CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,217 vulnerabilities with CWE-200
CVE-2003-1561
Opera - Sensitive Information Exposure via Referer Header
CVE-2003-0456
VisNetic WebSite 3.5 - Info Disclosure
CVE-2003-0001
FreeBSD - Information Exposure via Ethernet NIC Frame Padding
CVE-2002-2436
Firefox < 4.0 - Sensitive Information Exposure via CSS :visited Pseudo-Class
CVE-2002-2435
Microsoft IE < 8 - Information Disclosure
CVE-2002-1432
MidiCart - Unauthenticated Sensitive Information Exposure via Database File Request
CVE-2002-1717
Microsoft Internet Information Server 5.1 - Unauthorized Path Information Exposure via _vti_pvt Configuration Files
CVE-2002-1718
Microsoft IIS 5.1 - Unauthenticated Sensitive Information Exposure via FrontPage Extensions
CVE-2002-2276
Ultimate PHP Board 1.0 - Unauthenticated Sensitive Information Exposure via add.php
CVE-2002-2288
Mambo Site Server 4.0.11 - Physical Path Exposure via Invalid Parameter Error
CVE-2002-2289
BadBlue 1.7.1 - Exposure of Sensitive Information via soinfo.php phpinfo Function
CVE-2002-2317
Symantec VelociRaptor 1.0 - Denial of Service via Memory Leak in httpd, nntpd, and vpn driver
CVE-2002-2342
Bannermatic 1-3 - Unauthenticated Sensitive Information Exposure via Direct File Access
CVE-2002-2346
phpBB 2.0-2.0.3 - Unauthenticated Exposure of Sensitive Information via Avatar Upload Filename
CVE-2002-2349
phpBBmod 1.3.3 - Exposure of Sensitive Information via phpinfo.php
CVE-2002-2369
Perception LiteServe 2.0 - Unauthenticated Sensitive Information Exposure via URL Path Traversal
CVE-2002-2380
Microsoft Network Firmware 5.5.11 - Exposure of Sensitive Information via Sniffed Credentials
CVE-2002-2409
QNX Neutrino RTOS 6.1.0 and 6.2.0 - Unauthorized Clipboard Information Exposure via Hex-Encoded User ID Directory
CVE-2002-2410
Open WebMail 1.7 and 1.71 - Information Exposure via Error Messages
CVE-2002-0419
Internet Information Server 4-5.1 - Information Exposure via Authentication Realm and NTLM Response
CVE-2002-0422
Internet Information Services 5.0-5.1 - Internal IP Address Exposure via WebDAV Methods
CVE-2002-0812
Compaq WL310 and Orinoco RG-1000/1100 Firmware - Unauthenticated SNMP Information Exposure via Default Community String
CVE-2002-0596
WebTrends Reporting Center 4.0d - Path Disclosure via get_od_toc.pl Profile Parameter
CVE-2000-0368
Cisco IOS < 9.1 - Unauthenticated Exposure of Sensitive Command History
CVE-2000-0876
WFTPD and WFTPD Pro 2.41 RC12 - Unauthenticated Sensitive Information Exposure via %C Command
Details
Vulnerabilities 10,217
Exploit Likelihood High