CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,204 vulnerabilities with CWE-200
CVE-2012-0130
HP Onboard Administrator < 3.50 - Exposure of Sensitive Information
CVE-2012-1670
PHP Grade Book < 1.9.5 BETA - Unauthenticated Database Exposure via SaveSQL Action
CVE-2012-1926
Opera < 11.62 - Same Origin Policy Bypass via history.pushState and history.replaceState
CVE-2012-1920
AtMail Open-Source < 1.04 - Unauthenticated Sensitive Information Exposure via info.php
CVE-2012-1837
IBM Tivoli Endpoint Manager < 8.2 - Information Exposure via Missing HTTPOnly Cookie Flag
CVE-2012-0328
Janetter <3.3.0.0 - Info Disclosure
CVE-2012-1466
NetMechanica NetDecision < 4.5.1 - Unauthenticated Source Code Exposure via Invalid Version Number
CVE-2012-1464
NetMechanica NetDecision < 4.5.1 - Information Disclosure via Trailing Question Mark
CVE-2012-1786
Video Embed & Thumbnail Generator < 2.0 - Unauthenticated Installation Path Exposure
CVE-2012-1513
VMware vCenter Orchestrator 4.0-4.2 - Authenticated Exposure of Sensitive Information via Web Configuration Tool
CVE-2012-0456
Mozilla Firefox <4.11 - Info Disclosure
CVE-2012-0690
TIBCO Spotfire <10.1.2-4.0.2 - Info Disclosure
CVE-2012-0689
TIBCO ActiveMatrix Platform - Info Disclosure
CVE-2012-0687
TIBCO ActiveMatrix Runtime Platform and ActiveMatrix Platform - Exposure of Sensitive Information via Crafted URL
CVE-2012-0647
Safari < 5.1.4 - Unauthenticated Credential Exposure via Redirect and HTTP Authentication
CVE-2012-0640
Safari < 5.1.4 - Unauthorized Cookie Tracking via WebKit Cookie Blocking Bypass
CVE-2012-0316
Cookpad android_activities < 1.5.16 and android_mykitchen < 1.1.1 - Exposure of Sensitive Information via WebView
CVE-2012-0236
Advantech WebAccess < 6.0 - Unauthenticated Sensitive Information Exposure via Direct URL Request
CVE-2012-1223
RabidHamster R2/Extreme < 1.65 - Exposure of Sensitive Information via Brute Force PIN Attack
CVE-2012-0010
Microsoft Internet Explorer 6-9 - Unauthorized Information Exposure via Copy-and-Paste Operations
CVE-2012-0447
Mozilla Firefox <10 - Info Disclosure
CVE-2012-0817
Samba 3.6.x - Denial of Service via Connection Request Memory Leak
CVE-2011-4916 MEDIUM
Linux Kernel <= 3.1 - Unauthorized Keystroke Information Exposure via /dev/pts/ and /dev/tty*
CVSS 5.5
CVE-2011-4917 MEDIUM
Linux Kernel < 3.1 - Information Disclosure via /proc/stat
CVSS 5.5
CVE-2011-2863 MEDIUM
Google Chrome < 14.0.0.0 - Exposure of Sensitive Information via V8 Policy Enforcement
CVSS 6.5
Details
Vulnerabilities 10,204
Exploit Likelihood High