A message was encrypted with RSA using e=3 and a modulus that is large enough that the ciphertext did not wrap around.
The server encrypts arbitrary data using AES-ECB mode with a fixed key. ECB is deterministic and block-independent.
Two messages were signed with the same ECDSA nonce k. When k is reused, the private key can be recovered algebraically.