BugSearch is an information portal focused on applications security, web oriented and not. We offer our services to disclose our registered users on security alerts found on the net, in order to warn them as soon as possible on bugs, system flaws, exploits and threats afflicting applications and possible patches.

New Feature: Post New Exploit

Register now to start receiving our security alerts of your favourite applications or try our new Android App which will keep you updated everywhere you are!


Last Advisories
YouTube Automated CMS 1.0.7 - Cross-Site Request Forgery / Cross Site Scripting 14-10-2016
RSS News AutoPilot Script 1.0.1 / 3.1.0 - Admin Panel Authentication Bypass 13-10-2016
Colorful Blog - (Change Admin Password) Cross-Site Request Forgery 13-10-2016
Colorful Blog - Stored Cross Site Scripting 13-10-2016
Hotspot Shield 6.0.3 - Unquoted Service Path Privilege Escalation 13-10-2016
Thatware 0.4.6 - SQL Injection 13-10-2016
IObit Malware Fighter 4.3.1 - Unquoted Service Path Privilege Escalation 13-10-2016
ATKGFNEXSrv ATKGFNEX 1.0.11.1 - Unquoted Service Path Privilege Escalation 13-10-2016
VOX Music Player 2.8.8 - '.pls' Denail of Service 13-10-2016
ASLDRService ATK Hotkey 1.0.69.0 - Unquoted Service Path Privilege Escalation 13-10-2016
InsOnSrv Asus InstantOn 2.3.1.1 - Unquoted Service Path Privilege Escalation 13-10-2016
JonhCMS 4.5.1 - SQL Injection 13-10-2016
Simple Blog PHP 2.0 - Multiple Vulnerabilities 13-10-2016
Simple Blog PHP 2.0 - SQL Injection 13-10-2016
ApPHP MicroCMS 3.9.5 - (Add Admin) Cross-Site Request Forgery 12-10-2016
Adobe Flash Player 23.0.0.162 - '.SWF' ConstantPool Critical Memory Corruption 12-10-2016
Cisco Webex Player T29.10 - '.WRF' Use-After-Free Memory Corruption 12-10-2016
OpenCimetiere v3.0.0-a5 - Blind SQL Injection 12-10-2016
Cisco Webex Player T29.10 - '.ARF' Out-of-Bounds Memory Corruption 12-10-2016
ApPHP MicroCMS 3.9.5 - Stored Cross Site Scripting 12-10-2016
NetBilletterie 2.8 - Multiple Vulnerabilities 12-10-2016
Android - Binder Generic ASLR Leak 12-10-2016
Categorizator 0.3.1 - SQL Injection 12-10-2016
Subversion 1.6.6 / 1.6.12 - Code Execution 12-10-2016
iWisoft Video Converter 1.2 - DLL Hijacking Vulnerability12-10-2016
RSA Enterprise Compromise Assessment Tool 4.1.0.1 - XML External Entity Injection 11-10-2016
AVTECH IP Camera, NVR, and DVR Devices - Multiple Vulnerabilities 11-10-2016
Android - 'gpsOneXtra' Data Files Denial of Service 11-10-2016
sheed AntiVirus - Unquoted Service Path Privilege Escalation 11-10-2016
phpEnter 4.2.7 - (Add New Post) Cross-Site Request Forgery 11-10-2016