what you don't know can hurt you
Showing 1 - 25 of 26 RSS Feed

Files from Ralf Spenneberg

Email addressralf at spenneberg.net
First Active2004-04-07
Last Active2017-04-06
Schneider Hardcoded Password
Posted Apr 6, 2017
Authored by Ralf Spenneberg, Hendrik Schwartke, Simon Heming, Maik Bruggemann

The password for the project protection of the Schneider Modicon TM221CE16R is hard-coded and cannot be changed.

tags | exploit
MD5 | eabeef29ad59458466fadb54b45f08c9
Linux Kernel Keyctl Null Pointer Dereference
Posted Nov 15, 2016
Authored by Ralf Spenneberg, Hendrik Schwartke, Sergej Schumilo

A malicious interaction with the keyctl usermode interface allows an attacker to crash the kernel. Processing the attached certificate by the kernel leads to a kernel nullpointer dereference. This vulnerably can be triggered by any unprivileged user locally.

tags | exploit, kernel
MD5 | 478eb43ed2705fe03ff877734ccb1036
Linux Kernel EXT4 Memory Corruption / SLAB Out-Of-Bounds Read
Posted Nov 15, 2016
Authored by Ralf Spenneberg, Sergej Schumilo

Mounting a crafted EXT4 image read-only leads to a memory corruption and SLAB out of bounds reads (according to KASAN). Since the mounting procedure is a privileged operation, an attacker is probably not able to trigger this vulnerability on the commandline. Instead the automatic mounting feature of the GUI via a crafted USB device is required.

tags | advisory
MD5 | 913d567fda8fadad415b8771b911aa8e
Linux Kernel EXT4 Error Handling Denial Of Service
Posted Nov 1, 2016
Authored by Ralf Spenneberg, Hendrik Schwartke, Sergej Schumilo

Mounting a crafted EXT4 image as read-only leads to a kernel panic. Since the mounting procedure is a privileged operation, an attacker is probably not able to trigger this vulnerability on the commandline. Instead the automatic mounting feature of the GUI via a crafted USB-device is required.

tags | exploit, denial of service, kernel
MD5 | c3fca2dc05f006c669b346c9b4f69fa0
Epson WorkForce Lack Of Firmware Signing / CSRF
Posted Sep 26, 2016
Authored by Ralf Spenneberg

Epson WorkForce multi-function printers do not use signed firmware images and allow unauthorized malicious firmware-updates. Additionally, they suffer from a cross site request forgery vulnerability that allows an attacker to commit such a firmware update.

tags | exploit, csrf
MD5 | 51c0f9d56cca528c6480d7bb11c63644
Linux ati_remote2 Null Pointer Dereference
Posted Mar 12, 2016
Authored by Ralf Spenneberg, Hendrik Schwartke, Sergej Schumilo

Linux kernel version 3.10.0-229.20.1.el7.x86_64 crashes on presentation of a buggy USB device requiring the ati_remote2 driver.

tags | exploit, kernel
systems | linux
advisories | CVE-2016-2185
MD5 | cbb5693ae634ca7c47f034cdeac271ce
Linux snd-usb-audio Denial Of Service
Posted Mar 12, 2016
Authored by Ralf Spenneberg, Hendrik Schwartke, Sergej Schumilo

Linux kernel version 3.10.0-229.20.1.el7.x86_64 crashes on presentation of a buggy USB device requiring the snd-usb-audio driver.

tags | exploit, kernel
systems | linux
advisories | CVE-2016-2184
MD5 | 20c02a014ba3fe3962d4a893d8953da8
Linux snd-usb-audio Null Pointer Dereference
Posted Mar 12, 2016
Authored by Ralf Spenneberg, Hendrik Schwartke, Sergej Schumilo

Linux kernel version 3.10.0-229.20.1.el7.x86_64 crashes on presentation of a buggy USB device requiring the snd-usb-audio driver.

tags | exploit, kernel
systems | linux
MD5 | 8539e19fd2fc05196ef482d43d39461c
Linux iowarrior Null Pointer Dereference
Posted Mar 12, 2016
Authored by Ralf Spenneberg, Hendrik Schwartke, Sergej Schumilo

