Explore CVEs related to Directory Traversal vulnerabilities, filtered by published year. This list is sorted by most recent disclosures first and supports filtering by CVSS and EPSS risk scores.
Includes the most recent vulnerability disclosures and trends, helping security teams quickly identify high-risk issues and exploitation likelihood.
You're viewing Directory Traversal CVEs published in 2017. View full CVE list
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2017-17992 | Biometric Shift Employee Management System allows Arbitrary File Download via directory traversal sequences in the index.php form_file_name parameter in a download_form action. | 9.8 | 1.76% | 2017-12-29 | 2026-06-16 |
| CVE-2014-4978 | The rs_filter_graph function in librawstudio/rs-filter.c in rawstudio might allow local users to truncate arbitrary files via a symlink attack on (1) /tmp/rs-filter-graph.png or (2) /tmp/rs-filter-graph. | 5.5 | 0.41% | 2017-12-29 | 2026-06-16 |
| CVE-2013-7400 | The Direct Mail (direct_mail) extension before 3.1.2 for TYPO3 allows remote attackers to obtain sensitive information by leveraging improper checking of authentication codes. | 7.5 | 1.66% | 2017-12-29 | 2026-06-16 |
| CVE-2015-7669 | Multiple directory traversal vulnerabilities in (1) includes/MapImportCSV2.php and (2) includes/MapImportCSV.php in the Easy2Map plugin before 1.3.0 for WordPress allow remote attackers to include and execute arbitrary files via the csvfile parameter related to "upload file functionality." | 9.8 | 7.05% | 2017-12-27 | 2026-06-16 |
| CVE-2017-17927 | PHP Scripts Mall Professional Service Script allows remote attackers to obtain sensitive full-path information via a crafted PATH_INFO to service-list/category/. | 5.3 | 1.51% | 2017-12-27 | 2026-06-16 |
| CVE-2017-17926 | PHP Scripts Mall Professional Service Script has a predicable registration URL, which makes it easier for remote attackers to register with an invalid or spoofed e-mail address. | 5.3 | 1.14% | 2017-12-27 | 2026-06-16 |
| CVE-2017-17924 | PHP Scripts Mall Professional Service Script allows remote attackers to obtain sensitive full-path information via the id parameter to admin/review_userwise.php. | 5.3 | 1.51% | 2017-12-27 | 2026-06-16 |
| CVE-2017-17898 | Dolibarr ERP/CRM version 6.0.4 does not block direct requests to *.tpl.php files, which allows remote attackers to obtain sensitive information. | 7.5 | 2.11% | 2017-12-27 | 2026-06-16 |
| CVE-2017-17864 | kernel/bpf/verifier.c in the Linux kernel through 4.14.8 mishandles states_equal comparisons between the pointer data type and the UNKNOWN_VALUE data type, which allows local users to obtain potentially sensitive address information, aka a "pointer leak." | 3.3 | 0.38% | 2017-12-27 | 2026-06-16 |
| CVE-2017-1698 | IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could reveal sensitive information from an error message that could lead to further attacks against the system. IBM X-Force ID: 124390. | 5.3 | 1.56% | 2017-12-27 | 2026-06-16 |
| CVE-2017-13869 | An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. | 5.5 | 4.74% | 2017-12-25 | 2026-06-16 |
| CVE-2017-13868 | An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. | 5.5 | 4.71% | 2017-12-25 | 2026-06-16 |
| CVE-2017-13865 | An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. | 5.5 | 4.25% | 2017-12-25 | 2026-06-16 |
| CVE-2017-13864 | An issue was discovered in certain Apple products. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. The issue involves the "APNs Server" component. It allows man-in-the-middle attackers to track users by leveraging mishandling of client certificates. | 5.9 | 0.68% | 2017-12-25 | 2026-06-16 |
| CVE-2017-15328 | Huawei HG8245H version earlier than V300R018C00SPC110 has an authentication bypass vulnerability. An attacker can access a specific URL of the affect product. Due to improper verification of the privilege, successful exploitation may cause information leak. | 7.5 | 0.91% | 2017-12-22 | 2026-06-16 |
| CVE-2017-15321 | Huawei FusionSphere OpenStack V100R006C000SPC102 (NFV) has an information leak vulnerability due to the use of a low version transmission protocol by default. An attacker could intercept packets transferred by a target device. Successful exploit could cause an information leak. | 3.7 | 0.61% | 2017-12-22 | 2026-06-16 |
| CVE-2017-15309 | Huawei iReader app before 8.0.2.301 has a path traversal vulnerability due to insufficient validation on file storage paths. An attacker can exploit this vulnerability to store downloaded malicious files in an arbitrary directory. | 7.1 | 0.98% | 2017-12-22 | 2026-06-16 |
| CVE-2017-10907 | Directory traversal vulnerability in OneThird CMS Show Off v1.85 and earlier. Show Off v1.85 en and earlier allows an attacker to read arbitrary files via unspecified vectors. | 4.3 | 1.19% | 2017-12-22 | 2026-06-16 |
| CVE-2017-17692 | Samsung Internet Browser 5.4.02.3 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that redirects to a child tab and rewrites the innerHTML property. | 7.5 | 78.84% | 2017-12-21 | 2026-06-16 |
| CVE-2017-5262 | In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, the SNMP read-only (RO) community string has access to sensitive information by OID reference. | 8.0 | 4.86% | 2017-12-20 | 2026-06-16 |