exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 26 RSS Feed

Files from Ralf Spenneberg

Email addressralf at spenneberg.net
First Active2004-04-07
Last Active2017-04-06
Schneider Hardcoded Password
Posted Apr 6, 2017
Authored by Ralf Spenneberg, Hendrik Schwartke, Simon Heming, Maik Bruggemann

The password for the project protection of the Schneider Modicon TM221CE16R is hard-coded and cannot be changed.

tags | exploit
SHA-256 | 4621c0044c5a24d96d1788203f448b2efd0583ce750a71e293fd82e80739c88c
Linux Kernel Keyctl Null Pointer Dereference
Posted Nov 15, 2016
Authored by Ralf Spenneberg, Hendrik Schwartke, Sergej Schumilo

A malicious interaction with the keyctl usermode interface allows an attacker to crash the kernel. Processing the attached certificate by the kernel leads to a kernel nullpointer dereference. This vulnerably can be triggered by any unprivileged user locally.

tags | exploit, kernel
SHA-256 | f84b2c209822d9c15501892e2c718cb3967a4db2792d9be2b18757f3378ca33c
Linux Kernel EXT4 Memory Corruption / SLAB Out-Of-Bounds Read
Posted Nov 15, 2016
Authored by Ralf Spenneberg, Sergej Schumilo

Mounting a crafted EXT4 image read-only leads to a memory corruption and SLAB out of bounds reads (according to KASAN). Since the mounting procedure is a privileged operation, an attacker is probably not able to trigger this vulnerability on the commandline. Instead the automatic mounting feature of the GUI via a crafted USB device is required.

tags | advisory
SHA-256 | 76833a7057ed11a9603a2cca2127a14da53cfb98824820fa60de3d7cf3b821a6
Linux Kernel EXT4 Error Handling Denial Of Service
Posted Nov 1, 2016
Authored by Ralf Spenneberg, Hendrik Schwartke, Sergej Schumilo

Mounting a crafted EXT4 image as read-only leads to a kernel panic. Since the mounting procedure is a privileged operation, an attacker is probably not able to trigger this vulnerability on the commandline. Instead the automatic mounting feature of the GUI via a crafted USB-device is required.

tags | exploit, denial of service, kernel
SHA-256 | 011b753ceacca2ffb6904932ea2a749ae06dce8d32cca4a615dce413d005e946
Epson WorkForce Lack Of Firmware Signing / CSRF
Posted Sep 26, 2016
Authored by Ralf Spenneberg

Epson WorkForce multi-function printers do not use signed firmware images and allow unauthorized malicious firmware-updates. Additionally, they suffer from a cross site request forgery vulnerability that allows an attacker to commit such a firmware update.

tags | exploit, csrf
SHA-256 | 1cd736567c6dd8e7a4095d0328fa865f1aa4a27333c0a07940e10243460214b6
Linux ati_remote2 Null Pointer Dereference
Posted Mar 12, 2016
Authored by Ralf Spenneberg, Hendrik Schwartke, Sergej Schumilo

Linux kernel version 3.10.0-229.20.1.el7.x86_64 crashes on presentation of a buggy USB device requiring the ati_remote2 driver.

tags | exploit, kernel
systems | linux
advisories | CVE-2016-2185
SHA-256 | 64b27b582d1d98470bc99a03647730dc3ca9087a360e0d33bea3d39a03c176d3
Linux snd-usb-audio Denial Of Service
Posted Mar 12, 2016
Authored by Ralf Spenneberg, Hendrik Schwartke, Sergej Schumilo

Linux kernel version 3.10.0-229.20.1.el7.x86_64 crashes on presentation of a buggy USB device requiring the snd-usb-audio driver.

tags | exploit, kernel
systems | linux
advisories | CVE-2016-2184
SHA-256 | 63b99ee44c94290534a1566558fa0fa9dbffab9377972bb47e8df52a4e55a51b
Linux snd-usb-audio Null Pointer Dereference
Posted Mar 12, 2016
Authored by Ralf Spenneberg, Hendrik Schwartke, Sergej Schumilo

Linux kernel version 3.10.0-229.20.1.el7.x86_64 crashes on presentation of a buggy USB device requiring the snd-usb-audio driver.

