QwikSec

Security Database

CVE

CWE

Training

CVE-2013-4885

Published: Oct 26, 2013

Modified: Aug 6, 2024

PUBLISHED

Description

The http-domino-enum-passwords.nse script in NMap before 6.40, when domino-enum-passwords.idpath is set, allows remote servers to upload "arbitrarily named" files via a crafted FullName parameter in a response, as demonstrated using directory traversal sequences.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.trustwave.com/spiderlabs/advisories/TWSL2013-025.txt

x_refsource_MISC

openSUSE-SU-2013:1561

vendor-advisory

x_refsource_SUSE

openSUSE-SU-2013:1579

vendor-advisory

x_refsource_SUSE

http://packetstormsecurity.com/files/122719/TWSL2013-025.txt

x_refsource_MISC

http://nmap.org/changelog.html

x_refsource_CONFIRM

https://github.com/drk1wi/portspoof/commit/1791fe4e2b9e5b5c8e000551ab60a64a29d924c3

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.