Linux kernel version 3.10.0-229.20.1.el7.x86_64 crashes on presentation of a buggy USB device requiring the iowarrior driver.

tags | exploit, kernel
systems | linux
advisories | CVE-2016-2188
MD5 | b2c4811d5cb7383d82dfaec50bb9af27
Linux visor (treo_attach) Null Pointer Dereference
Posted Mar 12, 2016
Authored by Ralf Spenneberg, Hendrik Schwartke, Sergej Schumilo

Linux kernel version 3.10.0-229.20.1.el7.x86_64 crashes on presentation of a buggy USB device requiring the visor (treo_attach) driver.

tags | exploit, kernel
systems | linux
advisories | CVE-2016-2782
MD5 | dfd38df7f734ea4f63d3208569f50b64
Linux powermate Null Pointer Dereference
Posted Mar 12, 2016
Authored by Ralf Spenneberg, Hendrik Schwartke, Sergej Schumilo

Linux kernel version 3.10.0-229.20.1.el7.x86_64 crashes on presentation of buggy USB device requiring the powermate driver.

tags | exploit, kernel
systems | linux
advisories | CVE-2016-2186
MD5 | 6f9abac59aac43d3d01336615845120d
Linux digi_acceleport Null Pointer Dereference
Posted Mar 9, 2016
Authored by Ralf Spenneberg, Hendrik Schwartke, Sergej Schumilo

Linux kernel version 3.10.0-229.20.1.el7.x86_64 crashes on presentation of a buggy USB device requiring the digi_acceleport driver.

tags | exploit, kernel
systems | linux
advisories | CVE-2016-3140
MD5 | 9cdf35a95d56ced38d25e151081da7f4
Linux wacom Multiple Null Pointer Dereferences
Posted Mar 9, 2016
Authored by Ralf Spenneberg, Hendrik Schwartke, Sergej Schumilo

Linux kernel version 3.10.0-229.20.1.el7.x86_64 crashes on presentation of buggy USB device requiring the wacom driver.

tags | exploit, kernel
systems | linux
advisories | CVE-2016-3139
MD5 | 5b43a189a2fa90148d43f6f962bf532d
Linux visor (treo_attach) Null Pointer Dereference
Posted Mar 9, 2016
Authored by Ralf Spenneberg, Hendrik Schwartke, Sergej Schumilo

Linux kernel version 3.10.0-229.20.1.el7.x86_64 crashes on presentation of a buggy USB device requiring the visor (treo_attach) driver.

tags | exploit, kernel
systems | linux
advisories | CVE-2016-2782
MD5 | b112c06d7c2eee498008fcff318bf3ba
Linux visor clie_5_attach Null Pointer Dereference
Posted Mar 9, 2016
Authored by Ralf Spenneberg, Hendrik Schwartke, Sergej Schumilo

Linux kernel version 3.10.0-229.20.1.el7.x86_64 crashes on presentation of a buggy USB device requiring the visor (clie_5_attach) driver.

tags | exploit, kernel
systems | linux
advisories | CVE-2015-7566
MD5 | 1914903b6936f47d8d033075d3b2d29d
Linux mct_u232 Null Pointer Dereference
Posted Mar 9, 2016
Authored by Ralf Spenneberg, Hendrik Schwartke, Sergej Schumilo

Linux kernel version 3.10.0-229.20.1.el7.x86_64 crashes on presentation of a buggy USB device requiring the mct_u232_m8 driver.

tags | exploit, kernel
systems | linux
advisories | CVE-2016-3136
MD5 | 047af0daefa42f9ac51748a320c68285
Linux cypress_m8 Null Pointer Dereference
Posted Mar 9, 2016
Authored by Ralf Spenneberg, Hendrik Schwartke, Sergej Schumilo

Linux kernel version 3.10.0-229.20.1.el7.x86_64 crashes on presentation of a buggy USB device which requires the requiring the cypress_m8 driver.

tags | exploit, kernel
systems | linux
advisories | CVE-2016-3137
MD5 | 2fef15df37ed914caeafb51f9846bd67
Linux cdc_acm Null Pointer Dereference
Posted Mar 9, 2016
Authored by Ralf Spenneberg, Hendrik Schwartke, Sergej Schumilo

