Maxum Rumpus FTP Server 1.3.3 and 2.0.3 dev 3 stores passwords in plaintext in the "Rumpus User Database" file in the prefs folder, which could allow attackers to gain privileges on the server.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| maxum_development_corporation | rumpus_ftp_server | * |
| maxum_development_corporation | rumpus_ftp_server | 1.3.2 |
| maxum_development_corporation | rumpus_ftp_server | 1.3.4 |
| maxum_development_corporation | rumpus_ftp_server | 1.3.3 |
Maxum Rumpus FTP Server 1.3.3 and 2.0.3 dev 3 allows a remote attacker to perform a denial of service (hang) by creating a directory name of a specific length.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| maxum_development_corporation | rumpus_ftp_server | 2.0.3dev |
| maxum_development_corporation | rumpus_ftp_server | 1.3.2 |
| maxum_development_corporation | rumpus_ftp_server | 1.3.4 |
Maximum Rumpus FTP Server 2.0.3 dev and before allows an attacker to cause a denial of service (crash) via a mkdir command that specifies a large number of sub-folders.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| maxum_development_corporation | rumpus_ftp_server | 2.0.3dev |
| maxum_development_corporation | rumpus_ftp_server | 1.3.5 |
| maxum_development_corporation | rumpus_ftp_server | 1.3.2 |
| maxum_development_corporation | rumpus_ftp_server | 1.3.4 |