285 matches found
MagicINFO SWUpdateFileUploader remote command execution
Added: 05/23/2025 CVE: CVE-2025-4632 Background MagicINFO is digital signage software from Samsung. Problem A path traversal, unsafe file upload, and missing authentication vulnerability allows remote, unauthenticated attackers to upload arbitrary files to the server and then execute them using a...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-4632link is external Samsung MagicINFO 9 Server Path Traversal Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actor...
Samsung MagicINFO 9 Server Path Traversal Vulnerability
Samsung MagicINFO 9 Server contains a path traversal vulnerability that allows an attacker to write arbitrary file as system authority...
Samsung MagicINFO 9 Server Remote Code Execution (CVE-2024-7399)
Remote Code Execution in Samsung MagicINFO 9 Server use exploit/windows/http/magicinfotraversal msf exploitmagicinfotraversal show targets ...targets... msf exploitmagicinfotraversal set TARGET msf exploitmagicinfotraversal show options ...show and set options... msf exploitmagicinfotraversal...
📄 Samsung MagicINFO 9 Server Remote Code Execution
This Metasploit module exploits a remote code execution vulnerability in Samsung MagicINFO 9 Server versions less than or equal to 21.1050.0. Remote code execution can be obtained by exploiting the path traversal vulnerability CVE-2024-7399 in the SWUpdateFileUploader servlet, which can be querie...
CVE-2025-4632
Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1052 allows attackers to write arbitrary file as system authority...
Samsung Patches CVE-2025-4632 Used to Deploy Mirai Botnet via MagicINFO 9 Exploit
Samsung has released software updates to address a critical security flaw in MagicINFO 9 Server that has been actively exploited in the wild. The vulnerability, tracked as CVE-2025-4632 CVSS score: 9.8, has been described as a path traversal flaw. "Improper limitation of a pathname to a restricte...
CVE-2025-4632
Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1052 allows attackers to write arbitrary file as system authority...
CVE-2025-4632
Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1052 allows attackers to write arbitrary file as system authority...
CVE-2025-4632
Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1052 allows attackers to write arbitrary file as system authority...
CVE-2025-4632
Samsung MagicINFO 9 Server is affected by a path traversal vulnerability (CVE-2025-4632) in versions prior to 21.1052. An improper limitation of a pathname to a restricted directory issue allows unauthenticated attackers to write arbitrary files with system authority, potentially enabling remote ...
CVE-2025-4632
Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1052 allows attackers to write arbitrary file as system authority...
CVE-2025-4632
Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1052 allows attackers to write arbitrary file as system authority. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...
SAMSUNG MagicINFO 9 Server 安全漏洞
Samsung MagicINFO 9 Server is a core component of the MagicINFO solution and is responsible for content management and scheduling functions. A path traversal vulnerability exists in Samsung MagicINFO 9 Server, which stems from an improperly restricted pathname, and can be exploited by an attacker...
PT-2025-20828
Name of the Vulnerable Software and Affected Versions Samsung MagicINFO 9 versions prior to 21.1052 Description An improper limitation of a pathname to a restricted directory issue exists in Samsung MagicINFO 9 Server. This allows attackers to write arbitrary files with system authority. The...
VulnCheck KEV: CVE-2025-4632
Samsung MagicINFO 9 Server contains a path traversal vulnerability that allows an attacker to write arbitrary file as system authority...
VulnCheck KEV: CVE-2024-7399
Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1050 allows attackers to write arbitrary file as system authority...
Samsung MagicINFO 9 Server getFileFromMultipartFile Directory Traversal Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung MagicINFO Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getFileFromMultipartFile method. The issue results from the lack of proper...
SAMSUNG MagicINFO 9 Server path traversal vulnerability (CNVD-2025-20807)
SAMSUNG MagicINFO 9 Server is an enterprise-class digital signage content management and device monitoring platform from Samsung Korea. A path traversal vulnerability exists in SAMSUNG MagicINFO 9 Server. The vulnerability is caused due to improper restriction of pathnames to restricted...
CVE-2024-7399
Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1050 allows attackers to write arbitrary file as system authority...