CVE-2013-2181

Affected software : Monkey HTTP Daemon (monkeyd) 1.2.2 with the Directory Listing plugin. Vulnerability : Cross-site scripting (XSS) via a file name (CVE-2013-2181). Root cause : Directory Listing plugin mishandles file names, enabling script/HTML injection. Impact : potential execution of arbitr...

CVE-2013-2181

Cross-site scripting XSS vulnerability in the Directory Listing plugin in Monkey HTTP Daemon monkeyd 1.2.2 allows attackers to inject arbitrary web script or HTML via a file name...

Monkey CMS - Multiple Vulnerabilities

Monkey CMS - Multiple Vulnerabilities Exploit Title: Monkey CMS - Multiple Vulnerabilities Date: 2013 17 June Exploit Author: Yashar shahinzadeh & Mormoroth Vendor Homepage: http://www.monkeycms.com/ Tested on: Linux & Windows, PHP 5.3.10 Affected Version : All versions Contacts:...

Monkey CMS - Multiple Vulnerabilities

Exploit Title: Monkey CMS - Multiple Vulnerabilities Date: 2013 17 June Exploit Author: Yashar shahinzadeh & Mormoroth Vendor Homepage: http://www.monkeycms.com/ Tested on: Linux & Windows, PHP 5.3.10 Affected Version : All versions Contacts: http://Twitter.com/YShahinzadeh ,...

Monkey HTTP Daemon Mandril Security Plugin - Security Bypass

Monkey HTTP Daemon Mandril Security Plugin - Security Bypass source: https://www.securityfocus.com/bid/60569/info The Mandril Security plugin for Monkey HTTP Daemon is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform...

Monkey HTTP Daemon Mandril Security Plugin - Security Bypass

source: https://www.securityfocus.com/bid/60569/info The Mandril Security plugin for Monkey HTTP Daemon is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions, which may aid in launching further...

Monkey HTTP Server <= 1.2.0 Host Header Buffer Overflow Vulnerability

Monkey HTTP Server is prone to a buffer overflow vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Monkey HTTPD security vulnerabilities

Crash on NULL byte in request. Buffer overflow on oversized header...

Monkey HTTPD 1.1.1 - Denial of Service Vulnerability

Title: ====== Monkey HTTPD 1.1.1 - Denial of Service Vulnerability Date: ===== 2013-05-28 References: =========== http://bugs.monkey-project.com/ticket/181 Introduction: ============= Monkey is a lightweight and powerful web server for GNU/Linux. It has been designed to be very scalable with low...

CVE-2013-3843 Monkey HTTPD 1.2.0 - Buffer Overflow DoS Vulnerability With Possible Arbitrary Code Execution

Title CVE-2013-3843 Monkey HTTPD 1.2.0 - Buffer Overflow DoS Vulnerability With Possible Arbitrary Code Execution 2. Introduction Monkey is a lightweight and powerful web server for GNU/Linux. It has been designed to be very scalable with low memory and CPU consumption, the perfect solution for...

Monkey HTTPD 1.1.1 - Crash PoC

Exploit for linux platform in category dos / poc Title: ====== Monkey HTTPD 1.1.1 - Denial of Service Vulnerability Date: ===== 2013-05-28 References: =========== http://bugs.monkey-project.com/ticket/181 Introduction: ============= Monkey is a lightweight and powerful web server for GNU/Linux. I...

Monkey HTTPd 1.1.1 - Crash (PoC)

Monkey HTTPd 1.1.1 - Crash PoC Title: ====== Monkey HTTPD 1.1.1 - Denial of Service Vulnerability Date: ===== 2013-05-28 References: =========== http://bugs.monkey-project.com/ticket/181 Introduction: ============= Monkey is a lightweight and powerful web server for GNU/Linux. It has been designe...

Monkey HTTPd 1.1.1 - Crash (PoC)

Title: ====== Monkey HTTPD 1.1.1 - Denial of Service Vulnerability Date: ===== 2013-05-28 References: =========== http://bugs.monkey-project.com/ticket/181 Introduction: ============= Monkey is a lightweight and powerful web server for GNU/Linux. It has been designed to be very scalable with low...

Monkey HTTPD 1.1.1 Denial Of Service

Title: ====== Monkey HTTPD 1.1.1 - Denial of Service Vulnerability Date: ===== 2013-05-28 References: =========== http://bugs.monkey-project.com/ticket/181 Introduction: ============= Monkey is a lightweight and powerful web server for GNU/Linux. It has been designed to be very scalable with low...

Mozilla: Use-after-free and buffer overflow issues found using Address Sanitizer (MFSA 2013-02)

The nsSVGPathElement::GetPathLengthScale function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary...

Mozilla: Use-after-free and buffer overflow issues found using Address Sanitizer (MFSA 2012-105)

Heap-based buffer overflow in the nsWindow::OnExposeEvent function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code via unspecified vectors...

Race condition

Monkey HTTP Daemon 0.9.3 retains the supplementary group IDs of the root account during operations with a non-root effective UID, which might allow local users to bypass intended file-read restrictions by leveraging a race condition in a file-permission check...

CVE-2012-4442

Monkey HTTP Daemon 0.9.3 retains the supplementary group IDs of the root account during operations with a non-root effective UID, which might allow local users to bypass intended file-read restrictions by leveraging a race condition in a file-permission check...

CVE-2012-4442

Summary: CVE-2012-4442 affects Monkey HTTP Daemon 0.9.3. The issue arises because the daemon retains the supplementary group IDs of the root account while operating with a non-root effective UID, which could allow local users to bypass file-read restrictions due to a race condition in a file-perm...

CVE-2012-5303

Monkey HTTP Daemon 0.9.3 is vulnerable to a local file overwrite via a symlink attack on its PID file. The issue is a race condition that can occur when a pathname different from the default /var/run/monkey.pid is used, allowing local users to trick the daemon into overwriting arbitrary files. Im...