CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,204 vulnerabilities with CWE-200
CVE-2012-1348
Cisco Wide Area Application Services 4.4, 5.0, 5.1 - Password Hash Exposure via Output Text
CVE-2012-2474
Cisco Adaptive Security Appliance 8.2-8.4 - Authenticated Denial of Service via Clientless WebVPN Memory Leak
CVE-2012-3864
Puppet < 2.6.17 and 2.7.x < 2.7.18 - Authenticated Arbitrary File Read
CVE-2012-2854
Google Chrome <21.0.1180.57-21.0.1180.60 - Info Disclosure
CVE-2012-2647
Yahoo! Toolbar < 1.0.0.5 - Search URL Manipulation and Search Term Interception
CVE-2012-3886
AirDroid 1.0.4 beta - Exposure of Sensitive Information via MD5 Hashing in Login Key and Cookie
CVE-2012-2302
Drupal Site Documentation (Sitedoc) 6.x-1.x < 6.x-1.4 - Sensitive Information Exposure
CVE-2012-2296
Janrain Engage for Drupal 6.x/7.x < 2.2 - Sensitive Information Exposure
CVE-2012-3694
Safari < 6.0 - Exposure of Sensitive Information via Drag-and-Drop Event Handling
CVE-2012-3650
Apple Safari < 6.0 - Information Disclosure via SVG Image Rendering
CVE-2012-2646
Sleipnir Mobile <2.1.0 - Info Disclosure
CVE-2012-2196
IBM DB2 9.1-10.1 - Unauthenticated Arbitrary XML File Read via GET_WRAP_CFG_C Stored Procedure
CVE-2012-3394
Moodle 2.0.x-2.0.10, 2.1.x-2.1.7, 2.2.x-2.2.4, 2.3.x-2.3.1 - Sensitive Info Exposure via LDAP Redirect
CVE-2012-3357
ViewVC < 1.1.15 - Sensitive Information Exposure via SVN Revision Log Message
CVE-2012-2357
Moodle <2.1.6-2.2.3 - Info Disclosure
CVE-2012-2353
Moodle <2.1.6, <2.2.3 - Info Disclosure
CVE-2012-1960
Firefox 4.x-13.0 and Thunderbird 5.0-13.0 - Information Exposure via QCMS Color Profile Processing
CVE-2012-0800
Moodle <2.0.7-<2.2.1 - Info Disclosure
CVE-2012-0799
Moodle <2.0.7, <2.1.4 - Info Disclosure
CVE-2012-0792
Moodle 1.9.x <1.9.16 - Info Disclosure
CVE-2012-2645
Yahoo! Japan Yahoo! Browser <1.2.0 - Info Disclosure
CVE-2012-3996
TikiWiki CMS/Groupware < 8.2 - Exposure of Sensitive Information via Direct Request
CVE-2012-1870
Microsoft Windows - Exposure of Sensitive Information via TLS CBC Mode
CVE-2012-3838
baby_gekko < 1.2.0 - Unauthenticated Installation Path Exposure via Direct Request
CVE-2012-3829
Joomla! 2.5.3 - Exposure of Sensitive Information via Host HTTP Header
Details
Vulnerabilities 10,204
Exploit Likelihood High