Vulnerabilities > CVE-2015-8368 - 7PK - Security Features vulnerability in Ntop Ntopng
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
ntopng (aka ntop) before 2.2 allows remote authenticated users to change the login context and gain privileges via the user cookie and username parameter to admin/password_reset.lua.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 4 |
Common Weakness Enumeration (CWE)
Exploit-Db
| description | ntop-ng <= 2.0.151021 - Privilege Escalation. CVE-2015-8368. Webapps exploits for multiple platform |
| file | exploits/multiple/webapps/38836.txt |
| id | EDB-ID:38836 |
| last seen | 2016-02-04 |
| modified | 2015-12-01 |
| platform | multiple |
| port | |
| published | 2015-12-01 |
| reporter | Dolev Farhi |
| source | https://www.exploit-db.com/download/38836/ |
| title | ntop-ng <= 2.0.151021 - Privilege Escalation |
| type | webapps |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/134593/ntopng20151021-escalate.txt |
| id | PACKETSTORM:134593 |
| last seen | 2016-12-05 |
| published | 2015-12-02 |
| reporter | Dolev Farhi |
| source | https://packetstormsecurity.com/files/134593/ntop-ng-2.0.15102-Privilege-Escalation.html |
| title | ntop-ng 2.0.15102 Privilege Escalation |
References
- http://packetstormsecurity.com/files/134593/ntop-ng-2.0.15102-Privilege-Escalation.html
- http://packetstormsecurity.com/files/134593/ntop-ng-2.0.15102-Privilege-Escalation.html
- http://seclists.org/fulldisclosure/2015/Dec/10
- http://seclists.org/fulldisclosure/2015/Dec/10
- https://www.exploit-db.com/exploits/38836/
- https://www.exploit-db.com/exploits/38836/