Product:

Monkey

(Monkey\-Project)
Repositories https://github.com/monkey/monkey
#Vulnerabilities 18
Date Id Summary Products Score Patch Annotated
2012-10-05 CVE-2012-4442 Monkey HTTP Daemon 0.9.3 retains the supplementary group IDs of the root account during operations with a non-root effective UID, which might allow local users to bypass intended file-read restrictions by leveraging a race condition in a file-permission check. Monkey N/A
2005-05-02 CVE-2005-1123 Monkey daemon (monkeyd) before 0.9.1 allows remote attackers to cause a denial of service (memory corruption) via a request for a zero byte file. Monkey N/A
2005-04-14 CVE-2005-1122 Format string vulnerability in cgi.c for Monkey daemon (monkeyd) before 0.9.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an HTTP GET request containing double-encoded format string specifiers (aka "double expansion error"). Monkey N/A
2004-11-23 CVE-2004-0276 The get_real_string function in Monkey HTTP Daemon (monkeyd) 0.8.1 and earlier allows remote attackers to cause a denial of service (crash) via an HTTP request with a sequence of "%" characters and a missing Host field. Monkey N/A
2003-12-31 CVE-2003-1209 The Post_Method function in Monkey HTTP Daemon before 0.6.2 allows remote attackers to cause a denial of service (crash) via a POST request without a Content-Type header. Monkey N/A
2003-05-12 CVE-2003-0218 Buffer overflow in PostMethod() function for Monkey HTTP Daemon (monkeyd) 0.6.1 and earlier allows remote attackers to execute arbitrary code via a POST request with a large body. Monkey N/A
2002-12-31 CVE-2002-2154 Directory traversal vulnerability in Monkey HTTP Daemon 0.1.4 allows remote attackers to read arbitrary files via .. (dot dot) sequences. Monkey N/A
2002-12-31 CVE-2002-1852 Cross-site scripting (XSS) vulnerability in Monkey 0.5.0 allows remote attackers to inject arbitrary web script or HTML via (1) the URL or (2) a parameter to test2.pl. Monkey N/A
2002-12-31 CVE-2002-1663 The Post_Method function in method.c for Monkey HTTP Daemon before 0.5.1 allows remote attackers to cause a denial of service (crash) via a POST request with an invalid or missing Content-Length header value. Monkey N/A
2019-11-07 CVE-2013-1771 The web server Monkeyd produces a world-readable log (/var/log/monkeyd/master.log) on gentoo. Monkey N/A