. This update contains a change that addresses a specific security concern within the WHMCS product.

We strongly encourage you to update your WHMCS installations as soon as possible.

WHMCS has rated this update as having an important security impact. Information on security ratings can be found athttp://docs.whmcs.com/Security_Levels

Releases
Please update your installation to the following version:
v5.2.15

Patches – What is a Patch?

Incremental patches can be downloaded by following the provided links below. These patch sets contain only the files that have changed between the previous release and this update. The previous release version that these patch sets are designed for is clearly indicated as the first and smaller number.

Do not attempt to apply an incremental patch set to an installation that is running a different version than the indicated version. Doing so will result in a “Down for Maintenance” message and require you to use the full release to complete the upgrade.

Incremental patches do not require any update process. Simply apply the changed files to the existing WHMCS installation.

The following incremental patches are available for direct download:

5.2.14 –> 5.2.15 Patch http://go.whmcs.com/290/v5214_incremental_to_v5215_patch
MD5 Checksum: 709126303a0296ea41e6984c84aa42fa *

To apply a patch set release, download the files as indicated above. Then follow the upgrade instructions for a “Patch Set” which can be found at http://docs.whmcs.com/Upgrading#For_a_Patch_Set

Full Release – What is a Full Release?

A full release distribution contains all the files of a WHMCS product installation. It can be used to perform a new install or update an existing installation (regardless of previous version).

The latest full release can always be downloaded from our members area at https://www.whmcs.com/members

5.2.15 Full Version – Downloadable from the WHMCS Members Area
MD5 Checksum: d990f802db28c28d6d2fc003c8f339eb

To apply a full release, download the files as indicated above. Then follow the upgrade instructions for a “Full Release Version” which can be found at http://docs.whmcs.com/Upgrading#For_a_Full_Release_Version

Important Maintenance Issue Information

This release also provides resolution for the following maintenance issues:

Case #3706 – Some graphs failing after recent Google Graph API Update
Case #3711 – CSV Export content should not contain HTML entities
Case #3726 – PDF Line Items failing to output some specific characters
Case #3727 – Admin password reset process failing to send new password email
Case #3738 – Sub-account password field’s default text must be removed on focus/click events

Security Issue Information

This Advisory provides resolution for a single security issue which was publicly disclosed. Specific information regarding that issue can be found below.

Case #3785
SQL Injection via Admin Credit Routines

=== Severity Level ===
Important

=== Description ===
An attacker who can function as an authenticated admin user with the ability to apply credits to an invoice can, using specially crafted input, cause the credit routines to execute arbitrary SQL commands if the target user has a credit balance known to the attacker.

Due to the many prerequisites necessary to successfully navigate this vector, a security impact level has been assessed as “Important”. Information on security ratings can be found at http://docs.whmcs.com/Security_Levels

=== Resolution ===
Download and apply the appropriate software updates to protect against these vulnerabilities; information about software update releases is provided in the “Releases” section of this Advisory.

All published and supported versions of WHMCS prior to 5.2.15 are affected by one or more of these maintenance and security issues.

 

VeeroTech Customers: 

Current VeeroTech Systems customers can download the latest FULL version from inside our account management portal: “Support Center > Software Downloads.”

ClientExec – Content Disclosure Vulnerability

Our friends at Rack911 & HostingSecList have released the following advisory for ClientExec.

ClientExec is a comprehensive and flexible web hosting billing solution that will help you manage and expand your existing base of hosting clients. ClientExec was conceived and built with small to mid-sized hosting companies in mind. ClientExec was built to enable business owners to effectively manage their hosting clients and web hosting billing using one convenient and powerful platform.
Vulnerability Description:

A malicious user can obtain the product details (name / domain) belonging to any other user when they submit a ticket by carefully crafting the request.

Impact:

We have deemed this vulnerability to be rated as MEDIUM due to the fact that other users information can be obtained.
Vulnerable Version:

This vulnerability was tested against ClientExec v4.6.8.
Fixed Version:

This vulnerability was patched in ClientExec v4.6.9. We thank ClientExec for their commitment to security by providing prompt updates!

 

If you are a VeeroTech Systems reseller & currently utilize ClientExec, please log into the account management portal and download the latest release found under Support > Downloads.