Vulnerabilities > Session Fixation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-07 | CVE-2016-10405 | Session Fixation vulnerability in D-Link Dir-600L Firmware Session fixation vulnerability in D-Link DIR-600L routers (rev. | 9.8 |
| 2017-09-01 | CVE-2017-12873 | Session Fixation vulnerability in multiple products SimpleSAMLphp 1.7.0 through 1.14.10 might allow attackers to obtain sensitive information, gain unauthorized access, or have unspecified other impacts by leveraging incorrect persistent NameID generation when an Identity Provider (IdP) is misconfigured. | 9.8 |
| 2017-09-01 | CVE-2017-12868 | Session Fixation vulnerability in Simplesamlphp The secureCompare method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.13 and earlier, when used with PHP before 5.6, allows attackers to conduct session fixation attacks or possibly bypass authentication by leveraging missing character conversions before an XOR operation. | 9.8 |
| 2017-08-23 | CVE-2017-12965 | Session Fixation vulnerability in Apache2Triad 1.5.4 Session fixation vulnerability in Apache2Triad 1.5.4 allows remote attackers to hijack web sessions via the PHPSESSID parameter. | 9.8 |
| 2017-08-09 | CVE-2015-1820 | Session Fixation vulnerability in Rest-Client Project Rest-Client REST client for Ruby (aka rest-client) before 1.8.0 allows remote attackers to conduct session fixation attacks or obtain sensitive cookie information by leveraging passage of cookies set in a response to a redirect. | 9.8 |
| 2017-08-02 | CVE-2015-1174 | Session Fixation vulnerability in Unit4 Teta web Session fixation vulnerability in Unit4 Polska TETA Web (formerly TETA Galactica) 22.62.3.4 and earlier allows remote attackers to hijack web sessions via a session id. | 9.8 |
| 2017-08-02 | CVE-2016-9981 | Session Fixation vulnerability in IBM Security Appscan IBM AppScan Enterprise Edition 9.0 contains an unspecified vulnerability that could allow an attacker to hijack a valid user's session. | 8.1 |
| 2017-07-12 | CVE-2016-8638 | Session Fixation vulnerability in Ipsilon Project Ipsilon A vulnerability in ipsilon 2.0 before 2.0.2, 1.2 before 1.2.1, 1.1 before 1.1.2, and 1.0 before 1.0.3 was found that allows attacker to log out active sessions of other users. | 9.1 |
| 2017-07-11 | CVE-2017-10600 | Session Fixation vulnerability in Canonical Ubuntu-Image 1.0 ubuntu-image 1.0 before 2017-07-07, when invoked as non-root, creates files in the resulting image with the uid of the invoking user. | 5.9 |
| 2017-07-07 | CVE-2017-2145 | Session Fixation vulnerability in Cybozu Garoon Session fixation vulnerability in Cybozu Garoon 4.0.0 to 4.2.4 allows remote attackers to perform arbitrary operations via unspecified vectors. | 5.4 |