CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,217 vulnerabilities with CWE-200
CVE-2006-5702
Tikiwiki 1.9.5 - Exposure of Sensitive Information via Empty sort_mode Parameter
CVE-2006-5725
AEP Smartgate SSL Server 4.3b - Directory Existence Disclosure via HTTP Status Code
CVE-2006-5229
OpenSSH - Username Enumeration via Timing Discrepancy
CVE-2006-4595
muforum 0.4c - Exposure of Sensitive Information via Insufficient Access Control
CVE-2006-4537
OpenVMS ALPHA 7.3-2 and 8.2 - Password Exposure in NET$SESSION_CONTROL.EXE Audit Log
CVE-2006-4223
IBM WebSphere Application Server < 6.0.2.13 - Sensitive Information Exposure via JSP Source Code
CVE-2006-4136
IBM WebSphere Application Server < 6.1.0.1 - Exposure of Sensitive Information via SOAP Requests and MBean
CVE-2006-4006
BomberClone <= 0.11.6 - Exposure of Sensitive Information via Packet Data Size Mismanagement
CVE-2006-3561
BT Voyager 2091 Wireless <3.01m - Auth Bypass
CVE-2006-3365
v3_chat - Exposure of Sensitive Information via Invalid SQL Query Error
CVE-2006-2384
Microsoft Internet Explorer < 6.0 - Address Bar Spoofing via Modal Window
CVE-2006-2950
Net Portal Dynamic System <5.10 - Info Disclosure
CVE-2006-2900
Internet Explorer 6 - Info Disclosure
CVE-2006-2613
Mozilla Firefox and Suite - Information Exposure via Exception Message
CVE-2006-2535
Destiney Links Script 2.1.2 - Exposure of Sensitive Information via Invalid Show Parameter
CVE-2006-2356
Ipswitch WhatsUp Professional 2006 - Exposure of Sensitive Information via nDeviceGroupID Parameter
CVE-2006-1439
Apple Mac OS X 10.4.6 - Info Disclosure
CVE-2006-2341
Symantec Enterprise Firewall 8.0 / Gateway Security 2.0.1-3.0 - Internal IP Address Exposure
CVE-2006-2111
Microsoft Outlook Express 6 - Exposure of Sensitive Information via MHTML URI Handler
CVE-2006-1677
MAXdev MDPro <1.076 - Info Disclosure
CVE-2006-1367
Motorola PEBL U6 08.83.76R - Info Disclosure
CVE-2006-0861
Michael Salzer Guestbox < 0.8 - Unauthenticated Sensitive Information Exposure via Direct Request
CVE-2006-0707
PyBlosxom < 1.3.2 - Unauthenticated Arbitrary File Read via Multiple Leading Slash Characters
CVE-2006-0369
MySQL 5.0.18 - Exposure of Sensitive Information via VIEW Query
CVE-2006-0353
GNU lsh 2.0.1 - Exposure of Sensitive Information via Randomness Generator File Descriptor Leak
Details
Vulnerabilities 10,217
Exploit Likelihood High