CVE-2013-4885

Priority
Description
The http-domino-enum-passwords.nse script in NMap before 6.40, when
domino-enum-passwords.idpath is set, allows remote servers to upload
"arbitrarily named" files via a crafted FullName parameter in a response,
as demonstrated using directory traversal sequences.
Notes
jdstrandsee full-disclosure for PoC
Package
Source: nmap (LP Ubuntu Debian)
Upstream:released (6.40)
Ubuntu 14.04 ESM (Trusty Tahr):released (6.40-0.1)
More Information

Updated: 2020-09-10 02:49:22 UTC (commit 81a23a978c4436cd99e1d040e9e73e9146876281)