MidnightBSD

Advisories for luca_deri

CVE-2000-0705 MEDIUM

ntop running in web mode allows remote attackers to read arbitrary files via a .. (dot dot) attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
luca_deri ntop 1.2a7_9
CVE-2000-0706 HIGH

Buffer overflows in ntop running in web mode allows remote attackers to execute arbitrary commands.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
luca_deri ntop 1.3.1
luca_deri ntop 1.2a7_9
CVE-2002-0412 HIGH

Format string vulnerability in TraceEvent function for ntop before 2.1 allows remote attackers to execute arbitrary code by causing format strings to be injected into calls to the syslog function, via (1) an HTTP GET request, (2) a user name in HTTP authentication, or (3) a password in HTTP authentication.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
luca_deri ntop 2.0
CVE-2005-3387 MEDIUM

The startup script in packages/RedHat/ntop.init in ntop before 3.2, when ntop.conf is writable by users besides root, creates temporary files insecurely, which allows remote attackers to execute arbitrary code.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
luca_deri ntop *