Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2013-4885

Опубликовано: 26 окт. 2013
Источник: nvd
CVSS2: 6.8
EPSS Низкий

Описание

The http-domino-enum-passwords.nse script in NMap before 6.40, when domino-enum-passwords.idpath is set, allows remote servers to upload "arbitrarily named" files via a crafted FullName parameter in a response, as demonstrated using directory traversal sequences.

Комментарий

CWE-434: Unrestricted Upload of File with Dangerous Type per http://cwe.mitre.org/data/definitions/434.html

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:nmap:nmap:*:*:*:*:*:*:*:*
Версия до 6.25 (включая)
cpe:2.3:a:nmap:nmap:2.1:beta1:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:2.2:beta2:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:2.2:beta3:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:2.2:beta4:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:2.3:beta10:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:2.3:beta12:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:2.3:beta13:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:2.3:beta14:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:2.3:beta17:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:2.3:beta18:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:2.3:beta19:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:2.3:beta20:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:2.3:beta21:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:2.3:beta4:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:2.3:beta5:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:2.3:beta6:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:2.3:beta8:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:2.3:beta9:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:2.05:*:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:2.06:*:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:2.07:*:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:2.08:*:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:2.09:*:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:2.10:*:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:2.11:*:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:2.12:*:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:2.50:*:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:2.51:*:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:2.52:*:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:2.53:*:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:2.54:beta1:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:2.54:beta16:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:2.54:beta19:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:2.54:beta2:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:2.54:beta20:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:2.54:beta21:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:2.54:beta22:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:2.54:beta24:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:2.54:beta25:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:2.54:beta26:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:2.54:beta27:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:2.54:beta28:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:2.54:beta29:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:2.54:beta3:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:2.54:beta30:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:2.54:beta31:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:2.54:beta32:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:2.54:beta33:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:2.54:beta34:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:2.54:beta35:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:2.54:beta36:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:2.54:beta37:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:2.54:beta4:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:2.54:beta5:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:2.54:beta6:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:2.54:beta7:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:2.99:rc1:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:2.99:rc2:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:3.00:*:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:3.10:alpha1:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:3.10:alpha2:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:3.10:alpha3:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:3.10:alpha4:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:3.10:alpha5:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:3.10:alpha7:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:3.10:alpha9:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:3.15:beta1:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:3.15:beta2:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:3.15:beta3:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:3.20:*:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:3.25:*:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:3.26:*:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:3.27:*:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:3.28:*:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:3.30:*:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:3.40:pvt1:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:3.40:pvt10:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:3.40:pvt11:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:3.40:pvt12:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:3.40:pvt13:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:3.40:pvt14:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:3.40:pvt15:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:3.40:pvt16:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:3.40:pvt17:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:3.40:pvt2:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:3.40:pvt3:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:3.40:pvt4:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:3.40:pvt6:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:3.40:pvt7:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:3.40:pvt8:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:3.40:pvt9:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:3.45:*:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:3.48:*:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:3.50:*:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:3.55:*:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:3.70:*:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:3.75:*:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:3.81:*:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:3.90:*:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:3.91:*:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:3.93:*:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:3.94:alpha1:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:3.94:alpha2:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:3.94:alpha3:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:3.95:*:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:3.96:beta1:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:3.98:beta1:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:3.99:*:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:3.999:*:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:3.9999:*:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:4.00:*:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:4.01:*:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:4.02:alpha1:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:4.02:alpha2:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:4.03:*:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:4.04:beta1:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:4.10:*:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:4.11:*:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:4.20:*:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:4.20:alpha1:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:4.20:alpha10:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:4.20:alpha11:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:4.20:alpha2:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:4.20:alpha3:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:4.20:alpha4:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:4.20:alpha5:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:4.20:alpha6:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:4.20:alpha7:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:4.20:alpha8:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:4.20:alpha9:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:4.20:rc1:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:4.20:rc2:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:4.21:alpha1:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:4.21:alpha2:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:4.21:alpha3:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:4.21:alpha4:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:4.22:soc1:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:4.22:soc2:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:4.22:soc3:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:4.22:soc5:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:4.22:soc6:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:4.22:soc7:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:4.22:soc8:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:4.49:rc1:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:4.49:rc2:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:4.49:rc3:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:4.49:rc4:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:4.49:rc5:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:4.49:rc6:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:4.49:rc7:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:4.50:*:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:4.51:beta:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:4.52:*:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:4.53:*:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:4.60:*:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:4.62:*:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:4.65:*:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:4.68:*:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:4.75:*:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:4.76:*:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:4.85:beta1:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:4.85:beta10:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:4.85:beta2:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:4.85:beta3:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:4.85:beta4:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:4.85:beta5:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:4.85:beta6:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:4.85:beta7:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:4.85:beta8:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:4.85:beta9:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:4.90:rc1:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:5.00:*:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:5.10:beta1:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:5.10:beta2:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:5.20:*:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:5.21:*:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:5.30:beta1:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:5.35:dc1:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:5.50:*:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:5.51:*:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:5.59:beta1:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:5.61:test1:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:5.61:test2:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:5.61:test4:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:5.61:test5:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:6.00:*:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:6.01:*:*:*:*:*:*:*
cpe:2.3:a:nmap:nmap:6.20:beta1:*:*:*:*:*:*
Конфигурация 2
cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*

EPSS

Процентиль: 91%
0.06429
Низкий

6.8 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

ubuntu логотип

CVE-2013-4885

ubuntu
больше 12 лет назад

The http-domino-enum-passwords.nse script in NMap before 6.40, when domino-enum-passwords.idpath is set, allows remote servers to upload "arbitrarily named" files via a crafted FullName parameter in a response, as demonstrated using directory traversal sequences.

redhat логотип

CVE-2013-4885

redhat
больше 12 лет назад

The http-domino-enum-passwords.nse script in NMap before 6.40, when domino-enum-passwords.idpath is set, allows remote servers to upload "arbitrarily named" files via a crafted FullName parameter in a response, as demonstrated using directory traversal sequences.

debian логотип

CVE-2013-4885

debian
больше 12 лет назад

The http-domino-enum-passwords.nse script in NMap before 6.40, when do ...

github логотип

GHSA-jrx5-35w9-xj26

github
больше 3 лет назад

The http-domino-enum-passwords.nse script in NMap before 6.40, when domino-enum-passwords.idpath is set, allows remote servers to upload "arbitrarily named" files via a crafted FullName parameter in a response, as demonstrated using directory traversal sequences.

EPSS

Процентиль: 91%
0.06429
Низкий

6.8 Medium

CVSS2

Дефекты

NVD-CWE-Other