Joshua Rogers

9 exploits Active since Jan 2013
CVE-2021-31807 METASPLOIT MEDIUM ruby WORKING POC
Squid Proxy Range Header DoS
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. An integer overflow problem allows a remote server to achieve Denial of Service when delivering responses to HTTP Range requests. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent.
CVSS 6.5
CVE-2026-33515 WRITEUP MEDIUM WRITEUP
Squid has issues in ICP message handling
Squid is a caching proxy for the Web. Prior to version 7.5, due to improper input validation, Squid is vulnerable to out of bounds read when handling ICP traffic. This problem allows a remote attacker to receive small amounts of memory potentially containing sensitive information when responding with errors to invalid ICP requests. This attack is limited to Squid deployments that explicitly enable ICP support (i.e. configure non-zero `icp_port`). This problem cannot be mitigated by denying ICP queries using `icp_access` rules. Version 7.5 contains a patch.
CVSS 6.5
CVE-2026-33526 WRITEUP HIGH WRITEUP
Squid vulnerable to Denial of Service in ICP Request handling
Squid is a caching proxy for the Web. Prior to version 7.5, due to heap Use-After-Free, Squid is vulnerable to Denial of Service when handling ICP traffic. This problem allows a remote attacker to perform a reliable and repeatable Denial of Service attack against the Squid service using ICP protocol. This attack is limited to Squid deployments that explicitly enable ICP support (i.e. configure non-zero `icp_port`). This problem _cannot_ be mitigated by denying ICP queries using `icp_access` rules. Version 7.5 contains a patch.
CVSS 7.5
CVE-2026-24050 WRITEUP MEDIUM WRITEUP
Zulip Server 5.0-11.5 - Stored Cross-Site Scripting in Group and Channel Names
Zulip is an open-source team collaboration tool. From 5.0 to before 11.5, some administrative actions on the user profile were susceptible to stored XSS in group names or channel names. Exploiting these vulnerabilities required the user explicitly interacting with the problematic object. This vulnerability is fixed in 11.5.
CVSS 5.4
CVE-2021-31806 METASPLOIT MEDIUM ruby WORKING POC
Squid < 4.15 and 5.x < 5.0.6 - Denial of Service via HTTP Range Request Processing
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a memory-management bug, it is vulnerable to a Denial of Service attack (against all clients using the proxy) via HTTP Range request processing.
CVSS 6.5
EIP-2026-113013 EXPLOITDB text WORKING POC
vBulletin < 4.2.2 - Memcache Remote Code Execution
CVE-2013-6129 EXPLOITDB perl WORKING POC
vBulletin 4.1 and 5 - Unauthenticated Administrative Account Creation via install/upgrade.php
The install/upgrade.php scripts in vBulletin 4.1 and 5 allow remote attackers to create administrative accounts via the customerid, htmldata[password], htmldata[confirmpassword], and htmldata[email] parameters, as exploited in the wild in October 2013.
EIP-2026-109696 EXPLOITDB text WRITEUP
MyBB 1.6.9 - 'editpost.php?posthash' Blind SQL Injection
CVE-2012-5667 EXPLOITDB text WORKING POC
GNU Grep < 2.11 - Remote Code Execution via Integer Overflow
Multiple integer overflows in GNU Grep before 2.11 might allow context-dependent attackers to execute arbitrary code via vectors involving a long input line that triggers a heap-based buffer overflow.