CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,204 vulnerabilities with CWE-200
CVE-2012-4605
Websense Email Security 6.1-7.3 - Info Disclosure
CVE-2012-3502
Apache HTTP Server < 2.4.3 - Exposure of Sensitive Information via Proxy Connection Reuse
CVE-2012-4591
McAfee Enterprise Mobility Manager < 10.0 - Unauthenticated Sensitive Information Exposure via About.aspx
CVE-2012-4583
McAfee EWS <5.5.6 & MEG <7.0.1 - Info Disclosure
CVE-2012-4168
Adobe Flash Player <10.3.183.23/11.x<11.4.402.265 Sensitive Info Exposure via Cross-Domain Access
CVE-2012-4219
phpMyAdmin 3.5.x < 3.5.2.1 - Unauthenticated Sensitive Information Exposure via Direct Request to show_config_errors.php
CVE-2012-2387
devotee 0.1 patch 2 - Exposure of Sensitive Information via Weak Random Number Generation
CVE-2012-4007
mixi < 4.2.9 - Unauthorized Exposure of Sensitive Information via SD Card Storage
CVE-2012-4006
gree - Exposure of Sensitive Information via WebView Implementation
CVE-2012-2168
IBM Rational ClearQuest 7.1.x-7.1.2.6 & 8.x-8.0.0.2 - Sensitive Info Exposure via Invalid Parameter
CVE-2012-2165
IBM Rational ClearQuest 7.1.x < 7.1.2.7 and 8.x < 8.0.0.3 - Authenticated Password Hash Exposure via User Query
CVE-2012-0744
IBM Rational ClearQuest <7.1.2.7 & 8.0.0.3 - Info Disclosure
CVE-2012-3249
HP Fortify Software Security Center <3.6 - Info Disclosure
CVE-2012-3248
HP Fortify Software Security Center <3.6 - Info Disclosure
CVE-2012-4332
ShareYourCart 1.7.1 - Information Exposure via SDK Path Disclosure
CVE-2012-4257
George Karpouzas Yet Another Question... - Information Disclosure
CVE-2012-4256
jNews (com_jnews) 7.5.1 - Exposure of Sensitive Information via Emailsearch Parameter
CVE-2012-4255
MySQLDumper 1.24.4 - Exposure of Sensitive Information via Direct Request to refresh_dblist.php
CVE-2012-4254
mysqldumper 1.24.4 - Exposure of Sensitive Information via Direct Request to Restore or Dump Script
CVE-2012-2327
MyBB < 1.6.7 - Unauthenticated Sensitive Information Exposure via Malformed Forumread Cookie
CVE-2012-3474
Ushahidi Platform < 2.5 - Unauthenticated Exposure of Sensitive Information via Comments API
CVE-2012-4235
RSGallery2 (com_rsgallery2) < 3.2.0 - Unauthenticated Directory Listing via Missing index.html
CVE-2012-0421
SUSE Audit Log Keeper <0.2.1-0.4.6.1 - Info Disclosure
CVE-2012-4005
NHN Japan NAVER LINE < 2.5 - Exposure of Sensitive Message Information via Implicit Intent Handling
CVE-2012-1361
Cisco IOS 15.1-15.2 - Exposure of Sensitive Information via Multicast Music-on-Hold Feature
Details
Vulnerabilities 10,204
Exploit Likelihood High