Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

ntop ntop - vulnerabilities and exploits

(subscribe to this query)
5
CVSSv2
CVE-2009-2732
The checkHTTPpassword function in http.c in ntop 3.3.10 and previous versions allows remote malicious users to cause a denial of service (NULL pointer dereference and daemon crash) via an Authorization HTTP header that lacks a : (colon) character in the base64-decoded string.
Ntop Ntop
4.3
CVSSv2
CVE-2014-5464
Cross-site scripting (XSS) vulnerability in the nDPI traffic classification library in ntopng (aka ntop) prior to 1.2.1 allows remote malicious users to inject arbitrary web script or HTML via the HTTP Host header.
Ntop Ntopng 1.1Ntop Ntopng
10
CVSSv2
CVE-2000-0706
Buffer overflows in ntop running in web mode allows remote malicious users to execute arbitrary commands.
Luca Deri Ntop 1.2a7 9Luca Deri Ntop 1.3.1
4.3
CVSSv2
CVE-2014-4165
Cross-site scripting (XSS) vulnerability in ntop allows remote malicious users to inject arbitrary web script or HTML via the title parameter in a list action to plugins/rrdPlugin.
Opensuse Opensuse 13.1Opensuse Opensuse 13.2Ntop Ntop -
6.4
CVSSv2
CVE-2020-15473
In nDPI up to and including 3.2, the OpenVPN dissector is vulnerable to a heap-based buffer over-read in ndpi_search_openvpn in lib/protocols/openvpn.c.
Ntop Ndpi
6.4
CVSSv2
CVE-2020-15471
In nDPI up to and including 3.2, the packet parsing code is vulnerable to a heap-based buffer over-read in ndpi_parse_packet_line_info in lib/ndpi_main.c.
Ntop Ndpi
6.8
CVSSv2
CVE-2017-5473
Cross-site request forgery (CSRF) vulnerability in ntopng up to and including 2.4 allows remote malicious users to hijack the authentication of arbitrary users, as demonstrated by admin/add_user.lua, admin/change_user_prefs.lua, admin/delete_user.lua, and admin/password_reset.lua...
Ntop Ntopng
6.8
CVSSv2
CVE-2018-12520
An issue exists in ntopng 3.4 prior to 3.4.180617. The PRNG involved in the generation of session IDs is not seeded at program startup. This results in deterministic session IDs being allocated for active user sessions. An attacker with foreknowledge of the operating system and s...
Ntop Ntopng
5
CVSSv2
CVE-2017-7459
ntopng prior to 3.0 allows HTTP Response Splitting.
Ntop Ntopng
4.3
CVSSv2
CVE-2017-7416
ntopng prior to 3.0 allows XSS because GET and POST parameters are improperly validated.
Ntop Ntopng
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925CVE-2023-41826LFICVE-2022-22364CVE-2024-2887command injectionremote code executionCVE-2024-34446CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook