Victor Pasman
Role: CSIRT Teamlead level 2Articles / cases / cves
CSIRT Cases
- DIVD-2022-00063 - Memory overflow vulnerability in FortiOS SSL VPN
- DIVD-2022-00056 - Critical authentication bypass affecting Fortigate products
- DIVD-2022-00045 - Injection vulnerability found within Socket.io
- DIVD-2022-00038 - Vulnerable Oracle WebLogic Server
- DIVD-2022-00033 - Atlassian Confluence 0-day unauthenticated RCE
- DIVD-2022-00032 - Exchange backdoor
- DIVD-2022-00029 - Remote Code Execution on Sophos Firewall
- DIVD-2022-00027 - F5 BIG-IP iControl REST API remote code execution
- DIVD-2022-00026 - WSO2 Remote Code Executions - CVE-2022-29464
- DIVD-2022-00025 - VMware - CVE-2022-22954
- DIVD-2022-00024 - Spring Cloud RCE - CVE-2022-22963
- DIVD-2022-00020 - Inproper input validation vulnerabilities identified within Feathers.js
- DIVD-2022-00008 - XSS Zeroday in Zimbra
- DIVD-2021-00038 - Apache Log4j2
- DIVD-2021-00037 - Critical vulnerabilities in ITarian MSP platform and on-premise solution
- DIVD-2021-00033 - Sites with Potential SQL-Injection
- DIVD-2021-00022 - Exchange ProxyShell and ProxyOracle
- DIVD-2021-00015 - Telegram OD
- DIVD-2021-00006 - SmarterMail
CVEs contributed to
- CVE-2021-32233 - SmarterTools SmarterMail before Build 7776 allows XSS
- CVE-2021-32234 - SmarterTools SmarterMail before Build 7776 allows RCE
- CVE-2021-43977 - SmarterTools SmarterMail before 100.0.7803 allows XSS
- CVE-2022-0564 - Qlik sense Enterprise Domain User enumeration
- CVE-2022-2421 - Socket.io - Improper type validation in attachment parsing
- CVE-2022-2422 - Feathers - SQL injection via attribute aliases
- CVE-2022-25151 - ITarian - Session cookie not protected by HttpOnly flag
- CVE-2022-25152 - ITarian - Any user with a valid session token can create and execute agent procedures and bypass mandatory approvals
- CVE-2022-25153 - ITarian - Local privilege escalation in Endpoint Manager agent on Windows
- CVE-2022-29822 - Feathers - Improper parameter filtering in the Feathers js library, which may ultimately lead to SQL injection
- CVE-2022-29823 - Feathers - Query “__proto__” is converted to real prototype