| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2017-1000170 |
22 |
|
Dir. Trav. |
2017-11-17 |
2017-12-01 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
jqueryFileTree 2.1.5 and older Directory Traversal |
|
2 |
CVE-2017-1000062 |
22 |
|
Exec Code Dir. Trav. |
2017-07-17 |
2017-07-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
kittoframework kitto 0.5.1 is vulnerable to directory traversal in the router resulting in remote code execution |
|
3 |
CVE-2017-1000047 |
22 |
|
Exec Code Dir. Trav. |
2017-07-17 |
2017-07-21 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
rbenv (all current versions) is vulnerable to Directory Traversal in the specification of Ruby version resulting in arbitrary code execution |
|
4 |
CVE-2017-1000028 |
22 |
|
Dir. Trav. |
2017-07-17 |
2018-08-17 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated Directory Traversal vulnerability, that can be exploited by issuing a specially crafted HTTP GET request. |
|
5 |
CVE-2017-1000026 |
22 |
|
Dir. Trav. |
2017-07-17 |
2017-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Chef Software's mixlib-archive versions 0.3.0 and older are vulnerable to a directory traversal attack allowing attackers to overwrite arbitrary files by using ".." in tar archive entries |
|
6 |
CVE-2017-1000002 |
22 |
|
Exec Code Dir. Trav. Bypass |
2017-07-17 |
2017-07-27 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
ATutor versions 2.2.1 and earlier are vulnerable to a directory traversal and file extension check bypass in the Course component resulting in code execution. ATutor versions 2.2.1 and earlier are vulnerable to a directory traversal vulnerability in the Course Icon component resulting in information disclosure. |
|
7 |
CVE-2017-17992 |
22 |
|
Dir. Trav. |
2017-12-29 |
2018-01-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Biometric Shift Employee Management System allows Arbitrary File Download via directory traversal sequences in the index.php form_file_name parameter in a download_form action. |
|
8 |
CVE-2017-17927 |
22 |
|
Dir. Trav. +Info |
2017-12-27 |
2018-01-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
PHP Scripts Mall Professional Service Script allows remote attackers to obtain sensitive full-path information via a crafted PATH_INFO to service-list/category/. |
|
9 |
CVE-2017-17924 |
22 |
|
Dir. Trav. +Info |
2017-12-27 |
2018-01-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
PHP Scripts Mall Professional Service Script allows remote attackers to obtain sensitive full-path information via the id parameter to admin/review_userwise.php. |
|
10 |
CVE-2017-17739 |
22 |
|
Dir. Trav. |
2017-12-18 |
2018-01-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) has directory traversal via the /storage.html rp parameter, allowing an attacker to read or write to files. |
|
11 |
CVE-2017-17715 |
22 |
|
Dir. Trav. |
2017-12-16 |
2018-01-04 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The saveFile method in MediaController.java in the Telegram Messenger application before 2017-12-08 for Android allows directory traversal via a pathname obtained in a file-transfer request from a remote peer, as demonstrated by writing to tgnet.dat or tgnet.dat.bak. |
|
12 |
CVE-2017-17671 |
22 |
|
Exec Code Dir. Trav. |
2017-12-13 |
2018-01-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
vBulletin through 5.3.x on Windows allows remote PHP code execution because a require_once call is reachable with an unauthenticated request that can include directory traversal sequences to specify an arbitrary pathname, and because ../ traversal is blocked but ..\ traversal is not blocked. For example, an attacker can make an invalid HTTP request containing PHP code, and then make an index.php?routestring= request with enough instances of ".." to reach an Apache HTTP Server log file. |
|
13 |
CVE-2017-17058 |
22 |
|
Dir. Trav. |
2017-11-29 |
2017-12-27 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
** DISPUTED ** The WooCommerce plugin through 3.x for WordPress has a Directory Traversal Vulnerability via a /wp-content/plugins/woocommerce/templates/emails/plain/ URI, which accesses a parent directory. NOTE: a software maintainer indicates that Directory Traversal is not possible because all of the template files have "if (!defined('ABSPATH')) {exit;}" code. |
|
