第十一周/20211213红队推送
2021-12-14 00:39:53 Author: mp.weixin.qq.com(查看原文) 阅读量:0 收藏

https://mp.weixin.qq.com/s/WRgvxHs4eQhD4lcP4Ahs3g

帮助寻找需要修复的log4j主机

https://github.com/fullhunt/log4j-scan

https://mp.weixin.qq.com/s/RvOndF3gdEZbgqrIPqXsUg

XXE 基础扫盲

https://infosecwriteups.com/xxe-attacks-explained-5fc1d9cc7960

Process Ghosting 的了解及规避

https://pentestlaboratories.com/2021/12/08/process-ghosting/

https://www.zerodayinitiative.com/blog/2021/12/8/understanding-the-root-cause-of-cve-2021-21220-a-chrome-bug-from-pwn2own-2021

https://mp.weixin.qq.com/s/nJnMXCwBmrOS4CsUrALuhw

PageWay Version 1.8 BETA SQL Injection Vulnerability

https://cxsecurity.com/issue/WLB-2021120031

Wordpress Plugin WP Guppy 1.1 - WP-JSON API Sensitive Information Disclosure

https://cxsecurity.com/issue/WLB-2021120032

Reprise License Manager 14.2

https://cxsecurity.com/issue/WLB-2021120033

MTPutty 1.0.1.21 - SSH Password Disclosure

https://cxsecurity.com/issue/WLB-2021120035

Student Management System 1.0 - SQLi Authentication Bypass

https://cxsecurity.com/issue/WLB-2021120036

Employees Daily Task Management System 1.0 - 'username' SQLi Authentication Bypass

https://cxsecurity.com/issue/WLB-2021120037

Chikitsa Patient Management System 2.0.2 - 'plugin' Remote Code Execution (RCE) (Authenticated)

https://cxsecurity.com/issue/WLB-2021120038

TestLink 1.19 - Arbitrary File Download (Unauthenticated)

https://cxsecurity.com/issue/WLB-2021120039

Raspberry Pi 5.10 - Default Credentials

https://cxsecurity.com/issue/WLB-2021120040

Grafana 8.3.0 - Directory Traversal and Arbitrary File Read

https://cxsecurity.com/issue/WLB-2021120041

Free School Management Software 1.0 - Remote Code Execution (RCE)

https://cxsecurity.com/issue/WLB-2021120042

OpenCATS 0.9.4 Remote Code Execution

https://cxsecurity.com/issue/WLB-2021120043

LimeSurvey 5.2.4 Remote Code Execution

https://cxsecurity.com/issue/WLB-2021120044

Microsoft Office Word MSHTML Remote Code Execution

https://cxsecurity.com/issue/WLB-2021120045

FiveM & Gmod Loading Screen Maker Free | SQL Injection Vulnerability

https://cxsecurity.com/issue/WLB-2021120047

Wordpress Plugin Catch Themes Demo Import 1.6.1 - Remote Code Execution (RCE) (Authenticated)

https://cxsecurity.com/issue/WLB-2021120048

更多详情请查看原文


文章来源: https://mp.weixin.qq.com/s?__biz=MzIxMjI0Mzk0OQ==&mid=2247483753&idx=1&sn=0841aeb44368b5fbb6b88220e0be8311&chksm=974845eba03fccfd0ead34ce6a3546ed34a2862868d6d2b3a72099bc9495a45c130ccef35917&scene=58&subscene=0#rd
如有侵权请联系:admin#unsafe.sh