An issue was discovered on TP-Link TL-WR840N v5 00000005 0.9.1 3.16 v0001.0 Build 170608 Rel.58…

Gogs 0.11.66 allows remote code execution because it does not properly validate session IDs, as…

Wind River VxWorks 6.6 through vx7 has Session Fixation in the TCP component. This is a IPNET s…

In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time …

GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to…

Zoho ManageEngine ServiceDesk 9.3 allows session hijacking and privilege escalation because an …

Session fixation vulnerability in Apache2Triad 1.5.4 allows remote attackers to hijack web sess…

mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds…

Successful exploitation of the vulnerability could allow an unauthenticated attacker to obtain …

When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0…

org/apache/catalina/connector/CoyoteAdapter.java in Apache Tomcat 6.0.33 through 6.0.37 does no…

In Sophos Web Appliance (SWA) before 4.3.1.2, Session Fixation could occur, aka NSWA-1310.

java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication featur…

In Moodle, a remote code execution risk was identified in the Shibboleth authentication plugin.

Apache CXF's STSClient before 3.1.11 and 3.0.13 uses a flawed way of caching tokens that are as…

Nortek Linear eMerge E3-Series 0.32-07p devices are vulnerable to /card_scan.php?CardFormatNo= …

Apache Zeppelin prior to 0.7.3 was vulnerable to session fixation which allowed an attacker to …

REST client for Ruby (aka rest-client) before 1.8.0 allows remote attackers to conduct session …

Navarino Infinity is prone to session fixation attacks. The server accepts the session ID as a …

clonos.php in ClonOS WEB control panel 19.09 allows remote attackers to gain full access via ch…

A privilege escalation vulnerability exists in the session id functionality of WWBN AVideo 11.6…

Session fixation vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT…

Session fixation vulnerability in Joomla! before 1.0.13 (aka Sunglow) allows remote attackers t…

Honeywell NVR devices allow remote attackers to create a user account in the admin group by lev…

A vulnerability in the implementation of Security Assertion Markup Language (SAML) Single Sign-…

Session fixation vulnerability in the Sessions subsystem in PHP before 5.5.2 allows remote atta…

VMware vCloud Director for Service Providers 9.5.x prior to 9.5.0.3 update resolves a Remote Se…

OpenSSL and SSLeay allow remote attackers to reuse SSL sessions and bypass access controls.

Gitea before 1.5.4 allows remote code execution because it does not properly validate session I…

Session fixation vulnerability in Unit4 Polska TETA Web (formerly TETA Galactica) 22.62.3.4 and…

Session fixation vulnerability in Drupal 5.x before 5.9 and 6.x before 6.3, when contributed mo…

In Pulse Secure Pulse Desktop Client and Network Connect, an attacker could access session toke…

Session fixation vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R serie…

Revive Adserver before 3.2.3 suffers from session fixation, by allowing arbitrary session ident…

Network Time Protocol (NTP), as specified in RFC 5905, uses port 123 even for modes where a fix…

Red Hat JBoss Enterprise Application Platform (EAP) 6.1.0 does not properly cache EJB invocatio…

Red Hat JBoss Enterprise Application Platform (EAP) 6.1.0 does not properly cache EJB invocatio…

Session fixation vulnerability in pcsd in pcs before 0.9.157.

SolarWinds N-central through 2020.1 allows session hijacking and requires user interaction or p…

TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmw…