BugSearch is an information portal focused on applications security, web oriented and not. We offer our services to disclose our registered users on security alerts found on the net, in order to warn them as soon as possible on bugs, system flaws, exploits and threats afflicting applications and possible patches.

New Feature: Post New Exploit

Register now to start receiving our security alerts of your favourite applications or try our new Android App which will keep you updated everywhere you are!

Last Advisories
OrientDB 3.0.17 GA Community Edition - Cross-Site Request Forgery / Cross-Site Scripting08-03-2019
Sony Playstation 4 (PS4) < 6.20 - WebKit Code Execution (PoC)08-03-2019
DirectAdmin 1.55 - 'CMD_ACCOUNT_ADMIN' Cross-Site Request Forgery08-03-2019
Drupal < 8.5.11 / < 8.6.10 - RESTful Web Services unserialize() RCE (Metasploit)07-03-2019
QNAP TS-431 QTS < 4.2.2 - Remote Command Execution (Metasploit)07-03-2019
FreeBSD - Intel SYSRET Privilege Escalation (Metasploit)07-03-2019
Anyburn 4.3 x86 - 'Copy disc to image file' Buffer Overflow - (UNICODE)(SEH)07-03-2019
Kados R10 GreenBee - Multiple SQL Injection07-03-2019
Imperva SecureSphere 13.x - PWS Command Injection (Metasploit)07-03-2019
Linux < 4.20.14 - Virtual Address 0 is Mappable via Privileged write() to /proc/*/mem06-03-2019
Android - binder Use-After-Free via racy Initialization of ->allow_user_free06-03-2019
Android - getpidcon() Usage in Hardware binder ServiceManager Permits ACL Bypass06-03-2019
Linux/x86 - XOR Encoder / Decoder execve(/bin/sh) Shellcode (45 bytes)05-03-2019
OpenDocMan 1.3.4 - 'search.php where' SQL Injection05-03-2019
Raisecom XPON ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 - Remote Code Execution04-03-2019
Linux/x86 - iptables -F Shellcode (43 bytes)04-03-2019
Linux/x86 - NOT Encoder / Decoder - execve(/bin/sh) Shellcode (44 bytes)04-03-2019
OOP CMS BLOG 1.0 - Multiple Cross-Site Request Forgery04-03-2019
Booked Scheduler 2.7.5 - Remote Command Execution (Metasploit)04-03-2019
MarcomCentral FusionPro VDP Creator < 10.0 - Directory Traversal04-03-2019
Splunk Enterprise 7.2.4 - Custom App Remote Command Execution (Persistent Backdoor / Custom Binary)04-03-2019
Microsoft Edge Chakra 1.11.4 - Read Permission via Type Confusion04-03-2019
WordPress Plugin Cerber Security, Antispam & Malware Scan 8.0 - Multiple Bypass Vulnerabilities04-03-2019
Bolt CMS 3.6.4 - Cross-Site Scripting04-03-2019
Linux/x64 - Kill All Processes Shellcode (11 bytes)04-03-2019
OOP CMS BLOG 1.0 - Multiple SQL Injection04-03-2019
CMSsite 1.0 - Multiple Cross-Site Request Forgery04-03-2019
Craft CMS 3.1.12 Pro - Cross-Site Scripting04-03-2019
zzzphp CMS 1.6.1 - Cross-Site Request Forgery04-03-2019
elFinder 2.1.47 - 'PHP connector' Command Injection04-03-2019