• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-384

CVE-2018-1375

February 26, 2023 by

IBM Security Guardium Big Data Intelligence (SonarG) 3.1 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This could force a user to utilize a cookie that may be known to an attacker. IBM X-Force ID: 137776.

CVE-2018-13337

February 26, 2023 by

Session Fixation in the web application for TerraMaster TOS version 3.1.03 allows attackers to control users’ session cookies via JavaScript.

CVE-2018-13282

February 26, 2023 by

Session fixation vulnerability in SYNO.PhotoStation.Auth in Synology Photo Station before 6.8.7-3481 allows remote attackers to hijack web sessions via the PHPSESSID parameter.

CVE-2018-12538

February 26, 2023 by

In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions and even delete unmatched HttpSessions present in the FileSystem’s storage for the FileSessionDataStore.

CVE-2018-12071

February 26, 2023 by

A Session Fixation issue exists in CodeIgniter before 3.1.9 because session.use_strict_mode in the Session Library was mishandled.

CVE-2018-11714

February 26, 2023 by

An issue was discovered on TP-Link TL-WR840N v5 00000005 0.9.1 3.16 v0001.0 Build 170608 Rel.58696n and TL-WR841N v13 00000013 0.9.1 4.16 v0001.0 Build 170622 Rel.64334n devices. This issue is caused by improper session handling on the /cgi/ folder or a /cgi file. If an attacker sends a header of “Referer: http://192.168.0.1/mainFrame.htm” then no authentication is required for any action.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 4
  • Go to page 5
  • Go to page 6
  • Go to page 7
  • Go to page 8
  • Interim pages omitted …
  • Go to page 31
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE