Magicinfo 9 Server
Monthly
Hardcoded database credentials in Samsung MagicInfo9 Server allow direct database access and manipulation.
Remote code execution in MagicInfo 9 Server (versions prior to 21.1090.1) allows unauthenticated attackers to upload arbitrary files without authentication, resulting in complete system compromise with high confidentiality, integrity, and availability impact. The vulnerability enables privilege escalation and requires only user interaction to trigger. No patch is currently available for this critical flaw affecting all vulnerable MagicInfo 9 Server installations.
Unauthenticated file upload leading to stored XSS and potential RCE in Samsung MagicInfo9 Server. HTML files uploaded without authentication.
Samsung MagicINFO 9 Server contains a path traversal vulnerability allowing unauthenticated attackers to write arbitrary files as SYSTEM authority, enabling complete server compromise.
Hardcoded database credentials in Samsung MagicInfo9 Server allow direct database access and manipulation.
Remote code execution in MagicInfo 9 Server (versions prior to 21.1090.1) allows unauthenticated attackers to upload arbitrary files without authentication, resulting in complete system compromise with high confidentiality, integrity, and availability impact. The vulnerability enables privilege escalation and requires only user interaction to trigger. No patch is currently available for this critical flaw affecting all vulnerable MagicInfo 9 Server installations.
Unauthenticated file upload leading to stored XSS and potential RCE in Samsung MagicInfo9 Server. HTML files uploaded without authentication.
Samsung MagicINFO 9 Server contains a path traversal vulnerability allowing unauthenticated attackers to write arbitrary files as SYSTEM authority, enabling complete server compromise.