Filtered by vendor
Subscriptions
Total
329 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2016-9125 | 1 Revive-adserver | 1 Revive Adserver | 2024-11-21 | N/A |
Revive Adserver before 3.2.3 suffers from session fixation, by allowing arbitrary session identifiers to be forced and, at the same time, by not invalidating the existing session upon a successful authentication. Under some circumstances, that could have been an opportunity for an attacker to steal an authenticated session. | ||||
CVE-2016-8638 | 2 Ipsilon Project, Redhat | 2 Ipsilon, Enterprise Linux | 2024-11-21 | N/A |
A vulnerability in ipsilon 2.0 before 2.0.2, 1.2 before 1.2.1, 1.1 before 1.1.2, and 1.0 before 1.0.3 was found that allows attacker to log out active sessions of other users. This issue is related to how it tracks sessions, and allows an unauthenticated attacker to view and terminate active sessions from other users. It is also called a "SAML2 multi-session vulnerability." | ||||
CVE-2016-8609 | 1 Redhat | 2 Jboss Single Sign On, Keycloak | 2024-11-21 | N/A |
It was found that the keycloak before 2.3.0 did not implement authentication flow correctly. An attacker could use this flaw to construct a phishing URL, from which he could hijack the user's session. This could lead to information disclosure, or permit further possible attacks. | ||||
CVE-2016-6545 | 1 Ieasytec | 1 Itrackeasy | 2024-11-21 | N/A |
Session cookies are not used for maintaining valid sessions in iTrack Easy. The user's password is passed as a POST parameter over HTTPS using a base64 encoded passwd field on every request. In this implementation, sessions can only be terminated when the user changes the associated password. | ||||
CVE-2016-6043 | 1 Ibm | 1 Tivoli Storage Manager | 2024-11-21 | N/A |
Tivoli Storage Manager Operations Center could allow a local user to take over a previously logged in user due to session expiration not being enforced. | ||||
CVE-2016-6040 | 1 Ibm | 1 Rational Collaborative Lifecycle Management | 2024-11-21 | N/A |
IBM Jazz Foundation could allow an authenticated user to take over a previously logged in user due to session expiration not being enforced. | ||||
CVE-2016-10405 | 2 D-link, Dlink | 2 Dir-600l Firmware, Dir-600l | 2024-11-21 | N/A |
Session fixation vulnerability in D-Link DIR-600L routers (rev. Ax) with firmware before FW1.17.B01 allows remote attackers to hijack web sessions via unspecified vectors. | ||||
CVE-2016-10205 | 1 Zoneminder | 1 Zoneminder | 2024-11-21 | N/A |
Session fixation vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack web sessions via the ZMSESSID cookie. | ||||
CVE-2016-0721 | 3 Clusterlabs, Fedoraproject, Redhat | 3 Pcs, Fedora, Enterprise Linux | 2024-11-21 | N/A |
Session fixation vulnerability in pcsd in pcs before 0.9.157. | ||||
CVE-2015-5384 | 1 Axiomsl | 1 Axiom | 2024-11-21 | N/A |
AxiomSL's Axiom Google Web Toolkit module 9.5.3 and earlier is vulnerable to a Session Fixation attack. | ||||
CVE-2015-4594 | 1 Eclinicalworks | 1 Population Health | 2024-11-21 | N/A |
eClinicalWorks Population Health (CCMR) suffers from a session fixation vulnerability. When authenticating a user, the application does not assign a new session ID, making it possible to use an existent session ID. | ||||
CVE-2015-1820 | 2 Redhat, Rest-client Project | 4 Cloudforms Managementengine, Satellite, Satellite Capsule and 1 more | 2024-11-21 | N/A |
REST client for Ruby (aka rest-client) before 1.8.0 allows remote attackers to conduct session fixation attacks or obtain sensitive cookie information by leveraging passage of cookies set in a response to a redirect. | ||||
CVE-2015-1174 | 1 Unit4 | 1 Teta Web | 2024-11-21 | N/A |
Session fixation vulnerability in Unit4 Polska TETA Web (formerly TETA Galactica) 22.62.3.4 and earlier allows remote attackers to hijack web sessions via a session id. | ||||
CVE-2014-4789 | 1 Ibm | 1 Initiate Master Data Service | 2024-11-21 | N/A |
Session fixation vulnerability in IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 allows remote attackers to hijack web sessions via unspecified vectors. | ||||
CVE-2014-2066 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-11-21 | N/A |
Session fixation vulnerability in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack web sessions via vectors involving the "override" of Jenkins cookies. | ||||
CVE-2014-125048 | 1 Kluks | 1 Xingwall | 2024-11-21 | 6.3 Medium |
A vulnerability, which was classified as critical, has been found in kassi xingwall. This issue affects some unknown processing of the file app/controllers/oauth.js. The manipulation leads to session fixiation. The patch is named e9f0d509e1408743048e29d9c099d36e0e1f6ae7. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217559. | ||||
CVE-2014-10400 | 1 Keplerproject | 1 Cgilua | 2024-11-21 | 6.1 Medium |
The session.lua library in CGILua 5.0.x uses sequential session IDs, which makes it easier for remote attackers to predict the session ID and hijack arbitrary sessions. NOTE: this vulnerability was SPLIT from CVE-2014-2875. | ||||
CVE-2014-10399 | 1 Keplerproject | 1 Cgilua | 2024-11-21 | 6.1 Medium |
The session.lua library in CGILua 5.1.x uses the same ID for each session, which allows remote attackers to hijack arbitrary sessions. NOTE: this vulnerability was SPLIT from CVE-2014-2875. | ||||
CVE-2014-0152 | 2 Ovirt, Redhat | 3 Ovirt, Ovirt-engine, Rhev Manager | 2024-11-21 | N/A |
Session fixation vulnerability in the web admin interface in oVirt 3.4.0 and earlier allows remote attackers to hijack web sessions via unspecified vectors. | ||||
CVE-2014-0090 | 2 Redhat, Theforeman | 2 Satellite, Foreman | 2024-11-21 | N/A |
Session fixation vulnerability in Foreman before 1.4.2 allows remote attackers to hijack web sessions via the session id cookie. |