4 matches found
@mobilenext/mobile-mcp: Arbitrary Android Intent Execution via mobile_open_url
Summary The mobileopenurl tool in mobile-mcp passes user-supplied URLs directly to Android's intent system without any scheme validation, allowing execution of arbitrary Android intents, including USSD codes, phone calls, SMS messages, and content provider access. Details The vulnerable code pass...
CVE-2025-20974
Summary: CVE-2025-20974 concerns Samsung’s PackageInstallerCN. Multiple connected sources confirm the issue is due to improper handling of insufficient permissions in PackageInstallerCN before version 15.0.11.0, enabling a local attacker to bypass user interaction for requested installations. Aff...
SAMSUNG PackageInstallerCN 安全漏洞
SAMSUNG PackageInstallerCN is a package installer from Samsung South Korea. A security vulnerability exists in SAMSUNG PackageInstallerCN prior to version 15.0.11.0, which stems from mishandling of insufficient privileges, and could allow a local attacker to bypass user interaction for installati...
Install Python for Windows
This module places an embeddable Python3 distribution onto the target file system, granting pentesters access to a lightweight Python interpreter. This module does not require administrative privileges or user interaction with installation prompts. This module requires Metasploit:...