CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,209 vulnerabilities with CWE-200
CVE-2009-3951
Adobe Flash Player <10.0.42.34 - Info Disclosure
CVE-2009-4254
PowerPhlogger 2.2.5 - Info Disclosure
CVE-2009-4236
EC-CUBE Ver2 <2.4.1 - Info Disclosure
CVE-2009-4175
CutePHP CuteNews <8b - Info Disclosure
CVE-2009-4170
WP-Cumulus Plug-in <1.20 - Info Disclosure
CVE-2009-4109
DotNetNuke <5.1.4 - Info Disclosure
CVE-2009-4073
Microsoft Internet Explorer 8 - Info Disclosure
CVE-2009-3386
Bugzilla 3.3.2-3.4.3, 3.5-3.5.1 - Sensitive Information Exposure via Bug Alias
CVE-2009-3946
Joomla! < 1.5.15 - Unauthenticated Sensitive Information Exposure via Direct XML File Request
CVE-2009-3727
Asterisk <1.2.35/1.4.26.3/1.6.0.17/1.6.1.9 - Unauthenticated Username Enumeration via SIP REGISTER
CVE-2009-3883
Sun Java SE 5.0-6 - Info Disclosure
CVE-2009-3882
Sun Java SE <5.0U22 & 6 < U17 - Info Disclosure
CVE-2009-3881
Sun Java SE <5.0 Update 22 & <6 Update 17 - Privilege Escalation
CVE-2009-3628
TYPO3 < 4.0.12, 4.1.x < 4.1.13, 4.2.x < 4.2.10, 4.3.x < 4.3beta2 - Encryption Key Exposure
CVE-2009-3815
RunCMS 2M1 - Exposure of Sensitive Information via Error Message in preg_match
CVE-2009-3782
Userpoints 6.x - Authenticated Exposure of Sensitive Userpoint Data
CVE-2009-3756
phpBMS 0.96 - Exposure of Sensitive Information via Direct Request
CVE-2009-2910
Linux Kernel < 2.6.31.4 - Unauthorized Register Value Exposure via x86_64 ia32 Mode Switch
CVE-2009-3612
Linux Kernel < 2.4.37.6 and 2.6.x < 2.6.32-rc5 - Information Disclosure via Uninitialized tcm__pad2 Structure
CVE-2009-3646
InterVations NaviCOPA Web Server 3.01 - Unauthenticated Source Code Exposure via ::$DATA Suffix
CVE-2009-3600
HUBScript 1.0 - Unauthenticated Sensitive Information Exposure via phpinfo.php
CVE-2009-3544
Xerver HTTP Server 4.32 - Exposure of Sensitive Information via ::$DATA Suffix
CVE-2009-3457
Cisco ACE Web Application Firewall and ACE XML Gateway < 6.1 - Information Disclosure via Unhandled HTTP Request
CVE-2009-3452
RADactive I-Load < 2008.2.5.0 - Exposure of Sensitive Information via WebCoreModule.ashx
CVE-2009-3199
Uebimiau Webmail 3.2.0-2.0 - Unauthenticated Exposure of Sensitive Information via Direct Request
Details
Vulnerabilities 10,209
Exploit Likelihood High