Vulnerabilities > Ntop > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-12-17 | CVE-2015-8368 | 7PK - Security Features vulnerability in Ntop Ntopng ntopng (aka ntop) before 2.2 allows remote authenticated users to change the login context and gain privileges via the user cookie and username parameter to admin/password_reset.lua. | 6.0 |
| 2014-09-08 | CVE-2014-5464 | Cross-Site Scripting vulnerability in Ntop Ntopng 1.1/1.2.0 Cross-site scripting (XSS) vulnerability in the nDPI traffic classification library in ntopng (aka ntop) before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host header. | 4.3 |
| 2014-06-19 | CVE-2014-4329 | Cross-Site Scripting vulnerability in Ntop Ntopng 1.1 Cross-site scripting (XSS) vulnerability in lua/host_details.lua in ntopng 1.1 allows remote attackers to inject arbitrary web script or HTML via the host parameter. | 4.3 |
| 2014-06-16 | CVE-2014-4165 | Cross-Site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in ntop allows remote attackers to inject arbitrary web script or HTML via the title parameter in a list action to plugins/rrdPlugin. | 4.3 |
| 2009-08-21 | CVE-2009-2732 | Buffer Errors vulnerability in Ntop 3.3.10 The checkHTTPpassword function in http.c in ntop 3.3.10 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an Authorization HTTP header that lacks a : (colon) character in the base64-decoded string. | 5.0 |