505 matches found
CVE-2020-2322
Jenkins Chaos Monkey Plugin 0.3 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to generate load and to generate memory leaks...
CVE-2012-4443
Monkey HTTP Daemon 0.9.3 uses a real UID of root and a real GID of root during execution of CGI scripts, which might allow local users to gain privileges by leveraging cgi-bin write access...
CVE-2013-2183
Monkey HTTP Daemon has local security bypass...
CVE-2013-2159
Monkey HTTP Daemon: broken user name authentication...
CVE-2013-2181
Cross-site scripting XSS vulnerability in the Directory Listing plugin in Monkey HTTP Daemon monkeyd 1.2.2 allows attackers to inject arbitrary web script or HTML via a file name...
CVE-2013-3724
The mkrequestheaderprocess function in mkrequest.c in Monkey 1.1.1 allows remote attackers to cause a denial of service thread crash and service outage via a '\0' character in an HTTP request...
CVE-2012-4442
Monkey HTTP Daemon 0.9.3 retains the supplementary group IDs of the root account during operations with a non-root effective UID, which might allow local users to bypass intended file-read restrictions by leveraging a race condition in a file-permission check...
CVE-2002-2154
Directory traversal vulnerability in Monkey HTTP Daemon 0.1.4 allows remote attackers to read arbitrary files via .. dot dot sequences...
CVE-2002-1852
Cross-site scripting XSS vulnerability in Monkey 0.5.0 allows remote attackers to inject arbitrary web script or HTML via 1 the URL or 2 a parameter to test2.pl...
CVE-2025-3032
Leaking of file descriptors from the fork server to web content processes could allow for privilege escalation attacks. This vulnerability was fixed in Firefox 137 and Thunderbird 137...
Malicious code in @monkey-tilt/client (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2025-1693 Malicious code in @monkey-tilt/client (npm)
--- -= Per source details. Do not edit below this line.=-...
CVE-2024-54386
Cross-Site Request Forgery CSRF vulnerability in pushmonkey Push Monkey Pro – Web Push Notifications and WooCommerce Abandoned Cart push-monkey-desktop-push-notifications allows Cross Site Request Forgery.This issue affects Push Monkey Pro – Web Push Notifications and WooCommerce Abandoned Cart:...
A Pwn2Own SpiderMonkey JIT Bug
A Pwn2Own SpiderMonkey JIT Bug: From Integer Range Inconsistency to Bound Check Elimination then RCE. This repository contains proof of concept, exploit, and analysis slide for CVE-2024-29943...
Malicious code in @monkey-tilt/ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 8ac39833535be0553f3d6a87a64286940b30b0fc55a5e1c80c907518b10053b8 The OpenSSF Package Analysis project identified '@monkey-tilt/ui' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...
CVE-2024-54386
Cross-Site Request Forgery CSRF vulnerability in pushmonkey Push Monkey Pro – Web Push Notifications and WooCommerce Abandoned Cart push-monkey-desktop-push-notifications allows Cross Site Request Forgery.This issue affects Push Monkey Pro – Web Push Notifications and WooCommerce Abandoned Cart:...
CVE-2024-54386 WordPress Push Monkey Pro plugin <= 3.9 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery CSRF vulnerability in pushmonkey Push Monkey Pro – Web Push Notifications and WooCommerce Abandoned Cart push-monkey-desktop-push-notifications allows Cross Site Request Forgery.This issue affects Push Monkey Pro – Web Push Notifications and WooCommerce Abandoned Cart:...
CVE-2024-54386
CVE-2024-54386 corresponds to a CSRF-to-Stored-XSS issue in Push Monkey Pro – Web Push Notifications and WooCommerce Abandoned Cart (Push Monkey Pro plugin). Affected product/version: Push Monkey Pro – Web Push Notifications and WooCommerce Abandoned Cart (up through 3.9). Document describes Cros...
CVE-2024-54386 WordPress Push Monkey Pro plugin <= 3.9 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery CSRF vulnerability in pushmonkey Push Monkey Pro – Web Push Notifications and WooCommerce Abandoned Cart push-monkey-desktop-push-notifications allows Cross Site Request Forgery.This issue affects Push Monkey Pro – Web Push Notifications and WooCommerce Abandoned Cart:...
WordPress plugin Push Monkey Pro 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...