Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

ntop ntopng vulnerabilities and exploits

(subscribe to this query)
6.8
CVSSv2
CVE-2018-12520
An issue exists in ntopng 3.4 prior to 3.4.180617. The PRNG involved in the generation of session IDs is not seeded at program startup. This results in deterministic session IDs being allocated for active user sessions. An attacker with foreknowledge of the operating system and s...
Ntop Ntopng
5
CVSSv2
CVE-2017-7458
The NetworkInterface::getHost function in NetworkInterface.cpp in ntopng prior to 3.0 allows remote malicious users to cause a denial of service (NULL pointer dereference and application crash) via an empty field that should have contained a hostname or IP address.
Ntop Ntopng
4.3
CVSSv2
CVE-2017-7416
ntopng prior to 3.0 allows XSS because GET and POST parameters are improperly validated.
Ntop Ntopng
5
CVSSv2
CVE-2017-7459
ntopng prior to 3.0 allows HTTP Response Splitting.
Ntop Ntopng
6.8
CVSSv2
CVE-2017-5473
Cross-site request forgery (CSRF) vulnerability in ntopng up to and including 2.4 allows remote malicious users to hijack the authentication of arbitrary users, as demonstrated by admin/add_user.lua, admin/change_user_prefs.lua, admin/delete_user.lua, and admin/password_reset.lua...
Ntop Ntopng
6
CVSSv2
CVE-2015-8368
ntopng (aka ntop) prior to 2.2 allows remote authenticated users to change the login context and gain privileges via the user cookie and username parameter to admin/password_reset.lua.
Ntop Ntopng
4.3
CVSSv2
CVE-2014-5464
Cross-site scripting (XSS) vulnerability in the nDPI traffic classification library in ntopng (aka ntop) prior to 1.2.1 allows remote malicious users to inject arbitrary web script or HTML via the HTTP Host header.
Ntop Ntopng 1.1Ntop Ntopng
4.3
CVSSv2
CVE-2014-4329
Cross-site scripting (XSS) vulnerability in lua/host_details.lua in ntopng 1.1 allows remote malicious users to inject arbitrary web script or HTML via the host parameter.
Ntop Ntopng 1.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-21111CVE-2024-32884IDORCVE-2023-1000CVE-2024-33260CVE-2024-3682reflected XSSrace conditionCVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook