Shodan
Vulnerabilities
Vulnerable Software
Monkey-Project:  >> Monkey  Security Vulnerabilities
CVE-2013-2159
Monkey HTTP Daemon: broken user name authentication
CVSS Score
9.8
EPSS Score
0.005
Published
2019-12-10
CVE-2013-2183
Monkey HTTP Daemon has local security bypass
CVSS Score
7.1
EPSS Score
0.001
Published
2019-12-10
CVE-2013-1771
The web server Monkeyd produces a world-readable log (/var/log/monkeyd/master.log) on gentoo.
CVSS Score
7.5
EPSS Score
0.004
Published
2019-11-07
CVE-2014-5336
Monkey HTTP Server before 1.5.3, when the File Descriptor Table (FDT) is enabled and custom error messages are set, allows remote attackers to cause a denial of service (file descriptor consumption) via an HTTP request that triggers an error message.
CVSS Score
4.3
EPSS Score
0.015
Published
2014-08-26
CVE-2013-2182
The Mandril security plugin in Monkey HTTP Daemon (monkeyd) before 1.5.0 allows remote attackers to bypass access restrictions via a crafted URI, as demonstrated by an encoded forward slash.
CVSS Score
5.8
EPSS Score
0.149
Published
2014-06-13
CVE-2013-3843
Stack-based buffer overflow in the mk_request_header_process function in mk_request.c in Monkey HTTP Daemon (monkeyd) before 1.2.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTTP header.
CVSS Score
6.8
EPSS Score
0.402
Published
2014-06-13
CVE-2013-2163
Monkey HTTP Daemon (monkeyd) before 1.2.2 allows remote attackers to cause a denial of service (infinite loop) via an offset equal to the file size in the Range HTTP header.
CVSS Score
5.0
EPSS Score
0.007
Published
2014-06-13
CVE-2013-3724
The mk_request_header_process function in mk_request.c in Monkey 1.1.1 allows remote attackers to cause a denial of service (thread crash and service outage) via a '\0' character in an HTTP request.
CVSS Score
5.0
EPSS Score
0.089
Published
2013-08-01
CVE-2013-2181
Cross-site scripting (XSS) vulnerability in the Directory Listing plugin in Monkey HTTP Daemon (monkeyd) 1.2.2 allows attackers to inject arbitrary web script or HTML via a file name.
CVSS Score
4.3
EPSS Score
0.003
Published
2013-07-29
CVE-2012-4442
Monkey HTTP Daemon 0.9.3 retains the supplementary group IDs of the root account during operations with a non-root effective UID, which might allow local users to bypass intended file-read restrictions by leveraging a race condition in a file-permission check.
CVSS Score
4.7
EPSS Score
0.001
Published
2012-10-05


Products
Pricing
Contact Us

Shodan ® - All rights reserved