Final version of 4.1 series of X-Cart released

Posted March 4, 2009

The final version of the 4.1 series has now been released – 4.1.12!   The last version of the 4.1 branch, 4.1.12 offers minor changes to the previous 4.1.11 version including  integration of previous security patches for increased security.

Share
Posted in - X-Cart Management, X-Cart Support - Comments(0)

Security bulletin 2009-12-02

Posted February 17, 2009

During internal security audit a critical security issue has been detected in X-Cart. The issue makes the software vulnerable to attackers who wish to gain access to the server file system. The solution is to remove an affected file.

SEVERITY

Critical

IMPACT

A malicious user can execute his own shell commands and, as a result, gain access to the server file system.

AFFECTED VERSIONS

X-Cart versions from 4.1.0 to 4.1.11. All X-Cart customers who are using these versions are encouraged to apply the fix described below.

SOLUTION

Delete the ‘<xcart_dir>/payment/cc_basia.php’ file.
This file refers to an outdated integration of ‘Bank of Asia’ payment gateway, so its deletion will not cause any problems and will not affect your stores.
The ‘<xcart_dir>’ text means the server directory in which your X-Cart is installed.
You can delete this file using FTP, SSH or the hosting control panel file manager.

NOTE: If you use a custom integration of ‘Bank of Asia’ payment gateway or ‘<xcart_dir>/payment/cc_basia.php’ script, you should contact our support team for free help.

If you have any questions or concerns, please do not hesitate to contact Just X-Cart

Share
Posted in - X-Cart Security Bulletins - Comments(0)

X-Cart really does just keep getting better… and now faster, with our new X-Cart Shop X-Press range!

Posted January 28, 2009

Our X-Express Range had been put together based on feedback and enquiries from clients about how they can get even more efficient processes out of their X-Cart with regards to both customer front-end shopping, and administrative tasks. We are excited and proud to announce the launch of product bundles specifically for the new X-Cart owner – the X-Cart Shop X-Press range.

It comes in 2 flavours – X-Press Shopper” and “X-Press Admin

The X-Press Shopper range of bundles focuses on making for a better customer or ‘shopper’ environment, making processes more efficient and increasing functionality.

The X-Press Admin range allows for much more efficient administrative processes, including several products that enhance functionality, expanding on default features already built into X-Cart.

Each bundle comes with a copy of X-Cart and at least one “X-Press” module for your store. If you already own a copy of X-Cart, we invite you to visit our X-Press modules section where you can buy the modules as a standalone purchase >>

If you have ever considered X-Cart for your eCommerce needs, or already have X-Cart and want to speed up existing functionalities or add additional features, then we invite you to look further at our X-Cart Shop X-Press range >>

Share
Posted in - X-Cart Shop X-Press - Comments(1)

Announcing our very own X-Cart Shop X-Press Range

Posted January 21, 2009

We will soon be launching a range of X-Cart bundles and offers specifically geared to speed up your admin and user’s environment. These bundles, once added to your cart will enhance your entire cart experience – both front and back-end.

Share
Posted in - X-Cart Management, X-Cart Shop X-Press - Comments(0)

Maximise your site’s appeal with quality online content

Posted January 21, 2009

Here we will discuss all aspects of utilising (in store functionality) including static pages, add-on modules (surveys and polls) and external applications, like blogs and forums.
The importance of adding relevant content is paramount nowadays to assist with your SEO marketing – to this end, adding e-pages to your store will greatly assist not only for the customer but also for search engines.

Share
Posted in - E-pages, Online Marketing, Search Engine Optimisation - Comments(0)

Announcing Quick Tips

Posted January 11, 2009

We will be adding to this category on a monthly basis – giving you our hot x-cartand web related quick tips.
All designed to make the running and managing of your x-cart store more profitable and user friendly.

Share
Posted in - Quick Tips - Comments(0)

X-Cart Security Patches – an Affordable Insurance Policy for your Online Business

Posted December 31, 2008
X-Cart ensures their software is as secure a possible. Sometimes security flaws are discovered and as soon as this happens, a security bulletin is sent out to all X-Cart customers. We here at Just X-Cart Australia Pty Ltd also send out a copy of each bulletin as a courtesy to our clients.
 
A number of clients have over the years raised concern or have had issue with the fact that X-Cart release security patches that must be applied manually, either by:
 
- the client themselves (by downloading the patch from their ‘File Area’ and using the instructions provided with the patch to install it,
- or the client having another person experienced in patching X-Cart stores eg Just X-Cart Australia Pty Ltd for, for a small fee, or enlisting X-Cart themselves through their helpdesk to patch their site for technical points.
 
or
 
- clients can elect not to patch the security breach/issue discovered and run the risk of having a known vulnerability on their store.
 
Clients have asked why X-Cart don’t offer an auto-update/patch system like Microsoft do in that with Microsoft you simply click a button and the update is done for you.

Unlike eg Microsoft software, where you don’t actually make any modifications to the software itself eg you don’t do customisations to Microsoft Office you just use it, so if there is a security problemMicrosoft can issue an update because the software they are patching is the same across each user.
 
X-Cart software doesn’t work that way. We have X-Cart clients running many different versions of X-Cart, from v4.0 branch through to the latest version available. Add to this the fact that X-Cart stores can be customised, sometimes very heavily with coding changes, different designs, some have add-on modules, some don’t, some are default stores, some aren’t.
 
