CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,217 vulnerabilities with CWE-200
CVE-2006-0103
TinyPHPForum <= 3.6 - Unauthenticated Exposure of Sensitive User Information via Web-Accessible Hash and Email Files
CVE-2005-4881
Linux kernel <2.4.37.6 & <2.6.13-rc1 - Info Disclosure
CVE-2005-1754
Apache Tomcat 5.0.16 - Unauthenticated Arbitrary File Read via JavaMail Download Parameter
CVE-2005-4836
Apache Tomcat <4.1.41 - Info Disclosure
CVE-2005-4849
Apache Derby <10.1.2.1 - Info Disclosure
CVE-2005-4875
TYPO3 < 3.8.0 - Unauthenticated Sensitive Information Exposure via phpinfo Endpoint
CVE-2005-4368
roundcube webmail Alpha - Info Disclosure
CVE-2005-4320
Limbo CMS <1.0.4.2 - Info Disclosure
CVE-2005-4214
phpCOIN 1.2.2 - Exposure of Sensitive Information via config.php Direct Request
CVE-2005-3747
Jetty < 5.1.6 - Unauthenticated Source Code Exposure via URL-Encoded Backslash
CVE-2005-3724
Zyxel P2000W Version 1 VOIP WIFI Phone - Unauthenticated Sensitive Information Exposure via UDP Port 9090
CVE-2005-3529
TikiWiki 1.9.0-1.9.2 - Exposure of Sensitive Information via Invalid topics_sort_mode Parameter
CVE-2005-3645
phpAdsNew and phpPgAds 2.0.6 - Exposure of Sensitive Information via Direct Requests
CVE-2005-3498
IBM WebSphere Application Server 5.0.x < 5.02.15 - Exposure of Sensitive Information via Session Trace Logs
CVE-2005-2752
Mac OS X < 10.4.2 - Unprotected User Data Exposure via Kernel Memory Reuse
CVE-2005-3398
Solaris 8-10 - Unauthenticated Sensitive Information Exposure via HTTP TRACE Method
CVE-2005-3088
fetchmail 6.2.0, 6.2.5, 6.2.5.2 - Exposure of Sensitive Information via Insecure Configuration File Permissions
CVE-2005-3164
Apache Tomcat 4.0.1-4.0.6/4.1.0-4.1.36 - Info Disclosure
CVE-2005-2036
Cool Cafe Chat 1.2.1 - Unauthenticated Exposure of Sensitive Information via Nickname Parameter
CVE-2005-1028
PHP-Nuke 6.0-7.6 - Exposure of Sensitive Information via Direct Request
CVE-2005-0797
Novell iChain Mini FTP Server 2.3 - Info Disclosure
CVE-2004-2766
iPlanet Messaging Server 5.2 - Unauthenticated Email Access via Crafted Email Message
CVE-2004-2320 MEDIUM
BEA WebLogic Server and Express - Information Exposure via HTTP TRACE Method
CVSS 5.3
CVE-2004-2748
NetIQ WebTrends Reporting Center Enterprise Edition 6.1a - Information Disclosure via Invalid profileid Parameter
CVE-2004-1367
Oracle Application Server - Exposure of Sensitive Information via Password Logging in postDBCreation.log
Details
Vulnerabilities 10,217
Exploit Likelihood High