Joshua Rogers

8 exploits Active since Jan 2013
CVE-2026-33515 WRITEUP MEDIUM WRITEUP
Squid has issues in ICP message handling
Squid is a caching proxy for the Web. Prior to version 7.5, due to improper input validation, Squid is vulnerable to out of bounds read when handling ICP traffic. This problem allows a remote attacker to receive small amounts of memory potentially containing sensitive information when responding with errors to invalid ICP requests. This attack is limited to Squid deployments that explicitly enable ICP support (i.e. configure non-zero `icp_port`). This problem cannot be mitigated by denying ICP queries using `icp_access` rules. Version 7.5 contains a patch.
CVSS 6.5
CVE-2026-33526 WRITEUP HIGH WRITEUP
Squid vulnerable to Denial of Service in ICP Request handling
Squid is a caching proxy for the Web. Prior to version 7.5, due to heap Use-After-Free, Squid is vulnerable to Denial of Service when handling ICP traffic. This problem allows a remote attacker to perform a reliable and repeatable Denial of Service attack against the Squid service using ICP protocol. This attack is limited to Squid deployments that explicitly enable ICP support (i.e. configure non-zero `icp_port`). This problem _cannot_ be mitigated by denying ICP queries using `icp_access` rules. Version 7.5 contains a patch.
CVSS 7.5
CVE-2026-24050 WRITEUP MEDIUM WRITEUP
Zulip <11.5 - Stored XSS
Zulip is an open-source team collaboration tool. From 5.0 to before 11.5, some administrative actions on the user profile were susceptible to stored XSS in group names or channel names. Exploiting these vulnerabilities required the user explicitly interacting with the problematic object. This vulnerability is fixed in 11.5.
CVSS 5.4
CVE-2021-31806 METASPLOIT MEDIUM ruby WORKING POC
Squid < 4.15 - Denial of Service
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a memory-management bug, it is vulnerable to a Denial of Service attack (against all clients using the proxy) via HTTP Range request processing.
CVSS 6.5
EIP-2026-113013 EXPLOITDB text WORKING POC
vBulletin < 4.2.2 - Memcache Remote Code Execution
CVE-2013-6129 EXPLOITDB perl WORKING POC
Vbulletin - Access Control
The install/upgrade.php scripts in vBulletin 4.1 and 5 allow remote attackers to create administrative accounts via the customerid, htmldata[password], htmldata[confirmpassword], and htmldata[email] parameters, as exploited in the wild in October 2013.
EIP-2026-109696 EXPLOITDB text WRITEUP
MyBB 1.6.9 - 'editpost.php?posthash' Blind SQL Injection
CVE-2012-5667 EXPLOITDB text WORKING POC
GNU Grep <2.11 - RCE
Multiple integer overflows in GNU Grep before 2.11 might allow context-dependent attackers to execute arbitrary code via vectors involving a long input line that triggers a heap-based buffer overflow.