Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-384

CWE-384

Session Fixation

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.

404 vulnerabilities with CWE-384

CVE-2022-40226 HIGH

SICAM P850 <V3.10 - Info Disclosure

CVE-2022-34334 MEDIUM

IBM Sterling Partner Engagement Manager 2.0 - Privilege Escalation

CVE-2022-40630 MEDIUM

Tacitine Firewall <22.20.1 - Session Fixation

CVE-2022-3269 CRITICAL

ikus060/rdiffweb <2.4.7 - Info Disclosure

CVE-2022-38369 HIGH

Apache IoTDB 0.13.0 - Session Fixation

CVE-2022-38054 CRITICAL

Apache Airflow <2.3.3 - Info Disclosure

CVE-2022-31798 MEDIUM

Nortek Linear eMerge E3-Series < 0.32-07p - Cross-Site Scripting and Session Fixation via CardFormatNo Parameter

CVE-2022-2997 HIGH

GitHub snipe/snipe-it <6.0.10 - Info Disclosure

CVE-2022-30605 HIGH

WWBN AVideo 11.6 and dev master commit 3f7c0364 - Session Fixation via Crafted HTTP Request

CVE-2022-2820 HIGH

GitHub repository namelessmc/nameless <v2.0.2 - Info Disclosure

CVE-2022-33927 MEDIUM

Dell Wyse Management Suite <3.6.1 - Session Fixation

CVE-2022-34536 HIGH

Digital Watchdog DW MEGApix IP Cameras - Session Hijacking via Crafted Session Token

CVE-2022-22681 HIGH

Synology Photo Station <6.8.16-3506 - Auth Bypass

CVE-2022-25896 MEDIUM

passport < 0.6.0 - Session Fixation via Session Regeneration

CVE-2022-24444 MEDIUM

Silverstripe framework <4.10 - Info Disclosure

CVE-2022-27305 HIGH

Gibbon < 23.0.02 - Session Fixation

CVE-2022-1849 MEDIUM

filegator/filegator <7.8.0 - Info Disclosure

CVE-2022-26591 HIGH

MWiD25-DS Firmware <2.000.030 - Info Disclosure

CVE-2022-24781 HIGH

Geon - Session Fixation via UUID Spoofing

CVE-2022-24745 MEDIUM

Shopware < 6.4.8.2 - Session Fixation via HTTP Cache

CVE-2022-22551 HIGH

DELL EMC AppSync <4.3 - Info Disclosure

CVE-2021-3740 MEDIUM

chatwoot < 2.4.0 - Session Fixation via Password Change

CVE-2021-36394 CRITICAL

Moodle - Remote Code Execution in Shibboleth Authentication Plugin

CVE-2021-42761 CRITICAL

FortiWeb 5.9.0-5.9.1, 6.0.0-6.0.7, 6.1.0-6.1.2, 6.2.0-6.2.6, 6.3.0-6.3.16, 6.4 - Unauthenticated Session Fixation

CVE-2021-29368 HIGH

CuppaCMS < 2019-11-12 - Session Fixation

Previous Page 8 of 17 Next

Details

Vulnerabilities 404

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy