Shodan
Vulnerabilities
Vulnerable Software
Ntop:  Security Vulnerabilities
CVE-2017-7458
The NetworkInterface::getHost function in NetworkInterface.cpp in ntopng before 3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty field that should have contained a hostname or IP address.
CVSS Score
7.5
EPSS Score
0.005
Published
2017-06-26
CVE-2017-7416
ntopng before 3.0 allows XSS because GET and POST parameters are improperly validated.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-06-26
CVE-2017-7459
ntopng before 3.0 allows HTTP Response Splitting.
CVSS Score
7.5
EPSS Score
0.002
Published
2017-06-26
CVE-2017-5473
Cross-site request forgery (CSRF) vulnerability in ntopng through 2.4 allows remote attackers to hijack the authentication of arbitrary users, as demonstrated by admin/add_user.lua, admin/change_user_prefs.lua, admin/delete_user.lua, and admin/password_reset.lua.
CVSS Score
8.8
EPSS Score
0.001
Published
2017-01-14
CVE-2015-8368
ntopng (aka ntop) before 2.2 allows remote authenticated users to change the login context and gain privileges via the user cookie and username parameter to admin/password_reset.lua.
CVSS Score
6.0
EPSS Score
0.032
Published
2015-12-17
CVE-2014-5464
Cross-site scripting (XSS) vulnerability in the nDPI traffic classification library in ntopng (aka ntop) before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host header.
CVSS Score
4.3
EPSS Score
0.274
Published
2014-09-08
CVE-2014-4329
Cross-site scripting (XSS) vulnerability in lua/host_details.lua in ntopng 1.1 allows remote attackers to inject arbitrary web script or HTML via the host parameter.
CVSS Score
4.3
EPSS Score
0.003
Published
2014-06-19
CVE-2014-4165
Cross-site scripting (XSS) vulnerability in ntop allows remote attackers to inject arbitrary web script or HTML via the title parameter in a list action to plugins/rrdPlugin.
CVSS Score
4.3
EPSS Score
0.004
Published
2014-06-16
CVE-2009-2732
The checkHTTPpassword function in http.c in ntop 3.3.10 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an Authorization HTTP header that lacks a : (colon) character in the base64-decoded string.
CVSS Score
5.0
EPSS Score
0.05
Published
2009-08-21


Products
Pricing
Contact Us

Shodan ® - All rights reserved