27 matches found
CVE-2026-3535
The DSGVO Google Web Fonts GDPR plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the DSGVOGWPdownloadGoogleFonts function in all versions up to, and including, 1.1. The function is exposed via a wpajaxnopriv hook, requiring no authentication. It...
WordPress DSGVO Google Web Fonts GDPR plugin <= 1.1 - Unauthenticated Arbitrary File Upload via 'fonturl' Parameter vulnerability
Unauthenticated Arbitrary File Upload via 'fonturl' Parameter vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin DSGVO Google Web Fonts GDPR versions = 1.1...
WordPress plugin DSGVO Google Web Fonts GDPR 代码问题漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...
EUVD-2009-3803
Malware in sbrugna...
CVE-2024-8920
The Fonto – Custom Web Fonts Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level...
CVE-2024-8920 Fonto – Custom Web Fonts Manager <= 1.2.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
The Fonto – Custom Web Fonts Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level...
CVE-2024-8920 Fonto – Custom Web Fonts Manager <= 1.2.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
The Fonto – Custom Web Fonts Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level...
Phishing Tactic Hides Tracks with Custom Fonts
An insidious phishing method evades detection using a never-before-seen technique that leverages custom fonts to cover its tracks. Researchers at Proofpoint recently discovered an active credential harvesting phishing scheme. Once a victim has clicked on the initial phishing email, the resulting...
360 Mobile Browser Exploits Homologation Policy Bypass Vulnerability
360 Mobile Browser is a mobile browser based on the Android platform. A bypass same-origin policy vulnerability exists in 360 Mobile Browser version 7.0.0.44, which occurs when web fonts are downloaded without disabling cross-domain, resulting in the use of cross-domain fonts...
Microsoft Windows 2000-2008 - Embedded OpenType Font Engine Remote Code Execution
No description provided by source. $Id: ms09065eotinteger.rb 7470 2009-11-11 23:48:53Z hdm $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of...
Opera < 10.54 Multiple Vulnerabilities
The version of Opera installed on the remote host is earlier than 10.54. Such versions are potentially affected by the following issues : - Web fonts may be used to trigger a privilege elevation vulnerability in the Windows operating system MS10-032 954 - It may be possible to use data URIs in a...
Opera may be used as a vector for a font issue in the underlying operating system
A flaw in the font handling on the Windows operating system has been fixed by Microsoft. On unpatched systems, Web fonts may be used to exploit this issue through Opera...
Microsoft Windows EOT Font Table Directory Integer Overflow
$Id: ms09065eotinteger.rb 7470 2009-11-11 23:48:53Z hdm $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framewor...
Opera Multiple Vulnerabilities (Nov 2009) - Windows
Opera Web Browser is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Opera Multiple Vulnerabilities - Nov09 (Windows)
This host is installed with Opera Web Browser and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gboperamultvulnnov09win.nasl 4869 2016-12-29 11:01:45Z teissa $ Opera Multiple Vulnerabilities - Nov09 Windows Authors: Sharath S Copyright: Copyright c 2009 Greenbone Networks...
Authentication flaw
Opera before 10.01 on Windows does not prevent use of Web fonts in rendering the product's own user interface, which allows remote attackers to spoof the address field via a crafted web site...
CVE-2009-3832
Opera before 10.01 on Windows does not prevent use of Web fonts in rendering the product's own user interface, which allows remote attackers to spoof the address field via a crafted web site...
CVE-2009-3832
Opera for Windows prior to 10.01 is affected by CVE-2009-3832 due to the browser rendering UI using web fonts, allowing a crafted site to spoof the address bar. Root cause: Web fonts used in the UI are not prevented in rendering. Impact is spoofing the address field; exploitation status is not do...
CVE-2009-3832
Opera before 10.01 on Windows does not prevent use of Web fonts in rendering the product's own user interface, which allows remote attackers to spoof the address field via a crafted web site...
Opera < 10.01 Multiple Vulnerabilities
The version of Opera installed on the remote host is earlier than 10.01. Such versions are potential affected by multiple issues : - Specially crafted domain names can cause a memory corruption in Opera, which may lead to a crash or possibly remote code execution. 938 - Opera may allow scripts to...