DIVD-2022-00038 - Vulnerable Oracle WebLogic ServerTom Wolters
Status: Open
Patch vulnerable Oracle WebLogic Servers immediately as some versions are vulnerable for an Local File Inclusion Attack, which causes secrets and sourcecode to be readable by malicious attackers. DIVD is actively notifying owners of vulnerable systems
DIVD-2022-00033 - Atlassian Confluence 0-day unauthenticated RCEFrank Breedijk
Status: Open
CVE-2022-26134 is a 0-day RCE in Confluence. We are scanning the internet for exposed servers and warning owners. If you have Confluence the advice is to apply the patch and if that is not possible to take it offline
DIVD-2022-00032 - Exchange backdoorVictor Pasman
Status: Open
Sneaky backdoor installed on earlier hit Exchange Servers.
DIVD-2022-00030 - Exposed QNAPRalph Horn
Status: Open
QNAP urges users to immediately patch NAS devices after several were recently compromised and infected with malicious software. DIVD is actively notifying owners of vulnerable systems
DIVD-2022-00029 - Remote Code Execution on Sophos FirewallVictor Pasman
Status: Open
An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v18.5 MR3 and older.
DIVD-2022-00027 - F5 BIG-IP iControl REST API remote code executionPepijn van der Stap
Status: Open
F5 BIG-IP is vulnerable to remote code execution due to a vulnerability that allows attackers to execute commands by leveraging a authentication bypass in the REST API. DIVD is actively notifying owners of vulnerable systems
DIVD-2022-00026 - WSO2 Remote Code Executions - CVE-2022-29464Pepijn van der Stap
Status: Open
WSO2 servers are vulnerable to remote code execution due to a vulnerability that allows attackers to perform unauthenticated unrestricted arbitrary file uploads. DIVD is actively notifying owners of vulnerable systems
DIVD-2022-00025 - VMware - CVE-2022-22954Victor Pasman
Status: Open
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution.
DIVD-2022-00024 - Spring Cloud RCE - CVE-2022-22963Pepijn van der Stap
Status: Open
Spring Cloud Function versions prior to 3.1.7 and 3.2.3 are vulnerable to remote code execution due to using an unsafe evaluation context with user-provided queries. DIVD is actively notifying owners of vulnerable systems
DIVD-2022-00022 - WatchGuard Firebox and XTM appliance ACE vulnerabilityMax van der Horst
Status: Open
On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code. DIVD is actively scanning to notify owners of vulnerable systems.
DIVD-2022-00021 - Ivanti EPM CSA remote code executionPepijn van der Stap
Status: Open
DIVD is searching for vulnerable instances of the Ivanti EPM Cloud Services Appliance (CSA).
DIVD-2022-00019 - Insecure Mendix ApplicationsJohn Cornegge
Status: Open
DIVD is researching misconfigured Entity access rules in applications built with the Mendix Platform.
DIVD-2022-00017 - Global Healthcare VulnerabilitiesVictor Gevers
Status: Open
DIVD is researching vulnerabilities in healthcare services globally and notifying these services.
DIVD-2022-00015 - Unauthenticated user enumeration on GraphQL APIMick Beer
Status: Open
CVE-2021-4191: GitLab GraphQL API User Enumeration
DIVD-2022-00014 - GreyNoise's Ukraine only listFrank Breedijk
Status: Open
GreyNoise has created a public list of IP addresses that have exclusively been observed in their honeypots in Ukraine, and not anywhere else. We decided to take it upon ourselves to make network administrators aware of the fact that these hosts are on this list.
DIVD-2022-00012 - Global Charity VulnerabilitiesMax van der Horst
Status: Open
DIVD is researching vulnerabilities in charities globally and notifying these charities.
DIVD-2022-00010 - Auth bypass in SAPPatrick Hulshof
Status: Open
Unauthenticated user impersonation (auth bypass) in SAP Posted on February 8 2022
DIVD-2022-00009 - SolarMan backend administrator account/passwordFrank Breedijk
Status: Closed
DIVD researcher Jelle Ursem found the password of the super user of the web backend for all SolarMan / Solis / Omnik / Ginlong inverters, loggers, and batteries. The password has been changed now, and the repository containing the password has been deleted.
DIVD-2022-00008 - XSS Zeroday in ZimbraBoaz Braaksma
Status: Open
A new Zero-day XSS Vulnerability in Zimbra was published on the internet on the third of February 2022.
DIVD-2022-00007 - Subdomain TakeoversMartin van Wingerden
Status: Open
Subdomain Takeovers via CNAMES or A records pointing to Azure, AWS, GitHub or unregistered domains
DIVD-2022-00006 - SAProuterJoris van de Vis
Status: Open
DIVD scanned for internet connected SAProuters that respond to information-requests, meaning they are not properly secured.
DIVD-2022-00004 - Post-Log4J Open Database C2 and Monero Miner InfectionsMax van der Horst
Status: Closed
Post-Log4J Open Database Instances used for C2 and Monero Miner Infections.
