hashtopolis/server

hashtopolis/server

hashtopolis.org

Releases41

Frequency2 months 3 weeks

Last Release 9 days ago

Stars1.76K

Hashtopolis - distributed password cracking with Hashcat

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2017-11680 ↗	Jul 27, 2017Thursday, 27 July 2017, 06:29	—	6.8 MEDIUM
Cross-Site Request Forgery (CSRF) exists in Hashtopussy 0.4.0, allowing an admin password change via users.php.
CVE-2017-11681 ↗	Jul 27, 2017Thursday, 27 July 2017, 06:29	—	6.5 MEDIUM
Incorrect Access Control vulnerability in Hashtopussy 0.4.0 allows remote authenticated users to execute actions that should only be available for administrative roles, as demonstrated by an action=createVoucher request to agents.php.
CVE-2017-11682 ↗	Jul 27, 2017Thursday, 27 July 2017, 06:29	6.1 MEDIUM	4.3 MEDIUM
Stored Cross-site scripting vulnerability in Hashtopussy 0.4.0 allows remote attackers to inject arbitrary web script or HTML via the (1) version, (2) url, or (3) rootdir parameter in hashcat.php.