Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ntop vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2017-7458
The NetworkInterface::getHost function in NetworkInterface.cpp in ntopng prior to 3.0 allows remote malicious users to cause a denial of service (NULL pointer dereference and application crash) via an empty field that should have contained a hostname or IP address.
Ntop Ntopng
383
VMScore
CVE-2017-7416
ntopng prior to 3.0 allows XSS because GET and POST parameters are improperly validated.
Ntop Ntopng
445
VMScore
CVE-2017-7459
ntopng prior to 3.0 allows HTTP Response Splitting.
Ntop Ntopng
685
VMScore
CVE-2017-5473
Cross-site request forgery (CSRF) vulnerability in ntopng up to and including 2.4 allows remote malicious users to hijack the authentication of arbitrary users, as demonstrated by admin/add_user.lua, admin/change_user_prefs.lua, admin/delete_user.lua, and admin/password_reset.lua...
Ntop Ntopng
1 EDB exploit
605
VMScore
CVE-2015-8368
ntopng (aka ntop) prior to 2.2 allows remote authenticated users to change the login context and gain privileges via the user cookie and username parameter to admin/password_reset.lua.
Ntop Ntopng
1 EDB exploit
435
VMScore
CVE-2014-5464
Cross-site scripting (XSS) vulnerability in the nDPI traffic classification library in ntopng (aka ntop) prior to 1.2.1 allows remote malicious users to inject arbitrary web script or HTML via the HTTP Host header.
Ntop Ntopng 1.1
Ntop Ntopng
1 EDB exploit
383
VMScore
CVE-2014-4329
Cross-site scripting (XSS) vulnerability in lua/host_details.lua in ntopng 1.1 allows remote malicious users to inject arbitrary web script or HTML via the host parameter.
Ntop Ntopng 1.1
383
VMScore
CVE-2014-4165
Cross-site scripting (XSS) vulnerability in ntop allows remote malicious users to inject arbitrary web script or HTML via the title parameter in a list action to plugins/rrdPlugin.
Opensuse Opensuse 13.1
Opensuse Opensuse 13.2
Ntop Ntop -
505
VMScore
CVE-2009-2732
The checkHTTPpassword function in http.c in ntop 3.3.10 and previous versions allows remote malicious users to cause a denial of service (NULL pointer dereference and daemon crash) via an Authorization HTTP header that lacks a : (colon) character in the base64-decoded string.
Ntop Ntop
1 EDB exploit
409
VMScore
CVE-2005-3387
The startup script in packages/RedHat/ntop.init in ntop prior to 3.2, when ntop.conf is writable by users besides root, creates temporary files insecurely, which allows remote malicious users to execute arbitrary code.
Luca Deri Ntop
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »