Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-384

CWE-384

Session Fixation

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.

405 vulnerabilities with CWE-384

CVE-2017-1368 MEDIUM

IBM Security Identity Governance Virtual Appliance <5.2.3.2 - Open ...

CVE-2017-3968 HIGH

McAfee NSM <8.2.7.42.2, NDLP <9.3.4.1.5 - Info Disclosure

CVE-2017-18125 HIGH

Android <2018-04-05 - Info Disclosure

CVE-2017-1270 LOW

IBM Security Guardium 10.0 - Info Disclosure

CVE-2017-11562 HIGH

MT4 Networks SenhaSegura Web App <2.2.23.8 - Info Disclosure

CVE-2017-10890 MEDIUM

RX-V200 <09.87.17.09 - Info Disclosure

CVE-2017-1000150 HIGH

Mahara <15.04.7, <15.10.3 - Info Disclosure

CVE-2017-14163 HIGH

Mahara <15.04.14,16.x<16.04.8,16.10.x<16.10.5,17.x<17.04.3 - Info D...

CVE-2017-15304 CRITICAL

Airtame HDMI Dongle Firmware < 2.3.3 - Session Fixation via PHPSESSID Cookie

CVE-2017-11191 HIGH

FreeIPA 4.x - Authenticated Session Fixation via Old Session ID

CVE-2017-14263 HIGH

Honeywell Enterprise DVR and MaxPro NVR Firmware - Session Fixation via Guest Account Session ID

CVE-2017-12225 MEDIUM

Cisco Prime LAN Management Solution - Session Fixation

CVE-2017-12873 CRITICAL

SimpleSAMLphp <1.14.10 - Info Disclosure

CVE-2017-12868 CRITICAL

SimpleSAMLphp <1.14.13 - Session Fixation

CVE-2017-12965 CRITICAL

Apache2Triad 1.5.4 - Info Disclosure

CVE-2017-10600 MEDIUM

ubuntu-image <2017-07-07 - Info Disclosure

CVE-2017-2145 MEDIUM

Cybozu Garoon <4.2.4 - Info Disclosure

CVE-2017-4963 HIGH

Cloud Foundry Foundation Cloud Foundry <v252 - Session Fixation

CVE-2017-4014 HIGH

McAfee Network Data Loss Prevention 9.3.x - Authenticated Session Fixation via HTTP Request Modification

CVE-2017-0892 LOW

Nextcloud Server <11.0.3 - Info Disclosure

CVE-2017-5656 HIGH

Apache CXF <3.1.11, <3.0.13 - Privilege Escalation

CVE-2017-1152 MEDIUM

IBM Financial Transaction Manager <3.0.2 - Info Disclosure

CVE-2017-6412 HIGH

Sophos Web Appliance <4.3.1.2 - Session Fixation

CVE-2017-5831 MEDIUM

Revive Adserver <4.0.1 - Info Disclosure

CVE-2017-5141 MEDIUM

Honeywell XL Web II controller <XL1000C500 - Session Fixation

Previous Page 15 of 17 Next

Details

Vulnerabilities 405

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy