CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,205 vulnerabilities with CWE-200
CVE-2011-2774
Mahara 1.3.x-1.4.x - Authenticated Exposure of Sensitive Information via Replyto Parameter
CVE-2011-3441
iPhone OS < 5.0.1 - Information Disclosure via DNS Hostname
CVE-2011-3653
Mozilla Firefox <8.0 & Thunderbird <8.0 - SSRF
CVE-2011-3649
Mozilla Firefox <7.0 & Thunderbird <7.0 - CSRF
CVE-2011-1368
IBM WebSphere App Server <8.0.0.1 - Info Disclosure
CVE-2011-3163
HP MFP Digital Sending Software 4.9x-4.91.21 - Exposure of Sensitive Workflow-Metadata Information
CVE-2011-2059
Cisco IOS <15.1(4)M1.3 - Info Disclosure
CVE-2011-2042
Cisco CiscoWorks <4.1 - Info Disclosure
CVE-2011-3431
iPhone OS - Unauthorized Sensitive Information Exposure via Home Screen Gesture
CVE-2011-3427
Apple iOS <5 - Apple TV <4.4 - Info Disclosure
CVE-2011-3253
iPhone OS - Unprotected User Data Exposure via CalDAV SSL Certificate Validation Bypass
CVE-2011-3246
CFNetwork in iOS < 5.0.1 and Mac OS X < 10.7.2 - Unintended Cookie Transmission via Malformed URL Parsing
CVE-2011-3242
Apple Safari - Unauthorized Cookie Tracking via Private Browsing Block Cookies Setting
CVE-2011-3220
macOS X < 10.7.2 - Information Disclosure via QuickTime URL Data Handler
CVE-2011-0231
macOS < 10.7.2 - Unintended Cookie Storage Policy Bypass
CVE-2011-3975
HTC Android <2.3.4 - Info Disclosure
CVE-2011-3580
IceWarp Mail Server <10.3.3 - Info Disclosure
CVE-2011-3694
NetSaro Enterprise Messenger Server 2.0 - Info Disclosure
CVE-2011-3826
Zikula 1.2.4 - Exposure of Sensitive Information via Direct Request to PHP Files
CVE-2011-3825
Zend Framework 1.11.3 - Info Disclosure
CVE-2011-3824
Your Own URL Shortener (YOURLS) 1.5 - Info Disclosure
CVE-2011-3823
Yamamah 1.0 - Exposure of Sensitive Information via Direct PHP File Request
CVE-2011-3822
XOOPS 2.5.0 - Exposure of Sensitive Information via Direct PHP File Request
CVE-2011-3821
xajax 0.6 beta1 - Unauthenticated Sensitive Information Exposure via Direct PHP File Request
CVE-2011-3820
WSN Software 6.0.6 - Info Disclosure
Details
Vulnerabilities 10,205
Exploit Likelihood High