Update Fri Mar 15 10:01:21 UTC 2024

2006/CVE-2006-4061.md

@@ -0,0 +1,17 @@
+### [CVE-2006-4061](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4061)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+** DISPUTED **  PHP remote file inclusion vulnerability in index.php in Thomas Pequet phpPrintAnalyzer 1.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the rep_par_rapport_racine parameter.  NOTE: this issue has been disputed by third party researchers, stating that the rep_par_rapport_racine variable is initialized before use.
+
+### POC
+
+#### Reference
+- http://www.osvdb.org/29133
+
+#### Github
+No PoCs found on GitHub currently.
+

2015/CVE-2015-8741.md

@@ -10,7 +10,7 @@ The dissect_ppi function in epan/dissectors/packet-ppi.c in the PPI dissector in
 ### POC
 
 #### Reference
-No PoCs from references.
+- http://www.wireshark.org/security/wnpa-sec-2015-59.html
 
 #### Github
 - https://github.com/ARPSyndicate/cvemon

2016/CVE-2016-4476.md

@@ -0,0 +1,17 @@
+### [CVE-2016-4476](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4476)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+hostapd 0.6.7 through 2.5 and wpa_supplicant 0.6.7 through 2.5 do not reject \n and \r characters in passphrase parameters, which allows remote attackers to cause a denial of service (daemon outage) via a crafted WPS operation.
+
+### POC
+
+#### Reference
+- http://www.ubuntu.com/usn/USN-3455-1
+
+#### Github
+No PoCs found on GitHub currently.
+

2016/CVE-2016-4477.md

@@ -0,0 +1,17 @@
+### [CVE-2016-4477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4477)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+wpa_supplicant 0.4.0 through 2.5 does not reject \n and \r characters in passphrase parameters, which allows local users to trigger arbitrary library loading and consequently gain privileges, or cause a denial of service (daemon outage), via a crafted (1) SET, (2) SET_CRED, or (3) SET_NETWORK command.
+
+### POC
+
+#### Reference
+- http://www.ubuntu.com/usn/USN-3455-1
+
+#### Github
+No PoCs found on GitHub currently.
+

2017/CVE-2017-13077.md

@@ -13,6 +13,7 @@ Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Tran
 - http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt
 - http://www.kb.cert.org/vuls/id/228519
 - http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
+- http://www.ubuntu.com/usn/USN-3455-1
 - https://cert.vde.com/en-us/advisories/vde-2017-003
 - https://cert.vde.com/en-us/advisories/vde-2017-005
 - https://hackerone.com/reports/286740

2017/CVE-2017-13078.md

@@ -13,6 +13,7 @@ Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Tempora
 - http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt
 - http://www.kb.cert.org/vuls/id/228519
 - http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
+- http://www.ubuntu.com/usn/USN-3455-1
 - https://cert.vde.com/en-us/advisories/vde-2017-003
 - https://cert.vde.com/en-us/advisories/vde-2017-005
 - https://hackerone.com/reports/286740

2017/CVE-2017-13079.md

@@ -13,6 +13,7 @@ Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstal
 - http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt
 - http://www.kb.cert.org/vuls/id/228519
 - http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
+- http://www.ubuntu.com/usn/USN-3455-1
 - https://cert.vde.com/en-us/advisories/vde-2017-005
 - https://hackerone.com/reports/286740
 - https://support.lenovo.com/us/en/product_security/LEN-17420

2017/CVE-2017-13080.md

@@ -13,6 +13,7 @@ Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Tempora
 - http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt
 - http://www.kb.cert.org/vuls/id/228519
 - http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
+- http://www.ubuntu.com/usn/USN-3455-1
 - https://cert.vde.com/en-us/advisories/vde-2017-003
 - https://cert.vde.com/en-us/advisories/vde-2017-005
 - https://hackerone.com/reports/286740

2017/CVE-2017-13081.md

@@ -13,6 +13,7 @@ Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstal
 - http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt
 - http://www.kb.cert.org/vuls/id/228519
 - http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
+- http://www.ubuntu.com/usn/USN-3455-1
 - https://cert.vde.com/en-us/advisories/vde-2017-005
 - https://hackerone.com/reports/286740
 - https://www.krackattacks.com/

