36 matches found
Exploit for Download of Code Without Integrity Check in Nicehash Quickminer
CVE-2025-56513 Critical Supply-Chain Vulnerability in NiceHash...
EUVD-2019-15688
Malware in sbrugna...
EUVD-2019-15687
Malware in sbrugna...
EUVD-2019-15689
Malware in sbrugna...
EUVD-2025-31754
Malicious code in bioql PyPI...
CVE-2025-56513
NiceHash QuickMiner 6.12.0 perform software updates over HTTP without validating digital signatures or hash checks. An attacker capable of intercepting or redirecting traffic to the update url and can hijack the update process and deliver arbitrary executables that are automatically executed,...
NiceHash QuickMiner 安全漏洞
NiceHash QuickMiner is a cryptocurrency miner software open source by NiceHash.com. A security vulnerability exists in NiceHash QuickMiner version 6.12.0 that originates from executing a software update over HTTP without verifying digital signatures or hash checking, which could lead to remote co...
CVE-2025-56513
CVE-2025-56513 affects NiceHash QuickMiner v6.12.0, where the update mechanism uses HTTP without signature/hash verification, enabling a Network-based MITM to replace updates and execute arbitrary code. Root cause: unencrypted update delivery and absence of digital signatures/integrity checks for...
CVE-2019-6121
An issue was discovered in NiceHash Miner before 2.0.3.0. Missing Authorization allows an adversary to can gain access to a miner's information about such as his recent payments, unclaimed Balance, Old Balance at the time of December 2017 breach , Projected payout, Mining stats like profitability...
CVE-2019-6122
A Username Enumeration via Error Message issue was discovered in NiceHash Miner before 2.0.3.0 because an "EMAIL DOES NOT EXIST" error message occurs whenever a submitted email address is incorrect, but there is a different error message for invalid credentials with a correct email address...
CVE-2019-6120
An issue was discovered in NiceHash Miner before 2.0.3.0. A missing rate limit while adding a wallet via Email address allows remote attackers to submit a large number of email addresses to identify valid ones. By exploiting this vulnerability with CVE-2019-6122 Username Enumeration an adversary...
NiceHash Miner Excavator 1.6.7c Cross Site Request Forgery Vulnerability
NiceHash Miner Excavator versions 1.6.7c and below suffer from a cross site request forgery vulnerability. The issue enables any external web site to send commands to the local miner instance, and to redirect the mined coins to an arbitrary mining address. NiceHash Miner Excavator API Cross-Site...
NiceHash Miner Excavator 1.6.7c Cross Site Request Forgery
NiceHash Miner Excavator API Cross-Site Request Forgery ======================================================= The latest version of this advisory is available at: https://sintonen.fi/advisories/nicehash-miner-excavator-api-csrf.txt Overview -------- NiceHash Miner Excavator plugin contains a...
GoDaddy Employees Tricked into Compromising Cryptocurrency Sites
A recent social-engineering “vishing” attack on domain registrar GoDaddy temporarily handed over control of cryptocurrency service sites NiceHash and Liquid to fraudsters, exposing personal information of users. Vishing is a phishing scam that uses voice interactions over the phone to gain trust...
GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services
Fraudsters redirected email and web traffic destined for several cryptocurrency trading platforms over the past week. The attacks were facilitated by scams targeting employees at GoDaddy, the worlds largest domain name registrar, KrebsOnSecurity has learned. The incident is the latest incursion a...
Unspecified Vulnerability in NiceHash Miner
NiceHash Miner is a mining software for Bitcoin. A security vulnerability exists in NiceHash Miner versions prior to 2.0.3.0. The vulnerability can be exploited by an attacker to obtain user information with a valid email address...
NiceHash Miner Information Disclosure Vulnerability
NiceHash Miner is a mining software for Bitcoin. A security vulnerability exists in NiceHash Miner versions prior to 2.0.3.0. An attacker could exploit the vulnerability to enumerate user names...
NiceHash Miner Input Validation Error Vulnerability
NiceHash Miner is a mining software for Bitcoin. An input validation error vulnerability exists in NiceHash Miner versions prior to 2.0.3.0. The vulnerability stems from a network system or product that does not properly validate incoming data. No details of the vulnerability are provided at this...
CVE-2019-6121
An issue was discovered in NiceHash Miner before 2.0.3.0. Missing Authorization allows an adversary to can gain access to a miner's information about such as his recent payments, unclaimed Balance, Old Balance at the time of December 2017 breach , Projected payout, Mining stats like profitability...
CVE-2019-6121
An issue was discovered in NiceHash Miner before 2.0.3.0. Missing Authorization allows an adversary to can gain access to a miner's information about such as his recent payments, unclaimed Balance, Old Balance at the time of December 2017 breach , Projected payout, Mining stats like profitability...