Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-384

CWE-384

Session Fixation

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.

404 vulnerabilities with CWE-384

CVE-2024-31221 MEDIUM

lizardbyte/sunshine 0.10.0-0.22.9 - Session Fixation via Device Unpairing Bypass

CVE-2024-2639 MEDIUM

Bdtask Wholesale Inventory Management System <20240311 - Session Fi...

CVE-2024-28197 HIGH

Zitadel < 2.44.3 - Session Hijacking via Subdomain Cookie Access

CVE-2024-22250 HIGH

VMware Enhanced Authentication Plug-in - Session Hijack

CVE-2024-22318 MEDIUM

IBM i Access Client Solutions <1.1.2-1.1.4, <1.1.4.3-1.1.9.4 - Info...

CVE-2024-24823 MEDIUM

Graylog <5.1.11-5.2.4 - Privilege Escalation

CVE-2024-23679 CRITICAL

Enonic XP < 7.7.4 - Unauthenticated Session Fixation

CVE-2024-0351 LOW

SourceCodester Engineers Online Portal 1.0 - Info Disclosure

CVE-2023-53776 HIGH

Screen SFT DAB 1.9.3 - Authentication Bypass via Session Fixation

CVE-2023-53775 MEDIUM

Screen SFT DAB 1.9.3 - Unauthenticated Authentication Bypass via Session Fixation

CVE-2023-53741 HIGH

Screen SFT DAB Series - Compact Radio DAB Transmitter 1.9.3 - Authentication Bypass via IP Session Reuse

CVE-2023-52268 CRITICAL

FreeScout End-User Portal <1.0.65 - Auth Bypass

CVE-2023-50176 HIGH

Fortinet FortiOS <7.4.3, <7.2.7, <7.0.13 - RCE

CVE-2023-38018 MEDIUM

IBM Aspera Shares 1.10.0 PL2 - Privilege Escalation

CVE-2023-30307 MEDIUM

TP-LINK TL-R473GP-AC, XDR6020, TL-R479GP-AC, TL-R4239G, TL-WAR1200L, TL-R476G - TCP Session Hijacking

CVE-2023-38002 MEDIUM

IBM Storage Scale <5.1.9.2 - Privilege Escalation

CVE-2023-50270 MEDIUM

Apache DolphinScheduler 1.3.8-3.2.0 - Insufficient Session Expiration

CVE-2023-45718 LOW

HCL Sametime 11.5-12.0.1 - Insufficient Session Expiration in Web Client

CVE-2023-47798 MEDIUM

Liferay Portal/DXP <7.3.0 - Privilege Escalation

CVE-2023-50941 MEDIUM

IBM PowerSC <2.2 - Privilege Escalation

CVE-2023-52353 HIGH

Mbed TLS < 3.5.2 - Session Fixation via TLS Version Mishandling

CVE-2023-50920 MEDIUM

GL.iNet <4.5.0 - Privilege Escalation

CVE-2023-6913 HIGH

Imou Life 6.7.0 - Session Hijacking via QR Code WebView Handling

CVE-2023-49804 MEDIUM

Uptime Kuma <1.23.9 - Info Disclosure

CVE-2023-48929 CRITICAL

Franklin Fueling Systems SSA <1.6.24.492 - Privilege Escalation

Previous Page 5 of 17 Next

Details

Vulnerabilities 404

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy