CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,213 vulnerabilities with CWE-200
CVE-2009-1555
Cisco WVC54GCA - Exposure of Sensitive Information via Setup Wizard Remote Management Command
CVE-2009-1494
Memcached 1.2.8 - Exposure of Sensitive Information via Stats Malloc Command
CVE-2009-1341
libdbd-pg-perl < 2.0.0 - Denial of Service via BYTEA Column Data Fetch
CVE-2009-1255
MemcacheDB < 1.2.0 - Unauthenticated Sensitive Information Exposure via Stats Commands
CVE-2009-1412
Google Chrome < 1.0.154.59 - Information Exposure via chromehtml: Protocol Handler
CVE-2009-1311
Firefox < 3.0.9 - Exposure of Sensitive Information via Frame POST Data
CVE-2009-1293
Novell Teaming 1.0-SP3 - Username Enumeration via Login Error Messages
CVE-2009-1292
IBM Rational ClearCase 7.0.0.x-7.0.0.5, 7.0.1.x-7.0.1.4, 7.1.x-7.1.0.1 - Sensitive Information Exposure
CVE-2009-1289
IBM Advanced Management Module - Exposure of Sensitive Information via WEBINDEX Parameter
CVE-2009-1276
OpenSolaris < snv_109 - Unauthorized Sensitive Information Exposure via Popup Windows
CVE-2009-0518
VMware VirtualCenter/ESXi/ESX < 2.5/3.5 Update 4 - Unauthorized Password Exposure
CVE-2009-1239
IBM DB2 < 9.1 - Exposure of Sensitive Information via Query Predicate Order
CVE-2009-0842
MapServer 4.x < 4.10.4 and 5.x < 5.2.2 - Unauthenticated Sensitive Information Exposure via Map Parameter
CVE-2009-0628
Cisco IOS <12.5 - Memory Corruption
CVE-2009-1076
Sun Java System Identity Manager 7.0-8.0 - Username Enumeration via Question-Based Login Feature
CVE-2009-0508
IBM WebSphere Application Server <7.0.0.3 - Info Disclosure
CVE-2009-0143
Apple iTunes < 8.1 - Unauthenticated Exposure of Sensitive Information via Podcast Subscription
CVE-2009-0867
Fujitsu Enhanced Support Facility 3.0/3.0.1 - Unauthenticated Sensitive Information Exposure
CVE-2009-0852
CelerBB 0.0.2 - Exposure of Sensitive Information via User Parameter
CVE-2009-0815
TYPO3 <4.0.12-4.3alpha1 - Info Disclosure
CVE-2009-0776
Firefox < 3.0.7 - Same-Origin Policy Bypass via Cross-Domain Redirect
CVE-2009-0521
Adobe Flash Player <10.0.22.87 - Info Disclosure
CVE-2009-0711
PHPFootball 1.6 - Exposure of Sensitive Information via dbtable and dbfield Parameters
CVE-2009-0678
RavenNuke 2.30 - Exposure of Sensitive Information via Invalid aFonts Parameter
CVE-2009-0612
Trend Micro IWSVA/IWSS 3.x - Auth Bypass
Details
Vulnerabilities 10,213
Exploit Likelihood High