Published: 17/12/2015 Updated: 18/12/2015

CVSS v2 Base Score: 6 | Impact Score: 6.4 | Exploitability Score: 6.8

VMScore: 605

Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P

ntopng (aka ntop) prior to 2.2 allows remote authenticated users to change the login context and gain privileges via the user cookie and username parameter to admin/password_reset.lua.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ntop ntopng

Debian Bug report logs - #816190 ntopng: CVE-2015-8368 Package: src:ntopng; Maintainer for src:ntopng is Ludovico Cavedon <cavedon@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 28 Feb 2016 15:21:01 UTC Severity: grave Tags: fixed-upstream, patch, security, upstream Found in versions n ...

# Vulnerability title: ntop-ng <= 20151021 - Privilege Escalation # Author: Dolev Farhi # Contact: dolev at flareseccom # Vulnerable version: 20151021 # Fixed version: 22 # Link: ntoporg # Date 27112015 # CVE-2015-8368 # Product Details: ntopng is the next generation version of the original ntop, a network traffic probe that shows the ...

ntop-ng versions 20151021 and below suffer from a privilege escalation vulnerability ...

CWE-254 http://seclists.org/fulldisclosure/2015/Dec/10 http://packetstormsecurity.com/files/134593/ntop-ng-2.0.15102-Privilege-Escalation.html https://www.exploit-db.com/exploits/38836/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816190 https://nvd.nist.gov https://www.exploit-db.com/exploits/38836/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2015-8368

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect