Maxum

Rumpus

21 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2020-27576

  • EPSS 0.28%
  • Veröffentlicht 08.03.2021 22:15:13
  • Zuletzt bearbeitet 21.11.2024 05:21:24

Maxum Rumpus 8.2.13 and 8.2.14 is affected by cross-site scripting (XSS). Users are able to create folders in the web application. The folder name is insufficiently validated resulting in a stored cross-site scripting vulnerability.

8.8

CVE-2020-27575

Exploit
  • EPSS 6.73%
  • Veröffentlicht 08.03.2021 22:15:13
  • Zuletzt bearbeitet 21.11.2024 05:21:24

Maxum Rumpus 8.2.13 and 8.2.14 is affected by a command injection vulnerability. The web administration contains functionality in which administrators are able to manage users. The edit users form contains a parameter vulnerable to command injection ...

8.8

CVE-2020-27574

Exploit
  • EPSS 0.16%
  • Veröffentlicht 08.03.2021 21:15:15
  • Zuletzt bearbeitet 21.11.2024 05:21:24

Maxum Rumpus 8.2.13 and 8.2.14 is affected by cross-site request forgery (CSRF). If an authenticated user visits a malicious page, unintended actions could be performed in the web application as the authenticated user.

6.5

CVE-2020-12737

Exploit
  • EPSS 0.54%
  • Veröffentlicht 08.05.2020 16:15:13
  • Zuletzt bearbeitet 21.11.2024 05:00:10

An issue was discovered in Maxum Rumpus before 8.2.12 on macOS. Authenticated users can perform a path traversal using double escaped characters, enabling read access to arbitrary files on the server.

6.5

CVE-2019-19665

  • EPSS 0.16%
  • Veröffentlicht 10.02.2020 16:15:14
  • Zuletzt bearbeitet 21.11.2024 04:35:09

A CSRF vulnerability exists in the FTP Settings of Web File Manager in Rumpus FTP 8.2.9.1. Exploitation of this vulnerability can result in manipulation of Server FTP settings at RAPR/FTPSettingsSet.html.

6.5

CVE-2019-19663

  • EPSS 0.16%
  • Veröffentlicht 10.02.2020 16:15:14
  • Zuletzt bearbeitet 21.11.2024 04:35:08

A CSRF vulnerability exists in the Folder Sets Settings of Web File Manager in Rumpus FTP 8.2.9.1. This allows an attacker to Create/Delete Folders after exploiting it at RAPR/FolderSetsSet.html.

6.5

CVE-2019-19660

  • EPSS 0.16%
  • Veröffentlicht 10.02.2020 16:15:14
  • Zuletzt bearbeitet 21.11.2024 04:35:08

A CSRF vulnerability exists in the Web File Manager's Network Setting functionality of Rumpus FTP Server 8.2.9.1. By exploiting it, an attacker can manipulate the SMTP setting and other network settings via RAPR/NetworkSettingsSet.html.

8.8

CVE-2019-19659

  • EPSS 0.18%
  • Veröffentlicht 10.02.2020 16:15:13
  • Zuletzt bearbeitet 21.11.2024 04:35:08

A CSRF vulnerability exists in the Web File Manager's Edit Accounts functionality of Rumpus FTP Server 8.2.9.1. By exploiting it, an attacker can take over a user account by changing the password, update users' details, and escalate privileges via RA...

6.1

CVE-2020-8514

Exploit
  • EPSS 0.29%
  • Veröffentlicht 02.02.2020 15:15:10
  • Zuletzt bearbeitet 21.11.2024 05:38:58

An issue was discovered in Rumpus 8.2.10 on macOS. By crafting a directory name, it is possible to activate JavaScript in the context of the web application after invoking the rename folder functionality.

6.1

CVE-2019-19368

Exploit
  • EPSS 75.64%
  • Veröffentlicht 16.12.2019 16:15:11
  • Zuletzt bearbeitet 21.11.2024 04:34:39

A Reflected Cross Site Scripting was discovered in the Login page of Rumpus FTP Web File Manager 8.2.9.1. An attacker can exploit it by sending a crafted link to end users and can execute arbitrary Javascripts