Android File Manager for Android (com.smartwho.SmartFileManager) contains a flaw that allows traversing outside of a restricted path. The issue is due to the program not properly sanitizing user input, specifically path traversal style attacks (e.g. '../'). With a specially crafted request, a local attacker can gain access to arbitrary files.
Next Browser for Android (com.jiubang.browser) contains a flaw that is due to the application failing to enforce restrictions on browsing history directories. With a specially crafted application, a local attacker can gain access to potentially sensitive information.
Snapchat contains a flaw that is due to the program failing to terminate tokens for messages, which may allow them to be reused. This may allow a remote attacker to crash a user's device by flooding them with messages.
Apache Cordova and PhoneGap contain a flaw that is due to the URL interception ignoring iframe and XMLHttpRequest URLs. With a specially crafted script inside an iframe, a context-dependent attacker to bypass domain white listing by calling execute =cordova.require('cordova/exec'); var opts =cordova.require('cordova/plugin/ ContactFindOptions' ); and directly operating on these objects.
Apache Cordova or PhoneGap contains a flaw that is due to the program not blocking third-party scripts included via <script> tags when their source domain is white listed, even if execute in a different domain's origin. This may allow a context-dependent attacker to bypass the same origin policy.
Apache Cordova and PhoneGap contain a flaw that is triggered during substring matching. This may allow a context-dependent attacker to bypass whitelist protection mechanisms.