CVE List by Type: Directory Traversal (Filtered by Published Year)

Explore CVEs related to Directory Traversal vulnerabilities, filtered by published year. This list is sorted by most recent disclosures first and supports filtering by CVSS and EPSS risk scores.

Includes the most recent vulnerability disclosures and trends, helping security teams quickly identify high-risk issues and exploitation likelihood.

You're viewing Directory Traversal CVEs published in 2017. View full CVE list

Showing 120 of 1647 results
«« First « Prev Page 1 / 83 Next »
CVE Description Max CVSS EPSS % Published Updated
CVE-2017-17992 Biometric Shift Employee Management System allows Arbitrary File Download via directory traversal sequences in the index.php form_file_name parameter in a download_form action. 9.8 1.76% 2017-12-29 2026-06-16
CVE-2014-4978 The rs_filter_graph function in librawstudio/rs-filter.c in rawstudio might allow local users to truncate arbitrary files via a symlink attack on (1) /tmp/rs-filter-graph.png or (2) /tmp/rs-filter-graph. 5.5 0.41% 2017-12-29 2026-06-16
CVE-2013-7400 The Direct Mail (direct_mail) extension before 3.1.2 for TYPO3 allows remote attackers to obtain sensitive information by leveraging improper checking of authentication codes. 7.5 1.66% 2017-12-29 2026-06-16
CVE-2015-7669 Multiple directory traversal vulnerabilities in (1) includes/MapImportCSV2.php and (2) includes/MapImportCSV.php in the Easy2Map plugin before 1.3.0 for WordPress allow remote attackers to include and execute arbitrary files via the csvfile parameter related to "upload file functionality." 9.8 7.05% 2017-12-27 2026-06-16
CVE-2017-17927 PHP Scripts Mall Professional Service Script allows remote attackers to obtain sensitive full-path information via a crafted PATH_INFO to service-list/category/. 5.3 1.51% 2017-12-27 2026-06-16
CVE-2017-17926 PHP Scripts Mall Professional Service Script has a predicable registration URL, which makes it easier for remote attackers to register with an invalid or spoofed e-mail address. 5.3 1.14% 2017-12-27 2026-06-16
CVE-2017-17924 PHP Scripts Mall Professional Service Script allows remote attackers to obtain sensitive full-path information via the id parameter to admin/review_userwise.php. 5.3 1.51% 2017-12-27 2026-06-16
CVE-2017-17898 Dolibarr ERP/CRM version 6.0.4 does not block direct requests to *.tpl.php files, which allows remote attackers to obtain sensitive information. 7.5 2.11% 2017-12-27 2026-06-16
CVE-2017-17864 kernel/bpf/verifier.c in the Linux kernel through 4.14.8 mishandles states_equal comparisons between the pointer data type and the UNKNOWN_VALUE data type, which allows local users to obtain potentially sensitive address information, aka a "pointer leak." 3.3 0.38% 2017-12-27 2026-06-16
CVE-2017-1698 IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could reveal sensitive information from an error message that could lead to further attacks against the system. IBM X-Force ID: 124390. 5.3 1.56% 2017-12-27 2026-06-16
CVE-2017-13869 An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. 5.5 4.74% 2017-12-25 2026-06-16
CVE-2017-13868 An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. 5.5 4.71% 2017-12-25 2026-06-16
CVE-2017-13865 An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. 5.5 4.25% 2017-12-25 2026-06-16
CVE-2017-13864 An issue was discovered in certain Apple products. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. The issue involves the "APNs Server" component. It allows man-in-the-middle attackers to track users by leveraging mishandling of client certificates. 5.9 0.68% 2017-12-25 2026-06-16
CVE-2017-15328 Huawei HG8245H version earlier than V300R018C00SPC110 has an authentication bypass vulnerability. An attacker can access a specific URL of the affect product. Due to improper verification of the privilege, successful exploitation may cause information leak. 7.5 0.91% 2017-12-22 2026-06-16
CVE-2017-15321 Huawei FusionSphere OpenStack V100R006C000SPC102 (NFV) has an information leak vulnerability due to the use of a low version transmission protocol by default. An attacker could intercept packets transferred by a target device. Successful exploit could cause an information leak. 3.7 0.61% 2017-12-22 2026-06-16
CVE-2017-15309 Huawei iReader app before 8.0.2.301 has a path traversal vulnerability due to insufficient validation on file storage paths. An attacker can exploit this vulnerability to store downloaded malicious files in an arbitrary directory. 7.1 0.98% 2017-12-22 2026-06-16
CVE-2017-10907 Directory traversal vulnerability in OneThird CMS Show Off v1.85 and earlier. Show Off v1.85 en and earlier allows an attacker to read arbitrary files via unspecified vectors. 4.3 1.19% 2017-12-22 2026-06-16
CVE-2017-17692 Samsung Internet Browser 5.4.02.3 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that redirects to a child tab and rewrites the innerHTML property. 7.5 78.84% 2017-12-21 2026-06-16
CVE-2017-5262 In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, the SNMP read-only (RO) community string has access to sensitive information by OID reference. 8.0 4.86% 2017-12-20 2026-06-16
«« First « Prev Page 1 / 83 Next »
cvelogic Threat Intelligence