CVE-2000-0706

ntop - Remote Code Execution via Buffer Overflow in Web Mode

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2000-0706. PoCs published by anonymous.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in ntop-1.2a1 when running in web mode (-w). It crafts a malicious HTTP GET request with NOP sleds and shellcode to execute arbitrary commands, potentially granting remote root access if ntop is run as root.

Description

Buffer overflows in ntop running in web mode allows remote attackers to execute arbitrary commands.

Exploits (1)

exploitdb WORKING POC VERIFIED
by anonymous · cremoteunix
https://www.exploit-db.com/exploits/20150

This exploit targets a buffer overflow vulnerability in ntop-1.2a1 when running in web mode (-w). It crafts a malicious HTTP GET request with NOP sleds and shellcode to execute arbitrary commands, potentially granting remote root access if ntop is run as root.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: ntop-1.2a1
No auth needed
Prerequisites: ntop-1.2a1 running in web mode (-w) · network access to the target port
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/1576
Vendor Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2000/20000830
Various Sources vendor-advisory x_refsource_freebsd
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:36.ntop.asc
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/1513

Scores

EPSS 0.0586
EPSS Percentile 92.2%

Details

Status published
Products (2)
luca_deri/ntop 1.2a7_9
luca_deri/ntop 1.3.1
Published Oct 20, 2000
Tracked Since Feb 18, 2026