Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-384

CWE-384

Session Fixation

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.

404 vulnerabilities with CWE-384

CVE-2023-46733 MEDIUM

Symfony <5.4.31 & <6.3.8 - Info Disclosure

CVE-2023-5309 MEDIUM

Puppet Enterprise <2021.7.6,2023.5 - Privilege Escalation

CVE-2023-0897 HIGH

Sielco PolyEco1000 - Info Disclosure

CVE-2023-45687 HIGH

South River Technologies - Privilege Escalation

CVE-2023-44400 MEDIUM

Uptime Kuma <1.23.3 - Privilege Escalation

CVE-2023-42322 CRITICAL

icmsdev iCMS 7.0.16 - Info Disclosure

CVE-2023-3711 MEDIUM

Honeywell PM43 <P10.19.050004 - Session Fixation

CVE-2023-41012 CRITICAL

China Mobile Intelligent Home Gateway v.HG6543C4 - RCE

CVE-2023-4649 MEDIUM

instantsoft/icms2 <2.16.1 - Info Disclosure

CVE-2023-40273 HIGH

Apache Airflow < 2.7.0 - Authenticated Session Fixation via Password Reset

CVE-2023-24477 HIGH

Guardian/CMC <22.6.2 - Privilege Escalation

CVE-2023-21239 MEDIUM

Android - Local Information Disclosure via Notification Image Data Leak

CVE-2023-21238 MEDIUM

Android - Local Information Disclosure via RemoteViews visitUris

CVE-2023-37946 HIGH

Jenkins OpenShift Login Plugin <1.1.0.227.v27e08dfb_1a_20 - Info Di...

CVE-2023-34656 HIGH

Xiamen Si Xin Communication Technology Video <4.1 - Privilege Escal...

CVE-2023-3394 MEDIUM

fossbilling <0.5.1 - Info Disclosure

CVE-2023-34156 MEDIUM

Huawei EMUI - Session Fixation via Early Fingerprint API

CVE-2023-28809 HIGH

Hikvision Access Control Devices - Session Hijacking via Reused Session ID

CVE-2023-3192 MEDIUM

froxlor/froxlor <2.1.0 - Info Disclosure

CVE-2023-32997 HIGH

Jenkins CAS Plugin <1.6.2 - Auth Bypass

CVE-2023-31498 CRITICAL

PHP Gurukul Hospital Management System <4.0 - Privilege Escalation

CVE-2023-28316 CRITICAL

rocket.chat - Session Fixation via 2FA Bypass

CVE-2023-30056 HIGH

FICO Origination Manager Decision Module 4.8.1 - Info Disclosure

CVE-2023-1265 MEDIUM

GitLab <15.9.6-15.11.1 - Info Disclosure

CVE-2023-29020 MEDIUM

fastify/passport < 1.1.0 - Cross-Site Request Forgery Protection Bypass via Session Fixation

Previous Page 6 of 17 Next

Details

Vulnerabilities 404

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy