CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,213 vulnerabilities with CWE-200
CVE-2008-4029
Microsoft XML Core Services <4.0 - Info Disclosure
CVE-2008-4821
Adobe Flash Player <= 9.0.124.0 - Exposure of Sensitive Information via jar: URL Handling
CVE-2008-4820
Adobe Flash Player < 9.0.124.0 - Exposure of Sensitive Information
CVE-2008-4808
IBM Lotus Connections < 2.0 - Information Disclosure
CVE-2008-4747
Sun Java System LDAP JDK - Exposure of Sensitive Information via Search Feature
CVE-2008-4695
Opera < 9.60 - Unauthenticated Exposure of Sensitive Information via Cached Java Applet
CVE-2008-4721
PHP Jabbers Post Comment 3.0 - Unauthenticated Administrative Access via PostCommentsAdmin Cookie
CVE-2008-4693
IBM DB2 < 9.1 FP6 and < 9.5 FP2 - Sensitive Information Exposure in SORT/LIST SERVICES Trace Output
CVE-2008-4688
Mantis < 1.1.3 - Unauthorized Issue Data Exposure via Modified Issue Number
CVE-2008-4638
Symantec Veritas File System < 5.0 MP3 - Unauthenticated Arbitrary File Read via qioadmin Error Message
CVE-2008-3248
Symantec Veritas File System - Info Disclosure
CVE-2008-4635
hisa_cart < 1.29 - Exposure of Sensitive User Information
CVE-2008-4593
Apple iPhone 2.1 - Unauthorized SMS Exposure via Emergency Call Screen
CVE-2008-4412
HP Systems Insight Manager < 5.2 Update 2 - Exposure of Sensitive Information
CVE-2008-3474 MEDIUM
Microsoft Internet Explorer 6-7 - Info Disclosure
CVSS 6.5
CVE-2008-4491
Apple Mail.app 3.5 - Unprotected Sensitive Data Exposure via S/MIME Draft Storage
CVE-2008-3060
v-webmail 1.5.0 - Information Disclosure via Login Page Error Handling
CVE-2008-4445
Linux Kernel < 2.6.26.4 - Local Information Exposure via SCTP_HMAC_IDENT IOCTL Request
CVE-2008-4278
VMware VirtualCenter < 2.5 Update 3 - Cleartext Password Exposure via Special Characters
CVE-2008-4360
lighttpd < 1.4.20 - Unauthorized File Access via Case-Sensitive Filename Bypass
CVE-2008-4359
lighttpd < 1.4.20 - Unauthenticated Sensitive Information Exposure via URL Decoding Bypass
CVE-2008-4199
Opera < 9.52 - Exposure of Sensitive Information via Local Feed Source File Links
CVE-2008-4069
Firefox < 2.0.0.16 - Uninitialized Memory Exposure via XBM Image Decoder
CVE-2008-4207
Attachmax Dolphin <= 2.1.0 - Unauthenticated Sensitive Information Exposure via info.php
CVE-2008-4183
IntegraMOD 1.4.x - Unauthenticated Sensitive Information Exposure via Backup File Download
Details
Vulnerabilities 10,213
Exploit Likelihood High