CWE-200
High likelihoodExposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
10,195 vulnerabilities with CWE-200
CVE-2014-3056
IBM WebSphere Portal 7.x-8.0.0.1 CF12 - Information Disclosure via Unified Task List Portlet
CVE-2014-3050
IBM Rational Team Concert 3.x < 3.0.1.6 IF3 and 4.x < 4.0.7 - Credential Exposure via Build Engine
CVE-2014-3543
Moodle < 2.3.11, 2.4.x < 2.4.11, 2.5.x < 2.5.7, 2.6.x < 2.6.4, 2.7.x < 2.7.1 - XXE in IMSCP Manifest Parser
CVE-2014-3542
Moodle < 2.3.11, 2.4.x < 2.4.11, 2.5.x < 2.5.7, 2.6.x < 2.6.4, 2.7.x < 2.7.1 - XXE Injection via LTI
CVE-2014-3304
Cisco WebEx Meetings Server - Unauthenticated User Account Enumeration via OutlookAction Class
CVE-2014-3303
Cisco WebEx Meetings Server - Exposure of Sensitive Information via Query String
CVE-2014-5107
concrete5 < 5.6.3 - Unauthenticated Installation Path Exposure via Dashboard Endpoints
CVE-2014-4747
IBM Sametime <8.5.2.1 - Info Disclosure
CVE-2014-3301
Cisco WebEx Meetings Server < 1.5(1.131) - Exposure of Sensitive Information via Stack Trace
CVE-2014-4682
Siemens SIMATIC WinCC <7.3 - Info Disclosure
CVE-2014-4980
Tenable Web UI <2.3.5 - Info Disclosure
CVE-2014-3530
Red Hat JBoss Enterprise Application Platform - XML External Entity Injection in PicketLink DocumentUtil
CVE-2014-2519
EMC RecoverPoint Appliance <4.1.0.1 - Info Disclosure/DoS
CVE-2014-3064
IBM InfoSphere MDM Collaboration Server 10.x-11.x / Server for PIM 9.0-9.1 - Arbitrary File Read
CVE-2014-3045
IBM Scale Out Network Attached Storage < 1.4.3.2 - Local Password Exposure via chuser Command
CVE-2014-2368
Advantech WebAccess <7.2 - Info Disclosure
CVE-2014-2367
Advantech WebAccess <7.2 - Info Disclosure
CVE-2014-2366
Advantech WebAccess <7.2 - Info Disclosure
CVE-2014-4347
Citrix NetScaler <9.3-62.4, <10.1-126.12 - Info Disclosure
CVE-2014-4031
Aruba Networks ClearPass <6.3.4 - Info Disclosure
CVE-2014-4942
wp-easycart < 2.0.6 - Unauthenticated Sensitive Information Exposure via phpinfo.php
CVE-2014-3485
Red Hat Enterprise Virtualization 3.4 - Authenticated XML External Entity Injection
CVE-2014-0174
Red Hat Enterprise MRG 2.5 - Session Cookie Exposure via Missing HTTPOnly Flag
CVE-2014-4022
Xen 4.4.x - Exposure of Sensitive Information via GNTTABOP_setup_table Subhypercall
CVE-2014-2510
EMC Documentum Foundation Services - Authenticated XML External Entity Injection
Details
Vulnerabilities
10,195
Exploit Likelihood
High