Lucene search
+L

245 matches found

Positive Technologies
Positive Technologies
added 2023/01/12 12:0 a.m.8 views

PT-2023-14919 · Rumpus · Rumpus

Name of the Vulnerable Software and Affected Versions: Rumpus versions 9.0.7.1 Description: The issue is related to improper token verification, which may allow bypassing identity verification. Recommendations: For version 9.0.7.1, at the moment, there is no information about a newer version that...

7.5CVSS6.8AI score0.00225EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/01/12 12:0 a.m.8 views

Rumpus FTP Web File Manager 跨站请求伪造漏洞

Rumpus FTP Web File Manager is a file transfer server. A security vulnerability exists in Rumpus FTP Web File Manager that stems from a privilege escalation vulnerability that could allow privilege escalation...

8.8CVSS7.9AI score0.00263EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/01/12 12:0 a.m.10 views

CVE-2022-46369 Rumpus - FTP server Persistent cross-site scripting (PXSS) – Unspecified vector

Rumpus - FTP server version 9.0.7.1 Persistent cross-site scripting PXSS – vulnerability may allow inserting scripts into unspecified input fields...

6.8CVSS6.6AI score0.00427EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/01/12 12:0 a.m.10 views

CVE-2022-39187 Rumpus - FTP server Reflected cross-site scripting (RXSS)

Rumpus - FTP server version 9.0.7.1 has a Reflected cross-site scripting RXSS vulnerability through unspecified vectors...

6.8CVSS6.5AI score0.0042EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/01/12 12:0 a.m.23 views

CVE-2022-46367 Rumpus - FTP server Cross-site request forgery (CSRF) – Privilege escalation

Rumpus - FTP server Cross-site request forgery CSRF – Privilege escalation vulnerability that may allow privilege escalation...

6.8CVSS9.3AI score0.00263EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/01/12 12:0 a.m.23 views

CVE-2022-46368 Rumpus - FTP server Cross-site request forgery (CSRF) – Create user

Rumpus - FTP server version 9.0.7.1 Cross-site request forgery CSRF – vulnerability may allow unauthorized action on behalf of authenticated users...

6.8CVSS9AI score0.00263EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/01/12 12:0 a.m.28 views

CVE-2022-46370 Rumpus - FTP server Improper Token Verification

Rumpus - FTP server version 9.0.7.1 Improper Token Verification– vulnerability may allow bypassing identity verification...

7.3CVSS7.8AI score0.00225EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/01/12 12:0 a.m.36 views

CVE-2022-46369 Rumpus - FTP server Persistent cross-site scripting (PXSS) – Unspecified vector

Rumpus - FTP server version 9.0.7.1 Persistent cross-site scripting PXSS – vulnerability may allow inserting scripts into unspecified input fields...

6.8CVSS6.6AI score0.00427EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/01/12 12:0 a.m.27 views

CVE-2022-39187 Rumpus - FTP server Reflected cross-site scripting (RXSS)

Rumpus - FTP server version 9.0.7.1 has a Reflected cross-site scripting RXSS vulnerability through unspecified vectors...

6.8CVSS6.5AI score0.0042EPSS
Exploits0References1
CNVD
CNVD
added 2021/03/09 12:0 a.m.7 views

Maxum Rumpus Cross-Site Scripting Vulnerability (CNVD-2021-16356)

Maxum Rumpus is an FTP and Web file transfer server. Maxum Rumpus 8.2.13, 8.2.14 suffers from a cross-site scripting vulnerability that can be exploited by an attacker to inject and execute JavaScript code...

5.4CVSS6.2AI score0.00559EPSS
Exploits0References1
CNVD
CNVD
added 2021/03/09 12:0 a.m.9 views

Maxum Rumpus Cross-Site Request Forgery Vulnerability

Maxum Rumpus is an FTP and Web file transfer server. A cross-site request forgery vulnerability exists in Maxum Rumpus 8.2.13, 8.2.14, which can be exploited by an attacker to perform an operation as an authenticated user by tricking a user into visiting a malicious page...

8.8CVSS6.5AI score0.00751EPSS
Exploits1References1
CNVD
CNVD
added 2021/03/09 12:0 a.m.18 views

Maxum Rumpus Command Injection Vulnerability

Maxum Rumpus is an FTP and Web file transfer server. A command injection vulnerability exists in a parameter of the Edit User form in Maxum Rumpus 8.2.13, 8.2.14, which can be exploited by an attacker to inject arbitrary commands...

8.8CVSS7.3AI score0.04272EPSS
Exploits1References1
OSV
OSV
added 2021/03/08 10:15 p.m.4 views

CVE-2020-27576

Maxum Rumpus 8.2.13 and 8.2.14 is affected by cross-site scripting XSS. Users are able to create folders in the web application. The folder name is insufficiently validated resulting in a stored cross-site scripting vulnerability...

5.4CVSS6AI score0.00559EPSS
Exploits0References2
NVD
NVD
added 2021/03/08 10:15 p.m.33 views

CVE-2020-27575

Maxum Rumpus 8.2.13 and 8.2.14 is affected by a command injection vulnerability. The web administration contains functionality in which administrators are able to manage users. The edit users form contains a parameter vulnerable to command injection due to insufficient validation...

8.8CVSS0.04272EPSS
Exploits1References1
NVD
NVD
added 2021/03/08 10:15 p.m.23 views

CVE-2020-27576

Maxum Rumpus 8.2.13 and 8.2.14 is affected by cross-site scripting XSS. Users are able to create folders in the web application. The folder name is insufficiently validated resulting in a stored cross-site scripting vulnerability...

5.4CVSS0.00559EPSS
Exploits0References1
OSV
OSV
added 2021/03/08 10:15 p.m.4 views

CVE-2020-27575

Maxum Rumpus 8.2.13 and 8.2.14 is affected by a command injection vulnerability. The web administration contains functionality in which administrators are able to manage users. The edit users form contains a parameter vulnerable to command injection due to insufficient validation...

8.8CVSS7.3AI score0.04272EPSS
Exploits1References2
Prion
Prion
added 2021/03/08 10:15 p.m.15 views

Cross site scripting

Maxum Rumpus 8.2.13 and 8.2.14 is affected by cross-site scripting XSS. Users are able to create folders in the web application. The folder name is insufficiently validated resulting in a stored cross-site scripting vulnerability...

3.5CVSS5.2AI score0.00559EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2021/03/08 10:15 p.m.21 views

Command injection

Maxum Rumpus 8.2.13 and 8.2.14 is affected by a command injection vulnerability. The web administration contains functionality in which administrators are able to manage users. The edit users form contains a parameter vulnerable to command injection due to insufficient validation...

6.5CVSS8.9AI score0.04272EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2021/03/08 9:15 p.m.3 views

CVE-2020-27574

Maxum Rumpus 8.2.13 and 8.2.14 is affected by cross-site request forgery CSRF. If an authenticated user visits a malicious page, unintended actions could be performed in the web application as the authenticated user...

8.8CVSS5.7AI score0.00751EPSS
Exploits1References2
NVD
NVD
added 2021/03/08 9:15 p.m.20 views

CVE-2020-27574

Maxum Rumpus 8.2.13 and 8.2.14 is affected by cross-site request forgery CSRF. If an authenticated user visits a malicious page, unintended actions could be performed in the web application as the authenticated user...

8.8CVSS0.00751EPSS
Exploits1References1
Rows per page
Query Builder