BugSearch is an information portal focused on applications security, web oriented and not. We offer our services to disclose our registered users on security alerts found on the net, in order to warn them as soon as possible on bugs, system flaws, exploits and threats afflicting applications and possible patches.

New Feature: Post New Exploit

Register now to start receiving our security alerts of your favourite applications or try our new Android App which will keep you updated everywhere you are!


Last Advisories
ZYCOO IP Phone System - Remote Command Execution 19-08-2016
TOSHIBA IP-Camera IK-WP41A - Auth Bypass / Configuration Download 19-08-2016
MESSOA IP Cameras (Multiple Models) - Unauthenticated Password Change 19-08-2016
JVC IP-Camera VN-T216VPRU - Credentials Disclosure 19-08-2016
SIEMENS IP Cameras (Multiple Models) - Credential Disclosure / Configuration Download 19-08-2016
Windows - Fileless UAC Protection Bypass Privilege Escalation (Metasploit) 19-08-2016
C2S DVR Management IRDOME-II-C2S, IRBOX-II-C2S, DVR - Credentials Disclosure / Authentication Bypass 19-08-2016
Vanderbilt IP-Camera CCPW3025-IR, CVMW3025-IR - Credentials Disclosure 19-08-2016
MESSOA IP-Camera NIC990 - Auth Bypass / Configuration Download 19-08-2016
X-Cart < 4.1.3 - Arbitrary Variable Overwrite18-08-2016
Windows x86 - InitiateSystemShutdownA() Shellcode (599 bytes) 18-08-2016
SIEMENS IP Camera CCMW1025 x.2.2.1798 - Remote Admin Credentials Change 18-08-2016
Honeywell IP-Camera HICC-1100PT - Credentials Disclosure 18-08-2016
SIEMENS IP-Camera CVMS2025-IR, CCMS2025 - Credentials Disclosure 17-08-2016
Microsoft GDI+ - ValidateBitmapInfo Invalid Pointer Arithmetic Out-of-Bounds Reads (MS16-097) 17-08-2016
Microsoft GDI+ - EMR_EXTTEXTOUTA and EMR_POLYTEXTOUTA Heap-Based Buffer Overflow (MS16-097) 17-08-2016
Microsoft GDI+ - DecodeCompressedRLEBitmap Invalid Pointer Arithmetic Out-of-Bounds Write (MS16-097) 17-08-2016
Internet Explorer - MSHTML!CMultiReadStreamLifetimeManager::ReleaseThreadStateInternal Read AV 16-08-2016
Nagios Incident Manager 2.0.0 - Multiple Vulnerabilities 16-08-2016
Nagios Log Server 1.4.1 - Multiple Vulnerabilities 16-08-2016
Windows x86 - CreateProcessA cmd.exe Shellcode (253 bytes) 16-08-2016
Nagios Network Analyzer 2.2.0 - Multiple Vulnerabilities 16-08-2016
Lepton CMS 2.2.0 / 2.2.1 - Directory Traversal 16-08-2016
Pi-Hole Web Interface 2.8.1 - Stored XSS in Whitelist/Blacklist 16-08-2016
Lepton CMS 2.2.0 / 2.2.1 - PHP Code Injection 16-08-2016
Windows x86 - MessageBoxA Shellcode (242 bytes) 16-08-2016
Google Chrome 26.0.1410.43 (Webkit) - OBJECT Element Use After Free PoC 16-08-2016
WSO2 Carbon 4.4.5 - (Denial of Service) CSRF 16-08-2016
WSO2 Carbon 4.4.5 - Local File Inclusion 16-08-2016
Microsoft Office Word 2013,2016 - sprmSdyaTop Denial of Service (MS16-099) 16-08-2016