CWE-200— Exposure of Sensitive Information to an Unauthorized Actor
8,624 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-200page 23 of 173
- CVE-2012-0652NONECVSS 0.0EG 0.02012-05-11
Login Window in Apple Mac OS X 10.7.3, when Legacy File Vault or networked home directories are enabled, does not properly restrict what is written to the system log for network logins, which allows local users to obtain sensitive informat…
- CVE-2012-0687NONECVSS 0.0EG 0.02012-03-13
TIBCO ActiveMatrix Runtime Platform in Service Grid and Service Bus 2.x before 2.3.2 and BusinessWorks Service Engine before 5.8.2; TIBCO ActiveMatrix Platform in TIBCO Silver Fabric ActiveMatrix Service Grid Distribution 3.1.3, Service Gr…
- CVE-2012-0689NONECVSS 0.0EG 0.02012-03-13
The server in TIBCO ActiveMatrix Platform in TIBCO Silver Fabric ActiveMatrix Service Grid Distribution 3.1.3, Service Grid and Service Bus 3.x before 3.1.5, BusinessWorks Service Engine 5.9.x before 5.9.3, and BPM before 1.3.0 allows remo…
- CVE-2012-0690NONECVSS 0.0EG 0.02012-03-13
TIBCO Spotfire Web Application, Web Player Application, Automation Services Application, and Analytics Client Application in Spotfire Analytics Server before 10.1.2; Server before 3.3.3; and Web Player, Automation Services, and Professiona…
- CVE-2012-0731NONECVSS 0.0EG 0.02012-05-03
IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not prevent service-account impersonation, which allows remote authenticated users to read arbitrary files via unspecified vectors.
- CVE-2012-0742NONECVSS 0.0EG 0.02012-04-09
IBM Tivoli Event Pump 4.2.2, when the LOG_REQUESTS and VALIDATE_SOAP_USERS options are enabled, places credentials into the AOPSCLOG (aka AOPLOG) data set, which allows local users to obtain sensitive information by reading the data.
- CVE-2012-0744NONECVSS 0.0EG 0.02012-08-17
IBM Rational ClearQuest 7.1.x through 7.1.2.7 and 8.x through 8.0.0.3 allows remote attackers to obtain potentially sensitive information via a request to a (1) snoop, (2) hello, (3) ivt/, (4) hitcount, (5) HitCount.jsp, (6) HelloHTMLError…
- CVE-2012-0792NONECVSS 0.0EG 0.02012-07-17
mod/forum/user.php in Moodle 1.9.x before 1.9.16 allows remote authenticated users to obtain the names and other details of arbitrary user accounts by searching for posts.
- CVE-2012-0799NONECVSS 0.0EG 0.02012-07-17
Moodle 2.0.x before 2.0.7 and 2.1.x before 2.1.4, when an anonymous front-page forum is enabled, allows remote attackers to obtain session keys for their sessions by visiting the front page.
- CVE-2012-0800NONECVSS 0.0EG 0.02012-07-17
The form-autocompletion functionality in Moodle 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 makes it easier for physically proximate attackers to discover passwords by reading the contents of a non-password field, as dem…
- CVE-2012-0817NONECVSS 0.0EG 0.02012-01-30
Memory leak in smbd in Samba 3.6.x before 3.6.3 allows remote attackers to cause a denial of service (memory and CPU consumption) by making many connection requests.
- CVE-2012-0825NONECVSS 0.0EG 0.02013-10-28
Drupal 6.x before 6.23 and 7.x before 7.11 does not verify that Attribute Exchange (AX) information is signed, which allows remote attackers to modify potentially sensitive AX information without detection via a man-in-the-middle (MITM) at…
- CVE-2012-0837NONECVSS 0.0EG 0.02012-09-06
Joomla! 1.7.x before 1.7.5 and 2.5.x before 2.5.1 allows attackers to obtain the installation path via unspecified vectors related to "administrator."
- CVE-2012-0842MEDIUMCVSS 5.5EG 5.52019-11-19
surf: cookie jar has read access from other local user
- CVE-2012-0843MEDIUMCVSS 5.5EG 5.52019-11-19
uzbl: Information disclosure via world-readable cookies storage file
- CVE-2012-0844MEDIUMCVSS 5.5EG 5.52020-02-21
Information-disclosure vulnerability in Netsurf through 2.8 due to a world-readable cookie jar.
