what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 11 of 11 RSS Feed

Files from Gregory Draperi

Email addressgregory.draperi at gmail.com
First Active2013-07-20
Last Active2019-01-14
Umbraco CMS 7.12.4 Remote Code Execution
Posted Jan 14, 2019
Authored by Gregory Draperi, Hugo Boutinon

Umbraco CMS version 7.12.4 suffers from an authenticated remote code execution vulnerability.

tags | exploit, remote, code execution
SHA-256 | 7ba02d67572e6a1dec0282ee1b27ebba6f0f563a1f7370d383c0d4e312094e95
Linux Kernel show_floppy KASLR Address Leak
Posted Mar 22, 2018
Authored by Gregory Draperi

Linux Kernel versions prior to 4.15.4 show_floppy KASLR address leak proof of concept exploit.

tags | exploit, kernel, proof of concept
systems | linux
advisories | CVE-2018-7273
SHA-256 | 0141dd0e32ba53533c58e61ecfdc7ade09f92a66df172ac9572a7c4be4fa3a4d
Microsoft Dynamic CRM 2016 Cross Site Scripting
Posted Jun 30, 2017
Authored by Gregory Draperi

Microsoft Dynamic CRM 2016 versions SP1 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 7a7ac559b01961f3ee6d891d89c708a79570c82bf81792a0b6b527819cb4e8d5
Riverbed SteelHead VCX 9.6.0a Arbitrary File Read
Posted Jun 1, 2017
Authored by Gregory Draperi

Riverbed SteelHead VCX version 9.6.0a suffers from an arbitrary file read vulnerability.

tags | exploit, arbitrary
SHA-256 | 67bd160f57f9efe9ce7c82cb99728bf0b5fd64561cc6f8297967e1d117931a8c
Apache Mina 2.0.13 Remote Command Execution
Posted Sep 15, 2016
Authored by Gregory Draperi

Apache Mina 2.0.13 uses the OGNL library in the "IoSessionFinder" class. Its constructor takes into parameter one OGNL expression. Then this expression is executed when the method "find" is called. This class seems to be only used in the JMX MINA component "IoServiceMBean". When the IOServiceMBean is exposed trough JMX it is possible to abuse the function to execute an arbitrary command on the server.

tags | exploit, arbitrary
SHA-256 | 5dca9550346e53b4b4b1f76ec51319517cdbd8e4a939ec303316d56728bfe74d
Pentaho 5.2.x BA Suite / PDI Information Disclosure
Posted Sep 18, 2015
Authored by Gregory Draperi

Pentaho version 5.2.x GA BA Suite and PDI allow unauthenticated access to configuration files. The GetResource servlet, a vestige of the old platform UI, allows unauthenticated access to resources in the pentaho-solutions/system folder. Specifically vulnerable are properties files that may reveal passwords.

tags | exploit, info disclosure
advisories | CVE-2015-6940
SHA-256 | 0888853ff4779b5907a0ff21cd8ea09daabbccf2686a3c59adcb64e634280c5e
Apache OFBiz 11.04.04 / 12.04.03 Cross Site Scripting
Posted Aug 19, 2014
Authored by Gregory Draperi | Site ofbiz.apache.org

Apache OFBiz versions 11.04.01 through 11.04.04 and 12.04.01 through 12.04.03 suffer from a cross site scripting vulnerability.

tags | advisory, xss
advisories | CVE-2014-0232
SHA-256 | fc343b2e9b0b222af9ed2172c74986902a356c06c28a09a1384b4dbecc1d0f5e
Apache Syncope 1.0.8 / 1.1.6 Code Execution
Posted Apr 15, 2014
Authored by Gregory Draperi | Site syncope.apache.org

Apache Syncope versions 1.0.0 through 1.0.8 and 1.1.0 through 1.1.6 suffer from a remote code execution vulnerability.

tags | advisory, remote, code execution
advisories | CVE-2014-0111
SHA-256 | 6d94a96f8baecf063b4bc07ade222c1496c0edecf336e0795af31c63ae3aadda
Apache Camel 2.x Critical Disclosure
Posted Sep 30, 2013
Authored by Gregory Draperi

Apache Camel versions 2.9.0 to 2.9.7, 2.10.0 to 2.10.6, 2.11.0 to 2.11.1, and 2.12.0 suffers from a remote command execution vulnerability based on how message headers are interpreted.

tags | advisory, remote, info disclosure
advisories | CVE-2013-4330
SHA-256 | 1f20fed4bf0aae4159245be3336a4b327d8066c6bab740968ed8bf4deb7260c6
Apache OFBiz Arbitrary UEL Function Execution
Posted Jul 20, 2013
Authored by Gregory Draperi | Site ofbiz.apache.org

Apache OFBiz versions 10.04.01 through 10.04.05, 11.04.01 thorough 11.04.02, and 12.04.01 suffer from a nest expression evaluation that allows remote users the ability to execute arbitrary UEL functions.

tags | advisory, remote, arbitrary
advisories | CVE-2013-2250
SHA-256 | a87988f73312e5bcabc2f319c28c75d1bd10eb46024a263f67c4d2162580e354
Apache OFBiz Cross Site Scripting
Posted Jul 20, 2013
Authored by Gregory Draperi | Site ofbiz.apache.org

Apache OFBiz versions 10.04.01 through 10.04.05, 11.04.01 thorough 11.04.02, and 12.04.01 suffer from a cross site scripting vulnerability.

tags | advisory, xss
advisories | CVE-2013-2137
SHA-256 | 26c1bb776a54ce85382e16dc08ca13d97a5a5b5d6f10425b3168cacf5d112692
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close