CVE-2025-63649 — CVSS 7.5 (high): An out-of-bounds read in the http_parser_transfer_encoding_chunked function (mk_server/mk_http_parser.c) of monkey commit f37e984 allows…
CVE-2025-63650 — CVSS 7.5 (high): An out-of-bounds read in the mk_ptr_to_buf in mk_core function (mk_memory.c) of monkey commit f37e984 allows attackers to cause a Denial of…
CVE-2025-63651 — CVSS 7.5 (high): A use-after-free in the mk_string_char_search function (mk_core/mk_string.c) of monkey commit f37e984 allows attackers to cause a Denial of…
CVE-2025-63652 — CVSS 7.5 (high): A use-after-free in the mk_http_request_end function (mk_server/mk_http.c) of monkey commit f37e984 allows attackers to cause a Denial of…
CVE-2025-63653 — CVSS 7.5 (high): An out-of-bounds read in the mk_vhost_fdt_close function (mk_server/mk_vhost.c) of monkey commit f37e984 allows attackers to cause a Denial…
CVE-2025-63658 — CVSS 7.5 (high): A stack overflow in the mk_http_index_lookup function (mk_server/mk_http.c) of monkey commit f37e984 allows attackers to cause a Denial of…
CVE-2025-63657 — CVSS 7.5 (high): An out-of-bounds read in the mk_mimetype_find function (mk_server/mk_mimetype.c) of monkey commit f37e984 allows attackers to cause a…
CVE-2005-1122 — CVSS 7.5 (high): Format string vulnerability in cgi.c for Monkey daemon (monkeyd) before 0.9.1 allows remote attackers to cause a denial of service and…
CVE-2025-63655 — CVSS 7.5 (high): A NULL pointer dereference in the mk_http_range_parse function (mk_server/mk_http.c) of monkey commit f37e984 allows attackers to cause a…
CVE-2013-1771 — CVSS 7.5 (high): The web server Monkeyd produces a world-readable log (/var/log/monkeyd/master.log) on gentoo.
CVE-2003-0218 — CVSS 7.5 (high): Buffer overflow in PostMethod() function for Monkey HTTP Daemon (monkeyd) 0.6.1 and earlier allows remote attackers to execute arbitrary…
CVE-2025-63656 — CVSS 7.5 (high): An out-of-bounds read in the header_cmp function (mk_server/mk_http_parser.c) of monkey commit f37e984 allows attackers to cause a Denial…
CVE-2012-4443 — CVSS 6.9 (medium): Monkey HTTP Daemon 0.9.3 uses a real UID of root and a real GID of root during execution of CGI scripts, which might allow local users to…
CVE-2012-5303 — CVSS 6.9 (medium): Monkey HTTP Daemon 0.9.3 might allow local users to overwrite arbitrary files via a symlink attack on a PID file, as demonstrated by a…
CVE-2013-3843 — CVSS 6.8 (medium): Stack-based buffer overflow in the mk_request_header_process function in mk_request.c in Monkey HTTP Daemon (monkeyd) before 1.2.1 allows…
CVE-2013-2182 — CVSS 5.8 (medium): The Mandril security plugin in Monkey HTTP Daemon (monkeyd) before 1.5.0 allows remote attackers to bypass access restrictions via a…
CVE-2002-1663 — CVSS 5.0 (medium): The Post_Method function in method.c for Monkey HTTP Daemon before 0.5.1 allows remote attackers to cause a denial of service (crash) via a…
CVE-2002-2154 — CVSS 5.0 (medium): Directory traversal vulnerability in Monkey HTTP Daemon 0.1.4 allows remote attackers to read arbitrary files via .. (dot dot) sequences.
CVE-2003-1209 — CVSS 5.0 (medium): The Post_Method function in Monkey HTTP Daemon before 0.6.2 allows remote attackers to cause a denial of service (crash) via a POST request…
CVE-2004-0276 — CVSS 5.0 (medium): The get_real_string function in Monkey HTTP Daemon (monkeyd) 0.8.1 and earlier allows remote attackers to cause a denial of service (crash)…
CVE-2005-1123 — CVSS 5.0 (medium): Monkey daemon (monkeyd) before 0.9.1 allows remote attackers to cause a denial of service (memory corruption) via a request for a zero byte…
CVE-2013-2163 — CVSS 5.0 (medium): Monkey HTTP Daemon (monkeyd) before 1.2.2 allows remote attackers to cause a denial of service (infinite loop) via an offset equal to the…
CVE-2013-3724 — CVSS 5.0 (medium): The mk_request_header_process function in mk_request.c in Monkey 1.1.1 allows remote attackers to cause a denial of service (thread crash…
CVE-2012-4442 — CVSS 4.7 (medium): Monkey HTTP Daemon 0.9.3 retains the supplementary group IDs of the root account during operations with a non-root effective UID, which…
CVE-2014-5336 — CVSS 4.3 (medium): Monkey HTTP Server before 1.5.3, when the File Descriptor Table (FDT) is enabled and custom error messages are set, allows remote attackers…
CVE-2013-2181 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the Directory Listing plugin in Monkey HTTP Daemon (monkeyd) 1.2.2 allows attackers to inject…
CVE-2002-1852 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Monkey 0.5.0 allows remote attackers to inject arbitrary web script or HTML via (1) the URL or…