CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,213 vulnerabilities with CWE-200
CVE-2009-2134
Pivot 1.40.4 and 1.40.7 - Exposure of Sensitive Information via Invalid URL Parameter
CVE-2009-2130
elvinbts 1.2.0 - Unauthenticated Sensitive Information Exposure via Direct Request
CVE-2009-1680
iPhone OS 1.0-2.2.1 and iPod touch 1.1-2.2.1 - Unauthorized Search History Exposure via Settings Clear
CVE-2009-0958
iPhone OS 1.0-2.2.1 and iPhone OS for iPod touch 1.1-2.2.1 - Untrusted Certificate Exception Storage
CVE-2009-2115
SkyBlueCanvas 1.1 r237 - Info Disclosure
CVE-2009-1835
Firefox < 3.0.11 - Unauthorized Cookie Access via file:// URL Parsing
CVE-2009-2042
libpng < 1.2.37 - Memory Information Disclosure via 1-bit Interlaced Image Parsing
CVE-2009-2031
smbfs <snv_84-snv_110 - Info Disclosure
CVE-2009-1140
Microsoft Internet Explorer Cross-Domain Information Disclosure via Cached Content Rendering
CVE-2009-1718
Safari < 4.0 - Exposure of Sensitive Information via Drag Event Handling
CVE-2009-1713
Apple Safari < 4.0 - Exposure of Sensitive Information via XSLT Document Function
CVE-2009-1706
Safari < 4.0 - Unauthorized Cookie Exposure via Private Browsing Feature
CVE-2009-1703
Apple Safari < 4.0 - Unauthorized File Existence Disclosure via Media Element file: URL
CVE-2009-1700
Apple Safari < 4.0 - Information Exposure via XSLT Redirect Handling
CVE-2009-0229
Microsoft Windows - Info Disclosure
CVE-2009-1296
ecryptfs-utils 73-0ubuntu6.1 - Unauthorized Exposure of Mount Passphrase in Installation Logs
CVE-2009-1949
Unclassified NewsBoard (UNB) <1.6.4 - Info Disclosure
CVE-2009-0783 MEDIUM
Apache Tomcat <6.0.19 - Info Disclosure
CVSS 4.2
CVE-2009-0580
Apache Tomcat <6.0.18 - Info Disclosure
CVE-2009-1900
IBM WebSphere Application Server <7.0.0.5 - Info Disclosure
CVE-2009-1898
IBM WebSphere Application Server (WAS) 6.0.2 - Info Disclosure
CVE-2009-1803
FreePBX 2.4.x-2.5.x and 2.6.x - Username Enumeration via Login Error Messages
CVE-2009-1769
OCS Inventory NG - Username Enumeration via Error Message Discrepancy
CVE-2009-1756
SLiM Simple Login Manager 1.3.0 - Local Exposure of X Authority Cookie via Command Line
CVE-2009-1556
Cisco WVC54GCA - Authenticated Arbitrary File Read via next_file Parameter
Details
Vulnerabilities 10,213
Exploit Likelihood High