cbcvebase.

Maxum Rumpus vulnerabilities

20 known vulnerabilities affecting maxum/rumpus.

Total CVEs
20
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH7MEDIUM11

Vulnerabilities

Page 1 of 1
CVE-2019-19368P3MEDIUMCVSS 6.1PoCv8.2.9.12019-12-16
CVE-2019-19368 [MEDIUM] CWE-79 CVE-2019-19368: A Reflected Cross Site Scripting was discovered in the Login page of Rumpus FTP Web File Manager 8.2 A Reflected Cross Site Scripting was discovered in the Login page of Rumpus FTP Web File Manager 8.2.9.1. An attacker can exploit it by sending a crafted link to end users and can execute arbitrary Javascripts
nvd
CVE-2008-7078P3CRITICALCVSS 9.0PoC≤ 6.02009-08-25
CVE-2008-7078 [CRITICAL] CWE-119 CVE-2008-7078: Multiple buffer overflows in Rumpus before 6.0.1 allow remote attackers to (1) cause a denial of ser Multiple buffer overflows in Rumpus before 6.0.1 allow remote attackers to (1) cause a denial of service (segmentation fault) via a long HTTP verb in the HTTP component; and allow remote authenticated users to execute arbitrary code via a long argument to the (2) MKD, (3) XMKD, (4) RMD, and other unspecified commands in the FTP component.
nvd
CVE-2025-55055P2CRITICALCVSS 9.8v9.0.122025-11-17
CVE-2025-55055 [CRITICAL] CWE-78 CVE-2025-55055: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
nvd
CVE-2020-27575P3HIGHCVSS 8.8v8.2.13v8.2.142021-03-08
CVE-2020-27575 [HIGH] CWE-78 CVE-2020-27575: Maxum Rumpus 8.2.13 and 8.2.14 is affected by a command injection vulnerability. The web administrat Maxum Rumpus 8.2.13 and 8.2.14 is affected by a command injection vulnerability. The web administration contains functionality in which administrators are able to manage users. The edit users form contains a parameter vulnerable to command injection due to insufficient validation.
nvd
CVE-2019-19659P3HIGHCVSS 8.8v8.2.9.12020-02-10
CVE-2019-19659 [HIGH] CWE-352 CVE-2019-19659: A CSRF vulnerability exists in the Web File Manager's Edit Accounts functionality of Rumpus FTP Serv A CSRF vulnerability exists in the Web File Manager's Edit Accounts functionality of Rumpus FTP Server 8.2.9.1. By exploiting it, an attacker can take over a user account by changing the password, update users' details, and escalate privileges via RAPR/DefineUsersSet.html.
nvd
CVE-2022-46367P3HIGHCVSS 8.8≤ 9.0.7.12023-01-12
CVE-2022-46367 [HIGH] CWE-352 CVE-2022-46367: Rumpus - FTP server Cross-site request forgery (CSRF) – Privilege escalation vulnerability that may Rumpus - FTP server Cross-site request forgery (CSRF) – Privilege escalation vulnerability that may allow privilege escalation.
nvd
CVE-2025-55057P3HIGHCVSS 8.8v9.0.122025-11-17
CVE-2025-55057 [HIGH] CWE-352 CVE-2025-55057: Multiple CWE-352 Cross-Site Request Forgery (CSRF) Multiple CWE-352 Cross-Site Request Forgery (CSRF)
nvd
CVE-2020-12737P3MEDIUMCVSS 6.5fixed in 8.2.122020-05-08
CVE-2020-12737 [MEDIUM] CWE-22 CVE-2020-12737: An issue was discovered in Maxum Rumpus before 8.2.12 on macOS. Authenticated users can perform a pa An issue was discovered in Maxum Rumpus before 8.2.12 on macOS. Authenticated users can perform a path traversal using double escaped characters, enabling read access to arbitrary files on the server.
nvd
CVE-2022-46370P3HIGHCVSS 7.5≤ 9.0.7.12023-01-12
CVE-2022-46370 [HIGH] CWE-345 CVE-2022-46370: Rumpus - FTP server version 9.0.7.1 Improper Token Verification– vulnerability may allow bypassing i Rumpus - FTP server version 9.0.7.1 Improper Token Verification– vulnerability may allow bypassing identity verification.
nvd
CVE-2022-46368P3HIGHCVSS 8.8≤ 9.0.7.12023-01-12
CVE-2022-46368 [HIGH] CWE-352 CVE-2022-46368: Rumpus - FTP server version 9.0.7.1 Cross-site request forgery (CSRF) – vulnerability may allow unau Rumpus - FTP server version 9.0.7.1 Cross-site request forgery (CSRF) – vulnerability may allow unauthorized action on behalf of authenticated users.
