40 matches found
CVE-2023-29118 Unauthorized SQLite Injection in Enel X Juicebox
Waybox Enel X web management application could execute arbitrary requests on the internal database via /admin/versions.php...
CVE-2023-29114
System logs could be accessed through web management application due to a lack of access control. An attacker can obtain the following sensitive information: • Wi-Fi access point credentials to which the EV charger can connect. • APN web address and credentials. • IPSEC credentials...
CVE-2023-29117 Authentication Bypass in JuiceBox Web Manager interface
Waybox Enel X web management API authentication could be bypassed and provide administrator’s privileges over the Waybox system...
CVE-2023-29117 Authentication Bypass in JuiceBox Web Manager interface
Waybox Enel X web management API authentication could be bypassed and provide administrator’s privileges over the Waybox system...
CVE-2023-29116 PHP Information Disclosure in Enel X JuiceBox
Under certain conditions, through a request directed to the Waybox Enel X web management application, information like Waybox OS version or service configuration details could be obtained...
CVE-2023-29116 PHP Information Disclosure in Enel X JuiceBox
Under certain conditions, through a request directed to the Waybox Enel X web management application, information like Waybox OS version or service configuration details could be obtained...
CVE-2023-29115 Denial of Service via Web Management interface in Enel X JuiceBox
In certain conditions a request directed to the Waybox Enel X Web management application could cause a denial-of-service e.g. reboot...
CVE-2023-29115 Denial of Service via Web Management interface in Enel X JuiceBox
In certain conditions a request directed to the Waybox Enel X Web management application could cause a denial-of-service e.g. reboot...
CVE-2023-29114 Unauthorized System Log Disclosure in Enel X JuiceBox
System logs could be accessed through web management application due to a lack of access control. An attacker can obtain the following sensitive information: • Wi-Fi access point credentials to which the EV charger can connect. • APN web address and credentials. • IPSEC credentials...
CVE-2023-29114 Unauthorized System Log Disclosure in Enel X JuiceBox
System logs could be accessed through web management application due to a lack of access control. An attacker can obtain the following sensitive information: • Wi-Fi access point credentials to which the EV charger can connect. • APN web address and credentials. • IPSEC credentials...
The vulnerability of Bluetooth modules in charging devices for electric vehicles like Autel, ShargerPoint, and JuiceBox allows a violator to execute arbitrary code.
The vulnerability of Bluetooth modules in charging devices for electric vehicles, such as Autel, ShargerPoint, and JuiceBox, is related to buffer overflow in the stack. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
Delegate should check that terminal is operating with ETH as the terminal token
Lines of code Vulnerability details Delegate should check that terminal is operating with ETH as the terminal token The JBXBuybackDelegate implementation is only prepared to operate with ETH as the terminal token. The implementation should check that the JuiceBox terminal matches this case. Impac...
Redemption weight of tiered NFTs miscalculates, making users redeem incorrect amounts - Bug #1
Lines of code Vulnerability details Description Redemption weight is a concept used in Juicebox to determine investor's eligible percentage of the non-locked funds. In redeemParams, JB721Delegate calculates user's share using: uint256 redemptionWeight = redemptionWeightOfdecodedTokenIds; uint256...
Deactivated tiers can still mint reserve tokens, even if no non-reserve tokens were minted.
Lines of code Vulnerability details Description Tiers in Juicebox can be deactivated using the adjustTiers function. It makes sense that reserve tokens may be minted in deactivated tiers, in order to be consistent with already minted tokens. However, the code allows the first reserve token to be...
Attacker can prevent other projects from using a custom token
Lines of code Vulnerability details Impact A malicious project owner or an attacker can front-run the JBTokenStore.changeFor function and "steal" the token for their own project. This token can then not be used for any other project as long as it's assigned to a project due to projectOftoken != 0...
The splits configuration will become frozen once enough splits are added
Lines of code Vulnerability details Impact If there are enough entries in the splits array, the checks done to ensure existing locks are respected will cause attempts to change the split to revert, preventing the existing split assignment from changing. If the project has a lock with a long...
Malicious code in generator-juicebox (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 394572322748182b7f3700892c1fd98b3d13f2370dd106fd132c1045a44dfd59 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-3333 Malicious code in generator-juicebox (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 394572322748182b7f3700892c1fd98b3d13f2370dd106fd132c1045a44dfd59 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Juicebox SQL Injection
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 x Official Website: http://www.1337day.com 0 1 x...
JuiceBox - SQL Injection Vulnerability
Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 x...