DIVD-2022-00002 - GrafanaTom Wolters
Status: Open
Unauthenticated Directory Traversal vulnerability in Grafana - CVE-2021-43798
DIVD-2021-00039 - HP iLOPatrick Hulshof
Status: Open
We will be scanning for open-iLO ports
DIVD-2021-00038 - Apache Log4j2Victor Pasman
Status: Open
We will be scanning for CVE-2021-44228
DIVD-2021-00037 - Critical vulnerabilities in ITarian MSP platform and on-premise solutionVictor Pasman,Frank Breedijk
Status: Open
ITarian an online platform and on-premise solution for Managed Services Providers, contains 3 critical vulnerabilities. Vulnerabilities have been patched in the SaaS version only!
DIVD-2021-00036 - VMware vCenter Server arbitrary file read vulnerabilityLennaert Oudshoorn
Status: Closed
We will be scanning for CVE-2021-21980
DIVD-2021-00033 - Sites with Potential SQL-InjectionCélistine Oosting
Status: Closed
We obtained a list with sites potentially vulnerable to SQL-Injection
DIVD-2021-00030 - GitLab Unauthenticated RCE FlawJeroen van de Weerd
Status: Closed
We will be scanning for CVE-2021-22205
DIVD-2021-00029 - SmartertrackFinn van der Knaap
Status: Open
Several vulnerabilities have been found in the helpdesk software called SmarterTrack made by SmarterTools.
DIVD-2021-00027 - Apache HTTP 2.4.49 Path Traversal and File DisclosureDiego Klinkhamer
Status: Closed
We will be scanning for CVE-2021-41773
DIVD-2021-00026 - Omigod: Microsoft Open Management Interface RCECélistine Oosting
Status: Closed
Omigod vulnerabilities make it possible to execute remote code via Microsoft Open Management Interface (OMI) this service is installed automatically on machines running certain Azure services (either on premise or in the cloud)
DIVD-2021-00023 - Atlassian Confluence OGNL injection (RCE)Pepijn van der Stap
Status: Open
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5.
DIVD-2021-00022 - Exchange ProxyShell and ProxyOracleFrank Breedijk
Status: Open
We will be scanning for the vulnerabilities related to the ProxyShell and ProxyOracle attacks against Microsoft Exchange.
DIVD-2021-00021 - Qlik Sense Enterprise domain user enumerationHidde Smit
Status: Open
Domain user enumeration via response timing
DIVD-2021-00017 - SolarWinds N-able N-central agent vulnerabilitiesHidde Smit
Status: Closed
Vulnerabilities discovered affect multi-tenant environments.
DIVD-2021-00015 - Telegram ODVictor Gevers
Status: Open
One of our researchers has discovered a Telegram group that shares millions of usernames and passwords that criminals have stolen from their victims.
DIVD-2021-00014 - Kaseya UnitrendsVictor Gevers
Status: Open
Users of on-premise Kaseya Unitrends are advised to not expose this service directly to the internet
DIVD-2021-00012 - Warehouse BotnetFrank Breedijk
Status: Closed
One of our researchers has discovered a database full of usernames and passwords that criminals have stolen from their victims'.
DIVD-2021-00011 - Kaseya VSA DisclosureLennaert Oudshoorn
Status: Closed
Wietse Boonstra found multiple vulnerabilities in Kaseya VSA, this casefile details the disclosure process.
DIVD-2021-00010 - vCenter Server PreAuth RCEHidde Smit
Status: Closed
A critical vulnerability has been found in VMware vCenter Server versions 3.x, 4.x, 6.5, 6.7 and 7.0.
DIVD-2021-00007 - EA Origin XSS and RCE 1-clickHidde Smit
Status: Closed
Origin users are advised to update Origin client to the latest version
DIVD-2021-00006 - SmarterMailVictor Pasman
Status: Closed
Multiple vulnerabilities discovered in all versions of 16.x of Smartertools SmarterMail and all versions before 100.0.7803 (May 13, 2021)
DIVD-2021-00005 - Pulse Secure PreAuth RCEMatthijs Koot
Status: Closed
Er zijn kritieke kwetsbaarheden gevonden in Pulse Secure Connect versies >=9.0R3 en =9.0R3 and <9.1R11.4.
DIVD-2021-00004 - Gelekte phishing gegevens / Leaked phishing credentialsLennaert Oudshoorn,Célistine Oosting
Status: Closed
DIVD heeft een lijst van bij phishing buitgemaakte en daarna gelekte emailadressen en wachtwoorden van een security researcher ontvangen. / DIVD has received a list of credentials obtained through phishing from a security researcher.
DIVD-2021-00002 - Kaseya VSAVictor Gevers,Lennaert Oudshoorn
Status: Closed
Users of on-premise Kaseya VSA are advised to disable their Kaseya VSA servers.
DIVD-2021-00001 - Microsoft on-prem Exchange ServersLennaert Oudshoorn
Status: Closed
Microsoft heeft meerdere 0-day exploits ontdekt die actief gebruikt worden om on-premises versies van Microsoft Exchange Server aan te vallen. / Microsoft has detected multiple 0-day exploits that are actively being used in attacks against on-premises versions of Microsoft Exchange Server.
