• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-384

CVE-2008-3222

February 26, 2023 by

Session fixation vulnerability in Drupal 5.x before 5.9 and 6.x before 6.3, when contributed modules “terminate the current request during a login event,” allows remote attackers to hijack web sessions via unknown vectors.

CVE-2007-4188

February 26, 2023 by

Session fixation vulnerability in Joomla! before 1.0.13 (aka Sunglow) allows remote attackers to hijack administrative web sessions via unspecified vectors.

CVE-2018-9082

February 26, 2023 by

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the password changing functionality available to authenticated users does not require the user’s current password to set a new one. As a result, attackers with access to the user’s session tokens can change their password and retain access to the user’s account

CVE-2018-9026

February 26, 2023 by

A session fixation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to hijack user sessions with a specially crafted request.

CVE-2018-8852

February 26, 2023 by

Philips e-Alert Unit (non-medical device), Version R2.1 and prior. When authenticating a user or otherwise establishing a new user session, the software gives an attacker the opportunity to steal authenticated sessions without invalidating any existing session identifier.

CVE-2018-6959

February 26, 2023 by

VMware vRealize Automation (vRA) prior to 7.4.0 contains a vulnerability in the handling of session IDs. Exploitation of this issue may lead to the hijacking of a valid vRA user’s session.

  • Go to page 1
  • Go to page 2
  • Go to page 3
  • Interim pages omitted …
  • Go to page 31
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE