Vulnerabilities > Session Fixation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-31 | CVE-2017-14163 | Session Fixation vulnerability in Mahara An issue was discovered in Mahara before 15.04.14, 16.x before 16.04.8, 16.10.x before 16.10.5, and 17.x before 17.04.3. | 8.8 |
| 2017-10-15 | CVE-2017-15304 | Session Fixation vulnerability in Airtame Hdmi Dongle Firmware 2.3.3 /bin/login.php in the Web Panel on the Airtame HDMI dongle with firmware before 3.0 allows an attacker to set his own session id via a "Cookie: PHPSESSID=" header. | 9.8 |
| 2017-09-28 | CVE-2017-11191 | Session Fixation vulnerability in Freeipa FreeIPA 4.x with API version 2.213 allows a remote authenticated users to bypass intended account-locking restrictions via an unlock action with an old session ID (for the same user account) that had been created for an earlier session. | 8.8 |
| 2017-09-11 | CVE-2017-14263 | Session Fixation vulnerability in Honeywell products Honeywell NVR devices allow remote attackers to create a user account in the admin group by leveraging access to a guest account to obtain a session ID, and then sending that session ID in a userManager.addUser request to the /RPC2 URI. | 8.1 |
| 2017-09-07 | CVE-2017-12225 | Session Fixation vulnerability in Cisco Prime LAN Management Solution 4.2(5) A vulnerability in the web functionality of the Cisco Prime LAN Management Solution could allow an authenticated, remote attacker to hijack another user's administrative session, aka a Session Fixation Vulnerability. | 6.5 |
| 2017-09-07 | CVE-2016-10405 | Session Fixation vulnerability in D-Link Dir-600L Firmware Session fixation vulnerability in D-Link DIR-600L routers (rev. | 9.8 |
| 2017-09-01 | CVE-2017-12873 | Session Fixation vulnerability in multiple products SimpleSAMLphp 1.7.0 through 1.14.10 might allow attackers to obtain sensitive information, gain unauthorized access, or have unspecified other impacts by leveraging incorrect persistent NameID generation when an Identity Provider (IdP) is misconfigured. | 9.8 |
| 2017-09-01 | CVE-2017-12868 | Session Fixation vulnerability in Simplesamlphp The secureCompare method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.13 and earlier, when used with PHP before 5.6, allows attackers to conduct session fixation attacks or possibly bypass authentication by leveraging missing character conversions before an XOR operation. | 9.8 |
| 2017-08-23 | CVE-2017-12965 | Session Fixation vulnerability in Apache2Triad 1.5.4 Session fixation vulnerability in Apache2Triad 1.5.4 allows remote attackers to hijack web sessions via the PHPSESSID parameter. | 9.8 |
| 2017-08-09 | CVE-2015-1820 | Session Fixation vulnerability in Rest-Client Project Rest-Client REST client for Ruby (aka rest-client) before 1.8.0 allows remote attackers to conduct session fixation attacks or obtain sensitive cookie information by leveraging passage of cookies set in a response to a redirect. | 9.8 |