CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,215 vulnerabilities with CWE-200
CVE-2007-3756
Safari 3 < Beta Update 3.0.4 - Exposure of Sensitive Information via Parent Window URL Identification
CVE-2007-5129
SimpGB 1.46.02 - Exposure of Sensitive Information via Direct Request
CVE-2007-5034
ELinks < 0.11.3 - Sensitive Data Exposure via HTTPS Proxy CONNECT Request
CVE-2007-4991
Microsoft ISA Server 2004 SP1 and SP2 - Information Disclosure via Empty SOCKS4 Packet
CVE-2007-5028
Dibbler 0.6.0 - Exposure of Sensitive Information via Weak File Permissions
CVE-2007-5022
IBM Tivoli Storage Manager Client 5.1-5.1.8.1 - Sensitive Information Exposure via Prompted Scheduling
CVE-2007-5011
WebBatch < 2007c - Exposure of Sensitive Information via dumpinputdata Parameter
CVE-2007-4655
CGI RESCUE Shopping Basket Pro <7.51 - Path Traversal
CVE-2007-4656
Backup Manager <0.6.3 - Info Disclosure
CVE-2007-4669
Firebird < 2.0.1 - Authenticated Sensitive Information Exposure via Services API
CVE-2007-3382
Apache Tomcat Session ID Exposure via Cookie Delimiter Mishandling
CVE-2007-3385
Apache Tomcat 3.3-6.0.13 - Exposure of Sensitive Information via Cookie Value Handling
CVE-2007-2402
Apple Quicktime <7.2 - Info Disclosure
CVE-2007-0042
Microsoft .NET Framework 1.0, 1.1, 2.0 - Unauthorized Sensitive Information Exposure via Null Byte Injection
CVE-2007-3656
Firefox < 1.8.0.13 and 1.8.1.x < 1.8.1.5 - Exposure of Sensitive Information via wyciwyg URI Handling
CVE-2007-3074
Firefox <= 2.0.0.4 - Unauthenticated Local File Read via resource:// URI
CVE-2007-3008
Mbedthis AppWeb - HTTP TRACE Method Enabled
CVE-2007-2780
PsychoStats <3.0.6b - Info Disclosure
CVE-2007-2768
OpenSSH - User Enumeration via OPIE PAM Response Discrepancy
CVE-2007-2748
PHP < 5.2.1 - Information Disclosure via substr_count Function
CVE-2007-2590
Nokia Intellisync Mobile Suite - Info Disclosure
CVE-2007-2552
WikkaWiki <1.1.6.3 - Info Disclosure
CVE-2007-2479 MEDIUM
Cerulean Studios Trillian Pro <3.1.5.1 - Info Disclosure
CVSS 5.9
CVE-2007-2379
jQuery - Exposure of Sensitive Information via JSON Data Hijacking
CVE-2007-2353
Apache Axis 1.0 - Information Disclosure via Non-Existent WSDL Request
Details
Vulnerabilities 10,215
Exploit Likelihood High