CVSS: 5.0EPSS: 7%CPEs: 1EXPL: 1CVE-2009-2732 – ntop 3.3.10 - HTTP Basic Authentication Null Pointer Dereference Denial of Service
https://notcve.org/view.php?id=CVE-2009-2732
The checkHTTPpassword function in http.c in ntop 3.3.10 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an Authorization HTTP header that lacks a : (colon) character in the base64-decoded string. La función checkHTTPpassword en http.c en ntop 3.3.10 y versiones anteriores permite a atacantes remotos provocar una denegación de servicio (referencia a un puntero nulo y caída del demonio) mediante una cabecera HTTP Authorization que carece de un caracter : (dos puntos) en la cadena base64-decoded. ntop versions 3.3.10 and below suffer from a basic authentication null pointer denial of service vulnerability. • https://www.exploit-db.com/exploits/33176 http://secunia.com/advisories/36403 http://www.mandriva.com/security/advisories?name=MDVSA-2010:181 http://www.securityfocus.com/archive/1/505862/100/0/threaded http://www.securityfocus.com/archive/1/505876/100/0/threaded http://www.vupen.com/english/advisories/2009/2317 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2005-3387
https://notcve.org/view.php?id=CVE-2005-3387
The startup script in packages/RedHat/ntop.init in ntop before 3.2, when ntop.conf is writable by users besides root, creates temporary files insecurely, which allows remote attackers to execute arbitrary code. • http://listgateway.unipi.it/pipermail/ntop-dev/2005-March/005296.html http://secunia.com/advisories/17382 http://www.securityfocus.com/bid/15242 http://www.vupen.com/english/advisories/2005/2251 •
CVSS: 7.5EPSS: 9%CPEs: 1EXPL: 0CVE-2002-0412
https://notcve.org/view.php?id=CVE-2002-0412
Format string vulnerability in TraceEvent function for ntop before 2.1 allows remote attackers to execute arbitrary code by causing format strings to be injected into calls to the syslog function, via (1) an HTTP GET request, (2) a user name in HTTP authentication, or (3) a password in HTTP authentication. Vulnerabilidad de cadena de formato en la función TraceEvent para ntop anteriores a la 2.1 permite a atacantes remotos la ejecución de código arbitrario haciendo que la cadena del formato forme parte de las llamadas a la función syslog, mediante: una petición HTTP GET un nombre de usuario en la autenticación HTTP una contraseña en la autenticación HTTP. • http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0056.html http://listmanager.unipi.it/pipermail/ntop-dev/2002-February/000489.html http://marc.info/?l=bugtraq&m=101854261030453&w=2 http://marc.info/?l=bugtraq&m=101856541322245&w=2 http://marc.info/?l=bugtraq&m=101908224609740&w=2 http://online.securityfocus.com/archive/1/259642 http://snapshot.ntop.org http://www.iss.net/security_center/static/8347.php http://www.osvdb.org/5307 http://www.securityfocus. •