14 |
CVE-2017-17042 |
22 |
|
Dir. Trav. |
2017-11-28 |
2017-12-20 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
lib/yard/core_ext/file.rb in the server in YARD before 0.9.11 does not block relative paths with an initial ../ sequence, which allows attackers to conduct directory traversal attacks and read arbitrary files. |
|
15 |
CVE-2017-16959 |
22 |
|
Dir. Trav. |
2017-11-27 |
2017-12-14 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
The locale feature in cgi-bin/luci on TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allows remote authenticated users to test for the existence of arbitrary files by making an operation=write;locale=%0d request, and then making an operation=read request with a crafted Accept-Language HTTP header, related to the set_sysinfo and get_sysinfo functions in /usr/lib/lua/luci/controller/locale.lua in uhttpd. |
|
16 |
CVE-2017-16936 |
22 |
|
Dir. Trav. |
2017-11-24 |
2017-12-12 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
|
Directory Traversal vulnerability in app_data_center on Shenzhen Tenda Ac9 US_AC9V1.0BR_V15.03.05.14_multi_TD01, Ac9 ac9_kf_V15.03.05.19(6318_)_cn, Ac15 US_AC15V1.0BR_V15.03.05.18_multi_TD01, Ac15 US_AC15V1.0BR_V15.03.05.19_multi_TD01, Ac18 US_AC18V1.0BR_V15.03.05.05_multi_TD01, and Ac18 ac18_kf_V15.03.05.19(6318_)_cn devices allows remote unauthenticated attackers to read arbitrary files via a cgi-bin/luci/request?op=1&path= URI that uses directory traversal sequences after a /usb/ substring. |
|
17 |
CVE-2017-16929 |
22 |
|
Dir. Trav. |
2017-12-05 |
2017-12-21 |
8.5 |
None |
Remote |
Low |
Single system |
Complete |
Complete |
None |
|
The remote management interface on the Claymore Dual GPU miner 10.1 is vulnerable to an authenticated directory traversal vulnerability exploited by issuing a specially crafted request, allowing a remote attacker to read/write arbitrary files. This can be exploited via ../ sequences in the pathname to miner_file or miner_getfile. |
|
18 |
CVE-2017-16903 |
22 |
|
Exec Code Dir. Trav. |
2017-11-20 |
2017-12-12 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
LvyeCMS through 3.1 allows remote attackers to upload and execute arbitrary PHP code via directory traversal sequences in the dir parameter, in conjunction with PHP code in the content parameter, within a template Style add request to index.php. |
|
19 |
CVE-2017-16877 |
22 |
|
Dir. Trav. +Info |
2017-11-17 |
2017-12-04 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
ZEIT Next.js before 2.4.1 has directory traversal under the /_next and /static request namespace, allowing attackers to obtain sensitive information. |
|
20 |
CVE-2017-16806 |
22 |
|
Dir. Trav. |
2017-11-13 |
2017-11-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Process function in RemoteTaskServer/WebServer/HttpServer.cs in Ulterius before 1.9.5.0 allows HTTP server directory traversal. |
|
21 |
CVE-2017-16788 |
22 |
|
+Priv Dir. Trav. |
2017-12-15 |
2018-01-03 |
9.0 |
Admin |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
|
Directory traversal vulnerability in the "Upload Groupkey" functionality in the Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote authenticated users with Admin-User access to write to arbitrary files and consequently gain root privileges by uploading a file, as demonstrated by storing a file in the cron.d directory. |
|
22 |
CVE-2017-16762 |
22 |
|
Dir. Trav. |
2017-11-10 |
2017-11-30 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Sanic before 0.5.1 allows reading arbitrary files with directory traversal, as demonstrated by the /static/..%2f substring. |
|
23 |
CVE-2017-15895 |
22 |
|
Dir. Trav. |
2017-12-08 |
2017-12-18 |
4.0 |
None |
Remote |
Low |
Single system |
None |
Partial |
None |
|
Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology Router Manager (SRM) before 1.1.5-6542-4 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter. |
|
24 |
CVE-2017-15894 |
22 |
|
Dir. Trav. |
2017-12-08 |
2017-12-18 |
4.0 |
None |
Remote |
Low |
Single system |
None |
Partial |
None |
|
Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology DiskStation Manager (DSM) 6.0.x before 6.0.3-8754-3 and before 5.2-5967-6 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter. |
|
25 |
CVE-2017-15893 |
22 |
|
Dir. Trav. |
2017-12-08 |
2017-12-18 |
4.0 |
None |
Remote |
Low |
Single system |
None |
Partial |
None |
|
Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology File Station before 1.1.1-0099 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter. |
|
26 |
CVE-2017-15805 |
22 |
|
Dir. Trav. |
2017-10-23 |
2017-11-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Cisco Small Business SA520 and SA540 devices with firmware 2.1.71 and 2.2.0.7 allow ../ directory traversal in scgi-bin/platform.cgi via the thispage parameter, for reading arbitrary files. |
|
27 |
CVE-2017-15647 |
22 |
|
Dir. Trav. |
2017-10-19 |
2017-11-07 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
On FiberHome routers, Directory Traversal exists in /cgi-bin/webproc via the getpage parameter in conjunction with a crafted var:page value. |
|
28 |
CVE-2017-15607 |
22 |
|
Dir. Trav. |
2017-12-01 |
2017-12-15 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Inedo Otter before 1.7.4 has directory traversal in filesystem-based rafts via vectors involving '/' characters or initial '.' characters, aka OT-181. |
|
29 |
CVE-2017-15532 |
22 |
|
Dir. Trav. |
2017-12-20 |
2018-01-05 |
5.5 |
None |
Local Network |
Low |
Single system |
Complete |
None |
None |
|
Prior to 10.6.4, Symantec Messaging Gateway may be susceptible to a path traversal attack (also known as directory traversal). These types of attacks aim to access files and directories that are stored outside the web root folder. By manipulating variables, it may be possible to access arbitrary files and directories stored on the file system including application source code or configuration and critical system files. |
|
30 |
CVE-2017-15527 |
22 |
|
Dir. Trav. |
2017-11-20 |
2017-12-12 |
5.2 |
None |
Local Network |
Low |
Single system |
Partial |
Partial |
Partial |
|
Prior to ITMS 8.1 RU4, the Symantec Management Console can be susceptible to a directory traversal exploit, which is a type of attack that can occur when there is insufficient security validation / sanitization of user-supplied input file names, such that characters representing "traverse to parent directory" are passed through to the file APIs. |
|
31 |
CVE-2017-15363 |
22 |
|
Dir. Trav. |
2017-10-15 |
2017-11-07 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in public/examples/resources/getsource.php in Luracast Restler through 3.0.0, as used in the restler extension before 1.7.1 for TYPO3, allows remote attackers to read arbitrary files via the file parameter. |
|
32 |
CVE-2017-15359 |
22 |
|
Dir. Trav. |
2017-10-18 |
2017-11-13 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
In the 3CX Phone System 15.5.3554.1, the Management Console typically listens to port 5001 and is prone to a directory traversal attack: "/api/RecordingList/DownloadRecord?file=" and "/api/SupportInfo?file=" are the vulnerable parameters. An attacker must be authenticated to exploit this issue to access sensitive information to aid in subsequent attacks. |
|
33 |
CVE-2017-15309 |
22 |
|
Dir. Trav. |
2017-12-22 |
2018-01-05 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
Huawei iReader app before 8.0.2.301 has a path traversal vulnerability due to insufficient validation on file storage paths. An attacker can exploit this vulnerability to store downloaded malicious files in an arbitrary directory. |
|
34 |
CVE-2017-15276 |
22 |
|
+Priv Dir. Trav. |
2017-10-13 |
2017-11-02 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows an authenticated user to gain superuser privileges: Content Server allows uploading content using batches (TAR archives). When unpacking TAR archives, Content Server fails to verify the contents of an archive, which causes a path traversal vulnerability via symlinks. Because some files on the Content Server filesystem are security-sensitive, this leads to privilege escalation. |
|
35 |
CVE-2017-15079 |
22 |
|
Dir. Trav. |
2017-10-06 |
2017-10-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Smush Image Compression and Optimization plugin before 2.7.6 for WordPress allows directory traversal. |
|
36 |
CVE-2017-14754 |
