===
https://mp.weixin.qq.com/s/WRgvxHs4eQhD4lcP4Ahs3g
帮助寻找需要修复的log4j主机
https://github.com/fullhunt/log4j-scan
https://mp.weixin.qq.com/s/RvOndF3gdEZbgqrIPqXsUg
XXE 基础扫盲
https://infosecwriteups.com/xxe-attacks-explained-5fc1d9cc7960
Process Ghosting 的了解及规避
https://pentestlaboratories.com/2021/12/08/process-ghosting/
深入解析CVE-2021-21220——PWN2OWN 2021
====================================
https://mp.weixin.qq.com/s/nJnMXCwBmrOS4CsUrALuhw
PageWay Version 1.8 BETA SQL Injection Vulnerability
https://cxsecurity.com/issue/WLB-2021120031
Wordpress Plugin WP Guppy 1.1 - WP-JSON API Sensitive Information Disclosure
https://cxsecurity.com/issue/WLB-2021120032
Reprise License Manager 14.2
https://cxsecurity.com/issue/WLB-2021120033
MTPutty 1.0.1.21 - SSH Password Disclosure
https://cxsecurity.com/issue/WLB-2021120035
Student Management System 1.0 - SQLi Authentication Bypass
https://cxsecurity.com/issue/WLB-2021120036
Employees Daily Task Management System 1.0 - 'username' SQLi Authentication Bypass
https://cxsecurity.com/issue/WLB-2021120037
Chikitsa Patient Management System 2.0.2 - 'plugin' Remote Code Execution (RCE) (Authenticated)
https://cxsecurity.com/issue/WLB-2021120038
TestLink 1.19 - Arbitrary File Download (Unauthenticated)
https://cxsecurity.com/issue/WLB-2021120039
Raspberry Pi 5.10 - Default Credentials
https://cxsecurity.com/issue/WLB-2021120040
Grafana 8.3.0 - Directory Traversal and Arbitrary File Read
https://cxsecurity.com/issue/WLB-2021120041
Free School Management Software 1.0 - Remote Code Execution (RCE)
https://cxsecurity.com/issue/WLB-2021120042
OpenCATS 0.9.4 Remote Code Execution
https://cxsecurity.com/issue/WLB-2021120043
https://cxsecurity.com/issue/WLB-2021120044
https://cxsecurity.com/issue/WLB-2021120045
https://cxsecurity.com/issue/WLB-2021120047
Wordpress Plugin Catch Themes Demo Import 1.6.1 - Remote Code Execution (RCE) (Authenticated)
https://cxsecurity.com/issue/WLB-2021120048
更多详情请查看原文