Gregory Draperi

6 exploits Active since Jul 2013
CVE-2025-34098 EXPLOITDB HIGH python WORKING POC
Riverbed SteelHead VCX <9.6.0a - Path Traversal
A path traversal vulnerability exists in Riverbed SteelHead VCX appliances (confirmed in VCX255U 9.6.0a) due to improper input validation in the log filtering functionality exposed via the management web interface. An authenticated attacker can exploit this flaw by submitting crafted filter expressions to the log_filter endpoint using the filterStr parameter. This input is processed by a backend parser that permits execution of file expansion syntax, allowing the attacker to retrieve arbitrary system files via the log viewing interface.
CVE-2019-25137 EXPLOITDB HIGH python WORKING POC
Umbraco CMS <7.15.10 - Authenticated RCE
Umbraco CMS 4.11.8 through 7.15.10, and 7.12.4, allows Remote Code Execution by authenticated administrators via msxsl:script in an xsltSelection to developer/Xslt/xsltVisualize.aspx.
CVSS 7.2
CVE-2025-34098 METASPLOIT HIGH ruby WORKING POC
Riverbed SteelHead VCX <9.6.0a - Path Traversal
A path traversal vulnerability exists in Riverbed SteelHead VCX appliances (confirmed in VCX255U 9.6.0a) due to improper input validation in the log filtering functionality exposed via the management web interface. An authenticated attacker can exploit this flaw by submitting crafted filter expressions to the log_filter endpoint using the filterStr parameter. This input is processed by a backend parser that permits execution of file expansion syntax, allowing the attacker to retrieve arbitrary system files via the log viewing interface.
CVE-2013-2118 EXPLOITDB python WORKING POC
SPIP <3.0.9, <2.1.22, <2.0.23 - Privilege Escalation
SPIP 3.0.x before 3.0.9, 2.1.x before 2.1.22, and 2.0.x before 2.0.23 allows remote attackers to gain privileges and "take editorial control" via vectors related to ecrire/inc/filtres.php.
EIP-2026-103846 EXPLOITDB text SUSPICIOUS
Apache Mina 2.0.13 - Remote Command Execution
CVE-2018-7273 EXPLOITDB MEDIUM c WORKING POC
Linux Kernel < 4.15.4 - Information Disclosure
In the Linux kernel through 4.15.4, the floppy driver reveals the addresses of kernel functions and global variables using printk calls within the function show_floppy in drivers/block/floppy.c. An attacker can read this information from dmesg and use the addresses to find the locations of kernel code and data and bypass kernel security protections such as KASLR.
CVSS 5.5