Vulnerabilities > Session Fixation

DATE CVE VULNERABILITY TITLE RISK
2021-12-10 CVE-2021-31745 Session Fixation vulnerability in Pluck-Cms Pluck 4.7.15
Session Fixation vulnerability in login.php in Pluck-CMS Pluck 4.7.15 allows an attacker to sustain unauthorized access to the platform.
network
low complexity
pluck-cms CWE-384
7.5
2021-12-09 CVE-2021-41246 Session Fixation vulnerability in Auth0 Express Openid Connect
Express OpenID Connect is express JS middleware implementing sign on for Express web apps using OpenID Connect.
network
low complexity
auth0 CWE-384
8.8
2021-11-24 CVE-2021-41268 Session Fixation vulnerability in Sensiolabs Symfony
Symfony/SecurityBundle is the security system for Symfony, a PHP framework for web and console applications and a set of reusable PHP components.
network
low complexity
sensiolabs CWE-384
8.8
2021-11-08 CVE-2021-42073 Session Fixation vulnerability in Barrier Project Barrier
An issue was discovered in Barrier before 2.4.0.
network
low complexity
barrier-project CWE-384
8.2
2021-10-05 CVE-2021-41553 Session Fixation vulnerability in Archibus web Central 21.3.3.815
In ARCHIBUS Web Central 21.3.3.815 (a version from 2014), the Web Application in /archibus/login.axvw assign a session token that could be already in use by another user.
network
low complexity
archibus CWE-384
critical
9.8
2021-09-07 CVE-2021-35948 Session Fixation vulnerability in Owncloud
Session fixation on password protected public links in the ownCloud Server before 10.8.0 allows an attacker to bypass the password protection when they can force a target client to use a controlled cookie.
network
low complexity
owncloud CWE-384
5.4
2021-08-25 CVE-2021-22237 Session Fixation vulnerability in Gitlab
Under specialized conditions, GitLab may allow a user with an impersonation token to perform Git actions even if impersonation is disabled.
network
low complexity
gitlab CWE-384
4.9
2021-08-23 CVE-2021-39290 Session Fixation vulnerability in Netmodule Router Software 4.3.0.0/4.4.0.0
Certain NetModule devices allow Limited Session Fixation via PHPSESSID.
network
low complexity
netmodule CWE-384
critical
9.8
2021-08-05 CVE-2021-22927 Session Fixation vulnerability in Citrix products
A session fixation vulnerability exists in Citrix ADC and Citrix Gateway 13.0-82.45 when configured SAML service provider that could allow an attacker to hijack a session.
network
low complexity
citrix CWE-384
8.1
2021-07-21 CVE-2021-2351 Session Fixation vulnerability in Oracle products
Vulnerability in the Advanced Networking Option component of Oracle Database Server.
network
high complexity
oracle CWE-384
8.3