Max van der Horst

Role: Researcher level 3

Social media

Icon - Max van der Horst

Articles / cases / cves

CSIRT Cases

• DIVD-2024-00005 - Remote code execution in FortiOS
• DIVD-2024-00001 - Auth. Bypass and Command Injection in Ivanti VPN appliance
• DIVD-2023-00042 - Confluence improper authorization vulnerability
• DIVD-2023-00039 - VMware vCenter Server RCE
• DIVD-2023-00038 - Global Cisco IOS-XE (CVE-2023-20198) Implants
• DIVD-2023-00037 - Security Feature Bypass in MinIO
• DIVD-2023-00036 - Authentication Bypass in JetBrains TeamCity
• DIVD-2023-00035 - Remote Code Execution in Juniper Networks SRX- and EX-Series
• DIVD-2023-00034 - API Authentication Bypass Vulnerability in Ivanti Sentry
• DIVD-2023-00033 - Citrix systems exploited with CVE-2023-3519
• DIVD-2023-00029 - Critical Fortinet SSL-VPN RCE Vulnerability
• DIVD-2023-00025 - Multiple vulnerabilities in Danfoss AK-SM800A
• DIVD-2023-00024 - SQL injection in GeoServer - CVE-2023-25157
• DIVD-2023-00023 - SQL injection in MOVEit Transfer - CVE-2023-34362
• DIVD-2023-00022 - OS command injection vulnerability of Zyxel firewalls
• DIVD-2023-00021 - Multiple vulnerabilities in Danfoss AK-EM 100
• DIVD-2023-00020 - PaperCut MF/NG Authentication Bypass
• DIVD-2023-00017 - Cisco Small Business Router Authentication Bypass
• DIVD-2023-00011 - FortiNAC and FortiWeb RCE Vulnerability
• DIVD-2023-00010 - Remote Code Execution in Microsoft Exchange Server
• DIVD-2023-00009 - Cisco RV Series Remote Command Execution
• DIVD-2023-00007 - Global VMware ESXi Ransomware Attack
• DIVD-2023-00004 - Unauthenticated Remote Command Execution using SAML in Zoho ManageEngine
• DIVD-2023-00003 - OS command injection in CentOS CWP
• DIVD-2023-00002 - Publicly Reachable Malicious Webshells
• DIVD-2022-00068 - Multiple vulnerabilities identified within White Rabbit Switch from CERN
• DIVD-2022-00064 - Multiple injection vulnerabilities identified within Axiell Iguana CMS
• DIVD-2022-00060 - Command Injection vulnerability in Bitbucket Server and Data Center
• DIVD-2022-00054 - ProxyNotShell - Microsoft Exchange SSRF and RCE
• DIVD-2022-00027 - F5 BIG-IP iControl REST API remote code execution
• DIVD-2022-00024 - Spring Cloud RCE - CVE-2022-22963
• DIVD-2022-00022 - WatchGuard Firebox and XTM appliance ACE vulnerability
• DIVD-2022-00012 - Global Charity Vulnerabilities
• DIVD-2022-00004 - Post-Log4J Open Database C2 and Monero Miner Infections
• DIVD-2021-00020 - OSNexsus QuantaStor limited disclosure and product warning

CVEs contributed to

• CVE-2022-45049 - Reflected XSS in Axiell Iguana CMS
• CVE-2022-45050 - Reflected XSS in Axiell Iguana CMS
• CVE-2022-45051 - Reflected POST XSS in Axiell Iguana CMS
• CVE-2022-45052 - Local File Inclusion in Axiell Iguana CMS
• CVE-2023-22583 - SQL Injection in Danfoss AK-EM 100
• CVE-2023-22584 - Cleartext credentials in Danfoss AK-EM 100
• CVE-2023-22585 - Reflected Cross-Site Scripting in Danfoss AK-EM 100
• CVE-2023-22586 - Local File Inclusion in Danfoss AK-EM 100
• CVE-2023-25911 - OS Command Injection in Danfoss AK-EM 100
• CVE-2023-25912 - Webreport disclosure to unauthorized actor in Danfoss AK-EM 100
• CVE-2023-25913 - Authentication Bypass in Danfoss AK-SM800A
• CVE-2023-25914 - Path Traversal in Danfoss AK-SM800A
• CVE-2023-25915 - Remote Command Execution in Danfoss AK-SM800A