Alwin Warringa
Operations Lead CSIRT/ CSIRT Handler
After having contributed as a volunteer in IT services and R&D for a while, Alwin has now been an active part of the DIVD-CSIRT team for over a year. In his day job he is a pentester and has registered over 10 CVEs to his name. In addition to his volunteer work at DIVD, he also tries to make the Internet a bit safer through responsible disclosure and bug bounty programs.
CSIRT cases
- DIVD-2024-00052 - Remote code execution in Cleo Harmony, VLCTrader and LexiCom
- DIVD-2024-00050 - Path traversal vulnerabilty in Mitel MiCollab
- DIVD-2024-00047 - Multiple critical vulnerablilties in Palo Alto Networks PAN-OS devices
- DIVD-2024-00046 - Multiple critical vulnerablilties in Ivanti Cloud Services Appliance (CSA)
- DIVD-2024-00044 - Missing authentication in Fortinet FortiManager fgfmsd
Show more Show less
- DIVD-2024-00042 - Multiple critical vulnerabilities in Solarwinds Web Help Desk
- DIVD-2024-00041 - Progress Software WhatsUp Gold SQL Injection Authentication Bypass
- DIVD-2024-00040 - Zimbra Collaboration (ZCS) vulnerable for RCE under specific conditions
- DIVD-2024-00039 - Incorrect authorization vulnerability in Apache OFBiz resulting in RCE
- DIVD-2024-00033 - ServiceNow - unauthenticated remote code execution (RCE)
- DIVD-2024-00032 - Unauthenticated Remote Code Execution (RCE) vulnerability in Geoserver
- DIVD-2024-00031 - Unauthenticated Local File Inclusion vulnerability in ComfortKey
- DIVD-2024-00023 - Authentication Bypass Vulnerability in Progress Telerik Report Server
- DIVD-2024-00021 - Local File Inclusion in Check Point Security Gateway software
- DIVD-2024-00015 - Remote Command Execution in CrushFTP
- DIVD-2024-00014 - Qlik Sense Remote Code Execution
- DIVD-2024-00010 - Unauthenticated Command Injection In Progress Kemp LoadMaster
- DIVD-2024-00009 - Authentication Bypass in JetBrains TeamCity
- DIVD-2024-00006 - Authentication Bypass in JetBrains TeamCity
- DIVD-2024-00004 - 2024-00004 Global NGOs
- DIVD-2024-00003 - Unauthenticaded Remote Code Execution in CrushFTP
- DIVD-2023-00037 - Security Feature Bypass in MinIO
- DIVD-2023-00036 - Authentication Bypass in JetBrains TeamCity
- DIVD-2023-00035 - Remote Code Execution in Juniper Networks SRX- and EX-Series
- DIVD-2023-00031 - Ivanti MobileIron vulnerable for CVE-2023-35078
- DIVD-2023-00029 - Critical Fortinet SSL-VPN RCE Vulnerability
- DIVD-2023-00028 - SQL Injection in MOVEit Transfer - CVE-2023-36934
- DIVD-2023-00026 - Apache Superset authentication bypass leads to RCE - CVE-2023-27524
- DIVD-2023-00023 - SQL injection in MOVEit Transfer - CVE-2023-34362
- DIVD-2023-00009 - Cisco RV Series Remote Command Execution