DIVD-2022-00004 - Post-Log4J Open Database C2 and Monero Miner Infections Max van der Horst
Status: Open
Post-Log4J Open Database Instances used for C2 and Monero Miner Infections.
DIVD-2022-00002 - Grafana Tom Wolters
Status: Open
Unauthenticated Directory Traversal vulnerability in Grafana - CVE-2021-43798
DIVD-2021-00039 - HP iLO Patrick Hulshof
Status: Open
We will be scanning for open-iLO ports
DIVD-2021-00038 - Apache Log4j2 Victor Pasman
Status: Open
We will be scanning for CVE-2021-44228
DIVD-2021-00036 - VMware vCenter Server arbitrary file read vulnerability Lennaert Oudshoorn
Status: Closed
We will be scanning for CVE-2021-21980
DIVD-2021-00033 - Sites with Potential SQL-Injection Célistine Oosting
Status: Open
We obtained a list with sites potentially vulnerable to SQL-Injection
DIVD-2021-00030 - GitLab Unauthenticated RCE Flaw Jeroen van de Weerd
Status: Open
We will be scanning for CVE-2021-22205
DIVD-2021-00027 - Apache HTTP 2.4.49 Path Traversal and File Disclosure Diego Klinkhamer
Status: Closed
We will be scanning for CVE-2021-41773
DIVD-2021-00026 - Omigod: Microsoft Open Management Interface RCE Célistine Oosting
Status: Closed
Omigod vulnerabilities make it possible to execute remote code via Microsoft Open Management Interface (OMI) this service is installed automatically on machines running certain Azure services (either on premise or in the cloud)
DIVD-2021-00022 - Exchange ProxyShell and ProxyOracle Frank Breedijk
Status: Open
We will be scanning for the vulnerabilities related to the ProxyShell and ProxyOracle attacks against Microsoft Exchange.
DIVD-2021-00017 – SolarWinds N-able N-central agent vulnerabilities Hidde Smit
Status: Closed
Vulnerabilities discovered affect multi-tenant environments.
DIVD-2021-00015 - Telegram OD Victor Gevers
Status: Open
One of our researchers has discovered a Telegram group that shares millions of usernames and passwords that criminals have stolen from their victims.
DIVD-2021-00014 - Kaseya Unitrends Victor Gevers
Status: Open
Users of on-premise Kaseya Unitrends are advised to not expose this service directly to the internet
DIVD-2021-00012 - Warehouse Botnet Frank Breedijk
Status: Open
One of our researchers has discovered a database full of usernames and passwords that criminals have stolen from their victims'.
DIVD-2021-00011 - Kaseya VSA Limited Disclosure Lennaert Oudshoorn
Status: Open
Wietse Boonstra found multiple vulnerabilities in Kaseya VSA, this casefile details the disclosure process.
DIVD-2021-00010 - vCenter Server PreAuth RCE Hidde Smit
Status: Closed
A critical vulnerability has been found in VMware vCenter Server versions 3.x, 4.x, 6.5, 6.7 and 7.0.
DIVD-2021-00007 - EA Origin XSS and RCE 1-click Hidde Smit
Status: Closed
Origin users are advised to update Origin client to the latest version
DIVD-2021-00006 - SmarterMail Victor Pasman
Status: Closed
Multiple vulnerabilities discovered in all versions of 16.x of Smartertools SmarterMail and all versions before 100.0.7803 (May 13, 2021)
DIVD-2021-00005 - Pulse Secure PreAuth RCE Matthijs Koot
Status: Closed
Er zijn kritieke kwetsbaarheden gevonden in Pulse Secure Connect versies >=9.0R3 en =9.0R3 and <9.1R11.4.
DIVD-2021-00004 - Gelekte phishing gegevens / Leaked phishing credentials Lennaert Oudshoorn , Célistine Oosting
Status: Closed
DIVD heeft een lijst van bij phishing buitgemaakte en daarna gelekte emailadressen en wachtwoorden van een security researcher ontvangen. / DIVD has received a list of credentials obtained through phishing from a security researcher.
DIVD-2021-00002 - Kaseya VSA Victor Gevers , Lennaert Oudshoorn
Status: Closed
Users of on-premise Kaseya VSA are advised to disable their Kaseya VSA servers.
DIVD-2021-00001 - Microsoft on-prem Exchange Servers Lennaert Oudshoorn
Status: Closed
Microsoft heeft meerdere 0-day exploits ontdekt die actief gebruikt worden om on-premises versies van Microsoft Exchange Server aan te vallen. / Microsoft has detected multiple 0-day exploits that are actively being used in attacks against on-premises versions of Microsoft Exchange Server.