DIVD-2020-00014 - SolarWinds OrionLennaert Oudshoorn
Status: Closed
Een authenticatie bypass kan aanvallers de mogelijkeheid geven om API commando's uit te voeren, hierdoor kan het systeem gecompromiteerd worden. / An authentication bypass could allow attackers to execute API commands which may result in a compromise of the system.
DIVD-2020-00013 - Gelekte phishing wachtwoorden / Leaked phishing credentialsFrank Breedijk
Status: Closed
DIVD heeft een lijst van bij phishing buitgemaakte en daarna gelekte email en wachtwoorden van een partner ontvangen / DIVD has received a list of credentials obtained through phishing from a partner.
DIVD-2020-00012 - 49 000 vulnerable Fortinet VPN devicesLennaert Oudshoorn
Status: Closed
Er is een lijst online aangetroffen met 49 577 kwetsbare Fortinet VPN devices waarvan login credentials gestolen kunnen worden / A list was found online, with 49 577 vulnerable Fortinet VPN devices, potentially login credentials could be exposed
DIVD-2020-00011 - Four critical vulnerabilities in Vembu BDRFrank Breedijk
Status: Closed
DIVD Onderzoeker Wietse Boonstra heeft vier critieke kwetsbaarheden gevonden in Vembu BDR, patches zijn beschikbaar / DIVD researcher Wietse Boonstra hasdiscovered four critical vulnerabilities in Vembu BDR, patches are available.
DIVD-2020-00010 - wpDiscuz plugin Remote Code ExcutionFrank Breedijk
Status: Closed
In de WordPress Plugin wpDiscuz zit een kritieke kwetsbaarheid die aanvalles in staat stelt een systemen over te nemen / Wordpress plugin wpDiscuz has a critical vulnerability that allows an attacker to take over the system.
DIVD-2020-00009 - Pulse Secure VPN enterprise LeakLennaert Oudshoorn
Status: Closed
Een datadump met informatie over meer dan 900 gecompromitteerde Pulse Secure VPN enterprise servers is publiek gemaakt. / A data dump with information of over 900 compromised Pulse Secure VPN enterprise servers has been released.
DIVD-2020-00008 - 313 000 Wordpress sites scannedLennaert Oudshoorn
Status: Closed
Onderzoekers van het DIVD hebben 313 000 Wordpress sites met .NL domein gescanned, meldingen voor kwetsbare sites worden gedaan naarmate de resultaten verwerkt worden. / DIVD researchers scanned 313 000 Wordpress websites with .NL domains, vulnerability notifications are being sent as results are processed.
DIVD-2020-00007 - Citrix ShareFileLennaert Oudshoorn
Status: Closed
Er is een kwetsbaarheid gevonden in Citrix ShareFile deze kwetsbaarheid kan gebruikt worden door een aanvaller om toegang te verkrijgen tot gevoelige data. / A vulnerabilty in Citrix ShareFile has been discovered, this vulnerability can be used by an attacker to potentially gain access to sensitive data.
DIVD-2020-00006 - SMBv3 Server Compression Transform Header Memory CorruptionSander Spierenburg
Status: Closed
Security Meldpunt vraagt uw aandacht voor een SMBv3 kwetsbaarheid en gaat netwerkbeheerders met publiek beschikbare SMBv3 servers met compressie waarschuwen / The Security hotline is asking your attention for a vulnerabilty in SMBv3 and is going to warn network operators of Dutch IPs that respond to SMBv3 handshakes and have encryption enabled
DIVD-2020-00005 - Apache Tomcat AJP File Read/Inclusion VulnerabilityJeroen van de Weerd
Status: Closed
773 Nederlandse IP adressen kwetsbaar voor Ghostcat - Apache Tomcat AJP File Read/Inclusion Vulnerability / 773 Dutch IP addresses vulnerable to Ghostcat - Apache Tomcat AJP File Read / Inclusion Vulnerability
DIVD-2020-00004 - List of Mirai botnet victims published with credentialsSander Spierenburg
Status: Closed
Een lijst met ruim 500k+ botnet slachtoffers is gepubliceerd / A list of Mirai botnet victims has been published exposing a total of 500K+ systems
DIVD-2020-00003 - Microsoft RDP Gateway vulnerable for Bluegate RCEBarry van Kampen
Status: Closed
16.000 kwetsbare Microsoft RDP Gateway systemen online / 16.000 vulnerable Microsoft RDP Gateway systemen online
DIVD-2020-00002 - Wildcard certificaten Citrix ADCFrank Breedijk
Status: Closed
Op ruim 450 kwetsbare Citrix ADC systemen hebben wij wildcard certificaten aangetroffen / We have found over 450 vulnerable Citrix ADC that used wildcard certificates
DIVD-2020-00001 - Citrix ADCFrank Breedijk
Status: Closed
Onze status omtrend CVE-2019-19781 / Our current status around CVE-2019-19781