Ralph Horn

Role: Sabbatical

Articles / cases / cves

CSIRT Cases

• DIVD-2024-00015 - Remote Command Execution in CrushFTP
• DIVD-2024-00014 - Qlik Sense Remote Code Execution
• DIVD-2024-00013 - Palo Alto PAN-OS Command Injection Vulnerability in GlobalProtect
• DIVD-2024-00005 - Remote code execution in FortiOS
• DIVD-2024-00002 - Account takeover vulnerability in Gitlab CE/EE
• DIVD-2024-00001 - Auth. Bypass and Command Injection in Ivanti VPN appliance
• DIVD-2023-00045 - Confluence RCE Vulnerability In Confluence Data Center and Confluence Server
• DIVD-2023-00040 - Critical F5 BIG-IP unauthenticated RCE Vulnerability
• DIVD-2023-00039 - VMware vCenter Server RCE
• DIVD-2023-00038 - Global Cisco IOS-XE (CVE-2023-20198) Implants
• DIVD-2023-00029 - Critical Fortinet SSL-VPN RCE Vulnerability
• DIVD-2023-00028 - SQL Injection in MOVEit Transfer - CVE-2023-36934
• DIVD-2023-00027 - Ignite Realtime Openfire auth bypass - CVE-2023-32315
• DIVD-2023-00026 - Apache Superset authentication bypass leads to RCE - CVE-2023-27524
• DIVD-2023-00023 - SQL injection in MOVEit Transfer - CVE-2023-34362
• DIVD-2023-00022 - OS command injection vulnerability of Zyxel firewalls
• DIVD-2023-00020 - PaperCut MF/NG Authentication Bypass
• DIVD-2023-00011 - FortiNAC and FortiWeb RCE Vulnerability
• DIVD-2023-00007 - Global VMware ESXi Ransomware Attack
• DIVD-2023-00002 - Publicly Reachable Malicious Webshells
• DIVD-2022-00063 - Memory overflow vulnerability in FortiOS SSL VPN
• DIVD-2022-00060 - Command Injection vulnerability in Bitbucket Server and Data Center
• DIVD-2022-00058 - ZK Framework - ZK AuUploader Servlet Upload Vulnerability
• DIVD-2022-00054 - ProxyNotShell - Microsoft Exchange SSRF and RCE
• DIVD-2022-00053 - Atlassian Bitbucket Server - CVE-2022-36804
• DIVD-2022-00045 - Injection vulnerability found within Socket.io
• DIVD-2022-00030 - Exposed QNAP
• DIVD-2022-00027 - F5 BIG-IP iControl REST API remote code execution
• DIVD-2022-00025 - VMware - CVE-2022-22954
• DIVD-2022-00024 - Spring Cloud RCE - CVE-2022-22963
• DIVD-2022-00022 - WatchGuard Firebox and XTM appliance ACE vulnerability
• DIVD-2022-00020 - Inproper input validation vulnerabilities identified within Feathers.js
• DIVD-2022-00017 - Global Healthcare Vulnerabilities
• DIVD-2022-00012 - Global Charity Vulnerabilities
• DIVD-2022-00010 - Auth bypass in SAP
• DIVD-2022-00008 - XSS Zeroday in Zimbra
• DIVD-2022-00004 - Post-Log4J Open Database C2 and Monero Miner Infections
• DIVD-2021-00038 - Apache Log4j2
• DIVD-2021-00033 - Sites with Potential SQL-Injection
• DIVD-2021-00027 - Apache HTTP 2.4.49 Path Traversal and File Disclosure

CSIRT blog posts

• 13 December 2022 - Fortinet SSL VPN Vulnerability
• 10 December 2021 - Apache log4j2 remote code execution
• 07 October 2021 - Apache HTTP 2.4.49 Path Traversal and File Disclosure Update