CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,199 vulnerabilities with CWE-200
CVE-2012-3094
Cisco AnyConnect <3.1.00495 - Info Disclosure
CVE-2012-4013
Cybozu KUNAI Browser for Remote Service - Exposure of Sensitive Information via WebView JavaScript Execution
CVE-2012-4909
Google Chrome <18.0.1025308 - Info Disclosure
CVE-2012-2185
IBM Maximo Asset Management 6.2-7.5 - Authenticated Exposure of Sensitive Information
CVE-2012-1579
MediaWiki 1.17.x < 1.17.3 and 1.18.x < 1.18.2 - Exposure of Sensitive Information via Resource Loader
CVE-2012-4012
Cybozu KUNAI < 2.0.5 - Exposure of Sensitive Information via WebView JavaScript Execution
CVE-2012-0837
Joomla! <1.7.5, <2.5.1 - Info Disclosure
CVE-2012-4390
owncloud < 4.0.7 - Authenticated User Enumeration via Calendar and Contacts Remote Endpoints
CVE-2012-3529
TYPO3 4.5.0-4.5.18, 4.6.0-4.6.11, 4.7.0-4.7.3 - Authenticated Encryption Key Exposure
CVE-2012-1614
Coppermine Photo Gallery < 1.5.20 - Exposure of Sensitive Information via Error Message
CVE-2012-1607
TYPO3 4.4.0-4.4.13 4.5.0-4.5.13 4.6.0-4.6.6 4.7 6.0 - Unauthenticated Database Name Exposure via CLI Script
CVE-2012-3976
Firefox < 15.0 and SeaMonkey < 2.12 - Certificate Spoofing via onLocationChange Event
CVE-2012-3975
Firefox < 15.0 - Information Exposure via DOMParser Subresource Loading
CVE-2012-3972
Mozilla Firefox < 15.0 - Exposure of Sensitive Information via XSLT format-number
CVE-2012-3581
Symantec Messaging Gateway < 9.5.4 - Exposure of Sensitive Information via Component Version Disclosure
CVE-2012-1645
CDN module 6.x-2.2 and 7.x-2.2 for Drupal - Unauthenticated Arbitrary File Read via Origin Pull Mode
CVE-2012-3419
Performance Co-Pilot < 3.6.5 - Unauthorized Sensitive Information Exposure via /proc Export
CVE-2012-1586
cifs-utils - Exposure of Sensitive Information via Error Message
CVE-2012-4674
PluXml < 5.1.6 - Unauthenticated Installation Path Exposure via PHPSESSID
CVE-2012-3519
Tor < 0.2.2.37 - Timing Side-Channel Information Disclosure in Relay Selection
CVE-2012-4605
Websense Email Security 6.1-7.3 - Info Disclosure
CVE-2012-3502
Apache HTTP Server < 2.4.3 - Exposure of Sensitive Information via Proxy Connection Reuse
CVE-2012-4591
McAfee Enterprise Mobility Manager < 10.0 - Unauthenticated Sensitive Information Exposure via About.aspx
CVE-2012-4583
McAfee EWS <5.5.6 & MEG <7.0.1 - Info Disclosure
CVE-2012-4168
Adobe Flash Player <10.3.183.23/11.x<11.4.402.265 Sensitive Info Exposure via Cross-Domain Access
Details
Vulnerabilities 10,199
Exploit Likelihood High