Vulnerabilities > Monkey Project > Monkey > 0.5.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-08-26 | CVE-2014-5336 | Improper Input Validation vulnerability in Monkey-Project Monkey Monkey HTTP Server before 1.5.3, when the File Descriptor Table (FDT) is enabled and custom error messages are set, allows remote attackers to cause a denial of service (file descriptor consumption) via an HTTP request that triggers an error message. | 4.3 |
| 2014-06-13 | CVE-2013-3843 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Monkey-Project Monkey Stack-based buffer overflow in the mk_request_header_process function in mk_request.c in Monkey HTTP Daemon (monkeyd) before 1.2.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTTP header. | 6.8 |
| 2014-06-13 | CVE-2013-2182 | Permissions, Privileges, and Access Controls vulnerability in Monkey-Project Monkey The Mandril security plugin in Monkey HTTP Daemon (monkeyd) before 1.5.0 allows remote attackers to bypass access restrictions via a crafted URI, as demonstrated by an encoded forward slash. | 5.8 |
| 2014-06-13 | CVE-2013-2163 | Improper Input Validation vulnerability in Monkey-Project Monkey Monkey HTTP Daemon (monkeyd) before 1.2.2 allows remote attackers to cause a denial of service (infinite loop) via an offset equal to the file size in the Range HTTP header. | 5.0 |
| 2005-05-02 | CVE-2005-1123 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Monkey-Project Monkey Monkey daemon (monkeyd) before 0.9.1 allows remote attackers to cause a denial of service (memory corruption) via a request for a zero byte file. | 5.0 |
| 2005-04-14 | CVE-2005-1122 | USE of Externally-Controlled Format String vulnerability in Monkey-Project Monkey Format string vulnerability in cgi.c for Monkey daemon (monkeyd) before 0.9.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an HTTP GET request containing double-encoded format string specifiers (aka "double expansion error"). | 7.5 |
| 2004-11-23 | CVE-2004-0276 | Improper Input Validation vulnerability in Monkey-Project Monkey The get_real_string function in Monkey HTTP Daemon (monkeyd) 0.8.1 and earlier allows remote attackers to cause a denial of service (crash) via an HTTP request with a sequence of "%" characters and a missing Host field. | 5.0 |
| 2003-12-31 | CVE-2003-1209 | Improper Input Validation vulnerability in Monkey-Project Monkey The Post_Method function in Monkey HTTP Daemon before 0.6.2 allows remote attackers to cause a denial of service (crash) via a POST request without a Content-Type header. | 5.0 |
| 2003-05-12 | CVE-2003-0218 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Monkey-Project Monkey Buffer overflow in PostMethod() function for Monkey HTTP Daemon (monkeyd) 0.6.1 and earlier allows remote attackers to execute arbitrary code via a POST request with a large body. | 7.5 |