Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
6 vulnerabilities by hashtopus_project
CVE-2017-11679 (GCVE-0-2017-11679)
Vulnerability from nvd – Published: 2017-07-27 06:00 – Updated: 2024-08-05 18:19
VLAI
EPSS
VEX
Summary
Cross-Site Request Forgery (CSRF) exists in Hashtopus 1.5g via the password parameter to admin.php in an a=config action.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/99984 | vdb-entryx_refsource_BID |
| https://github.com/curlyboi/hashtopus/issues/63 | x_refsource_MISC |
Date Public
2017-07-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:19:37.649Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "99984",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99984"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/curlyboi/hashtopus/issues/63"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) exists in Hashtopus 1.5g via the password parameter to admin.php in an a=config action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "99984",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99984"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/curlyboi/hashtopus/issues/63"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11679",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-Site Request Forgery (CSRF) exists in Hashtopus 1.5g via the password parameter to admin.php in an a=config action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99984",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99984"
},
{
"name": "https://github.com/curlyboi/hashtopus/issues/63",
"refsource": "MISC",
"url": "https://github.com/curlyboi/hashtopus/issues/63"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-11679",
"datePublished": "2017-07-27T06:00:00.000Z",
"dateReserved": "2017-07-26T00:00:00.000Z",
"dateUpdated": "2024-08-05T18:19:37.649Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-11678 (GCVE-0-2017-11678)
Vulnerability from nvd – Published: 2017-07-27 06:00 – Updated: 2024-08-05 18:19
VLAI
EPSS
VEX
Summary
SQL injection vulnerability in Hashtopus 1.5g allows remote authenticated users to execute arbitrary SQL commands via the format parameter in admin.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/curlyboi/hashtopus/issues/63 | x_refsource_MISC |
| http://www.securityfocus.com/bid/99982 | vdb-entryx_refsource_BID |
Date Public
2017-07-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:19:38.695Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/curlyboi/hashtopus/issues/63"
},
{
"name": "99982",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99982"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Hashtopus 1.5g allows remote authenticated users to execute arbitrary SQL commands via the format parameter in admin.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/curlyboi/hashtopus/issues/63"
},
{
"name": "99982",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99982"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11678",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Hashtopus 1.5g allows remote authenticated users to execute arbitrary SQL commands via the format parameter in admin.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/curlyboi/hashtopus/issues/63",
"refsource": "MISC",
"url": "https://github.com/curlyboi/hashtopus/issues/63"
},
{
"name": "99982",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99982"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-11678",
"datePublished": "2017-07-27T06:00:00.000Z",
"dateReserved": "2017-07-26T00:00:00.000Z",
"dateUpdated": "2024-08-05T18:19:38.695Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-11677 (GCVE-0-2017-11677)
Vulnerability from nvd – Published: 2017-07-27 06:00 – Updated: 2024-08-05 18:19
VLAI
EPSS
VEX
Summary
Cross-site scripting (XSS) vulnerability in Hashtopus 1.5g allows remote attackers to inject arbitrary web script or HTML via the query string to admin.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/99974 | vdb-entryx_refsource_BID |
| https://github.com/curlyboi/hashtopus/issues/63 | x_refsource_MISC |
Date Public
2017-07-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:19:38.413Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "99974",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99974"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/curlyboi/hashtopus/issues/63"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Hashtopus 1.5g allows remote attackers to inject arbitrary web script or HTML via the query string to admin.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "99974",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99974"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/curlyboi/hashtopus/issues/63"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11677",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Hashtopus 1.5g allows remote attackers to inject arbitrary web script or HTML via the query string to admin.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99974",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99974"
},
{
"name": "https://github.com/curlyboi/hashtopus/issues/63",
"refsource": "MISC",
"url": "https://github.com/curlyboi/hashtopus/issues/63"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-11677",
"datePublished": "2017-07-27T06:00:00.000Z",
"dateReserved": "2017-07-26T00:00:00.000Z",
