CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,215 vulnerabilities with CWE-200
CVE-2007-2253
Exponent CMS < 0.96.6_alpha - Path Information Exposure via Direct Request
CVE-2007-2022
Adobe Flash Player - Unauthorized Sensitive Information Exposure via Browser Keystroke Leak
CVE-2007-1562
Firefox < 1.5.0.11 and 2.x < 2.0.0.3 - FTP PASV Response Manipulation
CVE-2007-1563
Opera 9.10 - FTP PASV Response Manipulation Leading to Information Exposure
CVE-2007-1564
Konqueror 3.5.5 - Exposure of Sensitive Information via FTP PASV Response
CVE-2007-1237
sitex - Exposure of Sensitive Information via SQL Error
CVE-2007-1167
deV!L`z Clanportal <1.4.5 - Info Disclosure
CVE-2007-1194
Norman SandBox Analyzer - Info Disclosure
CVE-2007-1116
Mozilla Firefox <1.8 - Info Disclosure
CVE-2007-0778
Mozilla Firefox <1.5.0.10 & SeaMonkey <1.0.8 - Info Disclosure
CVE-2007-1044
Pearson Education PowerSchool <5.1.2 - Info Disclosure
CVE-2007-0979
LifeType <1.1.6, <1.2-beta2 - Info Disclosure
CVE-2007-0259
Ezboxx Portal System <= beta_0.7.6 - Exposure of Sensitive Information via Invalid cat Parameter
CVE-2007-0058
Cisco Network Admission Control Manag... - Information Disclosure
CVE-2006-7086
Hot Links - Exposure of Sensitive Information via Direct Request with Modified dl Parameter
CVE-2006-6998
Headstart Solutions DeskPRO - Exposure of Sensitive Information via phpinfo Query
CVE-2006-6999
Headstart Solutions DeskPRO - Unauthenticated Exposure of Sensitive Information via attachment.php id Parameter
CVE-2006-6953
Globetrotter Mobility Manager - Keystroke Exposure via Virtual Keyboard Visual Feedback
CVE-2006-5858
Adobe ColdFusion 7.0-7.0.2 and JRun 4 - Unauthenticated Arbitrary File Read via Double URL-Encoded NULL Byte
CVE-2006-6886
phpwcms <1.2.5-DEV - Info Disclosure
CVE-2006-6735
Minh Nguyen Duong Obie Website Mini Web Shop 2.1.c - Info Disclosure
CVE-2006-6637
IBM WebSphere Application Server <6.0.2.17 - Info Disclosure
CVE-2006-6457
Tikiwiki <1.9.5-1.9.2 - Info Disclosure
CVE-2006-5702
Tikiwiki 1.9.5 - Exposure of Sensitive Information via Empty sort_mode Parameter
CVE-2006-5725
AEP Smartgate SSL Server 4.3b - Directory Existence Disclosure via HTTP Status Code
Details
Vulnerabilities 10,215
Exploit Likelihood High