Maxum Security Vulnerabilities

CVE-2019-19661

A Cookie based reflected XSS exists in the Web File Manager of Rumpus FTP Server 8.2.9.1, related to RumpusLoginUserName and...

CVE-2022-46367

Rumpus - FTP server Cross-site request forgery (CSRF) – Privilege escalation vulnerability that may allow privilege...

CVE-2022-46370

Rumpus - FTP server version 9.0.7.1 Improper Token Verification– vulnerability may allow bypassing identity...

CVE-2022-46369

Rumpus - FTP server version 9.0.7.1 Persistent cross-site scripting (PXSS) – vulnerability may allow inserting scripts into unspecified input...

CVE-2022-39187

Rumpus - FTP server version 9.0.7.1 has a Reflected cross-site scripting (RXSS) vulnerability through unspecified...

CVE-2022-46368

Rumpus - FTP server version 9.0.7.1 Cross-site request forgery (CSRF) – vulnerability may allow unauthorized action on behalf of authenticated...

CVE-2020-27575

Maxum Rumpus 8.2.13 and 8.2.14 is affected by a command injection vulnerability. The web administration contains functionality in which administrators are able to manage users. The edit users form contains a parameter vulnerable to command injection due to insufficient...

CVE-2020-27576

Maxum Rumpus 8.2.13 and 8.2.14 is affected by cross-site scripting (XSS). Users are able to create folders in the web application. The folder name is insufficiently validated resulting in a stored cross-site scripting...

CVE-2020-27574

Maxum Rumpus 8.2.13 and 8.2.14 is affected by cross-site request forgery (CSRF). If an authenticated user visits a malicious page, unintended actions could be performed in the web application as the authenticated...

CVE-2020-12737

An issue was discovered in Maxum Rumpus before 8.2.12 on macOS. Authenticated users can perform a path traversal using double escaped characters, enabling read access to arbitrary files on the...

CVE-2019-19668

A CSRF vulnerability exists in the File Types component of Web File Manager in Rumpus FTP 8.2.9.1 that allows an attacker to add or delete the file types that are used on the server via...

CVE-2019-19670

A HTTP Response Splitting vulnerability was identified in the Web Settings Component of Web File Manager in Rumpus FTP Server 8.2.9.1. A successful exploit can result in stored XSS, website defacement, etc. via ExtraHTTPHeader to...

CVE-2019-19667

A CSRF vulnerability exists in the Block Clients component of Web File Manager in Rumpus FTP 8.2.9.1 that could allow an attacker to whitelist or block any IP address via...

CVE-2019-19669

A CSRF vulnerability exists in the Upload Center Forms Component of Web File Manager in Rumpus FTP 8.2.9.1. This could allow an attacker to delete, create, and update the upload forms via...

CVE-2019-19666

A CSRF vulnerability exists in the Event Notices Settings of Web File Manager in Rumpus FTP 8.2.9.1. An attacker can create/update event notices via...

CVE-2019-19662

A CSRF vulnerability exists in the Web File Manager's Create/Delete Accounts functionality of Rumpus FTP Server 8.2.9.1. By exploiting it, an attacker can Create and Delete accounts via...

CVE-2019-19664

A CSRF vulnerability exists in the Web Settings of Web File Manager in Rumpus FTP 8.2.9.1. Exploitation of this vulnerability can result in manipulation of Server Web settings at...

CVE-2019-19660

A CSRF vulnerability exists in the Web File Manager's Network Setting functionality of Rumpus FTP Server 8.2.9.1. By exploiting it, an attacker can manipulate the SMTP setting and other network settings via...

CVE-2019-19665

A CSRF vulnerability exists in the FTP Settings of Web File Manager in Rumpus FTP 8.2.9.1. Exploitation of this vulnerability can result in manipulation of Server FTP settings at...

CVE-2019-19663

A CSRF vulnerability exists in the Folder Sets Settings of Web File Manager in Rumpus FTP 8.2.9.1. This allows an attacker to Create/Delete Folders after exploiting it at...

CVE-2019-19659

A CSRF vulnerability exists in the Web File Manager's Edit Accounts functionality of Rumpus FTP Server 8.2.9.1. By exploiting it, an attacker can take over a user account by changing the password, update users' details, and escalate privileges via...

CVE-2020-8514

An issue was discovered in Rumpus 8.2.10 on macOS. By crafting a directory name, it is possible to activate JavaScript in the context of the web application after invoking the rename folder...

CVE-2019-19368

A Reflected Cross Site Scripting was discovered in the Login page of Rumpus FTP Web File Manager 8.2.9.1. An attacker can exploit it by sending a crafted link to end users and can execute arbitrary...

CVE-2008-7078

Multiple buffer overflows in Rumpus before 6.0.1 allow remote attackers to (1) cause a denial of service (segmentation fault) via a long HTTP verb in the HTTP component; and allow remote authenticated users to execute arbitrary code via a long argument to the (2) MKD, (3) XMKD, (4) RMD, and other.....

CVE-2007-0019

Multiple heap-based buffer overflows in rumpusd in Rumpus 5.1 and earlier (1) allow remote authenticated users to execute arbitrary code via a long LIST command and other unspecified requests to the FTP service, and (2) allow remote attackers to execute arbitrary code via unspecified requests to...

CVE-2007-0366

Untrusted search path vulnerability in Rumpus 5.1 and earlier allows local users to gain privileges via a modified PATH that points to a malicious ipfw...

CVE-2007-0367

Rumpus 5.1 and earlier has weak permissions for certain files and directories under /usr/local/Rumpus, including the configuration file, which allows local users to have an unknown impact by creating, modifying, or deleting...

CVE-2001-0646

Maxum Rumpus FTP Server 1.3.3 and 2.0.3 dev 3 allows a remote attacker to perform a denial of service (hang) by creating a directory name of a specific...

CVE-2001-0644

Maxum Rumpus FTP Server 1.3.3 and 2.0.3 dev 3 stores passwords in plaintext in the "Rumpus User Database" file in the prefs folder, which could allow attackers to gain privileges on the...

CVE-2001-0706

Maximum Rumpus FTP Server 2.0.3 dev and before allows an attacker to cause a denial of service (crash) via a mkdir command that specifies a large number of...