Description
The http-domino-enum-passwords.nse script in NMap before 6.40, when domino-enum-passwords.idpath is set, allows remote servers to upload "arbitrarily named" files via a crafted FullName parameter in a response, as demonstrated using directory traversal sequences.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Piotr Duszynski · textremotelinux
https://www.exploit-db.com/exploits/38741
References (6)
Core 6
Core References
Exploit x_refsource_misc
https://www.trustwave.com/spiderlabs/advisories/TWSL2013-025.txt
Vendor Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2013-10/msg00030.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2013-10/msg00035.html
Exploit x_refsource_misc
http://packetstormsecurity.com/files/122719/TWSL2013-025.txt
Various Sources x_refsource_confirm
http://nmap.org/changelog.html
Exploit, Patch x_refsource_misc
https://github.com/drk1wi/portspoof/commit/1791fe4e2b9e5b5c8e000551ab60a64a29d924c3
Scores
EPSS
0.0643
EPSS Percentile
91.1%
Details
Status
published
Products (16)
nmap/nmap
2.1 beta1
nmap/nmap
2.2 beta2 (3 CPE variants)
nmap/nmap
2.3 beta10 (14 CPE variants)
nmap/nmap
2.05
nmap/nmap
2.06
nmap/nmap
2.07
nmap/nmap
2.08
nmap/nmap
2.09
nmap/nmap
2.10
nmap/nmap
2.11
... and 6 more
Published
Oct 26, 2013
Tracked Since
Feb 18, 2026