CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,215 vulnerabilities with CWE-200
CVE-2007-5701
IBM Lotus Domino < 7.0.3 - Unauthenticated Sensitive Information Exposure via CA Command Uppercase Bypass
CVE-2007-5335
Firefox < 2.0.0.7 - Exposure of Sensitive System Information via addMicrosummaryGenerator
CVE-2007-5654
LiteSpeed Web Server < 3.2.3 - Mime Type Injection via Null Byte Extension Bypass
CVE-2007-5637
Nortel Business Communications Manager - Unauthenticated Eavesdropping via Open Audio Stream
CVE-2007-5638
Nortel Business Communications Manager - Exposure of Sensitive Information via RUDP ID Predictability
CVE-2007-3850
Linux Kernel < 2.6.21 - Unauthorized Physical Memory Read via eHCA Driver
CVE-2007-5337
Mozilla Firefox < 2.0.0.7 and SeaMonkey < 1.1.4 - Unauthorized File Read via gnome-vfs URI Schemes
CVE-2007-5379
Ruby on Rails < 1.2.4 - Unauthenticated Arbitrary File Existence Disclosure and XML File Read via Hash.from_xml
CVE-2007-5576
BEA Tuxedo 8.0-8.1 and WebLogic Enterprise 5.1 - Cleartext Password Exposure via cnsbind/cnsunbind/cnsls Commands
CVE-2007-5549
Cisco IOS - Exposure of Sensitive Information via Command EXEC Bypass
CVE-2007-5550
Cisco IOS - Exposure of Sensitive Information via Common Network Service
CVE-2007-5554
Oracle Database Server - Exposure of Sensitive Information via Crafted Packets
CVE-2007-5555
Symantec Altiris Deployment Solution - Authentication Credentials Information Leakage
CVE-2007-5473
Mono < 1.2.5.1 - Exposure of Sensitive Information via Trailing Space or Dot in Request
CVE-2007-5470
Microsoft Expression Media - Cleartext Password Exposure in Catalog IVC File
CVE-2007-5195
SUSE Linux novell-groupwise-client - Credential Exposure via Man-in-the-Middle Attack
CVE-2007-5196
SUSE Linux Enterprise Desktop 10 - SSL Credential Exposure via Man-in-the-Middle Attack
CVE-2007-5444
CMS Made Simple 1.1.3.1 - Unauthenticated Path Disclosure via Direct File Request
CVE-2007-5439
CA eTrust ITM 8.1 - Exposure of Sensitive Information via Predictable Log File Names
CVE-2007-5431
MyFTPUploader Module in Stride 1.0 - Exposure of Sensitive FTP Credentials in imageupload.js
CVE-2007-5432
Stride CMS 1.0 - Unauthenticated Exposure of Sensitive Information via Default Credentials
CVE-2007-5420
3Com 3CRWER100-75 1.2.10ww - Information Disclosure via Web Server
CVE-2007-5264
Battlefront Dropteam <= 1.3.3 - Unauthenticated Exposure of Sensitive Information via Game Server
CVE-2007-5201
duplicity < 0.4.9 - Exposure of Sensitive Information via FTP Backend Command Line Argument
CVE-2007-5172
Quicksilver Forums < 1.4.0 - Unauthenticated Sensitive Information Exposure via Database Error Message
Details
Vulnerabilities 10,215
Exploit Likelihood High