VYPR

Ntop

by Ntop

CVEs (6)

  • CVE-2009-2732Aug 21, 2009
    risk 0.04cvss epss 0.07

    The checkHTTPpassword function in http.c in ntop 3.3.10 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an Authorization HTTP header that lacks a : (colon) character in the base64-decoded string.

  • CVE-2000-0705Oct 20, 2000
    risk 0.04cvss epss 0.08

    ntop running in web mode allows remote attackers to read arbitrary files via a .. (dot dot) attack.

  • CVE-2000-0706Oct 20, 2000
    risk 0.03cvss epss 0.06

    Buffer overflows in ntop running in web mode allows remote attackers to execute arbitrary commands.

  • CVE-2014-4165Jun 16, 2014
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in ntop allows remote attackers to inject arbitrary web script or HTML via the title parameter in a list action to plugins/rrdPlugin.

  • CVE-2005-3387Nov 1, 2005
    risk 0.00cvss epss 0.01

    The startup script in packages/RedHat/ntop.init in ntop before 3.2, when ntop.conf is writable by users besides root, creates temporary files insecurely, which allows remote attackers to execute arbitrary code.

  • CVE-2002-0412Aug 12, 2002
    risk 0.00cvss epss 0.04

    Format string vulnerability in TraceEvent function for ntop before 2.1 allows remote attackers to execute arbitrary code by causing format strings to be injected into calls to the syslog function, via (1) an HTTP GET request, (2) a user name in HTTP authentication, or (3) a…