4 matches found
VulnCheck KEV: CVE-2021-24284
The Kaswara Modern VC Addons WordPress plugin through 3.0.1 allows unauthenticated arbitrary file upload via the 'uploadFontIcon' AJAX action. The supplied zipfile being unzipped in the wp-content/uploads/kaswara/fontsicon directory with no checks for malicious files such as PHP...
CVE-2021-24284
The Kaswara Modern VC Addons WordPress plugin through 3.0.1 allows unauthenticated arbitrary file upload via the 'uploadFontIcon' AJAX action. The supplied zipfile being unzipped in the wp-content/uploads/kaswara/fontsicon directory with no checks for malicious files such as PHP...
Totolink A702r Access Control Error Vulnerability
The Totolink A702r is a router device from the Chinese company Totolink. The Totolink A702r V1.0.0-B20161227.1023 suffers from an access control error vulnerability that allows an attacker to access the icon directory via the GET parameter. No detailed vulnerability details are provided at this...
TotoLink A702r 访问控制错误漏洞
The Totolink A702r is a router device from the Chinese company Totolink. The Totolink A702r V1.0.0-B20161227.1023 suffers from an access control error vulnerability that allows an attacker to access the icon directory via the GET parameter. No detailed vulnerability details are provided at this...