Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-384

CWE-384

Session Fixation

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.

405 vulnerabilities with CWE-384

CVE-2018-1000602 MEDIUM

Jenkins SAML Plugin <1.0.6 - Privilege Escalation

CVE-2018-1000519 MEDIUM

aio-libs aiohttp-session - Session Fixation

CVE-2018-12538 HIGH

Eclipse Jetty <9.4.8 - Privilege Escalation

CVE-2018-0359 MEDIUM

Cisco Meeting Server - Session Fixation

CVE-2018-9026 HIGH

CA Privileged Access Manager 2.x - Session Fixation

CVE-2018-12071 CRITICAL

CodeIgniter <3.1.9 - Info Disclosure

CVE-2018-11385 HIGH

Symfony Security 2.7.0-2.7.47 - Session Fixation via Guard Login Feature

CVE-2018-11714 CRITICAL

TP-Link TL-WR840N/TL-WR841N <5 - Info Disclosure

CVE-2018-11571 HIGH

ClipperCMS 1.3.3 - Session Fixation

CVE-2018-11567 LOW

Amazon Echo <2018-04-27 - Info Disclosure

CVE-2018-1375 MEDIUM

IBM Security Guardium Big Data Intelligence (SonarG) 3.1 - Session ...

CVE-2018-11475 HIGH

Monstra CMS 3.0.4 - Info Disclosure

CVE-2018-11474 HIGH

Monstra CMS 3.0.4 - Info Disclosure

CVE-2018-1148 MEDIUM

Nessus <7.1.0 - Privilege Escalation

CVE-2018-10591 MEDIUM

Advantech WebAccess <8.2_20170817, Dashboard <2.0.15, Scada Node <8.3.1, NMS <2.0.3 - Origin Validation Error

CVE-2018-10252 HIGH

Actiontec WCB6200Q <1.1.10.20a - Session Hijacking

CVE-2018-1000173 MEDIUM

Jenkins Google Login Plugin <1.3 - Privilege Escalation

CVE-2018-0564 HIGH

EC-CUBE 3.0.0-3.0.15 - Session Fixation

CVE-2018-0229 MEDIUM

Cisco AnyConnect Secure Mobility Client and Adaptive Security Appliance - Session Fixation via SAML SSO Authentication

CVE-2018-6959 CRITICAL

VMware vRA <7.4.0 - Privilege Escalation

CVE-2018-2409 MEDIUM

SAP Cloud Platform 2.0 - Info Disclosure

CVE-2018-2408 HIGH

SAP Business Objects <4.10-4.30 - Privilege Escalation

CVE-2018-5465 HIGH

Belden Hirschmann - Session Fixation

CVE-2017-12619 HIGH

Apache Zeppelin <0.7.3 - Info Disclosure

CVE-2017-18105 HIGH

Atlassian Crowd <3.0.2, >3.1.0-<3.1.1 - Session Fixation

Previous Page 14 of 17 Next

Details

Vulnerabilities 405

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy