Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Monkey
(Monkey\-Project)| Repositories | https://github.com/monkey/monkey |
| #Vulnerabilities | 18 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2014-08-26 | CVE-2014-5336 | Monkey HTTP Server before 1.5.3, when the File Descriptor Table (FDT) is enabled and custom error messages are set, allows remote attackers to cause a denial of service (file descriptor consumption) via an HTTP request that triggers an error message. | Monkey | N/A | ||
| 2014-06-13 | CVE-2013-3843 | Stack-based buffer overflow in the mk_request_header_process function in mk_request.c in Monkey HTTP Daemon (monkeyd) before 1.2.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTTP header. | Monkey | N/A | ||
| 2013-08-01 | CVE-2013-3724 | The mk_request_header_process function in mk_request.c in Monkey 1.1.1 allows remote attackers to cause a denial of service (thread crash and service outage) via a '\0' character in an HTTP request. | Monkey | N/A | ||
| 2014-06-13 | CVE-2013-2182 | The Mandril security plugin in Monkey HTTP Daemon (monkeyd) before 1.5.0 allows remote attackers to bypass access restrictions via a crafted URI, as demonstrated by an encoded forward slash. | Monkey | N/A | ||
| 2013-07-29 | CVE-2013-2181 | Cross-site scripting (XSS) vulnerability in the Directory Listing plugin in Monkey HTTP Daemon (monkeyd) 1.2.2 allows attackers to inject arbitrary web script or HTML via a file name. | Monkey | N/A | ||
| 2014-06-13 | CVE-2013-2163 | Monkey HTTP Daemon (monkeyd) before 1.2.2 allows remote attackers to cause a denial of service (infinite loop) via an offset equal to the file size in the Range HTTP header. | Monkey | N/A | ||
| 2012-10-05 | CVE-2012-5303 | Monkey HTTP Daemon 0.9.3 might allow local users to overwrite arbitrary files via a symlink attack on a PID file, as demonstrated by a pathname different from the default /var/run/monkey.pid pathname. | Monkey | N/A | ||
| 2012-10-05 | CVE-2012-4443 | Monkey HTTP Daemon 0.9.3 uses a real UID of root and a real GID of root during execution of CGI scripts, which might allow local users to gain privileges by leveraging cgi-bin write access. | Monkey | N/A | ||
| 2012-10-05 | CVE-2012-4442 | Monkey HTTP Daemon 0.9.3 retains the supplementary group IDs of the root account during operations with a non-root effective UID, which might allow local users to bypass intended file-read restrictions by leveraging a race condition in a file-permission check. | Monkey | N/A | ||
| 2005-05-02 | CVE-2005-1123 | Monkey daemon (monkeyd) before 0.9.1 allows remote attackers to cause a denial of service (memory corruption) via a request for a zero byte file. | Monkey | N/A |