CVSS: 4.3EPSS: 1%CPEs: 2EXPL: 6CVE-2014-5464 – ntopng 1.2.0 - Cross-Site Scripting Injection
https://notcve.org/view.php?id=CVE-2014-5464
Cross-site scripting (XSS) vulnerability in the nDPI traffic classification library in ntopng (aka ntop) before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host header. Vulnerabilidad de XSS en la libraría de la clasificación de trafico nDPI en ntopng (también conocido como ntop) anterior a 1.2.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de la cabecera HTTP Host. ntopng version 1.2.0 suffers from a cross site scripting vulnerability using monitored network traffic. • https://www.exploit-db.com/exploits/34419 http://osvdb.org/show/osvdb/110437 http://packetstormsecurity.com/files/127995/ntopng-1.2.0-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2014/Aug/65 http://seclists.org/fulldisclosure/2014/Sep/22 http://seclists.org/fulldisclosure/2014/Sep/28 http://secunia.com/advisories/60096 http://www.exploit-db.com/exploits/34419 http://www.ntop.org/ndpi/released-ndpi-1-5-1-and-ntopng-1-2-1 http://www.securityfocus.c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2014-4329 – Ntop-NG 1.1 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2014-4329
Cross-site scripting (XSS) vulnerability in lua/host_details.lua in ntopng 1.1 allows remote attackers to inject arbitrary web script or HTML via the host parameter. Vulnerabilidad de XSS en lua/host_details.lua en ntopng 1.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro host. Ntop-NG version 1.1 suffers from a reflective cross site scripting vulnerability. • http://packetstormsecurity.com/files/127329/Ntop-NG-1.1-Cross-Site-Scripting.html http://www.ntop.org/ndpi/released-ndpi-1-5-1-and-ntopng-1-2-1 http://www.securityfocus.com/bid/66456 https://exchange.xforce.ibmcloud.com/vulnerabilities/92135 https://svn.ntop.org/bugzilla/show_bug.cgi?id=379 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 2CVE-2014-4165
https://notcve.org/view.php?id=CVE-2014-4165
Cross-site scripting (XSS) vulnerability in ntop allows remote attackers to inject arbitrary web script or HTML via the title parameter in a list action to plugins/rrdPlugin. Vulnerabilidad de XSS en ntop permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro title en una acción list en plugins/rrdPlugin. • http://advisories.mageia.org/MGASA-2015-0168.html http://lists.opensuse.org/opensuse-updates/2015-04/msg00029.html http://packetstormsecurity.com/files/127043/ntop-xss.txt http://www.mandriva.com/security/advisories?name=MDVSA-2015:216 http://www.securityfocus.com/bid/68002 http://www.securitytracker.com/id/1030437 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 7%CPEs: 1EXPL: 1CVE-2009-2732 – ntop 3.3.10 - HTTP Basic Authentication Null Pointer Dereference Denial of Service
https://notcve.org/view.php?id=CVE-2009-2732
The checkHTTPpassword function in http.c in ntop 3.3.10 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an Authorization HTTP header that lacks a : (colon) character in the base64-decoded string. La función checkHTTPpassword en http.c en ntop 3.3.10 y versiones anteriores permite a atacantes remotos provocar una denegación de servicio (referencia a un puntero nulo y caída del demonio) mediante una cabecera HTTP Authorization que carece de un caracter : (dos puntos) en la cadena base64-decoded. ntop versions 3.3.10 and below suffer from a basic authentication null pointer denial of service vulnerability. • https://www.exploit-db.com/exploits/33176 http://secunia.com/advisories/36403 http://www.mandriva.com/security/advisories?name=MDVSA-2010:181 http://www.securityfocus.com/archive/1/505862/100/0/threaded http://www.securityfocus.com/archive/1/505876/100/0/threaded http://www.vupen.com/english/advisories/2009/2317 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •