CVE-2025-48617

CVE-2025-48617 affects Android’s CarrierConfigLoader.java, specifically overrideConfig, enabling a permissions/UID check bypass that could cause local privilege escalation with no additional execution privileges required and no user interaction. The vulnerability is tied to a local attack vector ...

The vulnerability of the configuration file loader for WebUI devices of PHOENIX CONTACT RAD-ISM-900-EN-* allows a attacker to execute arbitrary code with root privileges.

The vulnerability of the configuration file loader for WebUI devices of PHOENIX CONTACT RAD-ISM-900-EN- exists due to insufficient checks on the integrity of the firmware. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands with root privileges...

Prototype Pollution

Overview Affected versions of this package are vulnerable to Prototype Pollution. If an attacker submits a malicious INI file to an application that parses it with loadSharedConfigFiles , they will pollute the prototype on the application. This can be exploited further depending on the context. P...

CVE-2013-2086

The configuration loader in ownCloud 5.0.x before 5.0.6 allows remote attackers to obtain CSRF tokens and other sensitive information by reading an unspecified JavaScript file...

CVE-2013-2086

The configuration loader in ownCloud 5.0.x before 5.0.6 allows remote attackers to obtain CSRF tokens and other sensitive information by reading an unspecified JavaScript file...

Cross site request forgery (csrf)

The configuration loader in ownCloud 5.0.x before 5.0.6 allows remote attackers to obtain CSRF tokens and other sensitive information by reading an unspecified JavaScript file...

UBUNTU-CVE-2013-2086

The configuration loader in ownCloud 5.0.x before 5.0.6 allows remote attackers to obtain CSRF tokens and other sensitive information by reading an unspecified JavaScript file...

CVE-2013-2086

The configuration loader in ownCloud 5.0.x before 5.0.6 allows remote attackers to obtain CSRF tokens and other sensitive information by reading an unspecified JavaScript file...

Server: CSRF token leakage

The configuration loader in ownCloud 5.0.x before 5.0.6 includes private data such as CSRF tokens in a JavaScript file, which allows remote attackers to obtain sensitive information. For more information please consult the official advisory. This advisory is licensed CC BY-SA 4.0...

Puzzle Apps CMS 3.2 - Local File Inclusion

------------------------------------------------------------------------ Software................ Puzzle Apps CMS 3.2 Vulnerability........... Local File Inclusion Site.................... http://www.puzzleapps.org/ Download Link...