6 matches found
CVE-2026-58000
luci-proto-openvpn through 0.11.1, fixed in commit e4ff45e, contains a command injection vulnerability in the generateKey ubus method where the clmeta parameter is interpolated into a shell command without proper escaping or quoting. An authenticated LuCI user with OpenVPN protocol configuration...
CVE-2026-58000 luci-proto-openvpn - Command Injection via cl_meta Parameter in generateKey
luci-proto-openvpn through 0.11.1, fixed in commit e4ff45e, contains a command injection vulnerability in the generateKey ubus method where the clmeta parameter is interpolated into a shell command without proper escaping or quoting. An authenticated LuCI user with OpenVPN protocol configuration...
CVE-2026-58000
The vulnerability CVE-2026-58000 affects luci-proto-openvpn up to version 0.11.1. The root cause is a command injection in the generateKey ubus method where the cl_meta parameter is interpolated into a shell command without proper escaping or quoting, enabling an authenticated LuCI user with Open...
Android - getpidcon Permission Bypass in KeyStore Service Vulnerability
Exploit for Android platform in category dos / poc The keystore binder service "android.security.IKeystoreService" allows users to issue several commands related to key management, including adding, removing, exporting and generating cryptographic keys. The service is accessible to many SELinux...
Android - getpidcon Permission Bypass in KeyStore Service
Android - getpidcon Permission Bypass in KeyStore Service The keystore binder service "android.security.IKeystoreService" allows users to issue several commands related to key management, including adding, removing, exporting and generating cryptographic keys. The service is accessible to many...
CVE-2003-1417
nCipher Support Software 6.00, when using generatekey KeySafe to import keys, does not delete the temporary copies of the key, which may allow local users to gain access to the key by reading the 1 key.pem or 2 key.der files...