Filtered by vendor Maxum
Subscribe
Search
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-27575 | 1 Maxum | 1 Rumpus | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| Maxum Rumpus 8.2.13 and 8.2.14 is affected by a command injection vulnerability. The web administration contains functionality in which administrators are able to manage users. The edit users form contains a parameter vulnerable to command injection due to insufficient validation. | |||||
| CVE-2020-27574 | 1 Maxum | 1 Rumpus | 2021-03-12 | 6.8 MEDIUM | 8.8 HIGH |
| Maxum Rumpus 8.2.13 and 8.2.14 is affected by cross-site request forgery (CSRF). If an authenticated user visits a malicious page, unintended actions could be performed in the web application as the authenticated user. | |||||
| CVE-2019-19664 | 1 Maxum | 1 Rumpus Ftp | 2020-02-24 | 5.8 MEDIUM | 7.1 HIGH |
| A CSRF vulnerability exists in the Web Settings of Web File Manager in Rumpus FTP 8.2.9.1. Exploitation of this vulnerability can result in manipulation of Server Web settings at RAPR/WebSettingsGeneralSet.html. | |||||
| CVE-2019-19659 | 1 Maxum | 1 Rumpus | 2020-02-11 | 6.8 MEDIUM | 8.8 HIGH |
| A CSRF vulnerability exists in the Web File Manager's Edit Accounts functionality of Rumpus FTP Server 8.2.9.1. By exploiting it, an attacker can take over a user account by changing the password, update users' details, and escalate privileges via RAPR/DefineUsersSet.html. | |||||