BugSearch is an information portal focused on applications security, web oriented and not. We offer our services to disclose our registered users on security alerts found on the net, in order to warn them as soon as possible on bugs, system flaws, exploits and threats afflicting applications and possible patches.

New Feature: Post New Exploit

Register now to start receiving our security alerts of your favourite applications or try our new Android App which will keep you updated everywhere you are!


Last Advisories
Ladder System 6.0 - 'faqid' Parameter SQL Injection 07-04-2017
My Gaming Ladder Combo System 7.5 - SQL Injection 07-04-2017
Shopping Cart Template - 'item' Parameter SQL Injection 07-04-2017
Forum Template 1.0 - SQL Injection 07-04-2017
Survey Template 1.1 - 'masterkey1' Parameter SQL Injection 07-04-2017
Calendar Template 2.0 - 'editid1' Parameter SQL Injection 07-04-2017
Quiz Template 1.0 - 'testid' Parameter SQL Injection 07-04-2017
Intellinet NFC-30IR Camera - Multiple Vulnerabilities 07-04-2017
Invoice Template - 'hash' Parameter SQL Injection 07-04-2017
Document Management Template - 'hash' Parameter SQL Injection 07-04-2017
Moodle 2.x/3.x - SQL Injection 06-04-2017
Windows 10 x64 - Egghunter Shellcode (45 bytes) 06-04-2017
Cesanta Mongoose OS - Use-After-Free 06-04-2017
D-Link DIR-615 - Cross-Site Request Forgery 05-04-2017
ImagePro Lazygirls Clone Script - SQL Injection 05-04-2017
Airbnb Crashpadder Clone Script - SQL Injection 05-04-2017
Premium Penny Auction Script - SQL Injection 05-04-2017
Sweepstakes Pro Software - SQL Injection 05-04-2017
Appointment Script - SQL Injection 05-04-2017
HelpDEZK 1.1.1 - Cross-Site Request Forgery / Code Execution 05-04-2017
SpiceWorks 7.5 TFTP - Remote File Overwrite / Upload 05-04-2017
macOS/iOS Kernel 10.12.3 (16D32) - 'bpf' Heap Overflow 04-04-2017
Apple WebKit 10.0.2(12602.3.12.0.1) - 'disconnectSubframes' Universal Cross-Site Scripting 04-04-2017
Apple WebKit 10.0.2(12602.3.12.0.1, r210800) - 'constructJSReadableStreamDefaultReader' Type Confusion 04-04-2017
Apple Webkit - 'JSCallbackData' Universal Cross-Site Scripting 04-04-2017
Apple WebKit 10.0.2(12602.3.12.0.1) - 'Frame::setDocument (1)' Universal Cross-Site Scripting 04-04-2017
macOS Kernel 10.12.2 (16C67) - Memory Disclosure Due to Lack of Bounds Checking in AppleIntelCapriController::getDisplayPipeCapability 04-04-2017
Apple Webkit - Universal Cross-Site Scripting by Accessing a Named Property from an Unloaded Window 04-04-2017
macOS/iOS Kernel 10.12.3 (16D32) - Double-Free Due to Bad Locking in fsevents Device 04-04-2017
macOS/iOS Kernel 10.12.3 (16D32) - Bad Locking in necp_open Use-After-Free 04-04-2017