CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,205 vulnerabilities with CWE-200
CVE-2011-4850
Parallels Plesk Panel 10.4.4_build20111103.18 - Exposure of Sensitive Information via Missing HTTPOnly Cookie Flag
CVE-2011-4849
Parallels Plesk Panel 10.4.4_build20111103.18 - Exposure of Sensitive Information via Insecure Cookie Transmission
CVE-2011-4848
Parallels Plesk Panel 10.4.4_build20111103.18 - Exposure of Sensitive Information via Password in HTTP Response
CVE-2011-4767
Parallels Plesk Small Business Panel 10.2.0 - Exposure of Sensitive Information via Site Editor Pages
CVE-2011-4766
Parallels Plesk Small Business Panel 10.2.0 - ASP Source Code Exposure via Site Editor Direct Request
CVE-2011-4765
Parallels Plesk Small Business Panel 10.2.0 - Sensitive Information Exposure via Missing HTTPOnly Flag
CVE-2011-4760
Parallels Plesk Small Business Panel 10.2.0 - Exposure of Sensitive Information via Email Address Disclosure
CVE-2011-4759
Parallels Plesk Small Business Panel 10.2.0 - Exposure of Sensitive Information via Referer Log Leakage
CVE-2011-4756
Parallels Plesk Small Business Panel 10.2.0 - Exposure of Sensitive Information via Missing HTTPOnly Cookie Flag
CVE-2011-4751
SmarterStats 6.2.4100 - Cross-Domain Referer Leakage via frmGettingStarted.aspx
CVE-2011-4748
Parallels Plesk Panel 10.3.1_build1013110726.09 - Exposure of Sensitive Information via Billing System Web Pages
CVE-2011-4742
Parallels Plesk Panel 10.2.0 build 20110407.20 - Exposure of Sensitive Information via Email Address Disclosure
CVE-2011-4741
Parallels Plesk Panel 10.2.0 build 20110407.20 - Exposure of Sensitive Information via Database Connection String
CVE-2011-4740
Parallels Plesk Panel 10.2.0 build 20110407.20 - Exposure of Sensitive Information via Cross-Domain Referer Leakage
CVE-2011-4738
Parallels Plesk Panel 10.2.0 - Sensitive Information Exposure via Missing HTTPOnly Flag
CVE-2011-4737
Parallels Plesk Panel 10.2.0 build 20110407.20 - Exposure of Sensitive Information via Password in HTTP Response
CVE-2011-4731
Parallels Plesk Panel 10.2.0_build1011110331.18 - Exposure of Sensitive Information via RFC 1918 IP Address Disclosure
CVE-2011-4728
Parallels Plesk Panel 10.2.0_build101110331.18 - Exposure of Sensitive Information via Insecure Cookie Transmission
CVE-2011-4598
Asterisk 1.6.2.x < 1.6.2.21 and 1.8.x < 1.8.7.2 - Denial of Service via SIP Request Handling
CVE-2011-4597
Asterisk 1.4.x < 1.4.43, 1.6.x < 1.6.2.21, 1.8.x < 1.8.7.2 - Username Enumeration via SIP UDP Response Port Variation
CVE-2011-3404
Microsoft Internet Explorer 6-9 - Info Disclosure
CVE-2011-0291
BlackBerry Tablet OS - Privilege Escalation via Crafted Backup Archive Configuration File
CVE-2011-3179
Novell GroupWise Messenger < 2.0.4 and Messenger 2.1-2.2 - Unauthenticated Arbitrary Memory Read via Crafted Command
CVE-2011-4497
ASUS RT-N56U Firmware < 1.0.1.4 - Unauthenticated Administrator Password Exposure via QIS_wizard.htm
CVE-2011-4457
OWASP HTML Sanitizer < 88 - Information Exposure via FORM Element in NOSCRIPT
Details
Vulnerabilities 10,205
Exploit Likelihood High