Filtered by CWE-384
Total 334 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2017-10600 1 Canonical 1 Ubuntu-image 2024-11-21 N/A
ubuntu-image 1.0 before 2017-07-07, when invoked as non-root, creates files in the resulting image with the uid of the invoking user. When the resulting image is booted, a local attacker with the same uid as the image creator has unintended access to cloud-init and snapd directories.
CVE-2017-1000150 1 Mahara 1 Mahara 2024-11-21 N/A
Mahara 15.04 before 15.04.7 and 15.10 before 15.10.3 are vulnerable to prevent session IDs from being regenerated on login or logout. This makes users of the site more vulnerable to session fixation attacks.
CVE-2017-0892 1 Nextcloud 1 Nextcloud Server 2024-11-21 3.5 Low
Nextcloud Server before 11.0.3 is vulnerable to an improper session handling allowed an application specific password without permission to the files access to the users file.
CVE-2016-9981 1 Ibm 1 Security Appscan 2024-11-21 N/A
IBM AppScan Enterprise Edition 9.0 contains an unspecified vulnerability that could allow an attacker to hijack a valid user's session. IBM X-Force ID: 120257
CVE-2016-9703 1 Ibm 1 Security Identity Manager Virtual Appliance 2024-11-21 N/A
IBM Security Identity Manager Virtual Appliance does not invalidate session tokens which could allow an unauthorized user with physical access to the work station to obtain sensitive information.
CVE-2016-9574 1 Mozilla 1 Network Security Services 2024-11-21 N/A
nss before version 3.30 is vulnerable to a remote denial of service during the session handshake when using SessionTicket extension and ECDHE-ECDSA.
CVE-2016-9125 1 Revive-adserver 1 Revive Adserver 2024-11-21 N/A
Revive Adserver before 3.2.3 suffers from session fixation, by allowing arbitrary session identifiers to be forced and, at the same time, by not invalidating the existing session upon a successful authentication. Under some circumstances, that could have been an opportunity for an attacker to steal an authenticated session.
CVE-2016-8638 2 Ipsilon Project, Redhat 2 Ipsilon, Enterprise Linux 2024-11-21 N/A
A vulnerability in ipsilon 2.0 before 2.0.2, 1.2 before 1.2.1, 1.1 before 1.1.2, and 1.0 before 1.0.3 was found that allows attacker to log out active sessions of other users. This issue is related to how it tracks sessions, and allows an unauthenticated attacker to view and terminate active sessions from other users. It is also called a "SAML2 multi-session vulnerability."
CVE-2016-8609 1 Redhat 2 Jboss Single Sign On, Keycloak 2024-11-21 N/A
It was found that the keycloak before 2.3.0 did not implement authentication flow correctly. An attacker could use this flaw to construct a phishing URL, from which he could hijack the user's session. This could lead to information disclosure, or permit further possible attacks.
CVE-2016-6545 1 Ieasytec 1 Itrackeasy 2024-11-21 N/A
Session cookies are not used for maintaining valid sessions in iTrack Easy. The user's password is passed as a POST parameter over HTTPS using a base64 encoded passwd field on every request. In this implementation, sessions can only be terminated when the user changes the associated password.
CVE-2016-6043 1 Ibm 1 Tivoli Storage Manager 2024-11-21 N/A
Tivoli Storage Manager Operations Center could allow a local user to take over a previously logged in user due to session expiration not being enforced.
CVE-2016-6040 1 Ibm 1 Rational Collaborative Lifecycle Management 2024-11-21 N/A
IBM Jazz Foundation could allow an authenticated user to take over a previously logged in user due to session expiration not being enforced.
CVE-2016-10405 2 D-link, Dlink 2 Dir-600l Firmware, Dir-600l 2024-11-21 N/A
Session fixation vulnerability in D-Link DIR-600L routers (rev. Ax) with firmware before FW1.17.B01 allows remote attackers to hijack web sessions via unspecified vectors.
CVE-2016-10205 1 Zoneminder 1 Zoneminder 2024-11-21 N/A
Session fixation vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack web sessions via the ZMSESSID cookie.
CVE-2016-0721 3 Clusterlabs, Fedoraproject, Redhat 3 Pcs, Fedora, Enterprise Linux 2024-11-21 N/A
Session fixation vulnerability in pcsd in pcs before 0.9.157.
CVE-2015-5384 1 Axiomsl 1 Axiom 2024-11-21 N/A
AxiomSL's Axiom Google Web Toolkit module 9.5.3 and earlier is vulnerable to a Session Fixation attack.
CVE-2015-4594 1 Eclinicalworks 1 Population Health 2024-11-21 N/A
eClinicalWorks Population Health (CCMR) suffers from a session fixation vulnerability. When authenticating a user, the application does not assign a new session ID, making it possible to use an existent session ID.
CVE-2015-1820 2 Redhat, Rest-client Project 4 Cloudforms Managementengine, Satellite, Satellite Capsule and 1 more 2024-11-21 N/A
REST client for Ruby (aka rest-client) before 1.8.0 allows remote attackers to conduct session fixation attacks or obtain sensitive cookie information by leveraging passage of cookies set in a response to a redirect.
CVE-2015-1174 1 Unit4 1 Teta Web 2024-11-21 N/A
Session fixation vulnerability in Unit4 Polska TETA Web (formerly TETA Galactica) 22.62.3.4 and earlier allows remote attackers to hijack web sessions via a session id.
CVE-2014-4789 1 Ibm 1 Initiate Master Data Service 2024-11-21 N/A
Session fixation vulnerability in IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 allows remote attackers to hijack web sessions via unspecified vectors.