"dateUpdated": "2024-08-05T18:19:38.413Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-11679 (GCVE-0-2017-11679)
Vulnerability from cvelistv5 – Published: 2017-07-27 06:00 – Updated: 2024-08-05 18:19
VLAI
EPSS
VEX
Summary
Cross-Site Request Forgery (CSRF) exists in Hashtopus 1.5g via the password parameter to admin.php in an a=config action.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/99984 | vdb-entryx_refsource_BID |
| https://github.com/curlyboi/hashtopus/issues/63 | x_refsource_MISC |
Date Public
2017-07-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:19:37.649Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "99984",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99984"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/curlyboi/hashtopus/issues/63"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) exists in Hashtopus 1.5g via the password parameter to admin.php in an a=config action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "99984",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99984"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/curlyboi/hashtopus/issues/63"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11679",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-Site Request Forgery (CSRF) exists in Hashtopus 1.5g via the password parameter to admin.php in an a=config action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99984",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99984"
},
{
"name": "https://github.com/curlyboi/hashtopus/issues/63",
"refsource": "MISC",
"url": "https://github.com/curlyboi/hashtopus/issues/63"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-11679",
"datePublished": "2017-07-27T06:00:00.000Z",
"dateReserved": "2017-07-26T00:00:00.000Z",
"dateUpdated": "2024-08-05T18:19:37.649Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-11677 (GCVE-0-2017-11677)
Vulnerability from cvelistv5 – Published: 2017-07-27 06:00 – Updated: 2024-08-05 18:19
VLAI
EPSS
VEX
Summary
Cross-site scripting (XSS) vulnerability in Hashtopus 1.5g allows remote attackers to inject arbitrary web script or HTML via the query string to admin.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/99974 | vdb-entryx_refsource_BID |
| https://github.com/curlyboi/hashtopus/issues/63 | x_refsource_MISC |
Date Public
2017-07-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:19:38.413Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "99974",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99974"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/curlyboi/hashtopus/issues/63"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Hashtopus 1.5g allows remote attackers to inject arbitrary web script or HTML via the query string to admin.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "99974",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99974"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/curlyboi/hashtopus/issues/63"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11677",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Hashtopus 1.5g allows remote attackers to inject arbitrary web script or HTML via the query string to admin.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99974",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99974"
},
{
"name": "https://github.com/curlyboi/hashtopus/issues/63",
"refsource": "MISC",
"url": "https://github.com/curlyboi/hashtopus/issues/63"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-11677",
"datePublished": "2017-07-27T06:00:00.000Z",
"dateReserved": "2017-07-26T00:00:00.000Z",
"dateUpdated": "2024-08-05T18:19:38.413Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-11678 (GCVE-0-2017-11678)
Vulnerability from cvelistv5 – Published: 2017-07-27 06:00 – Updated: 2024-08-05 18:19
VLAI
EPSS
VEX
Summary
SQL injection vulnerability in Hashtopus 1.5g allows remote authenticated users to execute arbitrary SQL commands via the format parameter in admin.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/curlyboi/hashtopus/issues/63 | x_refsource_MISC |
| http://www.securityfocus.com/bid/99982 | vdb-entryx_refsource_BID |
Date Public
2017-07-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:19:38.695Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/curlyboi/hashtopus/issues/63"
},
{
"name": "99982",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99982"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Hashtopus 1.5g allows remote authenticated users to execute arbitrary SQL commands via the format parameter in admin.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/curlyboi/hashtopus/issues/63"
},
{
"name": "99982",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99982"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11678",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Hashtopus 1.5g allows remote authenticated users to execute arbitrary SQL commands via the format parameter in admin.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/curlyboi/hashtopus/issues/63",
"refsource": "MISC",
"url": "https://github.com/curlyboi/hashtopus/issues/63"
},
{
"name": "99982",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99982"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-11678",
"datePublished": "2017-07-27T06:00:00.000Z",
"dateReserved": "2017-07-26T00:00:00.000Z",
"dateUpdated": "2024-08-05T18:19:38.695Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}