DIVD-2020-00014 - SolarWinds Orion Lennaert Oudshoorn
Status: Closed
Een authenticatie bypass kan aanvallers de mogelijkeheid geven om API commando's uit te voeren, hierdoor kan het systeem gecompromiteerd worden. / An authentication bypass could allow attackers to execute API commands which may result in a compromise of the system.
DIVD-2020-00013 - Gelekte phishing wachtwoorden / Leaked phishing credentials Frank Breedijk
Status: Closed
DIVD heeft een lijst van bij phishing buitgemaakte en daarna gelekte email en wachtwoorden van een partner ontvangen / DIVD has received a list of credentials obtained through phishing from a partner.
DIVD-2020-00012 - 49 000 vulnerable Fortinet VPN devices Lennaert Oudshoorn
Status: Open
Er is een lijst online aangetroffen met 49 577 kwetsbare Fortinet VPN devices waarvan login credentials gestolen kunnen worden / A list was found online, with 49 577 vulnerable Fortinet VPN devices, potentially login credentials could be exposed
DIVD-2020-00011 - Four critical vulnerabilities in Vembu BDR Frank Breedijk
Status: Open
DIVD Onderzoeker Wietse Boonstra heeft vier critieke kwetsbaarheden gevonden in Vembu BDR, patches zijn beschikbaar / DIVD researcher Wietse Boonstra hasdiscovered four critical vulnerabilities in Vembu BDR, patches are available.
DIVD-2020-00010 - wpDiscuz plugin Remote Code Excution Frank Breedijk
Status: Closed
In de WordPress Plugin wpDiscuz zit een kritieke kwetsbaarheid die aanvalles in staat stelt een systemen over te nemen / Wordpress plugin wpDiscuz has a critical vulnerability that allows an attacker to take over the system.
DIVD-2020-00009 - Pulse Secure VPN enterprise Leak Lennaert Oudshoorn
Status: Closed
Een datadump met informatie over meer dan 900 gecompromitteerde Pulse Secure VPN enterprise servers is publiek gemaakt. / A data dump with information of over 900 compromised Pulse Secure VPN enterprise servers has been released.
DIVD-2020-00008 - 313 000 Wordpress sites scanned Lennaert Oudshoorn
Status: Closed
Onderzoekers van het DIVD hebben 313 000 Wordpress sites met .NL domein gescanned, meldingen voor kwetsbare sites worden gedaan naarmate de resultaten verwerkt worden. / DIVD researchers scanned 313 000 Wordpress websites with .NL domains, vulnerability notifications are being sent as results are processed.
DIVD-2020-00007 - Citrix ShareFile Lennaert Oudshoorn
Status: Closed
Er is een kwetsbaarheid gevonden in Citrix ShareFile deze kwetsbaarheid kan gebruikt worden door een aanvaller om toegang te verkrijgen tot gevoelige data. / A vulnerabilty in Citrix ShareFile has been discovered, this vulnerability can be used by an attacker to potentially gain access to sensitive data.
DIVD-2020-00006 - SMBv3 Server Compression Transform Header Memory Corruption Sander Spierenburg
Status: Closed
Security Meldpunt vraagt uw aandacht voor een SMBv3 kwetsbaarheid en gaat netwerkbeheerders met publiek beschikbare SMBv3 servers met compressie waarschuwen / The Security hotline is asking your attention for a vulnerabilty in SMBv3 and is going to warn network operators of Dutch IPs that respond to SMBv3 handshakes and have encryption enabled
DIVD-2020-00005 - Apache Tomcat AJP File Read/Inclusion Vulnerability Jeroen van de Weerd
Status: Closed
773 Nederlandse IP adressen kwetsbaar voor Ghostcat - Apache Tomcat AJP File Read/Inclusion Vulnerability / 773 Dutch IP addresses vulnerable to Ghostcat - Apache Tomcat AJP File Read / Inclusion Vulnerability
DIVD-2020-00004 - List of Mirai botnet victims published with credentials Sander Spierenburg
Status: Closed
Een lijst met ruim 500k+ botnet slachtoffers is gepubliceerd / A list of Mirai botnet victims has been published exposing a total of 500K+ systems
DIVD-2020-00003 - Microsoft RDP Gateway vulnerable for Bluegate RCE Barry van Kampen
Status: Case Closed
16.000 kwetsbare Microsoft RDP Gateway systemen online / 16.000 vulnerable Microsoft RDP Gateway systemen online
DIVD-2020-00002 - Wildcard certificaten Citrix ADC Frank Breedijk
Status: Case Closed
Op ruim 450 kwetsbare Citrix ADC systemen hebben wij wildcard certificaten aangetroffen / We have found over 450 vulnerable Citrix ADC that used wildcard certificates
DIVD-2020-00001 - Citrix ADC Frank Breedijk
Status: Closed
Onze status omtrend CVE-2019-19781 / Our current status around CVE-2019-19781