Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-384

CWE-384

Session Fixation

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.

405 vulnerabilities with CWE-384

CVE-2016-8609 LOW

Keycloak < 2.3.0 - Improper Authentication via Phishing URL

CVE-2016-9574 MEDIUM

Network Security Services < 3.30 - Denial of Service via SessionTicket Extension

CVE-2016-6545 CRITICAL

iTrack Easy - Info Disclosure

CVE-2016-10405 CRITICAL

D-Link DIR-600L <FW1.17.B01 - Info Disclosure

CVE-2016-9981 HIGH

IBM AppScan Enterprise Edition 9.0 - Auth Bypass

CVE-2016-8638 CRITICAL

ipsilon <2.0.2,1.2.1,1.1.2,1.0.3 - Info Disclosure

CVE-2016-0721 HIGH

pcs < 0.9.157 - Session Fixation

CVE-2016-9125 CRITICAL

Revive Adserver <3.2.3 - Session Fixation

CVE-2016-10205 HIGH

ZoneMinder < 1.30.0 - Session Fixation via ZMSESSID Cookie

CVE-2016-9703 LOW

IBM Security Identity Manager Virtual Appliance - Info Disclosure

CVE-2016-6043 HIGH

Tivoli Storage Manager Operations Center - Privilege Escalation

CVE-2016-6040 MEDIUM

IBM Jazz Foundation - Privilege Escalation

CVE-2015-5384 HIGH

AxiomSL's Axiom Google Web Toolkit <9.5.3 - SSRF

CVE-2015-1820 CRITICAL

REST client <1.8.0 - Info Disclosure

CVE-2015-1174 CRITICAL

Unit4 Polska TETA Web <22.62.3.4 - Info Disclosure

CVE-2015-4594 CRITICAL

eClinicalWorks Population Health - Session Fixation

CVE-2014-125048 MEDIUM

xingwall < e9f0d509e1408743048e29d9c099d36e0e1f6ae7 - Session Fixation in OAuth Controller

CVE-2014-10400 MEDIUM

CGILua 5.0.x - Session Fixation via Predictable Session ID

CVE-2014-10399 MEDIUM

CGILua 5.1.x - Session Fixation via Weak Session ID

IBM Initiate Master Data Service <10.1 - Session Fixation

CVE-2013-4572 HIGH

MediaWiki <1.19.9, <1.20.8, <1.21.3 - Auth Bypass

CVE-2013-0507 HIGH

IBM InfoSphere Information Server <9.1 - Privilege Escalation

CVE-2013-2049 HIGH

Red Hat CloudForms Management Engine - Session Fixation via Static Secret Token

CVE-2010-1434 HIGH

Joomla! Core <1.5.16 - Session Fixation

CVE-2010-3671 MEDIUM

TYPO3 <4.1.14, <4.2.13, <4.3.4, <4.4.1 - Info Disclosure

Previous Page 16 of 17 Next

Details

Vulnerabilities 405

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy