Ntop
by Ntop
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2009-2732 | 0.04 | — | 0.07 | Aug 21, 2009 | The checkHTTPpassword function in http.c in ntop 3.3.10 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an Authorization HTTP header that lacks a : (colon) character in the base64-decoded string. | |||
| CVE-2000-0705 | 0.04 | — | 0.08 | Oct 20, 2000 | ntop running in web mode allows remote attackers to read arbitrary files via a .. (dot dot) attack. | |||
| CVE-2000-0706 | 0.03 | — | 0.06 | Oct 20, 2000 | Buffer overflows in ntop running in web mode allows remote attackers to execute arbitrary commands. | |||
| CVE-2014-4165 | 0.00 | — | 0.02 | Jun 16, 2014 | Cross-site scripting (XSS) vulnerability in ntop allows remote attackers to inject arbitrary web script or HTML via the title parameter in a list action to plugins/rrdPlugin. | |||
| CVE-2005-3387 | 0.00 | — | 0.01 | Nov 1, 2005 | The startup script in packages/RedHat/ntop.init in ntop before 3.2, when ntop.conf is writable by users besides root, creates temporary files insecurely, which allows remote attackers to execute arbitrary code. | |||
| CVE-2002-0412 | 0.00 | — | 0.04 | Aug 12, 2002 | Format string vulnerability in TraceEvent function for ntop before 2.1 allows remote attackers to execute arbitrary code by causing format strings to be injected into calls to the syslog function, via (1) an HTTP GET request, (2) a user name in HTTP authentication, or (3) a… |
- CVE-2009-2732Aug 21, 2009risk 0.04cvss —epss 0.07
The checkHTTPpassword function in http.c in ntop 3.3.10 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an Authorization HTTP header that lacks a : (colon) character in the base64-decoded string.
- CVE-2000-0705Oct 20, 2000risk 0.04cvss —epss 0.08
ntop running in web mode allows remote attackers to read arbitrary files via a .. (dot dot) attack.
- CVE-2000-0706Oct 20, 2000risk 0.03cvss —epss 0.06
Buffer overflows in ntop running in web mode allows remote attackers to execute arbitrary commands.
- CVE-2014-4165Jun 16, 2014risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in ntop allows remote attackers to inject arbitrary web script or HTML via the title parameter in a list action to plugins/rrdPlugin.
- CVE-2005-3387Nov 1, 2005risk 0.00cvss —epss 0.01
The startup script in packages/RedHat/ntop.init in ntop before 3.2, when ntop.conf is writable by users besides root, creates temporary files insecurely, which allows remote attackers to execute arbitrary code.
- CVE-2002-0412Aug 12, 2002risk 0.00cvss —epss 0.04
Format string vulnerability in TraceEvent function for ntop before 2.1 allows remote attackers to execute arbitrary code by causing format strings to be injected into calls to the syslog function, via (1) an HTTP GET request, (2) a user name in HTTP authentication, or (3) a…