CWE:
 

Topic
Date
Author
Low
OpenVPN Access Server 2.1.4 CRLF Injection
27.05.2017
SYSDREAM
Med.
Horsys v8 multiple vulnerabilities
23.06.2016
Florian Nivette
Med.
FancyFon FAMOC 3.16.5 Session Fixation
28.01.2015
Matthias Deeg
Med.
Jasper Server 5.5 Session Fixation
11.05.2014
Felipe Andrian Peixoto


CVEMAP Search Results

CVE
Details
Description
2017-12-20
Low
CVE-2017-1270

Vendor: IBM
Software: Security gua...
 

 
IBM Security Guardium 10.0 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This could force a user to utilize a cookie that may be known to an attacker. IBM X-Force ID: 124745.

 
2017-12-18
Medium
CVE-2017-11562

Vendor: MT4
Software: Senhasegura
 

 
A Session Fixation Vulnerability exists in the MT4 Networks SenhaSegura Web Application 2.2.23.8 via login_if.php.

 
2017-11-17
Low
CVE-2017-10890

Updating...
 

 
Session management issue in RX-V200 firmware versions prior to 09.87.17.09, RX-V100 firmware versions prior to 03.29.17.09, RX-CLV1-P firmware versions prior to 79.17.17.09, RX-CLV2-B firmware versions prior to 89.07.17.09, RX-CLV3-N firmware versions prior to 91.09.17.10 allows an attacker on the same LAN to perform arbitrary operations or access information via unspecified vectors.

 
2017-11-16
Medium
CVE-2017-16855

Updating...
 

 
Ipsilon before 2.1.0 has a "SAML2 multi-session vulnerability."

 
2017-11-03
Medium
CVE-2017-1000150

Vendor: Mahara
Software: Mahara
 

 
Mahara 15.04 before 15.04.7 and 15.10 before 15.10.3 are vulnerable to prevent session IDs from being regenerated on login or logout. This makes users of the site more vulnerable to session fixation attacks.

 
2017-09-01
Medium
CVE-2017-12868

Vendor: Simplesamlphp
Software: Simplesamlphp
 

 
The secureCompare method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.13 and earlier, when used with PHP before 5.6, allows attackers to conduct session fixation attacks or possibly bypass authentication by leveraging missing character conversions before an XOR operation.

 
2017-07-12
Medium
CVE-2016-8638

Vendor: Ipsilon project
Software: Ipsilon
 

 
A vulnerability in ipsilon 2.0 before 2.0.2, 1.2 before 1.2.1, 1.1 before 1.1.2, and 1.0 before 1.0.3 was found that allows attacker to log out active sessions of other users. This issue is related to how it tracks sessions, and allows an unauthenticated attacker to view and terminate active sessions from other users. It is also called a "SAML2 multi-session vulnerability."

 
2017-04-18
Medium
CVE-2017-5656

Vendor: Apache
Software: CXF
 

 
Apache CXF's STSClient before 3.1.11 and 3.0.13 uses a flawed way of caching tokens that are associated with delegation tokens, which means that an attacker could craft a token which would return an identifer corresponding to a cached token for another user.

 

 


Copyright 2018, cxsecurity.com

 

Back to Top