Alwin Warringa
Role: CSIRT handlerAfter having contributed as a volunteer in IT services and R&D for a while, Alwin has now been an active part of the DIVD-CSIRT team for over a year. In his day job he is a pentester and has registered over 10 CVEs to his name. In addition to his volunteer work at DIVD, he also tries to make the Internet a bit safer through responsible disclosure and bug bounty programs.
Social media
Icon - Alwin WarringaArticles / cases / cves
CSIRT Cases
- DIVD-2024-00033 - ServiceNow - unauthenticated remote code execution (RCE)
- DIVD-2024-00032 - Unauthenticated Remote Code Execution (RCE) vulnerability in Geoserver
- DIVD-2024-00031 - Unauthenticated Local File Inclusion vulnerability in ComfortKey
- DIVD-2024-00023 - Authentication Bypass Vulnerability in Progress Telerik Report Server
- DIVD-2024-00021 - Local File Inclusion in Check Point Security Gateway software
- DIVD-2024-00015 - Remote Command Execution in CrushFTP
- DIVD-2024-00014 - Qlik Sense Remote Code Execution
- DIVD-2024-00010 - Unauthenticated Command Injection In Progress Kemp LoadMaster
- DIVD-2024-00009 - Authentication Bypass in JetBrains TeamCity
- DIVD-2024-00006 - Authentication Bypass in JetBrains TeamCity
- DIVD-2024-00004 - 2024-00004 Global NGOs
- DIVD-2024-00003 - Unauthenticaded Remote Code Execution in CrushFTP
- DIVD-2023-00037 - Security Feature Bypass in MinIO
- DIVD-2023-00036 - Authentication Bypass in JetBrains TeamCity
- DIVD-2023-00035 - Remote Code Execution in Juniper Networks SRX- and EX-Series
- DIVD-2023-00031 - Ivanti MobileIron vulnerable for CVE-2023-35078
- DIVD-2023-00029 - Critical Fortinet SSL-VPN RCE Vulnerability
- DIVD-2023-00028 - SQL Injection in MOVEit Transfer - CVE-2023-36934
- DIVD-2023-00026 - Apache Superset authentication bypass leads to RCE - CVE-2023-27524
- DIVD-2023-00023 - SQL injection in MOVEit Transfer - CVE-2023-34362
- DIVD-2023-00009 - Cisco RV Series Remote Command Execution