tags | exploit, kernel
systems | linux
SHA-256 | d00ca273b23d502c913f393d8f3304224d9e923c78a3ed72afd9d8358c4dd26c
Linux iowarrior Null Pointer Dereference
Posted Mar 12, 2016
Authored by Ralf Spenneberg, Hendrik Schwartke, Sergej Schumilo

Linux kernel version 3.10.0-229.20.1.el7.x86_64 crashes on presentation of a buggy USB device requiring the iowarrior driver.

tags | exploit, kernel
systems | linux
advisories | CVE-2016-2188
SHA-256 | cf5a8c3c5444f99bb6ad6a488d29e6cf6dcac765a5f97f7aa248611d304cb401
Linux visor (treo_attach) Null Pointer Dereference
Posted Mar 12, 2016
Authored by Ralf Spenneberg, Hendrik Schwartke, Sergej Schumilo

Linux kernel version 3.10.0-229.20.1.el7.x86_64 crashes on presentation of a buggy USB device requiring the visor (treo_attach) driver.

tags | exploit, kernel
systems | linux
advisories | CVE-2016-2782
SHA-256 | 38836a9f9c94e69ba7af1af7985d04a180d148018d89d5ae14f432812d3322e7
Linux powermate Null Pointer Dereference
Posted Mar 12, 2016
Authored by Ralf Spenneberg, Hendrik Schwartke, Sergej Schumilo

Linux kernel version 3.10.0-229.20.1.el7.x86_64 crashes on presentation of buggy USB device requiring the powermate driver.

tags | exploit, kernel
systems | linux
advisories | CVE-2016-2186
SHA-256 | badce87f5987744b043fdb6d8d692d6664fa28bf648f0aa094de7b5e3c41c5fa
Linux digi_acceleport Null Pointer Dereference
Posted Mar 9, 2016
Authored by Ralf Spenneberg, Hendrik Schwartke, Sergej Schumilo

Linux kernel version 3.10.0-229.20.1.el7.x86_64 crashes on presentation of a buggy USB device requiring the digi_acceleport driver.

tags | exploit, kernel
systems | linux
advisories | CVE-2016-3140
SHA-256 | ef3cd4da9fad5010d69c5473a0734443552fa03ffe6c6259dcd1a63f6e52a21e
Linux wacom Multiple Null Pointer Dereferences
Posted Mar 9, 2016
Authored by Ralf Spenneberg, Hendrik Schwartke, Sergej Schumilo

Linux kernel version 3.10.0-229.20.1.el7.x86_64 crashes on presentation of buggy USB device requiring the wacom driver.

tags | exploit, kernel
systems | linux
advisories | CVE-2016-3139
SHA-256 | 12a4cdb3b402f1acfdac5ac5bc325c540cea516465ad86e2a98b91435a6cc69d
Linux visor (treo_attach) Null Pointer Dereference
Posted Mar 9, 2016
Authored by Ralf Spenneberg, Hendrik Schwartke, Sergej Schumilo

Linux kernel version 3.10.0-229.20.1.el7.x86_64 crashes on presentation of a buggy USB device requiring the visor (treo_attach) driver.

tags | exploit, kernel
systems | linux
advisories | CVE-2016-2782
SHA-256 | 56a4919df423d8d1ced2edc350991c087f6a5b63d56610a9eb1ac25f9987628f
Linux visor clie_5_attach Null Pointer Dereference
Posted Mar 9, 2016
Authored by Ralf Spenneberg, Hendrik Schwartke, Sergej Schumilo

Linux kernel version 3.10.0-229.20.1.el7.x86_64 crashes on presentation of a buggy USB device requiring the visor (clie_5_attach) driver.

tags | exploit, kernel
systems | linux
advisories | CVE-2015-7566
SHA-256 | 7c2aef0ea978cdd6912da2041015ef50e879934c3c06d21f43668fd7fed52de6
Linux mct_u232 Null Pointer Dereference
Posted Mar 9, 2016
Authored by Ralf Spenneberg, Hendrik Schwartke, Sergej Schumilo

Linux kernel version 3.10.0-229.20.1.el7.x86_64 crashes on presentation of a buggy USB device requiring the mct_u232_m8 driver.

tags | exploit, kernel
systems | linux
advisories | CVE-2016-3136
SHA-256 | bb601d9a1f1ed7dfcaf7c00dc14e446a75b594c8de672d642eb7431e9e2d7356
Linux cypress_m8 Null Pointer Dereference
Posted Mar 9, 2016
Authored by Ralf Spenneberg, Hendrik Schwartke, Sergej Schumilo

