CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,195 vulnerabilities with CWE-200
CVE-2013-1402
DigiLIBE 3.4 - Exposure of Sensitive Configuration Information via Direct Request
CVE-2013-0015
Microsoft Internet Explorer 6-9 - Unauthorized Information Exposure via Shift JIS Encoding
CVE-2013-1455
Joomla! 3.0.x-3.0.2 - Information Disclosure via Undefined Variable
CVE-2013-1454
Joomla! 3.0.0-3.0.2 - Information Disclosure
CVE-2013-0637
Adobe Flash Player <10.3.183.63,11.x <11.6.602.168 - Info Disclosure
CVE-2013-1107
Cisco Webex Social - Info Disclosure
CVE-2013-0218
JBoss EAP and EWP 5.2.0 - Sensitive Information Exposure via Auto-Install XML File
CVE-2013-0748
Mozilla Firefox <18 - Info Disclosure
CVE-2013-0001
Microsoft .NET Framework Information Disclosure via Uninitialized Memory Arrays
CVE-2013-0721
WP PHP Widget 1.0.2 - Info Disclosure
CVE-2012-10016 MEDIUM
Halulu simple-download-button-shortcode Plugin <1.1 - Info Disclosure
CVSS 4.3
CVE-2012-1094 HIGH
JBoss AS 7 <7.1.1 - Info Disclosure
CVSS 7.5
CVE-2012-0844 MEDIUM
Netsurf < 2.8 - Unauthorized Exposure of Sensitive Information via World-Readable Cookie Jar
CVSS 5.5
CVE-2012-6091 HIGH
Magento < 1.7.0.2 - Information Disclosure via Zend_XmlRpc Class
CVSS 7.5
CVE-2012-5828 MEDIUM
BlackBerry PlayBook < 2.1 - Information Disclosure via Web Browser Component
CVSS 6.5
CVE-2012-1994 MEDIUM
HP Systems Insight Manager < 7.0 - Unauthenticated Exposure of Sensitive Information
CVSS 5.7
CVE-2012-5570 MEDIUM
Drupal Basic Webmail <6.x-1.2 - Info Disclosure
CVSS 4.3
CVE-2012-6341 MEDIUM
NETGEAR WGR614 v7 and v9 - Unauthenticated Sensitive Information Exposure via my config File
CVSS 6.5
CVE-2012-2724 MEDIUM
Simplenews < 6.x-1.4/6.x-2.0-alpha4/7.x-1.0-rc1 - Sensitive Information Exposure
CVSS 5.3
CVE-2012-5476 MEDIUM
RHOS Essex Preview - Info Disclosure
CVSS 5.5
CVE-2012-4420 HIGH
Oracle JDK - Exposure of Sensitive Information via Integer Array Initialization
CVSS 7.5
CVE-2012-1105 MEDIUM
Jasig Project php-pear-CAS 1.2.2 - Info Disclosure
CVSS 5.5
CVE-2012-5644 MEDIUM
libuser < 0.59 - Information Disclosure via Home Directory Move
CVSS 5.5
CVE-2012-5535 HIGH
GNOME gnome-system-log - Information Disclosure
CVSS 7.5
CVE-2012-6079 HIGH
W3 Total Cache < 0.9.2.5 - Exposure of Sensitive Cached Database Information via Predictable Filenames
CVSS 7.5
Details
Vulnerabilities 10,195
Exploit Likelihood High