Vulnerabilities > Session Fixation

DATE CVE VULNERABILITY TITLE RISK
2018-12-12 CVE-2018-1480 Session Fixation vulnerability in IBM Bigfix Platform
IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 does not set the 'HttpOnly' attribute on authorization tokens or session cookies.
network
low complexity
ibm CWE-384
5.0
2018-11-27 CVE-2018-13337 Session Fixation vulnerability in Terra-Master Terramaster Operating System 3.1.03
Session Fixation in the web application for TerraMaster TOS version 3.1.03 allows attackers to control users' session cookies via JavaScript.
5.8
2018-11-22 CVE-2018-19443 Session Fixation vulnerability in Tryton 5.0.0
The client in Tryton 5.x before 5.0.1 tries to make a connection to the bus in cleartext instead of encrypted under certain circumstances in bus.py and jsonrpc.py.
network
tryton CWE-384
4.3
2018-11-08 CVE-2018-6434 Session Fixation vulnerability in Broadcom Fabric Operating System
A vulnerability in the web management interface of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow attackers to intercept or manipulate a user's session ID.
network
low complexity
broadcom CWE-384
5.0
2018-11-04 CVE-2018-18926 Session Fixation vulnerability in Gitea
Gitea before 1.5.4 allows remote code execution because it does not properly validate session IDs.
network
low complexity
gitea CWE-384
7.5
2018-11-04 CVE-2018-18925 Session Fixation vulnerability in Gogs
Gogs 0.11.66 allows remote code execution because it does not properly validate session IDs, as demonstrated by a ".." session-file forgery in the file session provider in file.go.
network
low complexity
gogs CWE-384
7.5
2018-10-31 CVE-2018-13282 Session Fixation vulnerability in Synology Photo Station
Session fixation vulnerability in SYNO.PhotoStation.Auth in Synology Photo Station before 6.8.7-3481 allows remote attackers to hijack web sessions via the PHPSESSID parameter.
network
synology CWE-384
6.8
2018-10-30 CVE-2018-16463 Session Fixation vulnerability in Nextcloud Server
A bug causing session fixation in Nextcloud Server prior to 14.0.0, 13.0.3 and 12.0.8 could potentially allow an attacker to obtain access to password protected shares.
network
high complexity
nextcloud CWE-384
3.6
2018-10-19 CVE-2018-18380 Session Fixation vulnerability in Bigtreecms Bigtree CMS
A Session Fixation issue was discovered in Bigtree before 4.2.24.
5.8
2018-10-12 CVE-2018-17902 Session Fixation vulnerability in Yokogawa products
Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The application utilizes multiple methods of session management which could result in a denial of service to the remote management functions.
network
low complexity
yokogawa CWE-384
5.0