Lucene search
K

285 matches found

Saint
Saint
added 2025/05/23 12:0 a.m.206 views

MagicINFO SWUpdateFileUploader remote command execution

Added: 05/23/2025 CVE: CVE-2025-4632 Background MagicINFO is digital signage software from Samsung. Problem A path traversal, unsafe file upload, and missing authentication vulnerability allows remote, unauthenticated attackers to upload arbitrary files to the server and then execute them using a...

9.8CVSS8.2AI score0.23953EPSS
Exploits4
CISA
CISA
added 2025/05/22 12:0 p.m.5 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-4632link is external Samsung MagicINFO 9 Server Path Traversal Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actor...

9.8CVSS7.2AI score0.23953EPSS
In wildExploits4References6
CISA KEV Catalog
CISA KEV Catalog
added 2025/05/22 12:0 a.m.26 views

Samsung MagicINFO 9 Server Path Traversal Vulnerability

Samsung MagicINFO 9 Server contains a path traversal vulnerability that allows an attacker to write arbitrary file as system authority...

9.8CVSS9.6AI score0.23953EPSS
In wildExploits4
Metasploit
Metasploit
added 2025/05/19 6:55 p.m.545 views

Samsung MagicINFO 9 Server Remote Code Execution (CVE-2024-7399)

Remote Code Execution in Samsung MagicINFO 9 Server use exploit/windows/http/magicinfotraversal msf exploitmagicinfotraversal show targets ...targets... msf exploitmagicinfotraversal set TARGET msf exploitmagicinfotraversal show options ...show and set options... msf exploitmagicinfotraversal...

9.8CVSS9.6AI score0.91941EPSS
Exploits3
Packet Storm
Packet Storm
added 2025/05/19 12:0 a.m.83 views

📄 Samsung MagicINFO 9 Server Remote Code Execution

This Metasploit module exploits a remote code execution vulnerability in Samsung MagicINFO 9 Server versions less than or equal to 21.1050.0. Remote code execution can be obtained by exploiting the path traversal vulnerability CVE-2024-7399 in the SWUpdateFileUploader servlet, which can be querie...

8.8CVSS8.4AI score0.91941EPSS
Exploits3
RedhatCVE
RedhatCVE
added 2025/05/15 6:13 a.m.14 views

CVE-2025-4632

Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1052 allows attackers to write arbitrary file as system authority...

9.8CVSS7.1AI score0.23953EPSS
Exploits4References3
The Hacker News
The Hacker News
added 2025/05/14 5:57 p.m.52 views

Samsung Patches CVE-2025-4632 Used to Deploy Mirai Botnet via MagicINFO 9 Exploit

Samsung has released software updates to address a critical security flaw in MagicINFO 9 Server that has been actively exploited in the wild. The vulnerability, tracked as CVE-2025-4632 CVSS score: 9.8, has been described as a path traversal flaw. "Improper limitation of a pathname to a restricte...

9.8CVSS9.5AI score0.91941EPSS
Exploits7
OSV
OSV
added 2025/05/13 6:15 a.m.5 views

CVE-2025-4632

Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1052 allows attackers to write arbitrary file as system authority...

9.8CVSS5.9AI score0.23953EPSS
Exploits4References2
NVD
NVD
added 2025/05/13 6:15 a.m.22 views

CVE-2025-4632

Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1052 allows attackers to write arbitrary file as system authority...

9.8CVSS0.23953EPSS
Exploits4References2
Cvelist
Cvelist
added 2025/05/13 5:19 a.m.39 views

CVE-2025-4632

Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1052 allows attackers to write arbitrary file as system authority...

9.8CVSS0.23953EPSS
Exploits4References1
CVE
CVE
added 2025/05/13 5:19 a.m.205 views

CVE-2025-4632

Samsung MagicINFO 9 Server is affected by a path traversal vulnerability (CVE-2025-4632) in versions prior to 21.1052. An improper limitation of a pathname to a restricted directory issue allows unauthenticated attackers to write arbitrary files with system authority, potentially enabling remote ...

9.8CVSS7.2AI score0.23953EPSS
In wildExploits4References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/05/13 5:19 a.m.11 views

CVE-2025-4632

Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1052 allows attackers to write arbitrary file as system authority...

9.8CVSS9.5AI score0.23953EPSS
Exploits4References1
ATTACKERKB
ATTACKERKB
added 2025/05/13 12:0 a.m.10 views

CVE-2025-4632

Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1052 allows attackers to write arbitrary file as system authority. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

9.8CVSS9.5AI score0.23953EPSS
In wildExploits4References2
CNNVD
CNNVD
added 2025/05/13 12:0 a.m.3 views

SAMSUNG MagicINFO 9 Server 安全漏洞

Samsung MagicINFO 9 Server is a core component of the MagicINFO solution and is responsible for content management and scheduling functions. A path traversal vulnerability exists in Samsung MagicINFO 9 Server, which stems from an improperly restricted pathname, and can be exploited by an attacker...

9.8CVSS6.9AI score0.23953EPSS
Exploits4References1
Positive Technologies
Positive Technologies
added 2025/05/07 12:0 a.m.4 views

PT-2025-20828

Name of the Vulnerable Software and Affected Versions Samsung MagicINFO 9 versions prior to 21.1052 Description An improper limitation of a pathname to a restricted directory issue exists in Samsung MagicINFO 9 Server. This allows attackers to write arbitrary files with system authority. The...

10CVSS7.5AI score0.23953EPSS
Exploits4References92
VulnCheck KEV
VulnCheck KEV
added 2025/05/06 12:0 a.m.9 views

VulnCheck KEV: CVE-2025-4632

Samsung MagicINFO 9 Server contains a path traversal vulnerability that allows an attacker to write arbitrary file as system authority...

9.8CVSS5.9AI score0.23953EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
added 2025/05/05 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-7399

Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1050 allows attackers to write arbitrary file as system authority...

8.8CVSS7.4AI score0.91941EPSS
Exploits3References1
Zero Day Initiative
Zero Day Initiative
added 2024/12/09 12:0 a.m.11 views

Samsung MagicINFO 9 Server getFileFromMultipartFile Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung MagicINFO Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getFileFromMultipartFile method. The issue results from the lack of proper...

9.8CVSS7.4AI score0.91941EPSS
Exploits3References1
CNVD
CNVD
added 2024/08/16 12:0 a.m.4 views

SAMSUNG MagicINFO 9 Server path traversal vulnerability (CNVD-2025-20807)

SAMSUNG MagicINFO 9 Server is an enterprise-class digital signage content management and device monitoring platform from Samsung Korea. A path traversal vulnerability exists in SAMSUNG MagicINFO 9 Server. The vulnerability is caused due to improper restriction of pathnames to restricted...

8.8CVSS6.9AI score0.91941EPSS
Exploits3References1
NVD
NVD
added 2024/08/12 1:38 p.m.26 views

CVE-2024-7399

Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1050 allows attackers to write arbitrary file as system authority...

9.8CVSS0.91941EPSS
Exploits3References3
Rows per page
Query Builder