CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,205 vulnerabilities with CWE-200
CVE-2011-3502
Cogent DataHub <7.1.1.63 - Info Disclosure
CVE-2011-3497
Measuresoft ScadaPro < 4.0.0 - Remote Code Execution via XF Function
CVE-2011-1892
Microsoft SharePoint and Office Products - XML External Entity Injection in Web Parts
CVE-2011-3388
Opera < 11.51 - Unauthenticated Exposure of Sensitive Information via Extended Validation Spoofing
CVE-2011-1643
Cisco Unified Communications Manager Database Data Exposure via SSL Query Interface
CVE-2011-2737
RSA enVision < 4 SP4 P3 - Unauthenticated Arbitrary File Read
CVE-2011-3265
Zabbix < 1.8.7 - Unauthenticated Exposure of Sensitive Information via popup.php srctbl Parameter
CVE-2011-3264
Zabbix < 1.8.6 - Unauthenticated Sensitive Information Exposure via Invalid srcfld2 Parameter
CVE-2011-2986
Mozilla Firefox 4.x-5 and Thunderbird < 6 - Unauthorized Sensitive Image Data Exposure via Canvas
CVE-2011-2983
Firefox < 3.6.20 - Same Origin Policy Bypass via RegExp.input Use-After-Free
CVE-2011-3011
CA ARCserve D2D r15 - Exposure of Sensitive Information via Session Handling
CVE-2011-3128
WordPress 3.1-3.1.2 and 3.2 Beta 1 - Unauthorized Sensitive Data Exposure via Unattached Attachments
CVE-2011-3126
WordPress 3.1-3.1.2 and 3.2 Beta 1 - Username Enumeration via Canonical Redirects
CVE-2011-1978
Microsoft .NET Framework <4 - Info Disclosure
CVE-2011-1977
Microsoft .NET Framework 4-3.5 SP1 - Info Disclosure
CVE-2011-2380
Bugzilla Multiple Versions - Private Group Name Exposure via Bug Creation or Editing
CVE-2011-2720
GLPI < 0.80.2 - Exposure of Sensitive Information via Autocompletion
CVE-2011-2800
Google Chrome < 13.0.782.107 - Exposure of Sensitive Information via Client-Side Redirect
CVE-2011-2784
Google Chrome < 13.0.782.107 - Exposure of Sensitive Information via GL Program Log
CVE-2011-2492
Linux Kernel < 3.0 - Information Disclosure via Bluetooth getsockopt System Call
CVE-2011-2891
Joomla! 1.6.x < 1.6.2 - Information Disclosure via Empty Itemid Parameter
CVE-2011-2890
Joomla! < 1.5.23 - Information Disclosure via MediaViewMedia Base Variable
CVE-2011-2889
Joomla! < 1.5.23 - Information Disclosure via Error Page Path Exposure
CVE-2011-2488
Joomla! < 1.5.23 - Information Disclosure
CVE-2011-0244
Safari < 5.0.6 - Unauthenticated Arbitrary File Read via RSS Feed URL Canonicalization
Details
Vulnerabilities 10,205
Exploit Likelihood High