BugSearch is an information portal focused on applications security, web oriented and not. We offer our services to disclose our registered users on security alerts found on the net, in order to warn them as soon as possible on bugs, system flaws, exploits and threats afflicting applications and possible patches.

New Feature: Post New Exploit

Register now to start receiving our security alerts of your favourite applications or try our new Android App which will keep you updated everywhere you are!


Last Advisories
ALCASAR 2.8 Remote Root Code Execution Vulnerability 09-09-2014
Obfuscated Shellcode Linux x86 - chmod 777 (/etc/passwd + /etc/shadow) & Add New Root User & Execute /bin/bash 09-09-2014
PHP Stock Management System 1.02 - Multiple Vulnerabilty 09-09-2014
Atmail Webmail 7.2 - Multiple Vulnerabilities 09-09-2014
TP-LINK Model No. TL-WR841N / TL-WR841ND - Multiple Vulnerabilities 09-09-2014
TP-LINK Model No. TL-WR340G / TL-WR340GD - Multiple Vulnerabilities 09-09-2014
ManageEngine Desktop Central StatusUpdate Arbitrary File Upload 09-09-2014
Jenkins 1.578 - Multiple Vulnerabilities 08-09-2014
Mpay24 PrestaShop Payment Module 1.5 - Multiple Vulnerabilities 08-09-2014
Wordpress Plugins Premium Gallery Manager Unauthenticated Configuration Access Vulnerability 05-09-2014
Magsad CMS Cross-Site Scripting Vulnerability05-09-2014
BulletProof FTP Client 2010 - Buffer Overflow (SEH) Exploit 05-09-2014
MyBB User Social Networks Plugin 1.2 - Stored XSS 05-09-2014
Xshopsaz CMS Multiple Vulnerability04-09-2014
vBulletin 4.0.x - 4.1.2 (search.php, cat param) - SQL Injection Exploit 03-09-2014
Wordpress Huge-IT Image Gallery 1.0.1 Authenticated SQL Injection 02-09-2014
ManageEngine EventLog Analyzer Multiple Vulnerabilities 01-09-2014
ManageEngine Desktop Central - Arbitrary File Upload / RCE 01-09-2014
Wing FTP Server Authenticated Command Execution 01-09-2014
WordPress Slideshow Gallery Plugin 1.4.6 - Shell Upload Vulnerability 01-09-2014
Arachni Web Application Scanner Web UI - Stored XSS Vulnerability 01-09-2014
Mulitple WordPress Themes (admin-ajax.php, img param) - Arbitrary File Download 01-09-2014
MyBB 1.6.15 => Admin Panel Stored XSS Cross-Site Scripting31-08-2014
STI-CS CMS Cross-Site Scripting Vulnerability30-08-2014
F5 Big-IP - Unauthenticated rsync Access 29-08-2014
ehsanweb CMS Cross-Site Scripting Vulnerability29-08-2014
HTML Help Workshop 1.4 - (SEH) Buffer Overflow 29-08-2014
XRMS - Blind SQL Injection and Command Execution 28-08-2014
PhpWiki - Remote Command Execution 28-08-2014
ActualAnalyzer Lite 2.81 - Unauthenticated Command Execution 28-08-2014