BugSearch is an information portal focused on applications security, web oriented and not. We offer our services to disclose our registered users on security alerts found on the net, in order to warn them as soon as possible on bugs, system flaws, exploits and threats afflicting applications and possible patches.

New Feature: Post New Exploit

Register now to start receiving our security alerts of your favourite applications or try our new Android App which will keep you updated everywhere you are!


Last Advisories
Linux/x86-64 - Subtle Probing Reverse Shell, Timer, Burst, Password, Multi-Terminal (84, 122, 172 bytes) 21-07-2016
TeamPass Passwords Management System 2.1.26 - Arbitrary File Download 21-07-2016
OpenSSHD <= 7.2p2 - Username Enumeration 20-07-2016
Wowza Streaming Engine 4.5.0 - Add Advanced Admin CSRF 20-07-2016
Wowza Streaming Engine 4.5.0 - Multiple XSS 20-07-2016
WordPress Video Player Plugin 1.5.16 - SQL Injection 20-07-2016
Wowza Streaming Engine 4.5.0 - Remote Privilege Escalation 20-07-2016
Wowza Streaming Engine 4.5.0 - Local Privilege Escalation 20-07-2016
Linux/CRISv32 - Axis Communication Connect Back Shellcode (189 bytes) 20-07-2016
Drupal RESTWS Module 7.x - Remote PHP Code Execution (Metasploit) 20-07-2016
Django CMS 3.3.0 - (Editor Snippet) Persistent XSS 20-07-2016
Linux/x86 - execve /bin/sh Shellcode (19 bytes) 20-07-2016
NewsP Free News Script 1.4.7 - User Credentials Disclosure 19-07-2016
Axis Communications MPQT/PACS 5.20.x - Server Side Include (SSI) Daemon Remote Format String Exploit 19-07-2016
newsp.eu PHP Calendar Script 1.0 - User Credentials Disclosure 19-07-2016
Linux/x86-64 - Syscall Persistent Bind Shell + (Multi-terminal) + Password + Daemon (83, 148, 177 bytes) 19-07-2016
Meinberg NTP Time Server ELX800/GPS M4x V5.30p - Remote Command Execution and Escalate Privileges 18-07-2016
vBulletin 4.x - SQLi in breadcrumbs via xmlrpc API (Post-Auth) 18-07-2016
vBulletin 5.x/4.x - Persistent XSS in AdminCP/ApiLog via xmlrpc API (Post-Auth) 18-07-2016
Internet Explorer 11 (on Windows 10) - VBScript Memory Corruption Proof-of-Concept Exploit (MS16-051) 18-07-2016
DropBearSSHD <= 2015.71 - Command Injection 18-07-2016
OpenSSHD <= 7.2p2 - User Enumeration 18-07-2016
Clear Voyager Hotspot IMW-C910W - Arbitrary File Disclosure 15-07-2016
Joomla Guru Pro (com_guru) Component - SQL Injection 14-07-2016
Riverbed SteelCentral NetProfiler/NetExpress Remote Code Execution 13-07-2016
MS16-032 Secondary Logon Handle Privilege Escalation 13-07-2016
Adobe Flash Player 22.0.0.192 - SceneAndFrameData Memory Corruption 13-07-2016
Windows x86 URLDownloadToFileA()+SetFileAttributesA()+WinExec()+ExitProcess() Shellcode 13-07-2016
GSX Analyzer 10.12 and 11 - Main.swf Hardcoded Superadmin Credentials 13-07-2016
Apache Archiva 1.3.9 - Multiple CSRF Vulnerabilities 13-07-2016