2017/CVE-2017-13082.md

@@ -13,6 +13,7 @@ Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r allows reinstal
 - http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt
 - http://www.kb.cert.org/vuls/id/228519
 - http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
+- http://www.ubuntu.com/usn/USN-3455-1
 - https://cert.vde.com/en-us/advisories/vde-2017-005
 - https://hackerone.com/reports/286740
 - https://support.lenovo.com/us/en/product_security/LEN-17420

2017/CVE-2017-13086.md

@@ -12,6 +12,7 @@ Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Tunneled Dire
 #### Reference
 - http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt
 - http://www.kb.cert.org/vuls/id/228519
+- http://www.ubuntu.com/usn/USN-3455-1
 - https://cert.vde.com/en-us/advisories/vde-2017-005
 - https://hackerone.com/reports/286740
 - https://support.lenovo.com/us/en/product_security/LEN-17420

2017/CVE-2017-13087.md

@@ -12,6 +12,7 @@ Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation
 #### Reference
 - http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt
 - http://www.kb.cert.org/vuls/id/228519
+- http://www.ubuntu.com/usn/USN-3455-1
 - https://cert.vde.com/en-us/advisories/vde-2017-005
 - https://hackerone.com/reports/286740
 - https://support.lenovo.com/us/en/product_security/LEN-17420

2017/CVE-2017-13088.md

@@ -13,6 +13,7 @@ Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation
 - http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt
 - http://www.kb.cert.org/vuls/id/228519
 - http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
+- http://www.ubuntu.com/usn/USN-3455-1
 - https://cert.vde.com/en-us/advisories/vde-2017-005
 - https://hackerone.com/reports/286740
 - https://support.lenovo.com/us/en/product_security/LEN-17420

