Seven Critical Vulnerabilities Discovered in Portainer

Portainer is a lightweight management UI which allows you to easily manage your Docker host or Swarm cluster. In October 2019, I discovered 7 critical vulnerabilities in Portainer which allows attacker to steal session tokens, escalate privilege and access to host filesystem. At the time of writing, all of the issues identified in this blog…

Vulnerabilities in MikroTik RouterOS

Recently I discovered two vulnerabilities in MikroTik RouterOS. One of them requires authentication (CVE-2019-15055). In the first report to MikroTik, this path traversal vulnerability allows an authenticated user to write/delete arbitrary writable files on the system, which could lead to privilege escalation. All discovered vulnerabilities have been fixed in the latest testing and stable version.