Description
Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.
Remediation
References
Related Vulnerabilities
WordPress Plugin Gallery-Video Gallery and Youtube Gallery SQL Injection (2.0.9)
LimeSurvey Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-7556)
WordPress Plugin WordPress Photo Gallery by Gallery Bank Cross-Site Scripting (3.0.228)