Day: July 7, 2020

Multiple vulnerabilities found in CDATA OLTs

By mootiny

Posted by Pierre Kim on Jul 07## Advisory Information

Title: Multiple vulnerabilities found in CDATA OLTs
Advisory URL: https://pierrekim.github.io/advisories/2020-cdata-0x00-olt.txt
Blog URL: https://pierrekim.github.io/blog/2020-07-07-cdata-olt-0day-vulnerabilities.html
Date published: 2020-07-07
Vendors contacted: None
Release mode: Full-Disclosure
CVE: None yet assigned

## Product Description

The CDATA OLTs are OEM FTTH OLTs, sold under different brands (Cdata,… …

Four vulnerabilities found in MikroTik’s RouterOS

By mootiny

Posted by Q C on Jul 07Advisory: four vulnerabilities found in MikroTik's RouterOS

Details
=======

Product: MikroTik's RouterOS
Affected Versions: through stable 6.47
Fixed Versions: stable 6.47
Vendor URL: https://mikrotik.com/
Vendor Status: fixed version released
CVE: –
Credit: Qian Chen(@cq674350529) of Qihoo 360 Nirvan Team

Product Description
==================

RouterOS is the operating system used on the MikroTik's devices, such as
switch,… …

Microsoft Windows mshta.exe HTA File / XML External Entity Injection

By mootiny

Posted by hyp3rlinx on Jul 07[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-MSHTA-HTA-FILE-XML-EXTERNAL-ENTITY-INJECTION.txt
[+] twitter.com/hyp3rlinx
[+] ISR: ApparitionSec

[Vendor]www.microsoft.com

[Product]
Windows MSHTA.EXE .HTA File

An HTML Application (HTA) is a Microsoft Windows program whose source
code consists of HTML, Dynamic HTML, and one or more… …

Microsoft Launches Free Linux Forensics and Rootkit Malware Detection Service

By mootiny

Microsoft has announced a new free-to-use initiative aimed at uncovering forensic evidence of sabotage on Linux systems, including rootkits and intrusive malware that may otherwise go undetected. The cloud offering, dubbed Project Freta, is a snapshot-based memory forensic mechanism that aims to provide automated full-system volatile memory inspection of virtual machine (VM) snapshots, with…