25 matches found
Chinese Hackers Have Started Exploiting the Newly Disclosed React2Shell Vulnerability
Two hacking groups with ties to China have been observed weaponizing the newly disclosed security flaw in React Server Components RSC within hours of it becoming public knowledge. The vulnerability in question is CVE-2025-55182 CVSS score: 10.0, aka React2Shell, which allows unauthenticated remot...
CVE-2019-25157
A vulnerability was found in Ethex Contracts. It has been classified as critical. This affects an unknown part of the file EthexJackpot.sol of the component Monthly Jackpot Handler. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. This product do...
CVE-2019-25157
A vulnerability was found in Ethex Contracts. It has been classified as critical. This affects an unknown part of the file EthexJackpot.sol of the component Monthly Jackpot Handler. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. This product do...
Improper access control
A vulnerability was found in Ethex Contracts. It has been classified as critical. This affects an unknown part of the file EthexJackpot.sol of the component Monthly Jackpot Handler. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. This product do...
CVE-2019-25157 Ethex Contracts Monthly Jackpot EthexJackpot.sol access control
A vulnerability was found in Ethex Contracts. It has been classified as critical. This affects an unknown part of the file EthexJackpot.sol of the component Monthly Jackpot Handler. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. This product do...
CVE-2019-25157
The CVE-2019-25157 issue affects Ethex Contracts, specifically the EthexJackpot.sol file within the Monthly Jackpot Handler. The vulnerability results from improper access controls in an unknown portion of the contract and can be triggered remotely. A patch is available (6b8664b698d3d953e16c284fa...
PT-2023-11382 · Unknown · Ethex Contracts
Name of the Vulnerable Software and Affected Versions: Ethex Contracts affected versions not specified Description: A critical issue has been found in Ethex Contracts, affecting an unknown part of the file EthexJackpot.sol of the component Monthly Jackpot Handler. This issue leads to improper...
Ethex Access Control Error Vulnerability
Ethex is an ethereum smart contract lottery game from the Ethex team. Ethex suffers from an Access Control Error vulnerability that stems from the fact that the file EthexJackpot.sol can lead to incorrect access control...
Upgraded Q -> 2 from #345 [1678798679676]
Judge has assessed an item in Issue 345 as 2 risk. The relevant finding follows: Issue 2 - Undermining the fairness of the protocol in swapSource and possibilities for stealing a jackpot --- The text was updated successfully, but these errors were encountered: All reactions...
No sanity check on drawCoolDownPeriod can lead to frontrun attacks on jackpot prize
Lines of code Vulnerability details Impact During the construction of the LotterySetup, there is no sanity check on drawCoolDownPeriod. If its set to zero, then there will be no cool down period, players can buy the lottery tickets at any time until the draw. Once lottery setup is complete with...
expected outgoing rewards for non-jackpot tiers are not normalized
Lines of code Vulnerability details Impact When calculating new profit, the calculation for non-jackpot rewards are not normalized and will be largely overestimated, due to the additional percentage scaling. This will lead to the excess pot for participants being much lower and hence failing to...
Validator/miner can set Block timestamp to a draw scheduled date and buy winning ticket if drawCoolDownPeriod is set to zero
Lines of code Vulnerability details Impact Validators/Miners would always be able to get the Jackpot prize, compromising the protocol. Proof of Concept The following foundry test illustrates this behaviour. Essentially, if the cooldown period time before a draw during which it is not possible to...
Lottery owner can rig the draw to win the jackpot by swapping the source
Lines of code Vulnerability details Lottery owner can rig the draw to win the jackpot by swapping the source Impact The lottery owner has the ability to swap the Random Source under certain cirumstances, and this can be exploited to set a new source contract that returns any number set by it. Thi...
jackpotpredictions.co.zm Improper Access Control vulnerability OBB-2227937
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
web.jackpot.de XSS vulnerability
Vulnerable URL:...
Slots Jackpot™ - Best casino - Customized SSL, Redefined SSL Common Names verifier, WebView SSL handling enabled vulnerabilities
HackApp vulnerability scanner discovered that application Slots Jackpot™ - Best casino published at the 'play' market has multiple vulnerabilities...
Jackpot Gems - Customized SSL, Dangerous filesystem permissions, Redefined SSL Common Names verifier vulnerabilities
HackApp vulnerability scanner discovered that application Jackpot Gems published at the 'play' market has multiple vulnerabilities...
Slots™ Jackpot - Slot Machines - Base64 encoded String, Customized SSL, Dangerous filesystem permissions vulnerabilities
HackApp vulnerability scanner discovered that application Slots™ Jackpot - Slot Machines published at the 'play' market has multiple vulnerabilities...
Las Vegas Casino Jackpot Slots - Base64 encoded String, Exported ContentProvider, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application Las Vegas Casino Jackpot Slots published at the 'play' market has multiple vulnerabilities...
Jackpot - Customized SSL, Redefined SSL Common Names verifier, WebView SSL handling enabled vulnerabilities
HackApp vulnerability scanner discovered that application Jackpot published at the 'play' market has multiple vulnerabilities...