EUVD-2015-4557

Malware in sbrugna...

LP rewards in liquidity_lockbox can be arbitraged

Lines of code Vulnerability details Impact The liquiditylockbox contract is designed to handle liquidity positions in a specific Orca LP pool. Users can deposit their LP NFTs into the contract, receiving in exchange tokens according to their position size. These tokens are minted with the goal of...

Attacker can cause deposits to be locked in the Solana lockbox

Lines of code Vulnerability details Impact An attacker can cause deposits to be locked in the lockbox Proof of Concept In withdraw, if the position has 0 liquidity the execution is reverted function withdrawuint64 amount external address positionAddress =...

CVE-2023-34625

ShowMojo MojoBox Digital Lockbox 1.4 is vulnerable to Authentication Bypass. The implementation of the lock opening mechanism via Bluetooth Low Energy BLE is vulnerable to replay attacks. A malicious user is able to intercept BLE requests and replicate them to open the lock at any time...

CVE-2023-34625

ShowMojo MojoBox Digital Lockbox 1.4 is vulnerable to Authentication Bypass. The implementation of the lock opening mechanism via Bluetooth Low Energy BLE is vulnerable to replay attacks. A malicious user is able to intercept BLE requests and replicate them to open the lock at any time...

Authentication flaw

ShowMojo MojoBox Digital Lockbox 1.4 is vulnerable to Authentication Bypass. The implementation of the lock opening mechanism via Bluetooth Low Energy BLE is vulnerable to replay attacks. A malicious user is able to intercept BLE requests and replicate them to open the lock at any time...

CVE-2023-34625

CVE-2023-34625 affects ShowMojo MojoBox Digital Lockbox firmware 1.4. The BLE-based unlock mechanism is vulnerable to replay attacks, enabling authentication bypass: a network-adjacent attacker can intercept BLE requests to unlock, or an attacker with physical access can extract recent BLE messag...

CVE-2023-34625

ShowMojo MojoBox Digital Lockbox 1.4 is vulnerable to Authentication Bypass. The implementation of the lock opening mechanism via Bluetooth Low Energy BLE is vulnerable to replay attacks. A malicious user is able to intercept BLE requests and replicate them to open the lock at any time...

ShowMojo MojoBox Digital Lockbox 安全漏洞

The ShowMojo MojoBox Digital Lockbox is a digital lockbox from ShowMojo. A security vulnerability exists in the ShowMojo MojoBox Digital Lockbox version 1.4, which stems from4 Vulnerability to authentication bypass, and vulnerability to replay attacks on the unlocking mechanism via Bluetooth Low...

SUSE-SU-2017:1479-1 Security update for ceph

This update provides Ceph 10.2.6, which brings fixes and enhancements: This security issue was fixed: - CVE-2016-9579: Do not abort RGW server when accepting a CORS request with short origin. bsc1014986 These non-security issues were fixed: - common: Add rdbmap to ceph-common. bsc1029482 -...

CVE-2015-4537

Lockbox in EMC Documentum D2 before 4.5 uses a hardcoded passphrase when a server lacks a D2.Lockbox file, which makes it easier for remote authenticated users to decrypt admin tickets by locating this passphrase in a decompiled D2 JAR archive...

Hardcoded credentials

Lockbox in EMC Documentum D2 before 4.5 uses a hardcoded passphrase when a server lacks a D2.Lockbox file, which makes it easier for remote authenticated users to decrypt admin tickets by locating this passphrase in a decompiled D2 JAR archive...

CVE-2015-4537

EMC Documentum D2 vulnerability CVE-2015-4537 affects the Lockbox component. If the server lacks the D2.Lockbox file, D2 uses a hardcoded passphrase to encrypt admin tickets, enabling an attacker who can decompile D2 JARs to recover the passphrase and decrypt tickets. Affected products include EM...

CVE-2015-4537

Lockbox in EMC Documentum D2 before 4.5 uses a hardcoded passphrase when a server lacks a D2.Lockbox file, which makes it easier for remote authenticated users to decrypt admin tickets by locating this passphrase in a decompiled D2 JAR archive...

EMC Documentum D2 Information Disclosure Vulnerability (CNVD-2015-05464)

EMC Documentum D2 is the advanced, intuitive, configurable and content-centric Documentum client that accelerates adoption of ECM applications. A security vulnerability in the Lockbox component of EMC Documentum D2 4.2 and prior versions when saving a password in an encrypted file can be exploite...