The patches offered by X-Cart are free. You can install the patches yourself to your own cart – for free. So effectively, even though not as automated as software like Microsoft, the result it the same – software that you can keep updated at no cost to ensure maximum stability, security and reliability.
 
As more and more advancements in technology become available to consumers such as cart owners and their eCommerce software, and as such the features and functionalities of their software increases and becomes better and more customer and admin-user friendly, also we must naturally expect the negative influence on technology such as hackers also becomes more prevalent, intelligence, resourceful and persistent.
 
Patching is like an insurance policy on your cart. All business taken out insurance for their real-world, on-the-ground businesses to protect against the unimaginable, the unforeseen, the unthinkable – so perhaps consider that patching your site, or even upgrading to a newer version (especially sites that are running obselete versions) is an insurance policy for your online business – and with only several patches at most required to be applied per year, thats a very affordable online insurance policy don’t you think?
 
X-Cart works very hard to ensure that it can offer such an insurance policy to cart owners so that all they need to do is apply, or have applied a simple little patch that could mean the different between making a site secure, or exposing it to unwanted risk.
 
So when you get a security bulletin next, feel confident that X-Cart, and Just X-Cart Australia Pty Ltd are constantly striving to make your software the very best, and most secure it can be.
 

Share
Posted in - Online Marketing, X-Cart Security Bulletins, X-Cart Support, eCommerce - Comments(0)

Security bulletin 2008-25-12

Posted December 28, 2008

During internal audit activities several moderate security issues have been detected in X-Cart. The issues make the software potentially
vulnerable to attackers who wish to gain access to the application back-end. The solution is to apply the update released by Qualiteam.

SEVERITY

Moderate

IMPACT

A malicious user can redeclare used variables, execute his own php code and, as a result, gain access to the application back-end, store database and server file system.

AFFECTED VERSIONS

All X-Cart versions from 4.0.0 to 4.1.11

SOLUTION

We strongly recommend X-Cart users to install the security fix available in the HelpDesk ‘File Area’.
The following security improvements are included in the patch:
– protection from unallowed access to back-end, store database and server file system, using GET or POST queries (formed in a special way) has been added.
– an extra protection level against SQL injections has been added.

Where to download the patch:

Please, check your File Area:
* For X-Cart 4.1.11 version:
check folders X-Cart -> X-Cart 4.1.11 (current version) -> Updates and patches

* For X-Cart 4.0.0 – 4.1.10 versions:
check folders X-Cart -> X-Cart supporting files for prev versions -> {Your X-Cart branch} -> {Your X-Cart version} -> Updates and patches

Installation instructions can be found in the README.txt file attached to the .tgz archive.

NOTE:
If you are using X-Cart versions 4.1.0 – 4.1.11, please, ensure you had installed all the previous security fixes *prior to* applying this new patch.

Should you require any assistance, please do not hesitate to contact Just X-Cart

Share
Posted in - X-Cart Security Bulletins, X-Cart Support - Comments(0)

X-Cart v4.2 released

Posted December 19, 2008

Qualiteam Software announces the long-awaited release of X-Cart shopping cart software version 4.2. The new release is a result of long-time efforts to research and analyze the requirements from both new and existing store owners in order to deliver all of the most demanded features.

X-Cart’s new features include search-engine friendly CSS-based skin layout and product/category URLs, customizable META tags, support for dimensional shipping, automated thumbnails generation, export of newsletter subscribers, compatibility with all major web browsers (including Microsoft Internet Explorer v6-8, Mozilla Firefox v1.5-3, Opera v9, Safari v2-3 and Google Chrome) and many others.

Contact us for further details …

Share
Posted in - Custom Design, X-Cart Management, X-Cart Support - Comments(0)

Security bulletin 2008-12-18

Posted December 19, 2008

During internal audit activities we found several moderate security issues that make X-Cart potentially
vulnerable to attackers who wish to gain access to the application back-end.

The following security improvements have been included into this update:
- protection from unallowed access to back-end, using POST queries (formed in a special way) has been added.
- an extra protection level against SQL injections has been added.

SEVERITY: Moderate

IMPACT

A malicious user can gain access to the application back-end.

AFFECTED VERSIONS

All X-Cart versions from 4.1.0 to 4.1.11

SOLUTION

We strongly recommend X-Cart users to install the security fix available in the HelpDesk ‘File Area’. Installation instructions can be found in the README.txt file attached to the .tgz archive.

You can find the patch by the following path:
* For X-Cart 4.1.11 version:
X-Cart -> X-Cart 4.1.11 (current version) -> Updates and patches

* For X-Cart 4.1.0 – 4.1.10 versions:
X-Cart -> X-Cart supporting files for prev versions -> X-Cart 4.1 -> {Your X-Cart version} -> Updates and patches

If you are using X-Cart versions 4.1.0 – 4.1.10, before applying this security patch you *have to* apply all the previous security patches.
You can find all the previous security patches in the “File area” section of the Support HelpDesk or you can contact us and we can apply the patch(s) for you

Share
Posted in - X-Cart Security Bulletins - Comments(0)

« Previous PageNext Page »