CWE-200
High likelihoodExposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
10,217 vulnerabilities with CWE-200
CVE-2006-0103
TinyPHPForum <= 3.6 - Unauthenticated Exposure of Sensitive User Information via Web-Accessible Hash and Email Files
CVE-2005-4881
Linux kernel <2.4.37.6 & <2.6.13-rc1 - Info Disclosure
CVE-2005-1754
Apache Tomcat 5.0.16 - Unauthenticated Arbitrary File Read via JavaMail Download Parameter
CVE-2005-4836
Apache Tomcat <4.1.41 - Info Disclosure
CVE-2005-4849
Apache Derby <10.1.2.1 - Info Disclosure
CVE-2005-4875
TYPO3 < 3.8.0 - Unauthenticated Sensitive Information Exposure via phpinfo Endpoint
CVE-2005-4368
roundcube webmail Alpha - Info Disclosure
CVE-2005-4320
Limbo CMS <1.0.4.2 - Info Disclosure
CVE-2005-4214
phpCOIN 1.2.2 - Exposure of Sensitive Information via config.php Direct Request
CVE-2005-3747
Jetty < 5.1.6 - Unauthenticated Source Code Exposure via URL-Encoded Backslash
CVE-2005-3724
Zyxel P2000W Version 1 VOIP WIFI Phone - Unauthenticated Sensitive Information Exposure via UDP Port 9090
CVE-2005-3529
TikiWiki 1.9.0-1.9.2 - Exposure of Sensitive Information via Invalid topics_sort_mode Parameter
CVE-2005-3645
phpAdsNew and phpPgAds 2.0.6 - Exposure of Sensitive Information via Direct Requests
CVE-2005-3498
IBM WebSphere Application Server 5.0.x < 5.02.15 - Exposure of Sensitive Information via Session Trace Logs
CVE-2005-2752
Mac OS X < 10.4.2 - Unprotected User Data Exposure via Kernel Memory Reuse
CVE-2005-3398
Solaris 8-10 - Unauthenticated Sensitive Information Exposure via HTTP TRACE Method
CVE-2005-3088
fetchmail 6.2.0, 6.2.5, 6.2.5.2 - Exposure of Sensitive Information via Insecure Configuration File Permissions
CVE-2005-3164
Apache Tomcat 4.0.1-4.0.6/4.1.0-4.1.36 - Info Disclosure
CVE-2005-2036
Cool Cafe Chat 1.2.1 - Unauthenticated Exposure of Sensitive Information via Nickname Parameter
CVE-2005-1028
PHP-Nuke 6.0-7.6 - Exposure of Sensitive Information via Direct Request
CVE-2005-0797
Novell iChain Mini FTP Server 2.3 - Info Disclosure
CVE-2004-2766
iPlanet Messaging Server 5.2 - Unauthenticated Email Access via Crafted Email Message
CVE-2004-2320
MEDIUM
BEA WebLogic Server and Express - Information Exposure via HTTP TRACE Method
CVSS 5.3
CVE-2004-2748
NetIQ WebTrends Reporting Center Enterprise Edition 6.1a - Information Disclosure via Invalid profileid Parameter
CVE-2004-1367
Oracle Application Server - Exposure of Sensitive Information via Password Logging in postDBCreation.log
Details
Vulnerabilities
10,217
Exploit Likelihood
High