CVE-2023-0064 eVision Responsive Column Layout Shortcodes <= 2.3 - Contributor+ Stored XSS

The eVision Responsive Column Layout Shortcodes WordPress plugin through 2.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored...

CVE-2023-0064

The CVE-2023-0064 entry corresponds to the WordPress plugin “eVision Responsive Column Layout Shortcodes” (versions 2.3 and earlier). The vulnerability is a Stored Cross-Site Scripting (XSS) flaw caused by insufficient validation and escaping of shortcode attributes, which are output into the pag...

CVE-2022-47612

Cross-Site Request Forgery CSRF vulnerability in Roland Barker, xnau webdesign Participants Database plugin = 2.4.5 leads to list column update...

CVE-2022-47612

Cross-Site Request Forgery CSRF vulnerability in Roland Barker, xnau webdesign Participants Database plugin = 2.4.5 leads to list column update...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Roland Barker, xnau webdesign Participants Database plugin = 2.4.5 leads to list column update...

CVE-2022-47612 WordPress Participants Database Plugin <= 2.4.5 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Roland Barker, xnau webdesign Participants Database plugin = 2.4.5 leads to list column update...

SUSE CVE-2007-0556

The query planner in PostgreSQL before 8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2 does not verify that a table is compatible with a "previously made query plan," which allows remote authenticated users to cause a denial of service server crash and possibly access database content via an "ALTE...

SUSE CVE-2007-5925

The convertsearchmodetoinnobase function in hainnodb.cc in the InnoDB engine in MySQL 5.1.23-BK and earlier allows remote authenticated users to cause a denial of service database crash via a certain CONTAINS operation on an indexed column, which triggers an assertion error...

SUSE CVE-2010-3677

Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service mysqld daemon crash via a join query that uses a table with a unique SET column...

SUSE CVE-2011-0046

Multiple cross-site request forgery CSRF vulnerabilities in Bugzilla before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4, and 4.0.x before 4.0rc2 allow remote attackers to hijack the authentication of arbitrary users for requests related to 1 adding a saved search in buglist.cgi, 2 voting in...

SUSE CVE-2011-2631

The Cascading Style Sheets CSS implementation in Opera before 11.11 does not properly handle the column-count property, which allows remote attackers to cause a denial of service infinite repaint loop and application hang via a web page, as demonstrated by an unspecified Wikipedia page...

SUSE CVE-2011-2930

Multiple SQL injection vulnerabilities in the quotetablename method in the ActiveRecord adapters in activerecord/lib/activerecord/connectionadapters/ in Ruby on Rails before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allow remote attackers to execute arbitrary SQL commands via a...

SUSE CVE-2011-3027

Google Chrome before 17.0.963.56 does not properly perform a cast of an unspecified variable during handling of columns, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document...

SUSE CVE-2011-3038

Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to multi-column handling...

SUSE CVE-2011-3958

Google Chrome before 17.0.963.46 does not properly perform casts of variables during handling of a column span, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document...

SUSE CVE-2011-4634

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 3.4.x before 3.4.8 allow remote attackers to inject arbitrary web script or HTML via 1 a crafted database name, related to the Database Synchronize panel; 2 a crafted database name, related to the Database rename panel; 3 a crafted S...

SUSE CVE-2014-4986

Multiple cross-site scripting XSS vulnerabilities in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allow remote authenticated users to inject arbitrary web script or HTML via a crafted 1 table name or 2 column name that is improperly handled...

SUSE CVE-2014-8161

PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to obtain sensitive column values by triggering constraint violation and then reading the error message...

SUSE CVE-2015-8740

The dissecttds7colmetadatatoken function in epan/dissectors/packet-tds.c in the TDS dissector in Wireshark 2.0.x before 2.0.1 does not validate the number of columns, which allows remote attackers to cause a denial of service stack-based buffer overflow and application crash via a crafted packet...

SUSE CVE-2015-8742

The dissectCPMSetBindings function in epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2.0.x before 2.0.1 does not validate the column size, which allows remote attackers to cause a denial of service memory consumption or application crash via a crafted packet...