CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 2CVE-2014-4165
https://notcve.org/view.php?id=CVE-2014-4165
Cross-site scripting (XSS) vulnerability in ntop allows remote attackers to inject arbitrary web script or HTML via the title parameter in a list action to plugins/rrdPlugin. Vulnerabilidad de XSS en ntop permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro title en una acción list en plugins/rrdPlugin. • http://advisories.mageia.org/MGASA-2015-0168.html http://lists.opensuse.org/opensuse-updates/2015-04/msg00029.html http://packetstormsecurity.com/files/127043/ntop-xss.txt http://www.mandriva.com/security/advisories?name=MDVSA-2015:216 http://www.securityfocus.com/bid/68002 http://www.securitytracker.com/id/1030437 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 7%CPEs: 1EXPL: 1CVE-2009-2732 – ntop 3.3.10 - HTTP Basic Authentication Null Pointer Dereference Denial of Service
https://notcve.org/view.php?id=CVE-2009-2732
The checkHTTPpassword function in http.c in ntop 3.3.10 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an Authorization HTTP header that lacks a : (colon) character in the base64-decoded string. La función checkHTTPpassword en http.c en ntop 3.3.10 y versiones anteriores permite a atacantes remotos provocar una denegación de servicio (referencia a un puntero nulo y caída del demonio) mediante una cabecera HTTP Authorization que carece de un caracter : (dos puntos) en la cadena base64-decoded. ntop versions 3.3.10 and below suffer from a basic authentication null pointer denial of service vulnerability. • https://www.exploit-db.com/exploits/33176 http://secunia.com/advisories/36403 http://www.mandriva.com/security/advisories?name=MDVSA-2010:181 http://www.securityfocus.com/archive/1/505862/100/0/threaded http://www.securityfocus.com/archive/1/505876/100/0/threaded http://www.vupen.com/english/advisories/2009/2317 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •