VYPR

Monkey

by Mw Wp Form Project

Source repositories

CVEs (29)

  • CVE-2013-2163Jun 13, 2014
    risk 0.00cvss epss 0.03

    Monkey HTTP Daemon (monkeyd) before 1.2.2 allows remote attackers to cause a denial of service (infinite loop) via an offset equal to the file size in the Range HTTP header.

  • CVE-2013-2181Jul 29, 2013
    risk 0.00cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in the Directory Listing plugin in Monkey HTTP Daemon (monkeyd) 1.2.2 allows attackers to inject arbitrary web script or HTML via a file name.

  • CVE-2012-5303Oct 5, 2012
    risk 0.00cvss epss 0.00

    Monkey HTTP Daemon 0.9.3 might allow local users to overwrite arbitrary files via a symlink attack on a PID file, as demonstrated by a pathname different from the default /var/run/monkey.pid pathname.

  • CVE-2012-4442Oct 5, 2012
    risk 0.00cvss epss 0.00

    Monkey HTTP Daemon 0.9.3 retains the supplementary group IDs of the root account during operations with a non-root effective UID, which might allow local users to bypass intended file-read restrictions by leveraging a race condition in a file-permission check.

  • CVE-2012-4443Oct 5, 2012
    risk 0.00cvss epss 0.00

    Monkey HTTP Daemon 0.9.3 uses a real UID of root and a real GID of root during execution of CGI scripts, which might allow local users to gain privileges by leveraging cgi-bin write access.

  • CVE-2005-1123May 2, 2005
    risk 0.00cvss epss 0.02

    Monkey daemon (monkeyd) before 0.9.1 allows remote attackers to cause a denial of service (memory corruption) via a request for a zero byte file.

  • CVE-2005-1122Apr 14, 2005
    risk 0.00cvss epss 0.03

    Format string vulnerability in cgi.c for Monkey daemon (monkeyd) before 0.9.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an HTTP GET request containing double-encoded format string specifiers (aka "double expansion error").

  • CVE-2003-1209Dec 31, 2003
    risk 0.00cvss epss 0.02

    The Post_Method function in Monkey HTTP Daemon before 0.6.2 allows remote attackers to cause a denial of service (crash) via a POST request without a Content-Type header.

  • CVE-2003-0218May 12, 2003
    risk 0.00cvss epss 0.05

    Buffer overflow in PostMethod() function for Monkey HTTP Daemon (monkeyd) 0.6.1 and earlier allows remote attackers to execute arbitrary code via a POST request with a large body.

Page 2 of 2