Monkey
Source repositories
CVEs (29)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-2163 | 0.00 | — | 0.03 | Jun 13, 2014 | Monkey HTTP Daemon (monkeyd) before 1.2.2 allows remote attackers to cause a denial of service (infinite loop) via an offset equal to the file size in the Range HTTP header. | |||
| CVE-2013-2181 | 0.00 | — | 0.03 | Jul 29, 2013 | Cross-site scripting (XSS) vulnerability in the Directory Listing plugin in Monkey HTTP Daemon (monkeyd) 1.2.2 allows attackers to inject arbitrary web script or HTML via a file name. | |||
| CVE-2012-5303 | 0.00 | — | 0.00 | Oct 5, 2012 | Monkey HTTP Daemon 0.9.3 might allow local users to overwrite arbitrary files via a symlink attack on a PID file, as demonstrated by a pathname different from the default /var/run/monkey.pid pathname. | |||
| CVE-2012-4442 | 0.00 | — | 0.00 | Oct 5, 2012 | Monkey HTTP Daemon 0.9.3 retains the supplementary group IDs of the root account during operations with a non-root effective UID, which might allow local users to bypass intended file-read restrictions by leveraging a race condition in a file-permission check. | |||
| CVE-2012-4443 | 0.00 | — | 0.00 | Oct 5, 2012 | Monkey HTTP Daemon 0.9.3 uses a real UID of root and a real GID of root during execution of CGI scripts, which might allow local users to gain privileges by leveraging cgi-bin write access. | |||
| CVE-2005-1123 | 0.00 | — | 0.02 | May 2, 2005 | Monkey daemon (monkeyd) before 0.9.1 allows remote attackers to cause a denial of service (memory corruption) via a request for a zero byte file. | |||
| CVE-2005-1122 | 0.00 | — | 0.03 | Apr 14, 2005 | Format string vulnerability in cgi.c for Monkey daemon (monkeyd) before 0.9.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an HTTP GET request containing double-encoded format string specifiers (aka "double expansion error"). | |||
| CVE-2003-1209 | 0.00 | — | 0.02 | Dec 31, 2003 | The Post_Method function in Monkey HTTP Daemon before 0.6.2 allows remote attackers to cause a denial of service (crash) via a POST request without a Content-Type header. | |||
| CVE-2003-0218 | 0.00 | — | 0.05 | May 12, 2003 | Buffer overflow in PostMethod() function for Monkey HTTP Daemon (monkeyd) 0.6.1 and earlier allows remote attackers to execute arbitrary code via a POST request with a large body. |
- CVE-2013-2163Jun 13, 2014risk 0.00cvss —epss 0.03
Monkey HTTP Daemon (monkeyd) before 1.2.2 allows remote attackers to cause a denial of service (infinite loop) via an offset equal to the file size in the Range HTTP header.
- CVE-2013-2181Jul 29, 2013risk 0.00cvss —epss 0.03
Cross-site scripting (XSS) vulnerability in the Directory Listing plugin in Monkey HTTP Daemon (monkeyd) 1.2.2 allows attackers to inject arbitrary web script or HTML via a file name.
- CVE-2012-5303Oct 5, 2012risk 0.00cvss —epss 0.00
Monkey HTTP Daemon 0.9.3 might allow local users to overwrite arbitrary files via a symlink attack on a PID file, as demonstrated by a pathname different from the default /var/run/monkey.pid pathname.
- CVE-2012-4442Oct 5, 2012risk 0.00cvss —epss 0.00
Monkey HTTP Daemon 0.9.3 retains the supplementary group IDs of the root account during operations with a non-root effective UID, which might allow local users to bypass intended file-read restrictions by leveraging a race condition in a file-permission check.
- CVE-2012-4443Oct 5, 2012risk 0.00cvss —epss 0.00
Monkey HTTP Daemon 0.9.3 uses a real UID of root and a real GID of root during execution of CGI scripts, which might allow local users to gain privileges by leveraging cgi-bin write access.
- CVE-2005-1123May 2, 2005risk 0.00cvss —epss 0.02
Monkey daemon (monkeyd) before 0.9.1 allows remote attackers to cause a denial of service (memory corruption) via a request for a zero byte file.
- CVE-2005-1122Apr 14, 2005risk 0.00cvss —epss 0.03
Format string vulnerability in cgi.c for Monkey daemon (monkeyd) before 0.9.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an HTTP GET request containing double-encoded format string specifiers (aka "double expansion error").
- CVE-2003-1209Dec 31, 2003risk 0.00cvss —epss 0.02
The Post_Method function in Monkey HTTP Daemon before 0.6.2 allows remote attackers to cause a denial of service (crash) via a POST request without a Content-Type header.
- CVE-2003-0218May 12, 2003risk 0.00cvss —epss 0.05
Buffer overflow in PostMethod() function for Monkey HTTP Daemon (monkeyd) 0.6.1 and earlier allows remote attackers to execute arbitrary code via a POST request with a large body.
Page 2 of 2