CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,199 vulnerabilities with CWE-200
CVE-2012-5182
Loctouch < 3.4.6 - Exposure of Sensitive Location Information via Implicit Intent Handling
CVE-2012-5180
Opera Mobile <12.1 & Opera Mini <7.5 - Info Disclosure
CVE-2012-4046
D-Link DCS-932L Firmware 1.02 - Unauthenticated Password Exposure via UDP Broadcast Packet
CVE-2012-4698
Siemens RuggedCom - Info Disclosure
CVE-2012-6325
VMware vCenter Server Appliance < 5.0 Update 2 - Authenticated Arbitrary File Read via XML Parsing
CVE-2012-5765
IBM Rational ClearQuest 7.1.2.x-7.1.2.8 and 8.0.0.x-8.0.0.4 - Exposure of Sensitive Information via SQL Error Message
CVE-2012-4846
IBM Lotus Notes <8.5.3 FP3 - Info Disclosure
CVE-2012-4976
Layton Helpbox 4.4.0 - Info Disclosure
CVE-2012-6313
Simple Gmail Login < 1.1.4 - Unauthenticated Sensitive Information Exposure via Missing Timezone Parameter
CVE-2012-5055
VMware Spring Security Username Enumeration via Login Timing
CVE-2012-6052
Wireshark 1.8.x < 1.8.4 - Sensitive Hostname Information Exposure via pcap-ng File Parsing
CVE-2012-5554
Webform CiviCRM Integration <7.x-3.2 - Info Disclosure
CVE-2012-5552
Drupal Password policy module <7.x-1.3 - Info Disclosure
CVE-2012-5544
Mandrill <7.x-1.2 - Info Disclosure
CVE-2012-5615
Oracle MySQL <5.5.38 & MariaDB <5.5.28a - Info Disclosure
CVE-2012-6049
Open Solution Quick.Cart 5.0 - Information Disclosure via Malformed Cookie
CVE-2012-0959
Remote Login Service 1.0.0 - Unauthorized Exposure of Sensitive Information via Improper Session Clearing
CVE-2012-4411
Xen 4.0-4.2 - Authenticated Sensitive Host Resource Information Exposure via QEMU Monitor
CVE-2012-0818
RESTEasy < 2.3.1 - XML External Entity Injection
CVE-2012-5473
Moodle <2.1.9, <2.2.6, <2.3.3 - Info Disclosure
CVE-2012-4208
Firefox < 17.0 - Exposure of Sensitive Information via XrayWrapper Property Filtering
CVE-2012-3354
DokuWiki - Unauthenticated Sensitive Information Exposure via Prefix Parameter
CVE-2012-5916
Neocrome Seditio build 161 - Exposure of Sensitive Information via Direct SQL File Access
CVE-2012-5915
Neocrome Seditio <= Build 161 - Information Disclosure via Direct Request
CVE-2012-5890
sr_feuser_register < 2.6.2 - Exposure of Sensitive Information via Edit Perspective or Autologin Feature
Details
Vulnerabilities 10,199
Exploit Likelihood High