Hidde Smit
Researcher level 2
Featured articles
CSIRT cases
- DIVD-2024-00024 - Multiple vulnerabilities found in the SOPlanning tool
- DIVD-2024-00011 - Six vulnerabilities in Enphase IQ Gateway devices
- DIVD-2021-00037 - Critical vulnerabilities in ITarian MSP platform and on-premise solution
- DIVD-2021-00021 - Qlik Sense Enterprise domain user enumeration
- DIVD-2021-00017 - SolarWinds N-able N-central agent vulnerabilities
Show more Show less
CVE Records
- Remote Code Execution through File Upload in SOPlanning before 1.52.02
- Remote Code Execution through File Upload in SOPlanning before 1.52.02
- Insecure Direct Object Reference to export Database in SOPlanning before 1.52.02
- SQL Injection in SOPlanning before 1.52.02
- Upload of encrypted packages allows authenticated command execution in Enphase IQ Gateway v4.x and v5.x
Show more Show less
- URL parameter manipulations allows an authenticated attacker to execute arbitrary OS commands in Enphase IQ Gateway version 4.x <= 7.x
- URL parameter manipulations allows an authenticated attacker to execute arbitrary OS commands in Enphase IQ Gateway v4.x to v8.x and < v8.2.4225
- Command Injection through Unsafe File Name Evaluation in internal script in Enphase IQ Gateway v4.x to and including 8.x
- Insecure File Generation Based on User Input in Enphase IQ Gateway version 4.x to 8.x and < 8.2.4225
- Unauthenticated Path Traversal via URL Parameter in Enphase IQ Gateway version < 8.2.4225
- ITarian - Local privilege escalation in Endpoint Manager agent on Windows
- ITarian - Any user with a valid session token can create and execute agent procedures and bypass mandatory approvals
- ITarian - Session cookie not protected by HttpOnly flag
- Qlik Sense Enterprise Domain User enumeration
- Authenticated Authenticated reflective XSS in Kaseya VSA <= v9.5.6