Lucene search
K

285 matches found

Zero Day Initiative
Zero Day Initiative
added 2025/07/28 12:0 a.m.6 views

Samsung MagicINFO 9 Server getZipFileListForImport Unrestricted File Upload Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung MagicINFO 9 Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the implementatio...

8.8CVSS7.1AI score0.06862EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2025/07/28 12:0 a.m.7 views

Samsung MagicINFO 9 Server OpenApiController Unrestricted File Upload Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung MagicINFO 9 Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the OpenApiController class. The issue results from the lack of proper...

8.1CVSS7AI score0.00464EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2025/07/28 12:0 a.m.3 views

Samsung MagicINFO 9 Server ResponseUploadActivity Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung MagicINFO 9 Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ResponseUploadActivity class. The issue results from the lack of proper...

9.8CVSS6.8AI score0.00616EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2025/07/28 12:0 a.m.6 views

Samsung MagicINFO 9 Server parseXMLString XML External Entity Processing Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Samsung MagicINFO 9 Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the parseXMLString method. Due to the improper...

8.2CVSS5.7AI score0.09221EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2025/07/28 12:0 a.m.3 views

Samsung MagicINFO 9 Server MagicInfoCache Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung MagicINFO 9 Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RMI service. The issue results from the lack of proper validation of...

9.8CVSS6.9AI score0.00645EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2025/07/28 12:0 a.m.3 views

Samsung MagicINFO 9 Server filenameHasExecutableType Unrestricted File Upload Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung MagicINFO 9 Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the filenameHasExecutableType method. The issue results...

9.8CVSS7AI score0.00473EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2025/07/28 12:0 a.m.3 views

Samsung MagicINFO 9 Server getFontFileFromMagicInfoServer Unrestricted File Upload Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung MagicINFO 9 Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the implementatio...

8.8CVSS7.1AI score0.07388EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2025/07/28 12:0 a.m.3 views

Samsung MagicINFO 9 Server PremiumClientService Hard-coded Cryptographic Key Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of Samsung MagicINFO 9 Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the PremiumClientService class. The issue results from a hard-coded...

9.1CVSS6.3AI score0.00543EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2025/07/28 12:0 a.m.3 views

Samsung MagicINFO 9 Server FtpMetaUploadServlet Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung MagicINFO 9 Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

8.8CVSS7AI score0.00638EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2025/07/28 12:0 a.m.2 views

Samsung MagicINFO 9 Server copyResourceToFile Unrestricted File Upload Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung MagicINFO 9 Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the copyResourceToFile method. The issue results from t...

9.8CVSS7AI score0.00597EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2025/07/28 12:0 a.m.3 views

Samsung MagicINFO 9 Server fillLftOrLfdInfo Unrestricted File Upload Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung MagicINFO 9 Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the fillLftOrLfdInfo method. The issue results from the...

9.8CVSS7AI score0.0061EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2025/07/28 12:0 a.m.4 views

Samsung MagicINFO 9 Server filenameHasExecutableType Unrestricted File Upload Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung MagicINFO 9 Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the filenameHasExecutableType method. The issue results...

9.8CVSS7AI score0.00597EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2025/07/28 12:0 a.m.3 views

Samsung MagicINFO 9 Server SWUpdateFileUploadServlet Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung MagicINFO 9 Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SWUpdateFileUploadServlet class. The issue results from the lack of prope...

9.8CVSS6.8AI score0.00575EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2025/07/28 12:0 a.m.5 views

Samsung MagicINFO 9 Server DeviceLogUploadServlet Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung MagicINFO 9 Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the DeviceLogUploadServlet class. The issue results from the lack of proper...

7.2CVSS6.9AI score0.00589EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2025/07/28 12:0 a.m.4 views

Samsung MagicINFO 9 Server PremiumClientService Hard-coded Cryptographic Key Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of Samsung MagicINFO 9 Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the PremiumClientService class. The issue results from a hard-coded...

9.1CVSS6.3AI score0.00554EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2025/07/28 12:0 a.m.3 views

Samsung MagicINFO 9 Server MagicInfoWebAuthorClient Unrestricted File Upload Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung MagicINFO 9 Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MagicInfoWebAuthorClient app. The issue results from the lack of proper...

9.8CVSS7AI score0.00501EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/07/25 6:27 a.m.10 views

CVE-2025-54445

Improper Restriction of XML External Entity Reference vulnerability in Samsung Electronics MagicINFO 9 Server allows Server Side Request Forgery.This issue affects MagicINFO 9 Server: less than 21.1080.0...

9.8CVSS6.5AI score0.09221EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/07/25 6:27 a.m.16 views

CVE-2025-54441

Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0...

8.8CVSS6.6AI score0.07388EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/07/25 6:27 a.m.14 views

CVE-2025-54454

Use of Hard-coded Credentials vulnerability in Samsung Electronics MagicINFO 9 Server allows Authentication Bypass.This issue affects MagicINFO 9 Server: less than 21.1080.0...

9.8CVSS6.6AI score0.00543EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/07/25 6:27 a.m.14 views

CVE-2025-54449

Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0...

9.8CVSS6.6AI score0.0061EPSS
Exploits0References1
Rows per page
Query Builder