Vulnerabilities (CVE)

Filtered by vendor Monkey-project Subscribe
Filtered by product Monkey
Total 20 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-2159 1 Monkey-project 1 Monkey 2024-02-28 7.5 HIGH 9.8 CRITICAL
Monkey HTTP Daemon: broken user name authentication
CVE-2013-1771 1 Monkey-project 1 Monkey 2024-02-28 5.0 MEDIUM 7.5 HIGH
The web server Monkeyd produces a world-readable log (/var/log/monkeyd/master.log) on gentoo.
CVE-2013-2183 1 Monkey-project 1 Monkey 2024-02-28 3.6 LOW 7.1 HIGH
Monkey HTTP Daemon has local security bypass
CVE-2013-3843 1 Monkey-project 1 Monkey 2024-02-28 6.8 MEDIUM N/A
Stack-based buffer overflow in the mk_request_header_process function in mk_request.c in Monkey HTTP Daemon (monkeyd) before 1.2.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTTP header.
CVE-2014-5336 1 Monkey-project 1 Monkey 2024-02-28 4.3 MEDIUM N/A
Monkey HTTP Server before 1.5.3, when the File Descriptor Table (FDT) is enabled and custom error messages are set, allows remote attackers to cause a denial of service (file descriptor consumption) via an HTTP request that triggers an error message.
CVE-2013-2182 1 Monkey-project 1 Monkey 2024-02-28 5.8 MEDIUM N/A
The Mandril security plugin in Monkey HTTP Daemon (monkeyd) before 1.5.0 allows remote attackers to bypass access restrictions via a crafted URI, as demonstrated by an encoded forward slash.
CVE-2013-2163 1 Monkey-project 1 Monkey 2024-02-28 5.0 MEDIUM N/A
Monkey HTTP Daemon (monkeyd) before 1.2.2 allows remote attackers to cause a denial of service (infinite loop) via an offset equal to the file size in the Range HTTP header.
CVE-2012-4442 1 Monkey-project 1 Monkey 2024-02-28 4.7 MEDIUM N/A
Monkey HTTP Daemon 0.9.3 retains the supplementary group IDs of the root account during operations with a non-root effective UID, which might allow local users to bypass intended file-read restrictions by leveraging a race condition in a file-permission check.
CVE-2013-2181 1 Monkey-project 1 Monkey 2024-02-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Directory Listing plugin in Monkey HTTP Daemon (monkeyd) 1.2.2 allows attackers to inject arbitrary web script or HTML via a file name.
CVE-2012-4443 1 Monkey-project 1 Monkey 2024-02-28 6.9 MEDIUM N/A
Monkey HTTP Daemon 0.9.3 uses a real UID of root and a real GID of root during execution of CGI scripts, which might allow local users to gain privileges by leveraging cgi-bin write access.
CVE-2013-3724 1 Monkey-project 1 Monkey 2024-02-28 5.0 MEDIUM N/A
The mk_request_header_process function in mk_request.c in Monkey 1.1.1 allows remote attackers to cause a denial of service (thread crash and service outage) via a '\0' character in an HTTP request.
CVE-2012-5303 1 Monkey-project 1 Monkey 2024-02-28 6.9 MEDIUM N/A
Monkey HTTP Daemon 0.9.3 might allow local users to overwrite arbitrary files via a symlink attack on a PID file, as demonstrated by a pathname different from the default /var/run/monkey.pid pathname.
CVE-2005-1122 1 Monkey-project 1 Monkey 2024-02-28 7.5 HIGH N/A
Format string vulnerability in cgi.c for Monkey daemon (monkeyd) before 0.9.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an HTTP GET request containing double-encoded format string specifiers (aka "double expansion error").
CVE-2005-1123 1 Monkey-project 1 Monkey 2024-02-28 5.0 MEDIUM N/A
Monkey daemon (monkeyd) before 0.9.1 allows remote attackers to cause a denial of service (memory corruption) via a request for a zero byte file.
CVE-2002-1663 1 Monkey-project 1 Monkey 2024-02-28 5.0 MEDIUM N/A
The Post_Method function in method.c for Monkey HTTP Daemon before 0.5.1 allows remote attackers to cause a denial of service (crash) via a POST request with an invalid or missing Content-Length header value.
CVE-2004-0276 1 Monkey-project 1 Monkey 2024-02-28 5.0 MEDIUM N/A
The get_real_string function in Monkey HTTP Daemon (monkeyd) 0.8.1 and earlier allows remote attackers to cause a denial of service (crash) via an HTTP request with a sequence of "%" characters and a missing Host field.
CVE-2003-1209 1 Monkey-project 1 Monkey 2024-02-28 5.0 MEDIUM N/A
The Post_Method function in Monkey HTTP Daemon before 0.6.2 allows remote attackers to cause a denial of service (crash) via a POST request without a Content-Type header.
CVE-2003-0218 1 Monkey-project 1 Monkey 2024-02-28 7.5 HIGH N/A
Buffer overflow in PostMethod() function for Monkey HTTP Daemon (monkeyd) 0.6.1 and earlier allows remote attackers to execute arbitrary code via a POST request with a large body.
CVE-2002-2154 1 Monkey-project 1 Monkey 2024-02-28 5.0 MEDIUM N/A
Directory traversal vulnerability in Monkey HTTP Daemon 0.1.4 allows remote attackers to read arbitrary files via .. (dot dot) sequences.
CVE-2002-1852 1 Monkey-project 1 Monkey 2024-02-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Monkey 0.5.0 allows remote attackers to inject arbitrary web script or HTML via (1) the URL or (2) a parameter to test2.pl.