The default configuration of the server console in IBM Lotus Domino does not require a password (aka Server_Console_Password), which allows physically proximate attackers to perform administrative changes or obtain sensitive information via a (1) Load, (2) Tell, or (3) Set Configuration command.
Max CVSS
7.2
EPSS Score
0.05%
Published
2011-03-25
Updated
2018-10-09
The remote console in the Server Controller in IBM Lotus Domino 7.x and 8.x verifies credentials against a file located at a UNC share pathname specified by the client, which allows remote attackers to bypass authentication, and consequently execute arbitrary code, by placing this pathname in the COOKIEFILE field. NOTE: this might overlap CVE-2011-0920.
Max CVSS
10.0
EPSS Score
7.67%
Published
2011-03-25
Updated
2018-10-09
The Nokia E75 phone with firmware before 211.12.01 allows physically proximate attackers to bypass the Device Lock code by entering an unspecified button sequence at boot time.
Max CVSS
7.2
EPSS Score
0.16%
Published
2011-03-29
Updated
2017-08-17
bind.cpp in back-ndb in OpenLDAP 2.4.x before 2.4.24 does not require authentication for the root Distinguished Name (DN), which allows remote attackers to bypass intended access restrictions via an arbitrary password.
Max CVSS
6.8
EPSS Score
1.82%
Published
2011-03-20
Updated
2017-01-07
nslcd/pam.c in the nss-pam-ldapd 0.8.0 PAM module returns a success code when a user is not found in LDAP, which allows remote attackers to bypass authentication.
Max CVSS
6.8
EPSS Score
1.56%
Published
2011-03-15
Updated
2017-08-17
Domain Technologie Control (DTC) before 0.32.9 does not require authentication for (1) admin/bw_per_month.php and (2) client/bw_per_month.php, which allows remote attackers to obtain potentially sensitive bandwidth information via a direct request.
Max CVSS
5.0
EPSS Score
0.70%
Published
2011-03-07
Updated
2017-08-17
HP Multifunction Peripheral (MFP) Digital Sending Software (DSS) 4.91.00 does not properly configure authentication settings of managed devices within device templates, which allows attackers to access these devices via actions that were intended to require authentication.
Max CVSS
2.1
EPSS Score
0.15%
Published
2011-03-07
Updated
2017-08-17
7 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!