Max van der Horst
CSIRT Operations Lead
Max is involved in the coordination of the CSIRT’s operations. Having joined DIVD in 2021, Max gained experience on DIVD’s scanning and notification efforts over a large number of investigations. He uses this experience to assist other researchers with challenges they encounter and, while he is still operationally involved, applies his experience to work on more strategic developments for the team such as collaboration with academia and governments. Max is also a CVE Numbering Authority (CNA) administrator for DIVD and has a background in strategic cyber threat intelligence and vulnerability management.
CSIRT cases
- DIVD-2024-00045 - SysAid ITSM SQL Injection vulnerability
- DIVD-2024-00044 - Missing authentication in Fortinet FortiManager fgfmsd
- DIVD-2024-00041 - Progress Software WhatsUp Gold SQL Injection Authentication Bypass
- DIVD-2024-00040 - Zimbra Collaboration (ZCS) vulnerable for RCE under specific conditions
- DIVD-2024-00028 - Local File Inclusion in SolarWinds U-Serv
Show more Show less
- DIVD-2024-00024 - Multiple vulnerabilities found in the SOPlanning tool
- DIVD-2024-00020 - Authentication Bypass in GitHub Enterprise Server (GHES)
- DIVD-2024-00019 - Victim Notification Operation Endgame
- DIVD-2024-00011 - Six vulnerabilities in Enphase IQ Gateway devices
- DIVD-2024-00005 - Remote code execution in FortiOS
- DIVD-2024-00004 - 2024-00004 Global NGOs
- DIVD-2024-00001 - Auth. Bypass and Command Injection in Ivanti VPN appliance
- DIVD-2023-00042 - Confluence improper authorization vulnerability
- DIVD-2023-00039 - VMware vCenter Server RCE
- DIVD-2023-00038 - Global Cisco IOS-XE (CVE-2023-20198) Implants
- DIVD-2023-00037 - Security Feature Bypass in MinIO
- DIVD-2023-00036 - Authentication Bypass in JetBrains TeamCity
- DIVD-2023-00035 - Remote Code Execution in Juniper Networks SRX- and EX-Series
- DIVD-2023-00034 - API Authentication Bypass Vulnerability in Ivanti Sentry
- DIVD-2023-00033 - Citrix systems exploited with CVE-2023-3519
- DIVD-2023-00029 - Critical Fortinet SSL-VPN RCE Vulnerability
- DIVD-2023-00025 - Multiple vulnerabilities in Danfoss AK-SM800A
- DIVD-2023-00024 - SQL injection in GeoServer - CVE-2023-25157
- DIVD-2023-00023 - SQL injection in MOVEit Transfer - CVE-2023-34362
- DIVD-2023-00022 - OS command injection vulnerability of Zyxel firewalls
- DIVD-2023-00021 - Multiple vulnerabilities in Danfoss AK-EM 100
- DIVD-2023-00020 - PaperCut MF/NG Authentication Bypass
- DIVD-2023-00017 - Cisco Small Business Router Authentication Bypass
- DIVD-2023-00011 - FortiNAC and FortiWeb RCE Vulnerability
- DIVD-2023-00010 - Remote Code Execution in Microsoft Exchange Server
- DIVD-2023-00009 - Cisco RV Series Remote Command Execution
- DIVD-2023-00007 - Global VMware ESXi Ransomware Attack
- DIVD-2023-00004 - Unauthenticated Remote Command Execution using SAML in Zoho ManageEngine
- DIVD-2023-00003 - OS command injection in CentOS CWP
- DIVD-2023-00002 - Publicly Reachable Malicious Webshells
- DIVD-2022-00068 - Multiple vulnerabilities identified within White Rabbit Switch from CERN
- DIVD-2022-00064 - Multiple injection vulnerabilities identified within Axiell Iguana CMS
- DIVD-2022-00060 - Command Injection vulnerability in Bitbucket Server and Data Center
- DIVD-2022-00054 - ProxyNotShell - Microsoft Exchange SSRF and RCE
- DIVD-2022-00027 - F5 BIG-IP iControl REST API remote code execution
- DIVD-2022-00024 - Spring Cloud RCE - CVE-2022-22963
- DIVD-2022-00022 - WatchGuard Firebox and XTM appliance ACE vulnerability
- DIVD-2022-00012 - Global Charity Vulnerabilities
- DIVD-2022-00004 - Post-Log4J Open Database C2 and Monero Miner Infections
- DIVD-2021-00020 - OSNexsus QuantaStor limited disclosure and product warning
CVE Records
- Local File Inclusion in ComfortKey before version 24.1.2
- Remote Code Execution through File Upload in SOPlanning before 1.52.02
- Remote Code Execution through File Upload in SOPlanning before 1.52.02
- Insecure Direct Object Reference to export Database in SOPlanning before 1.52.02
- SQL Injection in SOPlanning before 1.52.02
Show more Show less
- Upload of encrypted packages allows authenticated command execution in Enphase IQ Gateway v4.x and v5.x
- URL parameter manipulations allows an authenticated attacker to execute arbitrary OS commands in Enphase IQ Gateway version 4.x <= 7.x
- URL parameter manipulations allows an authenticated attacker to execute arbitrary OS commands in Enphase IQ Gateway v4.x to v8.x and < v8.2.4225
- Command Injection through Unsafe File Name Evaluation in internal script in Enphase IQ Gateway v4.x to and including 8.x
- Insecure File Generation Based on User Input in Enphase IQ Gateway version 4.x to 8.x and < 8.2.4225
- Unauthenticated Path Traversal via URL Parameter in Enphase IQ Gateway version < 8.2.4225
- Remote Command Execution in Danfoss AK-SM800A
- Path Traversal in Danfoss AK-SM800A
- Authentication Bypass in Danfoss AK-SM800A
- Webreport disclosure to unauthorized actor in Danfoss AK-EM 100
- OS Command Injection in Danfoss AK-EM 100
- Local File Inclusion in Danfoss AK-EM 100
- Reflected Cross-Site Scripting in Danfoss AK-EM 100
- Cleartext credentials in Danfoss AK-EM 100
- SQL Injection in Danfoss AK-EM 100
- Reflected Cross-Site Scripting in Danfoss AK-EM100