references.txt

@@ -3740,6 +3740,7 @@ CVE-2006-4059 - http://securityreason.com/securityalert/1366
 CVE-2006-4059 - https://www.exploit-db.com/exploits/2135
 CVE-2006-4060 - http://securityreason.com/securityalert/1364
 CVE-2006-4060 - https://www.exploit-db.com/exploits/2141
+CVE-2006-4061 - http://www.osvdb.org/29133
 CVE-2006-4062 - https://www.exploit-db.com/exploits/2131
 CVE-2006-4063 - https://www.exploit-db.com/exploits/2129
 CVE-2006-4064 - https://www.exploit-db.com/exploits/2138
@@ -34152,6 +34153,7 @@ CVE-2015-8730 - http://www.oracle.com/technetwork/topics/security/bulletinjan201
 CVE-2015-8731 - http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
 CVE-2015-8732 - http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
 CVE-2015-8733 - http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
+CVE-2015-8741 - http://www.wireshark.org/security/wnpa-sec-2015-59.html
 CVE-2015-8751 - http://www.openwall.com/lists/oss-security/2016/01/07/10
 CVE-2015-8765 - https://www.kb.cert.org/vuls/id/576313
 CVE-2015-8766 - http://seclists.org/fulldisclosure/2015/Dec/60
@@ -37448,6 +37450,8 @@ CVE-2016-4469 - https://www.exploit-db.com/exploits/40109/
 CVE-2016-4470 - http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
 CVE-2016-4470 - http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
 CVE-2016-4472 - https://kc.mcafee.com/corporate/index?page=content&id=SB10365
+CVE-2016-4476 - http://www.ubuntu.com/usn/USN-3455-1
+CVE-2016-4477 - http://www.ubuntu.com/usn/USN-3455-1
 CVE-2016-4478 - http://www.openwall.com/lists/oss-security/2016/05/03/1
 CVE-2016-4480 - http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
 CVE-2016-4483 - http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
@@ -40866,6 +40870,7 @@ CVE-2017-13066 - https://sourceforge.net/p/graphicsmagick/bugs/430/
 CVE-2017-13077 - http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt
 CVE-2017-13077 - http://www.kb.cert.org/vuls/id/228519
 CVE-2017-13077 - http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
+CVE-2017-13077 - http://www.ubuntu.com/usn/USN-3455-1
 CVE-2017-13077 - https://cert.vde.com/en-us/advisories/vde-2017-003
 CVE-2017-13077 - https://cert.vde.com/en-us/advisories/vde-2017-005
 CVE-2017-13077 - https://hackerone.com/reports/286740
@@ -40874,6 +40879,7 @@ CVE-2017-13077 - https://www.krackattacks.com/
 CVE-2017-13078 - http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt
 CVE-2017-13078 - http://www.kb.cert.org/vuls/id/228519
 CVE-2017-13078 - http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
+CVE-2017-13078 - http://www.ubuntu.com/usn/USN-3455-1
 CVE-2017-13078 - https://cert.vde.com/en-us/advisories/vde-2017-003
 CVE-2017-13078 - https://cert.vde.com/en-us/advisories/vde-2017-005
 CVE-2017-13078 - https://hackerone.com/reports/286740
@@ -40882,13 +40888,15 @@ CVE-2017-13078 - https://www.krackattacks.com/
 CVE-2017-13079 - http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt
 CVE-2017-13079 - http://www.kb.cert.org/vuls/id/228519
 CVE-2017-13079 - http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
+CVE-2017-13079 - http://www.ubuntu.com/usn/USN-3455-1
 CVE-2017-13079 - https://cert.vde.com/en-us/advisories/vde-2017-005
 CVE-2017-13079 - https://hackerone.com/reports/286740
 CVE-2017-13079 - https://support.lenovo.com/us/en/product_security/LEN-17420
 CVE-2017-13079 - https://www.krackattacks.com/
 CVE-2017-13080 - http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt
 CVE-2017-13080 - http://www.kb.cert.org/vuls/id/228519
 CVE-2017-13080 - http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
+CVE-2017-13080 - http://www.ubuntu.com/usn/USN-3455-1
 CVE-2017-13080 - https://cert.vde.com/en-us/advisories/vde-2017-003
 CVE-2017-13080 - https://cert.vde.com/en-us/advisories/vde-2017-005
 CVE-2017-13080 - https://hackerone.com/reports/286740
@@ -40897,12 +40905,14 @@ CVE-2017-13080 - https://www.krackattacks.com/
 CVE-2017-13081 - http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt
 CVE-2017-13081 - http://www.kb.cert.org/vuls/id/228519
 CVE-2017-13081 - http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
+CVE-2017-13081 - http://www.ubuntu.com/usn/USN-3455-1
 CVE-2017-13081 - https://cert.vde.com/en-us/advisories/vde-2017-005
 CVE-2017-13081 - https://hackerone.com/reports/286740
 CVE-2017-13081 - https://www.krackattacks.com/
 CVE-2017-13082 - http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt
 CVE-2017-13082 - http://www.kb.cert.org/vuls/id/228519
 CVE-2017-13082 - http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
+CVE-2017-13082 - http://www.ubuntu.com/usn/USN-3455-1
 CVE-2017-13082 - https://cert.vde.com/en-us/advisories/vde-2017-005
 CVE-2017-13082 - https://hackerone.com/reports/286740
 CVE-2017-13082 - https://support.lenovo.com/us/en/product_security/LEN-17420
@@ -40914,19 +40924,22 @@ CVE-2017-13084 - https://support.lenovo.com/us/en/product_security/LEN-17420
 CVE-2017-13084 - https://www.krackattacks.com/
 CVE-2017-13086 - http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt
 CVE-2017-13086 - http://www.kb.cert.org/vuls/id/228519
+CVE-2017-13086 - http://www.ubuntu.com/usn/USN-3455-1
 CVE-2017-13086 - https://cert.vde.com/en-us/advisories/vde-2017-005
 CVE-2017-13086 - https://hackerone.com/reports/286740
 CVE-2017-13086 - https://support.lenovo.com/us/en/product_security/LEN-17420
 CVE-2017-13086 - https://www.krackattacks.com/
 CVE-2017-13087 - http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt
 CVE-2017-13087 - http://www.kb.cert.org/vuls/id/228519
+CVE-2017-13087 - http://www.ubuntu.com/usn/USN-3455-1
 CVE-2017-13087 - https://cert.vde.com/en-us/advisories/vde-2017-005
 CVE-2017-13087 - https://hackerone.com/reports/286740
 CVE-2017-13087 - https://support.lenovo.com/us/en/product_security/LEN-17420
 CVE-2017-13087 - https://www.krackattacks.com/
 CVE-2017-13088 - http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt
 CVE-2017-13088 - http://www.kb.cert.org/vuls/id/228519
 CVE-2017-13088 - http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
+CVE-2017-13088 - http://www.ubuntu.com/usn/USN-3455-1
 CVE-2017-13088 - https://cert.vde.com/en-us/advisories/vde-2017-005
 CVE-2017-13088 - https://hackerone.com/reports/286740
 CVE-2017-13088 - https://support.lenovo.com/us/en/product_security/LEN-17420