CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Hashtopussy is a cross-platform client-server tool for distributing hash table tasks between multiple computers, featuring portability, stability and multi-user support. An access control error vulnerability exists in Hashtopussy version 0.4.0. A remote attacker could exploit this vulnerability t...

8.8CVSS7AI score0.01209EPSS

Exploits1References1

CNVD•added 2017/07/28 12:0 a.m.•1 views

Hashtopussy Cross-Site Request Forgery Vulnerability

Hashtopussy is a cross-platform client-server tool for distributing hash table tasks between multiple computers, featuring portability, stability and multi-user support. A cross-site request forgery vulnerability exists in Hashtopussy version 0.4.0. A remote attacker can exploit this vulnerabilit...

8.8CVSS7.1AI score0.00505EPSS

Exploits1References1

CNVD•added 2017/07/28 12:0 a.m.•3 views

Hashtopussy Cross-Site Scripting Vulnerability

Hashtopussy is a cross-platform client-server tool for distributing hash table tasks between multiple computers, featuring portability, stability and multi-user support. A cross-site scripting vulnerability exists in Hashtopussy version 0.4.0. A remote attacker can exploit this vulnerability with...

6.1CVSS6.3AI score0.00804EPSS

Exploits1References1

Prion•added 2017/07/27 6:29 a.m.•10 views

Improper access control

Incorrect Access Control vulnerability in Hashtopussy 0.4.0 allows remote authenticated users to execute actions that should only be available for administrative roles, as demonstrated by an action=createVoucher request to agents.php...

6.5CVSS8.5AI score0.01209EPSS

Exploits1References1Affected Software1

NVD•added 2017/07/27 6:29 a.m.•11 views

CVE-2017-11681

8.8CVSS8.6AI score0.01209EPSS

Exploits1References1

NVD•added 2017/07/27 6:29 a.m.•12 views

CVE-2017-11680

Cross-Site Request Forgery CSRF exists in Hashtopussy 0.4.0, allowing an admin password change via users.php...

8.8CVSS9AI score0.00505EPSS

Exploits1References1

NVD•added 2017/07/27 6:29 a.m.•9 views

CVE-2017-11682

Stored Cross-site scripting vulnerability in Hashtopussy 0.4.0 allows remote attackers to inject arbitrary web script or HTML via the 1 version, 2 url, or 3 rootdir parameter in hashcat.php...

6.1CVSS6.1AI score0.00804EPSS

Exploits1References1

Prion•added 2017/07/27 6:29 a.m.•13 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF exists in Hashtopussy 0.4.0, allowing an admin password change via users.php...

6.8CVSS8.9AI score0.00505EPSS

Exploits1References1Affected Software1

Prion•added 2017/07/27 6:29 a.m.•15 views

Cross site scripting

Stored Cross-site scripting vulnerability in Hashtopussy 0.4.0 allows remote attackers to inject arbitrary web script or HTML via the 1 version, 2 url, or 3 rootdir parameter in hashcat.php...

4.3CVSS6AI score0.00804EPSS

Exploits1References1Affected Software1

OSV•added 2017/07/27 6:29 a.m.•17 views

CVE-2017-11682

Stored Cross-site scripting vulnerability in Hashtopussy 0.4.0 allows remote attackers to inject arbitrary web script or HTML via the 1 version, 2 url, or 3 rootdir parameter in hashcat.php...

6.1CVSS6.2AI score

Exploits0References1

OSV•added 2017/07/27 6:29 a.m.•11 views

CVE-2017-11680

Cross-Site Request Forgery CSRF exists in Hashtopussy 0.4.0, allowing an admin password change via users.php...

8.8CVSS7.2AI score

Exploits0References1

OSV•added 2017/07/27 6:29 a.m.•13 views

CVE-2017-11681

8.8CVSS6.9AI score

Exploits0References1

Cvelist•added 2017/07/27 6:0 a.m.•13 views

CVE-2017-11682

Stored Cross-site scripting vulnerability in Hashtopussy 0.4.0 allows remote attackers to inject arbitrary web script or HTML via the 1 version, 2 url, or 3 rootdir parameter in hashcat.php...

6.1AI score0.00804EPSS

Exploits1References1

CVE•added 2017/07/27 6:0 a.m.•42 views

CVE-2017-11680

In Hashtopussy 0.4.0, a Cross-Site Request Forgery (CSRF) vulnerability exists that enables an attacker to change the administrator password via the users.php endpoint. The issue is documented across multiple sources (CVE-2017-11680) with CVSS v3.0 base score 8.8 (HIGH) and CVSS v2.0 base score 6...

8.8CVSS8.9AI score0.00505EPSS

Exploits1References1Affected Software1

Cvelist•added 2017/07/27 6:0 a.m.•20 views

CVE-2017-11680

Cross-Site Request Forgery CSRF exists in Hashtopussy 0.4.0, allowing an admin password change via users.php...

9AI score0.00505EPSS

Exploits1References1

CVE•added 2017/07/27 6:0 a.m.•40 views

CVE-2017-11681

Hashtopussy 0.4.0 is affected by CVE-2017-11681, an Incorrect Access Control vulnerability where remote authenticated users can perform actions reserved for administrators (demonstrated via a createVoucher request to agents.php). No remediation details are provided in the connected documents; the...

8.8CVSS8.5AI score0.01209EPSS

Exploits1References1Affected Software1

CVE•added 2017/07/27 6:0 a.m.•40 views

CVE-2017-11682

Hashtopussy 0.4.0 contains a Stored Cross‑Site Scripting (XSS) vulnerability accessible through hashcat.php via the (1) version, (2) url, or (3) rootdir parameters. Affected software: Hashtopussy (0.4.0). Root cause: improper handling of input in hashcat.php allowing arbitrary web script or HTML ...

6.1CVSS6AI score0.00804EPSS

Exploits1References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by