CWE:
 

Tytuł
Data
Autor
Low
OpenVPN Access Server 2.1.4 CRLF Injection
27.05.2017
SYSDREAM
Med.
Horsys v8 multiple vulnerabilities
23.06.2016
Florian Nivette
Med.
FancyFon FAMOC 3.16.5 Session Fixation
28.01.2015
Matthias Deeg
Med.
Jasper Server 5.5 Session Fixation
11.05.2014
Felipe Andrian Peixoto


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2023-02-03
Waiting for details
CVE-2022-24895

Updating...
 

 
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. When authenticating users Symfony by default regenerates the session ID upon login, but preserves the rest of session attributes. Because this does not clear CSRF tokens upon login, this might enables same-site attackers to bypass the CSRF protection mechanism by performing an attack similar to a session-fixation. This issue has been fixed in the 4.4 branch.

 
2023-01-10
Waiting for details
CVE-2023-22479

Updating...
 

 
KubePi is a modern Kubernetes panel. A session fixation attack allows an attacker to hijack a legitimate user session, versions 1.6.3 and below are susceptible. A patch will be released in version 1.6.4.

 
2023-01-06
Waiting for details
CVE-2014-125048

Updating...
 

 
A vulnerability, which was classified as critical, has been found in kassi xingwall. This issue affects some unknown processing of the file app/controllers/oauth.js. The manipulation leads to session fixiation. The name of the patch is e9f0d509e1408743048e29d9c099d36e0e1f6ae7. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217559.

 
2022-11-30
Waiting for details
CVE-2022-4231

Updating...
 

 
A vulnerability, which was classified as problematic, has been found in Tribal Systems Zenario CMS 9.3.57595. This issue affects some unknown processing of the component Remember Me Handler. The manipulation leads to session fixiation. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-214589 was assigned to this vulnerability.

 
2022-09-23
Waiting for details
CVE-2022-3269

Updating...
 

 
Session Fixation in GitHub repository ikus060/rdiffweb prior to 2.4.7.

 
2022-08-25
Waiting for details
CVE-2022-2997

Updating...
 

 
Session Fixation in GitHub repository snipe/snipe-it prior to 6.0.10.

 
2022-08-22
Waiting for details
CVE-2022-30605

Updating...
 

 
A privilege escalation vulnerability exists in the session id functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to increased privileges. An attacker can get an authenticated user to send a crafted HTTP request to trigger this vulnerability.

 
2022-07-06
Medium
CVE-2022-22681

Vendor: Synology
Software: Photo station
 

 
Session fixation vulnerability in access control management in Synology Photo Station before 6.8.16-3506 allows remote attackers to bypass security constraint via unspecified vectors.

 
2022-04-27
Medium
CVE-2021-38869

Updating...
 

 
IBM QRadar SIEM 7.3, 7.4, and 7.5 in some situations may not automatically log users out after they exceede their idle timeout. IBM X-Force ID: 208341.

 
2022-04-18
Medium
CVE-2021-20324

Vendor: Redhat
Software: Codeready studio
 

 
A flaw was found in WildFly Elytron. A variation to the use of a session fixation exploit when using Undertow was found despite Undertow switching the session ID after authentication.

 

 


Copyright 2023, cxsecurity.com

 

Back to Top