Victor Pasman

Role: CSIRT Teamlead level 2

Articles / cases / cves

CSIRT Cases

• DIVD-2023-00011 - FortiNAC and FortiWeb RCE Vulnerability
• DIVD-2022-00068 - Multiple vulnerabilities identified within White Rabbit Switch from CERN
• DIVD-2022-00063 - Memory overflow vulnerability in FortiOS SSL VPN
• DIVD-2022-00058 - ZK Framework - ZK AuUploader Servlet Upload Vulnerability
• DIVD-2022-00056 - Critical authentication bypass affecting Fortigate products
• DIVD-2022-00052 - Multiple vulnerabilities is Cloudflow software
• DIVD-2022-00045 - Injection vulnerability found within Socket.io
• DIVD-2022-00038 - Vulnerable Oracle WebLogic Server
• DIVD-2022-00033 - Atlassian Confluence 0-day unauthenticated RCE
• DIVD-2022-00032 - Exchange backdoor
• DIVD-2022-00029 - Remote Code Execution on Sophos Firewall
• DIVD-2022-00027 - F5 BIG-IP iControl REST API remote code execution
• DIVD-2022-00026 - WSO2 Remote Code Executions - CVE-2022-29464
• DIVD-2022-00025 - VMware - CVE-2022-22954
• DIVD-2022-00024 - Spring Cloud RCE - CVE-2022-22963
• DIVD-2022-00020 - Inproper input validation vulnerabilities identified within Feathers.js
• DIVD-2022-00008 - XSS Zeroday in Zimbra
• DIVD-2021-00038 - Apache Log4j2
• DIVD-2021-00037 - Critical vulnerabilities in ITarian MSP platform and on-premise solution
• DIVD-2021-00033 - Sites with Potential SQL-Injection
• DIVD-2021-00022 - Exchange ProxyShell and ProxyOracle
• DIVD-2021-00015 - Telegram OD
• DIVD-2021-00006 - SmarterMail

CVEs contributed to

• CVE-2021-32233 - SmarterTools SmarterMail before Build 7776 allows XSS
• CVE-2021-32234 - SmarterTools SmarterMail before Build 7776 allows RCE
• CVE-2021-43977 - SmarterTools SmarterMail before 100.0.7803 allows XSS
• CVE-2022-0564 - Qlik sense Enterprise Domain User enumeration
• CVE-2022-2421 - Socket.io - Improper type validation in attachment parsing
• CVE-2022-2422 - Feathers - SQL injection via attribute aliases
• CVE-2022-25151 - ITarian - Session cookie not protected by HttpOnly flag
• CVE-2022-25152 - ITarian - Any user with a valid session token can create and execute agent procedures and bypass mandatory approvals
• CVE-2022-25153 - ITarian - Local privilege escalation in Endpoint Manager agent on Windows
• CVE-2022-29822 - Feathers - Improper parameter filtering in the Feathers js library, which may ultimately lead to SQL injection
• CVE-2022-29823 - Feathers - Query “__proto__” is converted to real prototype
• CVE-2022-3901 - Visioweb.js - Prototype Pollution can results in XSS
• CVE-2022-41216 - Cloudflow - Local File Inclusion Vulnerability
• CVE-2022-41217 - Cloudflow - Unauthenticated file upload vulnerability
• CVE-2023-22577 - White Rabbit Switch - Password Disclosure Vulnerability
• CVE-2023-22578 - Sequalize - Default support for “raw attributes” when using parentheses
• CVE-2023-22579 - Sequalize - Unsafe fall-through in getWhereConditions
• CVE-2023-22580 - Sequalize - Bad query filtering leading to SQL errors
• CVE-2023-22581 - White Rabbit Switch - Unauthenticated remote code execution