nvd
CVE-2020-27574P3HIGHCVSS 8.8v8.2.13v8.2.142021-03-08
CVE-2020-27574 [HIGH] CWE-352 CVE-2020-27574: Maxum Rumpus 8.2.13 and 8.2.14 is affected by cross-site request forgery (CSRF). If an authenticated Maxum Rumpus 8.2.13 and 8.2.14 is affected by cross-site request forgery (CSRF). If an authenticated user visits a malicious page, unintended actions could be performed in the web application as the authenticated user.
nvd
CVE-2019-19660P4MEDIUMCVSS 6.5v8.2.9.12020-02-10
CVE-2019-19660 [MEDIUM] CWE-352 CVE-2019-19660: A CSRF vulnerability exists in the Web File Manager's Network Setting functionality of Rumpus FTP Se A CSRF vulnerability exists in the Web File Manager's Network Setting functionality of Rumpus FTP Server 8.2.9.1. By exploiting it, an attacker can manipulate the SMTP setting and other network settings via RAPR/NetworkSettingsSet.html.
nvd
CVE-2019-19663P4MEDIUMCVSS 6.5v8.2.9.12020-02-10
CVE-2019-19663 [MEDIUM] CWE-352 CVE-2019-19663: A CSRF vulnerability exists in the Folder Sets Settings of Web File Manager in Rumpus FTP 8.2.9.1. T A CSRF vulnerability exists in the Folder Sets Settings of Web File Manager in Rumpus FTP 8.2.9.1. This allows an attacker to Create/Delete Folders after exploiting it at RAPR/FolderSetsSet.html.
nvd
CVE-2019-19665P4MEDIUMCVSS 6.5v8.2.9.12020-02-10
CVE-2019-19665 [MEDIUM] CWE-352 CVE-2019-19665: A CSRF vulnerability exists in the FTP Settings of Web File Manager in Rumpus FTP 8.2.9.1. Exploitat A CSRF vulnerability exists in the FTP Settings of Web File Manager in Rumpus FTP 8.2.9.1. Exploitation of this vulnerability can result in manipulation of Server FTP settings at RAPR/FTPSettingsSet.html.
nvd
CVE-2025-55056P4MEDIUMCVSS 6.1v9.0.122025-11-17
CVE-2025-55056 [MEDIUM] CWE-79 CVE-2025-55056: Multiple CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scri Multiple CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
nvd
CVE-2020-8514P4MEDIUMCVSS 6.1v8.2.102020-02-02
CVE-2020-8514 [MEDIUM] CWE-79 CVE-2020-8514: An issue was discovered in Rumpus 8.2.10 on macOS. By crafting a directory name, it is possible to a An issue was discovered in Rumpus 8.2.10 on macOS. By crafting a directory name, it is possible to activate JavaScript in the context of the web application after invoking the rename folder functionality.
nvd
CVE-2025-55059P4MEDIUMCVSS 6.1v9.0.122025-11-17
CVE-2025-55059 [MEDIUM] CWE-79 CVE-2025-55059: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
nvd
CVE-2020-27576P4MEDIUMCVSS 5.4v8.2.13v8.2.142021-03-08
CVE-2020-27576 [MEDIUM] CWE-79 CVE-2020-27576: Maxum Rumpus 8.2.13 and 8.2.14 is affected by cross-site scripting (XSS). Users are able to create f Maxum Rumpus 8.2.13 and 8.2.14 is affected by cross-site scripting (XSS). Users are able to create folders in the web application. The folder name is insufficiently validated resulting in a stored cross-site scripting vulnerability.
nvd
CVE-2022-39187P4MEDIUMCVSS 6.1≤ 9.0.7.12023-01-12
CVE-2022-39187 [MEDIUM] CWE-79 CVE-2022-39187: Rumpus - FTP server version 9.0.7.1 has a Reflected cross-site scripting (RXSS) vulnerability throug Rumpus - FTP server version 9.0.7.1 has a Reflected cross-site scripting (RXSS) vulnerability through unspecified vectors.
nvd
CVE-2022-46369P4MEDIUMCVSS 5.4≤ 9.0.7.12023-01-12
CVE-2022-46369 [MEDIUM] CWE-79 CVE-2022-46369: Rumpus - FTP server version 9.0.7.1 Persistent cross-site scripting (PXSS) – vulnerability may allow Rumpus - FTP server version 9.0.7.1 Persistent cross-site scripting (PXSS) – vulnerability may allow inserting scripts into unspecified input fields.
nvd
Maxum Rumpus vulnerabilities | cvebase