Shodan
Vulnerabilities
Vulnerable Software
Maxum:  >> Rumpus  Security Vulnerabilities
CVE-2022-46367
Rumpus - FTP server Cross-site request forgery (CSRF) – Privilege escalation vulnerability that may allow privilege escalation.
CVSS Score
6.8
EPSS Score
0.0
Published
2023-01-12
CVE-2022-46368
Rumpus - FTP server version 9.0.7.1 Cross-site request forgery (CSRF) – vulnerability may allow unauthorized action on behalf of authenticated users.
CVSS Score
6.8
EPSS Score
0.001
Published
2023-01-12
CVE-2022-46369
Rumpus - FTP server version 9.0.7.1 Persistent cross-site scripting (PXSS) – vulnerability may allow inserting scripts into unspecified input fields.
CVSS Score
6.8
EPSS Score
0.001
Published
2023-01-12
CVE-2022-46370
Rumpus - FTP server version 9.0.7.1 Improper Token Verification– vulnerability may allow bypassing identity verification.
CVSS Score
7.3
EPSS Score
0.0
Published
2023-01-12
CVE-2022-39187
Rumpus - FTP server version 9.0.7.1 has a Reflected cross-site scripting (RXSS) vulnerability through unspecified vectors.
CVSS Score
6.8
EPSS Score
0.001
Published
2023-01-12
CVE-2020-27575
Maxum Rumpus 8.2.13 and 8.2.14 is affected by a command injection vulnerability. The web administration contains functionality in which administrators are able to manage users. The edit users form contains a parameter vulnerable to command injection due to insufficient validation.
CVSS Score
8.8
EPSS Score
0.079
Published
2021-03-08
CVE-2020-27576
Maxum Rumpus 8.2.13 and 8.2.14 is affected by cross-site scripting (XSS). Users are able to create folders in the web application. The folder name is insufficiently validated resulting in a stored cross-site scripting vulnerability.
CVSS Score
5.4
EPSS Score
0.003
Published
2021-03-08
CVE-2020-27574
Maxum Rumpus 8.2.13 and 8.2.14 is affected by cross-site request forgery (CSRF). If an authenticated user visits a malicious page, unintended actions could be performed in the web application as the authenticated user.
CVSS Score
8.8
EPSS Score
0.002
Published
2021-03-08
CVE-2020-12737
An issue was discovered in Maxum Rumpus before 8.2.12 on macOS. Authenticated users can perform a path traversal using double escaped characters, enabling read access to arbitrary files on the server.
CVSS Score
6.5
EPSS Score
0.005
Published
2020-05-08
CVE-2019-19660
A CSRF vulnerability exists in the Web File Manager's Network Setting functionality of Rumpus FTP Server 8.2.9.1. By exploiting it, an attacker can manipulate the SMTP setting and other network settings via RAPR/NetworkSettingsSet.html.
CVSS Score
6.5
EPSS Score
0.002
Published
2020-02-10


Products
Pricing
Contact Us

Shodan ® - All rights reserved