CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,194 vulnerabilities with CWE-200
CVE-2014-9593
Apache CloudStack <4.3.2, <4.4.2 - Info Disclosure
CVE-2014-8637
Mozilla Firefox <35.0 & SeaMonkey <2.32 - Info Disclosure
CVE-2014-5233
SIMATIC WinCC Sm@rtClient < 1.0 - Exposure of Sm@rtServer Credentials via Credential-Processing Error
CVE-2014-5231
SIMATIC WinCC Sm@rtClient < 1.0.2 - Unauthenticated Password Exposure via Local Storage
CVE-2014-10026
D-Link DAP-1360 Firmware < 2.5.4 - Unauthenticated Sensitive Information Exposure via client_login Cookie
CVE-2014-10005
Maian Uploader 4.0 - Unauthenticated Sensitive Information Exposure via Missing Height Parameter
CVE-2014-100009
Joomlaskin JS Multi Hotel < 2.2.1 - Unauthenticated Installation Path Exposure via Multiple Scripts
CVE-2014-8035
Cisco WebEx Meetings Server - User Enumeration via Username Existence Check
CVE-2014-8032
Cisco WebEx Meetings Server - Authenticated Sensitive Information Exposure via OutlookAction LI
CVE-2014-9579
VDG Security SENSE <2.3.13 - Info Disclosure
CVE-2014-9577
VDG Security SENSE <2.3.13 - Info Disclosure
CVE-2014-9576
VDG Security SENSE 2.3.13 - Info Disclosure
CVE-2014-4638
EMC Documentum WDK < 6.7 - Exposure of Sensitive Information via Frame Injection
CVE-2014-9506
MantisBT < 1.2.17 - Authenticated Exposure of Sensitive Information via Monitored Issue Email
CVE-2014-1908
VideoWhisper Live Streaming <4.29.5 - Info Disclosure
CVE-2014-6123
IBM Rational and Security AppScan Source - Credential Exposure in Installation Logs
CVE-2014-6229
Facebook HipHop Virtual Machine <3.3.0 - Info Disclosure
CVE-2014-9419
Linux kernel <3.18.1 - Privilege Escalation
CVE-2014-7993
Cisco Meraki MS, MR, MX Firmware < 2014-09-24 - Sensitive Credential Exposure via HTTP Handler
CVE-2014-5215
NetIQ Access Manager 4.x - Authenticated Exposure of Sensitive Information via Monitoring and Debug Endpoints
CVE-2014-8025
Cisco Jabber Guest Server - Exposure of Sensitive Information via HTTP GET/POST Responses
CVE-2014-8024
Cisco Jabber Guest Server - Exposure of Sensitive Information via HTTP Request Sniffing
CVE-2014-8017
Cisco Identity Services Engine Software - Exposure of Sensitive Information via Periodic Backup Feature
CVE-2014-8007
Cisco Prime Infrastructure - Authenticated Exposure of Sensitive Information via Quick Discovery Options Page
CVE-2014-3410
Cisco Adaptive Security Appliance Software - Administrator Password Exposure via Syslog Message
Details
Vulnerabilities 10,194
Exploit Likelihood High