Vulnerabilities > Session Fixation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-28 | CVE-2016-9125 | Session Fixation vulnerability in Revive-Adserver Revive Adserver Revive Adserver before 3.2.3 suffers from session fixation, by allowing arbitrary session identifiers to be forced and, at the same time, by not invalidating the existing session upon a successful authentication. | 7.5 |
| 2017-03-03 | CVE-2017-5831 | Session Fixation vulnerability in Revive-Adserver Revive Adserver Session fixation vulnerability in the forgot password mechanism in Revive Adserver before 4.0.1, when setting a new password, allows remote attackers to hijack web sessions via the session ID. | 5.5 |
| 2017-03-03 | CVE-2016-10205 | Session Fixation vulnerability in Zoneminder Session fixation vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack web sessions via the ZMSESSID cookie. | 7.5 |
| 2017-02-13 | CVE-2017-5141 | Session Fixation vulnerability in Honeywell XL web II Controller Xlwebexe10208/Xlwebexe20100 An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. | 6.5 |
| 2017-02-01 | CVE-2016-9703 | Session Fixation vulnerability in IBM Security Identity Manager Virtual Appliance IBM Security Identity Manager Virtual Appliance does not invalidate session tokens which could allow an unauthorized user with physical access to the work station to obtain sensitive information. | 2.1 |
| 2017-02-01 | CVE-2016-6043 | Session Fixation vulnerability in IBM Tivoli Storage Manager Tivoli Storage Manager Operations Center could allow a local user to take over a previously logged in user due to session expiration not being enforced. | 4.4 |
| 2017-02-01 | CVE-2016-6040 | Session Fixation vulnerability in IBM Rational Collaborative Lifecycle Management IBM Jazz Foundation could allow an authenticated user to take over a previously logged in user due to session expiration not being enforced. | 6.0 |
| 2017-01-10 | CVE-2015-4594 | Session Fixation vulnerability in Eclinicalworks Population Health eClinicalWorks Population Health (CCMR) suffers from a session fixation vulnerability. | 7.5 |
| 2014-09-10 | CVE-2014-4789 | Session Fixation vulnerability in IBM Initiate Master Data Service Session fixation vulnerability in IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 allows remote attackers to hijack web sessions via unspecified vectors. | 6.8 |
| 2008-07-18 | CVE-2008-3222 | Session Fixation vulnerability in multiple products Session fixation vulnerability in Drupal 5.x before 5.9 and 6.x before 6.3, when contributed modules "terminate the current request during a login event," allows remote attackers to hijack web sessions via unknown vectors. | 5.8 |