22 |
|
Dir. Trav. |
2017-10-02 |
2017-10-11 |
6.8 |
None |
Remote |
Low |
Single system |
Complete |
None |
None |
|
OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to Arbitrary File Read: /xAdmin/html/cm_datasource_group_xsd.jsp, parameter: xsd_datasource_schema_file filename. In order for this vulnerability to be exploited, an attacker must authenticate to the application first. |
|
37 |
CVE-2017-14722 |
22 |
|
Dir. Trav. |
2017-09-23 |
2017-11-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Before version 4.8.2, WordPress allowed a Directory Traversal attack in the Customizer component via a crafted theme filename. |
|
38 |
CVE-2017-14719 |
22 |
|
Dir. Trav. |
2017-09-23 |
2017-11-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Before version 4.8.2, WordPress was vulnerable to a directory traversal attack during unzip operations in the ZipArchive and PclZip components. |
|
39 |
CVE-2017-14695 |
22 |
|
Dir. Trav. |
2017-10-24 |
2017-11-14 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-12791. |
|
40 |
CVE-2017-14614 |
22 |
|
Dir. Trav. |
2017-10-09 |
2017-11-05 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
Directory traversal vulnerability in the Visor GUI Console in GridGain before 1.7.16, 1.8.x before 1.8.12, 1.9.x before 1.9.7, and 8.x before 8.1.5 allows remote authenticated users to read arbitrary files on remote cluster nodes via a crafted path. |
|
41 |
CVE-2017-14514 |
22 |
|
Dir. Trav. |
2017-09-17 |
2017-09-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory Traversal on Tenda W15E devices before 15.11.0.14 allows remote attackers to read unencrypted files via a crafted URL. |
|
42 |
CVE-2017-14513 |
22 |
|
Dir. Trav. |
2017-09-17 |
2017-09-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in MetInfo 5.3.17 allows remote attackers to read information from any ini format file via the f_filename parameter in a fingerprintdo action to admin/app/physical/physical.php. |
|
43 |
CVE-2017-14196 |
22 |
|
Dir. Trav. |
2017-11-29 |
2017-12-14 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in Squiz Matrix from 5.3 through to 5.3.6.1 and 5.4.1.3. An information disclosure caused by a Path Traversal issue in the 'File Bridge' plugin allowed the existence of files outside of the bridged path to be confirmed. |
|
44 |
CVE-2017-14120 |
22 |
|
Dir. Trav. |
2017-09-03 |
2017-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a directory traversal vulnerability for RAR v2 archives: pathnames of the form ../[filename] are unpacked into the upper directory. |
|
45 |
CVE-2017-13996 |
22 |
|
Exec Code Dir. Trav. |
2017-10-05 |
2017-10-12 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
A Relative Path Traversal issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The web user interface fails to prevent access to critical files that non administrative users should not have access to, which could allow an attacker to create or modify files or execute arbitrary code. |
|
46 |
CVE-2017-13985 |
22 |
|
Dir. Trav. |
2017-09-29 |
2017-10-05 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to traverse directory leading to disclosure of information. |
|
47 |
CVE-2017-13984 |
287 |
|
Dir. Trav. |
2017-09-29 |
2017-10-05 |
5.5 |
None |
Remote |
Low |
Single system |
None |
Partial |
Partial |
|
An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to delete arbitrary files via servlet directory traversal. |
|
48 |
CVE-2017-13982 |
434 |
|
Dir. Trav. |
2017-09-29 |
2017-10-10 |
9.0 |
None |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
|
A directory traversal vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows users to upload unrestricted files. |
|
49 |
CVE-2017-13780 |
22 |
|
Dir. Trav. |
2017-08-30 |
2017-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows directory traversal attacks for reading arbitrary files via the module/admin_conf/download.php file parameter. |
|
50 |
CVE-2017-12943 |
22 |
|
Dir. Trav. |
2017-08-18 |
2017-09-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
D-Link DIR-600 Rev Bx devices with v2.x firmware allow remote attackers to read passwords via a model/__show_info.php?REQUIRE_FILE= absolute path traversal attack, as demonstrated by discovering the admin password. |
