Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the removeUnusedAttributeView process. An attacker can delete arbitrary .json files within the workspace by supplying crafted path traversal sequences in the id parameter, allowing removal of files outside the...

EUVD-2025-203804

A Path Traversal vulnerability in the Allsky WebUI version v2024.12.0606 allows an unauthenticated remote attacker to achieve arbitrary command execution. By sending a crafted HTTP request to the /html/execute.php endpoint with a malicious payload in the id parameter, an attacker can execute...

Awesome Weather Widget <= 3.0.2 - Reflected Cross-site Scripting (XSS)

The plugin does not sanitize the id parameter of its awesomeweatherrefresh AJAX action, leading to an unauthenticated Reflected Cross-Site Scripting XSS Vulnerability. Note WPScanTeam: The issue was reported to the WP plugins team on May 4th, 2021, then June 7th, 2021 due to lack of update...

CVE-2016-10037

Directory traversal in /connectors/index.php in MODX Revolution before 2.5.2-pl allows remote attackers to perform local file inclusion/traversal/manipulation via a crafted id aka dir parameter, related to browser/directory/getlist...

Stack overflow

Stack-based buffer overflow in mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2, when the server has a map with a long IMAGEPATH or NAME attribute, allows remote attackers to execute arbitrary code via a crafted id parameter in a query action...