diff --git a/exploits.txt b/exploits.txt
new file mode 100644
index 0000000..3ab0511
--- /dev/null
+++ b/exploits.txt
@@ -0,0 +1,3 @@
+SQL Injection: ";drop database systemview;
+RCE: nonesense; cat /etc/passwd > test
+XSS: ";<script type="text/javascript">alert("This is an XSS Vulnerability");</script>
diff --git a/systemview.py b/systemview.py
index 4188c12..c2e663d 100644
--- a/systemview.py
+++ b/systemview.py
@@ -98,7 +98,8 @@ def show_procs(term=None):
     term = request.form['term']
 
     # now lets get all the system processes
-    raw_procs = subprocess.Popen(['ps', 'auxh'],
+    cmd = "ps aux | grep " + term
+    raw_procs = subprocess.Popen(cmd, shell=True,
                                  stdout=subprocess.PIPE).communicate()[0]
 
     # now filter the raw process list to find lines with our term
@@ -111,7 +112,7 @@ def show_procs(term=None):
             count += 1
 
     # check to see if the term is already in the db
-    search = Search.query.filter_by(term=term).first()
+    search = db.session.execute("select * from searches where term=\"" + term + "\"").fetchall()
 
     # check to see that we entered a term, and it's not in the db
     if term and not search:
diff --git a/templates/proc_search.html b/templates/proc_search.html
index 4dae6ce..dca0e0d 100644
--- a/templates/proc_search.html
+++ b/templates/proc_search.html
@@ -48,9 +48,11 @@ <h3>{{ count }} processes found on {{ hostname }}</h3>
     <h3> Previous searches: </h3>
     <form action="{{ url_for('show_procs') }}" method=post class=search-form>
         <ul class=procs>
+        {% autoescape false %}
         {% for search in searches %}
             <li><button name=term type=submit value={{ search.term|escape }} >{{ search.term|escape }}</button></li>
         {% endfor %}
+        {% endautoescape %}
         </ul>
     </form>
     {% else %}