what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 12 of 12 RSS Feed

Files from Gregory Draperi

Email addressgregory.draperi at gmail.com
First Active2013-07-20
Last Active2024-09-01
Riverbed SteelHead VCX File Read
Posted Sep 1, 2024
Authored by h00die, Gregory Draperi | Site metasploit.com

This Metasploit module exploits an authenticated arbitrary file read in the log modules filter engine. SteelHead VCX (VCX255U) version 9.6.0a was confirmed as vulnerable.

tags | exploit, arbitrary
SHA-256 | 82200956bfcf313b96ff93db76c110d1947a97a9884d89e92f426e7c7e7da5ea
Umbraco CMS 7.12.4 Remote Code Execution
Posted Jan 14, 2019
Authored by Gregory Draperi, Hugo Boutinon

Umbraco CMS version 7.12.4 suffers from an authenticated remote code execution vulnerability.

tags | exploit, remote, code execution
SHA-256 | 7ba02d67572e6a1dec0282ee1b27ebba6f0f563a1f7370d383c0d4e312094e95
Linux Kernel show_floppy KASLR Address Leak
Posted Mar 22, 2018
Authored by Gregory Draperi

Linux Kernel versions prior to 4.15.4 show_floppy KASLR address leak proof of concept exploit.

tags | exploit, kernel, proof of concept
systems | linux
advisories | CVE-2018-7273
SHA-256 | 0141dd0e32ba53533c58e61ecfdc7ade09f92a66df172ac9572a7c4be4fa3a4d
Microsoft Dynamic CRM 2016 Cross Site Scripting
Posted Jun 30, 2017
Authored by Gregory Draperi

Microsoft Dynamic CRM 2016 versions SP1 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 7a7ac559b01961f3ee6d891d89c708a79570c82bf81792a0b6b527819cb4e8d5
Riverbed SteelHead VCX 9.6.0a Arbitrary File Read
Posted Jun 1, 2017
Authored by Gregory Draperi

Riverbed SteelHead VCX version 9.6.0a suffers from an arbitrary file read vulnerability.

tags | exploit, arbitrary
SHA-256 | 67bd160f57f9efe9ce7c82cb99728bf0b5fd64561cc6f8297967e1d117931a8c
Apache Mina 2.0.13 Remote Command Execution
Posted Sep 15, 2016
Authored by Gregory Draperi

Apache Mina 2.0.13 uses the OGNL library in the "IoSessionFinder" class. Its constructor takes into parameter one OGNL expression. Then this expression is executed when the method "find" is called. This class seems to be only used in the JMX MINA component "IoServiceMBean". When the IOServiceMBean is exposed trough JMX it is possible to abuse the function to execute an arbitrary command on the server.

tags | exploit, arbitrary
SHA-256 | 5dca9550346e53b4b4b1f76ec51319517cdbd8e4a939ec303316d56728bfe74d
Pentaho 5.2.x BA Suite / PDI Information Disclosure
Posted Sep 18, 2015
Authored by Gregory Draperi

Pentaho version 5.2.x GA BA Suite and PDI allow unauthenticated access to configuration files. The GetResource servlet, a vestige of the old platform UI, allows unauthenticated access to resources in the pentaho-solutions/system folder. Specifically vulnerable are properties files that may reveal passwords.

tags | exploit, info disclosure
advisories | CVE-2015-6940
SHA-256 | 0888853ff4779b5907a0ff21cd8ea09daabbccf2686a3c59adcb64e634280c5e
Apache OFBiz 11.04.04 / 12.04.03 Cross Site Scripting
Posted Aug 19, 2014
Authored by Gregory Draperi | Site ofbiz.apache.org

Apache OFBiz versions 11.04.01 through 11.04.04 and 12.04.01 through 12.04.03 suffer from a cross site scripting vulnerability.

tags | advisory, xss
advisories | CVE-2014-0232
SHA-256 | fc343b2e9b0b222af9ed2172c74986902a356c06c28a09a1384b4dbecc1d0f5e
Apache Syncope 1.0.8 / 1.1.6 Code Execution
Posted Apr 15, 2014
Authored by Gregory Draperi | Site syncope.apache.org

Apache Syncope versions 1.0.0 through 1.0.8 and 1.1.0 through 1.1.6 suffer from a remote code execution vulnerability.

tags | advisory, remote, code execution
advisories | CVE-2014-0111
SHA-256 | 6d94a96f8baecf063b4bc07ade222c1496c0edecf336e0795af31c63ae3aadda
Apache Camel 2.x Critical Disclosure
Posted Sep 30, 2013
Authored by Gregory Draperi

Apache Camel versions 2.9.0 to 2.9.7, 2.10.0 to 2.10.6, 2.11.0 to 2.11.1, and 2.12.0 suffers from a remote command execution vulnerability based on how message headers are interpreted.

tags | advisory, remote, info disclosure
advisories | CVE-2013-4330
SHA-256 | 1f20fed4bf0aae4159245be3336a4b327d8066c6bab740968ed8bf4deb7260c6
Apache OFBiz Arbitrary UEL Function Execution
Posted Jul 20, 2013
Authored by Gregory Draperi | Site ofbiz.apache.org

Apache OFBiz versions 10.04.01 through 10.04.05, 11.04.01 thorough 11.04.02, and 12.04.01 suffer from a nest expression evaluation that allows remote users the ability to execute arbitrary UEL functions.

tags | advisory, remote, arbitrary
advisories | CVE-2013-2250
SHA-256 | a87988f73312e5bcabc2f319c28c75d1bd10eb46024a263f67c4d2162580e354
Apache OFBiz Cross Site Scripting
Posted Jul 20, 2013
Authored by Gregory Draperi | Site ofbiz.apache.org

Apache OFBiz versions 10.04.01 through 10.04.05, 11.04.01 thorough 11.04.02, and 12.04.01 suffer from a cross site scripting vulnerability.

tags | advisory, xss
advisories | CVE-2013-2137
SHA-256 | 26c1bb776a54ce85382e16dc08ca13d97a5a5b5d6f10425b3168cacf5d112692
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close