Lucene search
K

40 matches found

Cvelist
Cvelist
added 2024/11/05 3:18 p.m.25 views

CVE-2023-29118 Unauthorized SQLite Injection in Enel X Juicebox

Waybox Enel X web management application could execute arbitrary requests on the internal database via /admin/versions.php...

9.6CVSS0.00326EPSS
Exploits0References1
NVD
NVD
added 2024/11/05 3:15 p.m.24 views

CVE-2023-29114

System logs could be accessed through web management application due to a lack of access control. An attacker can obtain the following sensitive information: • Wi-Fi access point credentials to which the EV charger can connect. • APN web address and credentials. • IPSEC credentials...

5.7CVSS0.00248EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/11/05 3:14 p.m.25 views

CVE-2023-29117 Authentication Bypass in JuiceBox Web Manager interface

Waybox Enel X web management API authentication could be bypassed and provide administrator’s privileges over the Waybox system...

8.8CVSS0.00312EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/11/05 3:14 p.m.17 views

CVE-2023-29117 Authentication Bypass in JuiceBox Web Manager interface

Waybox Enel X web management API authentication could be bypassed and provide administrator’s privileges over the Waybox system...

8.8CVSS7.2AI score0.00312EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/11/05 3:8 p.m.25 views

CVE-2023-29116 PHP Information Disclosure in Enel X JuiceBox

Under certain conditions, through a request directed to the Waybox Enel X web management application, information like Waybox OS version or service configuration details could be obtained...

4.3CVSS0.00224EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/11/05 3:8 p.m.17 views

CVE-2023-29116 PHP Information Disclosure in Enel X JuiceBox

Under certain conditions, through a request directed to the Waybox Enel X web management application, information like Waybox OS version or service configuration details could be obtained...

4.3CVSS6.7AI score0.00224EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/11/05 3:4 p.m.20 views

CVE-2023-29115 Denial of Service via Web Management interface in Enel X JuiceBox

In certain conditions a request directed to the Waybox Enel X Web management application could cause a denial-of-service e.g. reboot...

6.5CVSS7AI score0.0027EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/11/05 3:4 p.m.31 views

CVE-2023-29115 Denial of Service via Web Management interface in Enel X JuiceBox

In certain conditions a request directed to the Waybox Enel X Web management application could cause a denial-of-service e.g. reboot...

6.5CVSS0.0027EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/11/05 3:1 p.m.11 views

CVE-2023-29114 Unauthorized System Log Disclosure in Enel X JuiceBox

System logs could be accessed through web management application due to a lack of access control. An attacker can obtain the following sensitive information: • Wi-Fi access point credentials to which the EV charger can connect. • APN web address and credentials. • IPSEC credentials...

5.7CVSS6.9AI score0.00248EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/11/05 3:1 p.m.21 views

CVE-2023-29114 Unauthorized System Log Disclosure in Enel X JuiceBox

System logs could be accessed through web management application due to a lack of access control. An attacker can obtain the following sensitive information: • Wi-Fi access point credentials to which the EV charger can connect. • APN web address and credentials. • IPSEC credentials...

5.7CVSS0.00248EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/09/16 12:0 a.m.6 views

The vulnerability of Bluetooth modules in charging devices for electric vehicles like Autel, ShargerPoint, and JuiceBox allows a violator to execute arbitrary code.

The vulnerability of Bluetooth modules in charging devices for electric vehicles, such as Autel, ShargerPoint, and JuiceBox, is related to buffer overflow in the stack. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

8CVSS8.2AI score0.00907EPSS
Exploits0References5
Code423n4
Code423n4
added 2023/05/22 12:0 a.m.13 views

Delegate should check that terminal is operating with ETH as the terminal token

Lines of code Vulnerability details Delegate should check that terminal is operating with ETH as the terminal token The JBXBuybackDelegate implementation is only prepared to operate with ETH as the terminal token. The implementation should check that the JuiceBox terminal matches this case. Impac...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/10/23 12:0 a.m.12 views

Redemption weight of tiered NFTs miscalculates, making users redeem incorrect amounts - Bug #1

Lines of code Vulnerability details Description Redemption weight is a concept used in Juicebox to determine investor's eligible percentage of the non-locked funds. In redeemParams, JB721Delegate calculates user's share using: uint256 redemptionWeight = redemptionWeightOfdecodedTokenIds; uint256...

6.5AI score
Exploits0
Code423n4
Code423n4
added 2022/10/23 12:0 a.m.13 views

Deactivated tiers can still mint reserve tokens, even if no non-reserve tokens were minted.

Lines of code Vulnerability details Description Tiers in Juicebox can be deactivated using the adjustTiers function. It makes sense that reserve tokens may be minted in deactivated tiers, in order to be consistent with already minted tokens. However, the code allows the first reserve token to be...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/07/08 12:0 a.m.8 views

Attacker can prevent other projects from using a custom token

Lines of code Vulnerability details Impact A malicious project owner or an attacker can front-run the JBTokenStore.changeFor function and "steal" the token for their own project. This token can then not be used for any other project as long as it's assigned to a project due to projectOftoken != 0...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/07/08 12:0 a.m.10 views

The splits configuration will become frozen once enough splits are added

Lines of code Vulnerability details Impact If there are enough entries in the splits array, the checks done to ensure existing locks are respected will cause attempts to change the split to revert, preventing the existing split assignment from changing. If the project has a lock with a long...

6.5AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/06/20 8:14 p.m.2 views

Malicious code in generator-juicebox (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 394572322748182b7f3700892c1fd98b3d13f2370dd106fd132c1045a44dfd59 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2022/06/20 8:14 p.m.8 views

MAL-2022-3333 Malicious code in generator-juicebox (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 394572322748182b7f3700892c1fd98b3d13f2370dd106fd132c1045a44dfd59 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
Packet Storm
Packet Storm
added 2012/06/16 12:0 a.m.31 views

Juicebox SQL Injection

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 x Official Website: http://www.1337day.com 0 1 x...

7.4AI score
Exploits0
0day.today
0day.today
added 2012/06/16 12:0 a.m.34 views

JuiceBox - SQL Injection Vulnerability

Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 x...

7.1AI score
Exploits0
Rows per page
Query Builder