- CVE-2012-0949NONECVSS 0.0EG 0.02012-05-31
The Apport hook in Update Manager as used by Ubuntu 12.04 LTS, 11.10, and 11.04 uploads certain system state archive files when reporting bugs to Launchpad, which allows remote attackers to read repository credentials by viewing a public b…
- CVE-2012-0950NONECVSS 0.0EG 0.02012-06-19
The Apport hook (DistUpgradeApport.py) in Update Manager, as used by Ubuntu 12.04 LTS, 11.10, and 11.04, uploads the /var/log/dist-upgrade directory when reporting bugs to Launchpad, which allows remote attackers to read repository credent…
- CVE-2012-0959NONECVSS 0.0EG 0.02012-11-24
Remote Login Service (RLS) 1.0.0 does not properly clear account information when switching users, which might allow physically proximate users to obtain login credentials.
- CVE-2012-0961NONECVSS 0.0EG 0.02012-12-26
Apt 0.8.16~exp5ubuntu13.x before 0.8.16~exp5ubuntu13.6, 0.8.16~exp12ubuntu10.x before 0.8.16~exp12ubuntu10.7, and 0.9.7.5ubuntu5.x before 0.9.7.5ubuntu5.2, as used in Ubuntu, uses world-readable permissions for /var/log/apt/term.log, which…
- CVE-2012-10016MEDIUMCVSS 4.3EG 4.32023-10-17
A vulnerability classified as problematic has been found in Halulu simple-download-button-shortcode Plugin 1.0 on WordPress. Affected is an unknown function of the file simple-download-button_dl.php of the component Download Handler. The m…
- CVE-2012-1094HIGHCVSS 7.5EG 7.52020-03-10
JBoss AS 7 prior to 7.1.1 and mod_cluster do not handle default hostname in the same way, which can cause the excluded-contexts list to be mismatched and the root context to be exposed.
- CVE-2012-1105MEDIUMCVSS 5.5EG 5.52019-12-05
An Information Disclosure vulnerability exists in the Jasig Project php-pear-CAS 1.2.2 package in the /tmp directory. The Central Authentication Service client library archives the debug logging file in an insecure manner.
- CVE-2012-1111NONECVSS 0.0EG 0.02014-10-27
lightdm before 1.0.9 does not properly close file descriptors before opening a child process, which allows local users to write to the lightdm log or have other unspecified impact.
- CVE-2012-1155HIGHCVSS 7.5EG 7.52019-11-14
Moodle has a database activity export permission issue where the export function of the database activity module exports all entries even those from groups the user does not belong to
- CVE-2012-1158MEDIUMCVSS 4.3EG 4.32019-11-14
Moodle before 2.2.2 has a course information leak in gradebook where users are able to see hidden grade items in export
- CVE-2012-1159MEDIUMCVSS 4.3EG 4.32019-11-14
Moodle before 2.2.2: Overview report allows users to see hidden courses
- CVE-2012-1161MEDIUMCVSS 4.3EG 4.32019-11-14
Moodle before 2.2.2: Course information leak via hidden courses being displayed in tag search results
- CVE-2012-1169MEDIUMCVSS 5.3EG 5.32019-11-14
Moodle before 2.2.2 has Personal information disclosure, when administrative setting users name display is set to first name only full names are shown in page breadcrumbs.
- CVE-2012-1171NONECVSS 0.0EG 0.02014-02-15
The libxml RSHUTDOWN function in PHP 5.x allows remote attackers to bypass the open_basedir protection mechanism and read arbitrary files via vectors involving a stream_close method call during use of a custom stream wrapper.
- CVE-2012-1223NONECVSS 0.0EG 0.02012-02-21
RabidHamster R2/Extreme 1.65 and earlier uses a small search space of values for the PIN number, which allows remote attackers to obtain the PIN number via a brute force attack.
- CVE-2012-1243NONECVSS 0.0EG 0.02012-04-22
The TwitRocker2 application before 1.0.23 for Android does not properly implement the WebView class, which allows remote attackers to obtain sensitive information via a crafted application.
- CVE-2012-1249NONECVSS 0.0EG 0.02012-05-21
The iLunascape application 1.0.4.0 and earlier for Android does not properly implement the WebView class, which allows remote attackers to obtain sensitive stored information via a crafted application.
