o [NSE] Oops, there was a vulnerability in one of our 437 NSE scripts.

If you ran the (fortunately non-default) http-domino-enum-passwords
  script with the (fortunately also non-default)
  domino-enum-passwords.idpath parameter against a malicious server,
  it could cause an arbitrarily named file to to be written to the
  client system.  Thanks to Trustwave researcher Piotr Duszynski for
  discovering and reporting the problem.  We've fixed that script, and
  also updated several other scripts to use a new
  stdnse.filename_escape function for extra safety.  This breaks our
  record of never having a vulnerability in the 16 years that Nmap has
  existed, but that's still a fairly good run. [David, Fyodor]

scripts/http-domino-enum-passwords.nse

@@ -315,9 +315,10 @@ action = function(host, port)
 				http_response = http.get( vhost or host, port, u_details.idfile, { auth = { username = user, password = pass }, no_cache = true })	
 
 				if ( http_response.status == 200 ) then
-					local status, err = saveIDFile( ("%s/%s.id"):format(download_path, u_details.fullname), http_response.body )
+					local filename = download_path .. "/" .. stdnse.filename_escape(u_details.fullname .. ".id")
+					local status, err = saveIDFile( filename, http_response.body )
 					if ( status ) then
-						table.insert( id_files, ("%s ID File has been downloaded (%s/%s.id)"):format(u_details.fullname, download_path, u_details.fullname) )
+						table.insert( id_files, ("%s ID File has been downloaded (%s)"):format(u_details.fullname, filename) )
 					else
 						table.insert( id_files, ("%s ID File was not saved (error: %s)"):format(u_details.fullname, err ) )
 					end