Vulnerabilities > Session Fixation

DATE	CVE	VULNERABILITY TITLE	RISK
2017-09-11	CVE-2017-14263	Session Fixation vulnerability in Honeywell products Honeywell NVR devices allow remote attackers to create a user account in the admin group by leveraging access to a guest account to obtain a session ID, and then sending that session ID in a userManager.addUser request to the /RPC2 URI. network high complexity honeywell CWE-384	8.1
2017-09-07	CVE-2017-12225	Session Fixation vulnerability in Cisco Prime LAN Management Solution 4.2(5) A vulnerability in the web functionality of the Cisco Prime LAN Management Solution could allow an authenticated, remote attacker to hijack another user's administrative session, aka a Session Fixation Vulnerability. network low complexity cisco CWE-384	6.5
2017-09-07	CVE-2016-10405	Session Fixation vulnerability in D-Link Dir-600L Firmware Session fixation vulnerability in D-Link DIR-600L routers (rev. network low complexity d-link CWE-384 critical	9.8
2017-09-01	CVE-2017-12873	Session Fixation vulnerability in multiple products SimpleSAMLphp 1.7.0 through 1.14.10 might allow attackers to obtain sensitive information, gain unauthorized access, or have unspecified other impacts by leveraging incorrect persistent NameID generation when an Identity Provider (IdP) is misconfigured. network low complexity simplesamlphp debian CWE-384 critical	9.8
2017-09-01	CVE-2017-12868	Session Fixation vulnerability in Simplesamlphp The secureCompare method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.13 and earlier, when used with PHP before 5.6, allows attackers to conduct session fixation attacks or possibly bypass authentication by leveraging missing character conversions before an XOR operation. network low complexity simplesamlphp CWE-384 critical	9.8
2017-08-23	CVE-2017-12965	Session Fixation vulnerability in Apache2Triad 1.5.4 Session fixation vulnerability in Apache2Triad 1.5.4 allows remote attackers to hijack web sessions via the PHPSESSID parameter. network low complexity apache2triad CWE-384 critical	9.8
2017-08-09	CVE-2015-1820	Session Fixation vulnerability in Rest-Client Project Rest-Client REST client for Ruby (aka rest-client) before 1.8.0 allows remote attackers to conduct session fixation attacks or obtain sensitive cookie information by leveraging passage of cookies set in a response to a redirect. network low complexity rest-client-project CWE-384 critical	9.8
2017-08-02	CVE-2015-1174	Session Fixation vulnerability in Unit4 Teta web Session fixation vulnerability in Unit4 Polska TETA Web (formerly TETA Galactica) 22.62.3.4 and earlier allows remote attackers to hijack web sessions via a session id. network low complexity unit4 CWE-384 critical	9.8
2017-08-02	CVE-2016-9981	Session Fixation vulnerability in IBM Security Appscan IBM AppScan Enterprise Edition 9.0 contains an unspecified vulnerability that could allow an attacker to hijack a valid user's session. network high complexity ibm CWE-384	8.1
2017-07-12	CVE-2016-8638	Session Fixation vulnerability in Ipsilon Project Ipsilon A vulnerability in ipsilon 2.0 before 2.0.2, 1.2 before 1.2.1, 1.1 before 1.1.2, and 1.0 before 1.0.3 was found that allows attacker to log out active sessions of other users. network low complexity ipsilon-project CWE-384 critical	9.1

Vulnerabilities > Session Fixation {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Session Fixation"}]}

Vulnerabilities > Session Fixation