- CVE-2012-1348NONECVSS 0.0EG 0.02012-08-06
Cisco Wide Area Application Services (WAAS) appliances with software 4.4, 5.0, and 5.1 include a one-way hash of a password within output text, which might allow remote attackers to obtain sensitive information via a brute-force attack on …
- CVE-2012-1361NONECVSS 0.0EG 0.02012-08-06
Cisco IOS 15.1 and 15.2, when the Multicast Music-on-Hold (MMoH) feature of Cisco Unified Communications Manager (CUCM) is enabled, allows remote attackers to obtain sensitive crosstalk information by listening during a PSTN call, aka Bug …
- CVE-2012-1464NONECVSS 0.0EG 0.02012-03-19
Dashboard Server for NetMechanica NetDecision before 4.6.1 allows remote attackers to obtain the installation path via a request with a trailing "?" character, which causes Dashboard to attempt to access a non-existent resource. NOTE: som…
- CVE-2012-1466NONECVSS 0.0EG 0.02012-03-19
The Traffic Grapher Server for NetMechanica NetDecision before 4.6.1 allows remote attackers to obtain the source code of NtDecision script files with a .nd extension via an invalid version number in an HTTP request, as demonstrated using …
- CVE-2012-1513NONECVSS 0.0EG 0.02012-03-16
The Web Configuration tool in VMware vCenter Orchestrator (vCO) 4.0 before Update 4, 4.1 before Update 2, and 4.2 before Update 1 places the vCenter Server password in an HTML document, which allows remote authenticated administrators to o…
- CVE-2012-1579NONECVSS 0.0EG 0.02012-09-09
The resource loader in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 includes private data such as CSRF tokens in a JavaScript file, which allows remote attackers to obtain sensitive information.
- CVE-2012-1586NONECVSS 0.0EG 0.02012-08-27
mount.cifs in cifs-utils 2.6 allows local users to determine the existence of arbitrary files or directories via the file path in the second argument, which reveals their existence in an error message.
- CVE-2012-1607NONECVSS 0.0EG 0.02012-09-04
The Command Line Interface (CLI) script in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to obtain the database name via a direct request.
- CVE-2012-1614NONECVSS 0.0EG 0.02012-09-04
Coppermine Photo Gallery before 1.5.20 allows remote attackers to obtain sensitive information via (1) a direct request to plugins/visiblehookpoints/index.php, an invalid (2) page or (3) cat parameter to thumbnails.php, an invalid (4) page…
- CVE-2012-1645NONECVSS 0.0EG 0.02012-08-28
The CDN module 6.x-2.2 and 7.x-2.2 for Drupal, when running in Origin Pull mode with the "Far Future expiration" option enabled, allows remote attackers to read arbitrary PHP files via unspecified vectors, as demonstrated by reading settin…
- CVE-2012-1670NONECVSS 0.0EG 0.02012-03-31
admin/index.php in PHP Grade Book before 1.9.5 BETA allows remote attackers to read the database via a SaveSQL action.
- CVE-2012-1786NONECVSS 0.0EG 0.02012-03-19
The Media Upload form in the Video Embed & Thumbnail Generator plugin before 2.0 for WordPress allows remote attackers to obtain the installation path via unknown vectors.
- CVE-2012-1812NONECVSS 0.0EG 0.02012-11-13
eosfailoverservice.exe in C3-ilex EOScada before 11.0.19.2 allows remote attackers to obtain sensitive cleartext information via a session on TCP port 12000.
- CVE-2012-1837NONECVSS 0.0EG 0.02012-03-22
The (1) webreports, (2) post/create-role, and (3) post/update-role programs in IBM Tivoli Endpoint Manager (TEM) before 8.2 do not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to…
- CVE-2012-1858NONECVSS 0.0EG 0.02012-06-12
The toStaticHTML API (aka the SafeHTML component) in Microsoft Internet Explorer 8 and 9, Communicator 2007 R2, and Lync 2010 and 2010 Attendee does not properly handle event attributes and script, which makes it easier for remote attacker…
- CVE-2012-1870NONECVSS 0.0EG 0.02012-07-10
The CBC mode in the TLS protocol, as used in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and other products, allows remote web servers to ob…
- CVE-2012-1873NONECVSS 0.0EG 0.02012-06-12
Microsoft Internet Explorer 7 through 9 does not properly create and initialize string data, which allows remote attackers to obtain sensitive information from process memory via a crafted HTML document, aka "Null Byte Information Disclosu…
Map vulnerabilities like CWE-200 to your infrastructure
EchelonGraph correlates every CVE — across CWE-200 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →