第十六周/20220117 红队推送

admin 2022年1月17日13:22:31安全闲碎评论38 views3519字阅读11分43秒阅读模式
第十六周/20220117 红队推送


第十六周/20220117 红队推送
红队文章
第十六周/20220117 红队推送



Wordpress core 5.8.2 SQL Injection  (CVE-2022–21661) 漏洞分析与复现

https://cognn.medium.com/sql-injection-in-wordpress-core-zdi-can-15541-a451c492897


CVE-2021-41577:EVGA Precision X1 从MITM 到 RCE

https://rhinosecuritylabs.com/research/cve-2021-41577-evga-precision-x1/?__cf_chl_f_tk=34KsHs4f0TNCt.F_wOk8fEP9V5sEWBKHyWYuOjQdhE8-1642417390-0-gaNycGzNB70


CVE-2021-20038 (SonicWall SSL VPN) 深入分析

https://www.reddit.com/r/netsec/comments/s1dtx2/writing_an_exploit_for_cve202120038_sonicwall_ssl/


NTLM Theft 提权小技巧

https://www.hackingarticles.in/multiple-files-to-capture-ntlm-hashes-ntlm-theft/


Bypassing AV/EDR with Nim

https://www.securityartwork.es/2022/01/12/bypassing-av-edr-with-nim/


Exploit Kits vs. Google Chrome

https://www.reddit.com/r/netsec/comments/s2bae8/exploit_kits_vs_google_chrome/











第十六周/20220117 红队推送
红队工具
第十六周/20220117 红队推送



冰镜:基于iMonitorSDK的开源终端行为监控分析软件

https://github.com/wecooperate/iMonitor


Ivy:A payload creation framework for the execution of arbitrary VBA (macro) source code in memory.

https://github.com/optiv/Ivy


Registry Spy:开源跨平台 Windows 注册表查看器

https://github.com/andyjsmith/Registry-Spy/


HazProne:一个云渗透框架

https://github.com/stafordtituss/HazProne


Wifi-Framework:一个便于进行Wifi环境模拟测试的Wifi框架

https://github.com/domienschepers/wifi-framework/tree/master/setup











第十六周/20220117 红队推送
漏洞研究
第十六周/20220117 红队推送



Microsoft Windows SMB Direct Session Takeover

https://cxsecurity.com/issue/WLB-2022010047


openSIS Student Information System 8.0 SQL Injection

https://cxsecurity.com/issue/WLB-2022010048


Microsoft Windows 11- 'Jolt2.c' Denial of Service (MS00-029)

https://cxsecurity.com/issue/WLB-2022010049


sixdaysworks - Sql Injection Vulnerability

https://cxsecurity.com/issue/WLB-2022010050


CoreFTP Server Build 725 Directory Traversal

https://cxsecurity.com/issue/WLB-2022010051


VUPlayer 2.49 Buffer Overflow

https://cxsecurity.com/issue/WLB-2022010052


Online Railway Reservation System 1.0 Cross Site Scripting

https://cxsecurity.com/issue/WLB-2022010053


Online Railway Reservation System 1.0 SQL Injection

https://cxsecurity.com/issue/WLB-2022010054


Open-AudIT Community 4.2.0 Cross Site Scripting

https://cxsecurity.com/issue/WLB-2022010055


Movie Rating System 1.0 Broken Access Control (Admin Account Creation) (Unauthenticated)

https://cxsecurity.com/issue/WLB-2022010056


Microsoft Windows Defender / Detection Bypass

https://cxsecurity.com/issue/WLB-2022010058


Arva Web Developer - Blind Sql Injection Vulnerability

https://cxsecurity.com/issue/WLB-2022010057


Microsoft Windows .Reg File Dialog Spoof / Mitigation Bypass

https://cxsecurity.com/issue/WLB-2022010059


Backdoor.Win32.Controlit.10 / Unauthenticated Remote Command Execution

https://cxsecurity.com/issue/WLB-2022010060


Microsoft Windows 11 - 'afd.sys' Local Kernel Denial of Service

https://cxsecurity.com/issue/WLB-2022010061


Crestron HD-MD4X2-4K-E 1.0.0.2159 Credential Disclosure

https://cxsecurity.com/issue/WLB-2022010064


Log4Shell HTTP Header Injection

https://cxsecurity.com/issue/WLB-2022010065


Agile Web Solutions - Sql Injection Vulnerability

https://cxsecurity.com/issue/WLB-2022010066


WordPress Core 5.8.2 - 'WP_Query' SQL Injection

https://cxsecurity.com/issue/WLB-2022010068


WordPress Frontend Uploader 1.3.2 Cross Site Scripting

https://cxsecurity.com/issue/WLB-2022010072


EDSA Designs - Sql Injection Vulnerability

https://cxsecurity.com/issue/WLB-2022010069


MARKS DESIGN - Sql Injection Vulnerability

https://cxsecurity.com/issue/WLB-2022010070


SonicWall SMA 100 Series Authenticated Command Injection

https://cxsecurity.com/issue/WLB-2022010073


Web Canvas - Sql Injection Vulnerability

https://cxsecurity.com/issue/WLB-2022010075


da Grazioli Design - Sql Injection Vulnerability

https://cxsecurity.com/issue/WLB-2022010077


HTTP Commander 3.1.9 Cross Site Scripting

https://cxsecurity.com/issue/WLB-2022010078













第十六周/20220117 红队推送

点个在看你最好看



更多互动可点击阅读原文

原文始发于微信公众号(凌晨一点零三分):第十六周/20220117 红队推送

特别标注: 本站(CN-SEC.COM)所有文章仅供技术研究,若将其信息做其他用途,由用户承担全部法律及连带责任,本站不承担任何法律及连带责任,请遵守中华人民共和国安全法.
  • 我的微信
  • 微信扫一扫
  • weinxin
  • 我的微信公众号
  • 微信扫一扫
  • weinxin
admin
  • 本文由 发表于 2022年1月17日13:22:31
  • 转载请保留本文链接(CN-SEC中文网:感谢原作者辛苦付出):
                  第十六周/20220117 红队推送 http://cn-sec.com/archives/741509.html

发表评论

匿名网友 填写信息

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: