ReportizFlow
Filtered by vendor
Subscriptions
Total
359 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-11562 | 1 Mt4 | 1 Senhasegura | 2025-04-20 | N/A |
| A Session Fixation Vulnerability exists in the MT4 Networks SenhaSegura Web Application 2.2.23.8 via login_if.php. | ||||
| CVE-2016-9703 | 1 Ibm | 1 Security Identity Manager Virtual Appliance | 2025-04-20 | N/A |
| IBM Security Identity Manager Virtual Appliance does not invalidate session tokens which could allow an unauthorized user with physical access to the work station to obtain sensitive information. | ||||
| CVE-2017-1270 | 1 Ibm | 1 Security Guardium | 2025-04-20 | N/A |
| IBM Security Guardium 10.0 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This could force a user to utilize a cookie that may be known to an attacker. IBM X-Force ID: 124745. | ||||
| CVE-2017-1000150 | 1 Mahara | 1 Mahara | 2025-04-20 | N/A |
| Mahara 15.04 before 15.04.7 and 15.10 before 15.10.3 are vulnerable to prevent session IDs from being regenerated on login or logout. This makes users of the site more vulnerable to session fixation attacks. | ||||
| CVE-2016-6043 | 1 Ibm | 1 Tivoli Storage Manager | 2025-04-20 | N/A |
| Tivoli Storage Manager Operations Center could allow a local user to take over a previously logged in user due to session expiration not being enforced. | ||||
| CVE-2017-12965 | 1 Apache2triad | 1 Apache2triad | 2025-04-20 | N/A |
| Session fixation vulnerability in Apache2Triad 1.5.4 allows remote attackers to hijack web sessions via the PHPSESSID parameter. | ||||
| CVE-2017-12868 | 2 Php, Simplesamlphp | 2 Php, Simplesamlphp | 2025-04-20 | N/A |
| The secureCompare method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.13 and earlier, when used with PHP before 5.6, allows attackers to conduct session fixation attacks or possibly bypass authentication by leveraging missing character conversions before an XOR operation. | ||||
| CVE-2017-5141 | 1 Honeywell | 1 Xl Web Ii Controller | 2025-04-20 | N/A |
| An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. An attacker can establish a new user session, without invalidating any existing session identifier, which gives the opportunity to steal authenticated sessions (SESSION FIXATION). | ||||
| CVE-2017-4963 | 1 Pivotal Software | 3 Cloud Foundry Cf-release, Cloud Foundry Uaa, Cloud Foundry Uaa-release | 2025-04-20 | N/A |
| An issue was discovered in Cloud Foundry Foundation Cloud Foundry release v252 and earlier versions, UAA stand-alone release v2.0.0 - v2.7.4.12 & v3.0.0 - v3.11.0, and UAA bosh release v26 & earlier versions. UAA is vulnerable to session fixation when configured to authenticate against external SAML or OpenID Connect based identity providers. | ||||
| CVE-2017-11191 | 1 Freeipa | 1 Freeipa | 2025-04-20 | N/A |
| FreeIPA 4.x with API version 2.213 allows a remote authenticated users to bypass intended account-locking restrictions via an unlock action with an old session ID (for the same user account) that had been created for an earlier session. NOTE: Vendor states that issue does not exist in product and does not recognize this report as a valid security concern | ||||
| CVE-2017-15304 | 1 Airtame | 2 Hdmi Dongle, Hdmi Dongle Firmware | 2025-04-20 | N/A |
| /bin/login.php in the Web Panel on the Airtame HDMI dongle with firmware before 3.0 allows an attacker to set his own session id via a "Cookie: PHPSESSID=" header. This can be used to achieve persistent access to the admin panel even after an admin password change. | ||||
| CVE-2017-10890 | 1 Sharp | 10 Rx-clv1-p, Rx-clv1-p Firmware, Rx-clv2-b and 7 more | 2025-04-20 | N/A |
| Session management issue in RX-V200 firmware versions prior to 09.87.17.09, RX-V100 firmware versions prior to 03.29.17.09, RX-CLV1-P firmware versions prior to 79.17.17.09, RX-CLV2-B firmware versions prior to 89.07.17.09, RX-CLV3-N firmware versions prior to 91.09.17.10 allows an attacker on the same LAN to perform arbitrary operations or access information via unspecified vectors. | ||||
| CVE-2017-5831 | 1 Revive-adserver | 1 Revive Adserver | 2025-04-20 | N/A |
| Session fixation vulnerability in the forgot password mechanism in Revive Adserver before 4.0.1, when setting a new password, allows remote attackers to hijack web sessions via the session ID. | ||||
| CVE-2016-0721 | 3 Clusterlabs, Fedoraproject, Redhat | 3 Pcs, Fedora, Enterprise Linux | 2025-04-20 | N/A |
| Session fixation vulnerability in pcsd in pcs before 0.9.157. | ||||
| CVE-2016-6040 | 1 Ibm | 1 Rational Collaborative Lifecycle Management | 2025-04-20 | N/A |
| IBM Jazz Foundation could allow an authenticated user to take over a previously logged in user due to session expiration not being enforced. | ||||
| CVE-2015-4594 | 1 Eclinicalworks | 1 Population Health | 2025-04-20 | N/A |
| eClinicalWorks Population Health (CCMR) suffers from a session fixation vulnerability. When authenticating a user, the application does not assign a new session ID, making it possible to use an existent session ID. | ||||
| CVE-2017-1152 | 1 Ibm | 1 Financial Transaction Manager | 2025-04-20 | N/A |
| IBM Financial Transaction Manager 3.0.1 and 3.0.2 does not properly update the SESSIONID with each request, which could allow a user to obtain the ID in further attacks against the system. IBM X-Force ID: 122293. | ||||
| CVE-2015-1820 | 2 Redhat, Rest-client Project | 4 Cloudforms Managementengine, Satellite, Satellite Capsule and 1 more | 2025-04-20 | N/A |
| REST client for Ruby (aka rest-client) before 1.8.0 allows remote attackers to conduct session fixation attacks or obtain sensitive cookie information by leveraging passage of cookies set in a response to a redirect. | ||||
| CVE-2020-25152 | 1 Bbraun | 2 Datamodule Compactplus, Spacecom | 2025-04-16 | 6.5 Medium |
| A session fixation vulnerability in the B. Braun Melsungen AG SpaceCom administrative interface Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows remote attackers to hijack web sessions and escalate privileges. | ||||
| CVE-2020-15679 | 1 Mozilla | 1 Vpn | 2025-04-16 | 7.6 High |
| An OAuth session fixation vulnerability existed in the VPN login flow, where an attacker could craft a custom login URL, convince a VPN user to login via that URL, and obtain authenticated access as that user. This issue is limited to cases where attacker and victim are sharing the same source IP and could allow the ability to view session states and disconnect VPN sessions. This vulnerability affects Mozilla VPN iOS 1.0.7 < (929), Mozilla VPN Windows < 1.2.2, and Mozilla VPN Android 1.1.0 < (1360). | ||||