CVSS: 5.0EPSS: 7%CPEs: 1EXPL: 1CVE-2009-2732 – ntop 3.3.10 - HTTP Basic Authentication Null Pointer Dereference Denial of Service
https://notcve.org/view.php?id=CVE-2009-2732
The checkHTTPpassword function in http.c in ntop 3.3.10 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an Authorization HTTP header that lacks a : (colon) character in the base64-decoded string. La función checkHTTPpassword en http.c en ntop 3.3.10 y versiones anteriores permite a atacantes remotos provocar una denegación de servicio (referencia a un puntero nulo y caída del demonio) mediante una cabecera HTTP Authorization que carece de un caracter : (dos puntos) en la cadena base64-decoded. ntop versions 3.3.10 and below suffer from a basic authentication null pointer denial of service vulnerability. • https://www.exploit-db.com/exploits/33176 http://secunia.com/advisories/36403 http://www.mandriva.com/security/advisories?name=MDVSA-2010:181 http://www.securityfocus.com/archive/1/505862/100/0/threaded http://www.securityfocus.com/archive/1/505876/100/0/threaded http://www.vupen.com/english/advisories/2009/2317 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2005-3387
https://notcve.org/view.php?id=CVE-2005-3387
The startup script in packages/RedHat/ntop.init in ntop before 3.2, when ntop.conf is writable by users besides root, creates temporary files insecurely, which allows remote attackers to execute arbitrary code. • http://listgateway.unipi.it/pipermail/ntop-dev/2005-March/005296.html http://secunia.com/advisories/17382 http://www.securityfocus.com/bid/15242 http://www.vupen.com/english/advisories/2005/2251 •
CVSS: 10.0EPSS: 2%CPEs: 2EXPL: 1CVE-2000-0706 – Luca Deri ntop 1.2 a7-9/1.3.1 - Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2000-0706
Buffer overflows in ntop running in web mode allows remote attackers to execute arbitrary commands. • https://www.exploit-db.com/exploits/20150 ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:36.ntop.asc http://www.debian.org/security/2000/20000830 http://www.osvdb.org/1513 http://www.securityfocus.com/bid/1576 •
CVSS: 5.0EPSS: 2%CPEs: 1EXPL: 3CVE-2000-0705 – Luca Deri ntop 1.2 a7-9 - Unauthorized File Retrieval
https://notcve.org/view.php?id=CVE-2000-0705
ntop running in web mode allows remote attackers to read arbitrary files via a .. (dot dot) attack. • https://www.exploit-db.com/exploits/20143 http://archives.neohapsis.com/archives/bugtraq/2000-07/0459.html http://www.osvdb.org/1496 http://www.redhat.com/support/errata/RHSA-2000-049.html http://www.securityfocus.com/bid/1550 •