5 results (0.006 seconds)

CVSS: 5.0EPSS: 7%CPEs: 1EXPL: 1

The checkHTTPpassword function in http.c in ntop 3.3.10 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an Authorization HTTP header that lacks a : (colon) character in the base64-decoded string. La función checkHTTPpassword en http.c en ntop 3.3.10 y versiones anteriores permite a atacantes remotos provocar una denegación de servicio (referencia a un puntero nulo y caída del demonio) mediante una cabecera HTTP Authorization que carece de un caracter : (dos puntos) en la cadena base64-decoded. ntop versions 3.3.10 and below suffer from a basic authentication null pointer denial of service vulnerability. • https://www.exploit-db.com/exploits/33176 http://secunia.com/advisories/36403 http://www.mandriva.com/security/advisories?name=MDVSA-2010:181 http://www.securityfocus.com/archive/1/505862/100/0/threaded http://www.securityfocus.com/archive/1/505876/100/0/threaded http://www.vupen.com/english/advisories/2009/2317 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0

The startup script in packages/RedHat/ntop.init in ntop before 3.2, when ntop.conf is writable by users besides root, creates temporary files insecurely, which allows remote attackers to execute arbitrary code. • http://listgateway.unipi.it/pipermail/ntop-dev/2005-March/005296.html http://secunia.com/advisories/17382 http://www.securityfocus.com/bid/15242 http://www.vupen.com/english/advisories/2005/2251 •

CVSS: 7.5EPSS: 9%CPEs: 1EXPL: 0

Format string vulnerability in TraceEvent function for ntop before 2.1 allows remote attackers to execute arbitrary code by causing format strings to be injected into calls to the syslog function, via (1) an HTTP GET request, (2) a user name in HTTP authentication, or (3) a password in HTTP authentication. Vulnerabilidad de cadena de formato en la función TraceEvent para ntop anteriores a la 2.1 permite a atacantes remotos la ejecución de código arbitrario haciendo que la cadena del formato forme parte de las llamadas a la función syslog, mediante: una petición HTTP GET un nombre de usuario en la autenticación HTTP una contraseña en la autenticación HTTP. • http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0056.html http://listmanager.unipi.it/pipermail/ntop-dev/2002-February/000489.html http://marc.info/?l=bugtraq&m=101854261030453&w=2 http://marc.info/?l=bugtraq&m=101856541322245&w=2 http://marc.info/?l=bugtraq&m=101908224609740&w=2 http://online.securityfocus.com/archive/1/259642 http://snapshot.ntop.org http://www.iss.net/security_center/static/8347.php http://www.osvdb.org/5307 http://www.securityfocus. •

CVSS: 10.0EPSS: 2%CPEs: 2EXPL: 1

Buffer overflows in ntop running in web mode allows remote attackers to execute arbitrary commands. • https://www.exploit-db.com/exploits/20150 ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:36.ntop.asc http://www.debian.org/security/2000/20000830 http://www.osvdb.org/1513 http://www.securityfocus.com/bid/1576 •

CVSS: 5.0EPSS: 2%CPEs: 1EXPL: 3

ntop running in web mode allows remote attackers to read arbitrary files via a .. (dot dot) attack. • https://www.exploit-db.com/exploits/20143 http://archives.neohapsis.com/archives/bugtraq/2000-07/0459.html http://www.osvdb.org/1496 http://www.redhat.com/support/errata/RHSA-2000-049.html http://www.securityfocus.com/bid/1550 •