VYPR

Monkey HTTP Daemon

by Mw Wp Form Project

Source repositories

CVEs (12)

  • CVE-2013-3843Jun 13, 2014
    risk 0.05cvss epss 0.20

    Stack-based buffer overflow in the mk_request_header_process function in mk_request.c in Monkey HTTP Daemon (monkeyd) before 1.2.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTTP header.

  • CVE-2002-2154Dec 31, 2002
    risk 0.04cvss epss 0.08

    Directory traversal vulnerability in Monkey HTTP Daemon 0.1.4 allows remote attackers to read arbitrary files via .. (dot dot) sequences.

  • CVE-2004-0276Nov 23, 2004
    risk 0.03cvss epss 0.04

    The get_real_string function in Monkey HTTP Daemon (monkeyd) 0.8.1 and earlier allows remote attackers to cause a denial of service (crash) via an HTTP request with a sequence of "%" characters and a missing Host field.

  • CVE-2002-1663Dec 31, 2002
    risk 0.03cvss epss 0.04

    The Post_Method function in method.c for Monkey HTTP Daemon before 0.5.1 allows remote attackers to cause a denial of service (crash) via a POST request with an invalid or missing Content-Length header value.

  • CVE-2013-2159Dec 10, 2019
    risk 0.00cvss epss 0.03

    Monkey HTTP Daemon: broken user name authentication

  • CVE-2013-2182Jun 13, 2014
    risk 0.00cvss epss 0.06

    The Mandril security plugin in Monkey HTTP Daemon (monkeyd) before 1.5.0 allows remote attackers to bypass access restrictions via a crafted URI, as demonstrated by an encoded forward slash.

  • CVE-2013-2163Jun 13, 2014
    risk 0.00cvss epss 0.03

    Monkey HTTP Daemon (monkeyd) before 1.2.2 allows remote attackers to cause a denial of service (infinite loop) via an offset equal to the file size in the Range HTTP header.

  • CVE-2013-2181Jul 29, 2013
    risk 0.00cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in the Directory Listing plugin in Monkey HTTP Daemon (monkeyd) 1.2.2 allows attackers to inject arbitrary web script or HTML via a file name.

  • CVE-2012-5303Oct 5, 2012
    risk 0.00cvss epss 0.00

    Monkey HTTP Daemon 0.9.3 might allow local users to overwrite arbitrary files via a symlink attack on a PID file, as demonstrated by a pathname different from the default /var/run/monkey.pid pathname.

  • CVE-2012-4443Oct 5, 2012
    risk 0.00cvss epss 0.00

    Monkey HTTP Daemon 0.9.3 uses a real UID of root and a real GID of root during execution of CGI scripts, which might allow local users to gain privileges by leveraging cgi-bin write access.

  • CVE-2003-1209Dec 31, 2003
    risk 0.00cvss epss 0.02

    The Post_Method function in Monkey HTTP Daemon before 0.6.2 allows remote attackers to cause a denial of service (crash) via a POST request without a Content-Type header.

  • CVE-2003-0218May 12, 2003
    risk 0.00cvss epss 0.05

    Buffer overflow in PostMethod() function for Monkey HTTP Daemon (monkeyd) 0.6.1 and earlier allows remote attackers to execute arbitrary code via a POST request with a large body.