Linux kernel version 3.10.0-229.20.1.el7.x86_64 crashes on presentation of a buggy USB device which requires the requiring the cypress_m8 driver.

tags | exploit, kernel
systems | linux
advisories | CVE-2016-3137
SHA-256 | ef0ff61783f9faba135ab9d60a739f12664bbf04f6053e34c17b50e4045f5349
Linux cdc_acm Null Pointer Dereference
Posted Mar 9, 2016
Authored by Ralf Spenneberg, Hendrik Schwartke, Sergej Schumilo

Linux kernel version 3.10.0-229.20.1.el7.x86_64 crashes on presentation of a buggy USB device requiring the cdc_acm driver.

tags | exploit, kernel
systems | linux
advisories | CVE-2016-3138
SHA-256 | 74970c51108c9c527182088e5f799451e879349acff15a9808117c1634d2ccf9
Linux aiptek Null Pointer Dereference
Posted Mar 9, 2016
Authored by Ralf Spenneberg, Hendrik Schwartke, Sergej Schumilo

Linux kernel version 3.10.0-229.20.1.el7.x86_64 crashes when presented a buggy USB device using the aiptek driver.

tags | exploit, kernel
systems | linux
SHA-256 | a267f2861aa06cc9f33c4b5f5a3fe10f859f72989ebc9e954b86d65640f165ae
Prolific Ser2co64.sys Stack Buffer Overflow
Posted Feb 9, 2016
Authored by Ralf Spenneberg, Hendrik Schwartke, Sergej Schumilo

The Prolific ser2co64.sys driver is vulnerable to a stack buffer overflow. If a malicious USB device is presented, the buffer overflow occurs. This driver is digitally signed by Microsoft and provided via Windows Update.

tags | exploit, overflow
systems | windows
SHA-256 | 84a03321f43cdba56015676deaa534ad2999e1add9df93b109eb3d9f4a9b1dae
Winkhaus Bluesmart Insufficient Integrity Protection
Posted Jan 3, 2016
Authored by Ralf Spenneberg, Hendrik Schwartke, Oguzhan Cicek

There is insufficient integrity protection in Winkhaus Bluesmart locking systems using Hitag S.

tags | advisory
SHA-256 | 7e097911da8f5d6302677a172dc10b8f32a27cec0e55d99666578143937fbb6d
NXP Hitag S Transponder Weak Authentication
Posted Jan 3, 2016
Authored by Ralf Spenneberg, Hendrik Schwartke, Oguzhan Cicek

Weak authentication in NXP Hitag S transponder allows an attacker to read, write and clone any tag.

tags | advisory
SHA-256 | 35ca24d1eda05c86e33a60e6f63f3862bf14bff34b8534d6d1966b86e6bf0539
Uhlmann And Zacher Clex Insufficient Integrity Checks
Posted Jan 2, 2016
Authored by Ralf Spenneberg, Hendrik Schwartke

Uhlmann and Zacher Clex prime locking systems using 125 kHz EM4450 transponders suffer from having insufficient integrity checks.

tags | advisory
SHA-256 | daca1134ee0122b60473b3eb96d21505b1bbe82dfa2c1dd7013a416f61106342
RedHat Enterprise Linux 7.1 Denial Of Service
Posted Oct 7, 2015
Authored by Ralf Spenneberg, Hendrik Schwartke, Sergej Schumilo

RedHat Enterprise Linux version 7.1 suffers from a kernel crash vulnerability on invalid USB device descriptors.

tags | exploit, denial of service, kernel
systems | linux, redhat
SHA-256 | a6c1498865a19e4b8fb98829baeba3cc2c1cf40f95da53b3d912face5dffbc85
Mitsubishi Melsec FX3G-24M Denial Of Service
Posted Sep 30, 2015
Authored by Ralf Spenneberg

Mitsubishi Melsec FX3G-24M suffers from a denial of service vulnerability.

tags | exploit, denial of service
advisories | CVE-2015-3938
SHA-256 | 11305edb69fbaa63801ee810fdf8c773dad4fb7309cec538b632d1ce094cd87e
Page 1 of 2
Back12Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close