CVE-2013-2182

The Mandril security plugin in Monkey HTTP Daemon monkeyd before 1.5.0 allows remote attackers to bypass access restrictions via a crafted URI, as demonstrated by an encoded forward slash...

CVE-2013-2163

Monkey HTTP Daemon monkeyd before 1.2.2 allows remote attackers to cause a denial of service infinite loop via an offset equal to the file size in the Range HTTP header...

CVE-2013-2182

The CVE-2013-2182 entry concerns the Mandril security plugin in Monkey HTTP Daemon (monkeyd) prior to 1.5.0. The root cause is a bypass of access restrictions via a crafted URI, demonstrated by an encoded forward slash, enabling remote attackers to access restricted paths. Public references corro...

CVE-2013-3843

Stack-based buffer overflow in the mkrequestheaderprocess function in mkrequest.c in Monkey HTTP Daemon monkeyd before 1.2.1 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted HTTP header...

CVE-2013-2182

The Mandril security plugin in Monkey HTTP Daemon monkeyd before 1.5.0 allows remote attackers to bypass access restrictions via a crafted URI, as demonstrated by an encoded forward slash...

CVE-2013-3843

CVE-2013-3843 affects Monkey HTTP Daemon (monkeyd) prior to version 1.2.1. A stack-based overflow in the mk_request_header_process function (mk_request.c) can be triggered by a crafted HTTP header, enabling a remote attacker to crash the server and, per sources, potentially execute arbitrary code...

CVE-2013-2163

CVE-2013-2163 affects Monkey HTTP Daemon (monkeyd) prior to version 1.2.2. The issue allows a remote attacker to cause a denial of service (infinite loop) by sending a crafted Range header with an offset equal to the file size. Public docs consistently describe the vector as a Range-header-based ...

Scientific Linux Security Update : php on SL5.x i386/x86_64 (20131211)

A memory corruption flaw was found in the way the opensslx509parse function of the PHP openssl extension parsed X.509 certificates. A remote attacker could use this flaw to provide a malicious self-signed certificate or a certificate signed by a trusted authority to a PHP application using the...

GLSA-201309-17 : Monkey HTTP Daemon: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201309-17 Monkey HTTP Daemon: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Monkey HTTP Daemon. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could send a...

Monkey HTTP Daemon: Multiple vulnerabilities

Background Monkey HTTP Daemon is a lightweight and powerful web server for GNU/Linux. Description Multiple vulnerabilities have been discovered in Monkey HTTP Daemon. Please review the CVE identifiers referenced below for details. Impact A remote attacker could send a specially crafted request,...

CVE-2013-2181

Cross-site scripting XSS vulnerability in the Directory Listing plugin in Monkey HTTP Daemon monkeyd 1.2.2 allows attackers to inject arbitrary web script or HTML via a file name...

CVE-2013-2181

Cross-site scripting XSS vulnerability in the Directory Listing plugin in Monkey HTTP Daemon monkeyd 1.2.2 allows attackers to inject arbitrary web script or HTML via a file name...

Cross site scripting

Cross-site scripting XSS vulnerability in the Directory Listing plugin in Monkey HTTP Daemon monkeyd 1.2.2 allows attackers to inject arbitrary web script or HTML via a file name...

CVE-2013-2181

Cross-site scripting XSS vulnerability in the Directory Listing plugin in Monkey HTTP Daemon monkeyd 1.2.2 allows attackers to inject arbitrary web script or HTML via a file name...

CVE-2013-2181

Affected software : Monkey HTTP Daemon (monkeyd) 1.2.2 with the Directory Listing plugin. Vulnerability : Cross-site scripting (XSS) via a file name (CVE-2013-2181). Root cause : Directory Listing plugin mishandles file names, enabling script/HTML injection. Impact : potential execution of arbitr...

Static HTTP Server 1.0 - Local Overflow (SEH)

!/usr/bin/env python import os TitleStatic HTTP Server SEH Overflow - HTTP Config - httptiplist Discovered and ReportedJune 2013 Discovered/Exploited ByJacob Holcomb/Gimppy, Security Analyst @ Independent Security Evaluators Exploit/Advisoryhttp://infosec42.blogspot.com/ SoftwareStatic HTTP Serve...

Monkey HTTP Daemon Mandril Security Plugin - Security Bypass

Monkey HTTP Daemon Mandril Security Plugin - Security Bypass source: https://www.securityfocus.com/bid/60569/info The Mandril Security plugin for Monkey HTTP Daemon is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform...

Monkey HTTP Daemon Mandril Security Plugin - Security Bypass

source: https://www.securityfocus.com/bid/60569/info The Mandril Security plugin for Monkey HTTP Daemon is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions, which may aid in launching further...

RHEL 6 : subversion (RHSA-2013:0737)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2013:0737 advisory. Subversion SVN is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarc...

Scientific Linux Security Update : php on SL6.x i386/x86_64 (20130221)

It was found that PHP did not check for carriage returns in HTTP headers, allowing intended HTTP response splitting protections to be bypassed. Depending on the web browser the victim is using, a remote attacker could use this flaw to perform HTTP response splitting attacks. CVE-2011-1398 An...