Linux kernel version 3.10.0-229.20.1.el7.x86_64 crashes on presentation of a buggy USB device requiring the cdc_acm driver.

tags | exploit, kernel
systems | linux
advisories | CVE-2016-3138
MD5 | 2e7fe80ddf09cc6544f1121e0f96b67c
Linux aiptek Null Pointer Dereference
Posted Mar 9, 2016
Authored by Ralf Spenneberg, Hendrik Schwartke, Sergej Schumilo

Linux kernel version 3.10.0-229.20.1.el7.x86_64 crashes when presented a buggy USB device using the aiptek driver.

tags | exploit, kernel
systems | linux
MD5 | 1edaffdd5b3540c339f550aa389d918a
Prolific Ser2co64.sys Stack Buffer Overflow
Posted Feb 9, 2016
Authored by Ralf Spenneberg, Hendrik Schwartke, Sergej Schumilo

The Prolific ser2co64.sys driver is vulnerable to a stack buffer overflow. If a malicious USB device is presented, the buffer overflow occurs. This driver is digitally signed by Microsoft and provided via Windows Update.

tags | exploit, overflow
systems | windows
MD5 | c67ee029e5d6f02c50f51f6b9dba26ec
Winkhaus Bluesmart Insufficient Integrity Protection
Posted Jan 3, 2016
Authored by Ralf Spenneberg, Hendrik Schwartke, Oguzhan Cicek

There is insufficient integrity protection in Winkhaus Bluesmart locking systems using Hitag S.

tags | advisory
MD5 | d20148e48f709be0533eb09251e98f09
NXP Hitag S Transponder Weak Authentication
Posted Jan 3, 2016
Authored by Ralf Spenneberg, Hendrik Schwartke, Oguzhan Cicek

Weak authentication in NXP Hitag S transponder allows an attacker to read, write and clone any tag.

tags | advisory
MD5 | a0a2c338fcfcd92aad3fd47ffea2f105
Uhlmann And Zacher Clex Insufficient Integrity Checks
Posted Jan 2, 2016
Authored by Ralf Spenneberg, Hendrik Schwartke

Uhlmann and Zacher Clex prime locking systems using 125 kHz EM4450 transponders suffer from having insufficient integrity checks.

tags | advisory
MD5 | 618e110ccdbaad43608651f40263ab9a
RedHat Enterprise Linux 7.1 Denial Of Service
Posted Oct 7, 2015
Authored by Ralf Spenneberg, Hendrik Schwartke, Sergej Schumilo

RedHat Enterprise Linux version 7.1 suffers from a kernel crash vulnerability on invalid USB device descriptors.

tags | exploit, denial of service, kernel
systems | linux, redhat
MD5 | dd2affbcfd167783f9252714bb923ab1
Mitsubishi Melsec FX3G-24M Denial Of Service
Posted Sep 30, 2015
Authored by Ralf Spenneberg

Mitsubishi Melsec FX3G-24M suffers from a denial of service vulnerability.

tags | exploit, denial of service
advisories | CVE-2015-3938
MD5 | 2a10a9dca38e65e0d1a507ad24a8483e
Page 1 of 2
Back12Next

File Archive:

June 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    1 Files
  • 2
    Jun 2nd
    2 Files
  • 3
    Jun 3rd
    19 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    15 Files
  • 6
    Jun 6th
    12 Files
  • 7
    Jun 7th
    11 Files
  • 8
    Jun 8th
    1 Files
  • 9
    Jun 9th
    1 Files
  • 10
    Jun 10th
    15 Files
  • 11
    Jun 11th
    15 Files
  • 12
    Jun 12th
    15 Files
  • 13
    Jun 13th
    8 Files
  • 14
    Jun 14th
    16 Files
  • 15
    Jun 15th
    2 Files
  • 16
    Jun 16th
    1 Files
  • 17
    Jun 17th
    18 Files
  • 18
    Jun 18th
    15 Files
  • 19
    Jun 19th
    22 Files
  • 20
    Jun 20th
    15 Files
  • 21
    Jun 21st
    15 Files
  • 22
    Jun 22nd
    2 Files
  • 23
    Jun 23rd
    1 Files
  • 24
    Jun 24th
    23 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close