BugSearch is an information portal focused on applications security, web oriented and not. We offer our services to disclose our registered users on security alerts found on the net, in order to warn them as soon as possible on bugs, system flaws, exploits and threats afflicting applications and possible patches.

New Feature: Post New Exploit

Register now to start receiving our security alerts of your favourite applications or try our new Android App which will keep you updated everywhere you are!

Last Advisories
Micro Focus Filr - Path Traversal / Local Privilege Escalation22-02-2019
Nuuo Central Management - Authenticated SQL Server SQL Injection (Metasploit)22-02-2019
WebKit JSC - reifyStaticProperty Needs to set the PropertyAttribute::CustomAccessor flag for CustomGetterSetter22-02-2019
Quest NetVault Backup Server < 11.4.5 - Process Manager Service SQL Injection / Remote Code Execution22-02-2019
Teracue ENC-400 - Command Injection / Missing Authentication22-02-2019
Memu Play 6.0.7 - Privilege Escalation21-02-2019
ScreenStream 3.0.15 - Denial of Service21-02-2019
EI-Tube 3 - SQL Injection21-02-2019
C4G Basic Laboratory Information System (BLIS) 3.4 - SQL Injection21-02-2019
Valentina Studio 9.0.5 Linux - 'Host' Buffer Overflow (PoC)21-02-2019
Virtual VCR Max .0a - '.vcr' Buffer Overflow (PoC)21-02-2019
AirDrop 2.0 - Denial of Service (DoS)21-02-2019
RealTerm Serial Terminal - 'Echo Port' Buffer Overflow (SEH)21-02-2019
MikroTik RouterOS < 6.43.12 (stable) / < 6.42.12 (long-term) - Firewall and NAT Bypass21-02-2019
webERP 4.15 - 'ImportBankTransaction' Blind SQL Injection20-02-2019
Belkin Wemo UPnP - Remote Code Execution (Metasploit)20-02-2019
FaceTime - Texture Processing Memory Corruption20-02-2019
HotelDruid 2.3 - Cross-Site Scripting20-02-2019
FTPShell Server 6.83 - 'Account name to ban' Denial of Service (PoC)20-02-2019
WinRAR 5.61 - '.lng' Denial of Service20-02-2019
Android Kernel < 4.8 - ptrace seccomp Filter Bypass20-02-2019
MatrixSSL < 4.0.2 - Stack Buffer Overflow Verifying x.509 Certificates20-02-2019
Jenkins - Remote Code Execution19-02-2019
Listing Hub CMS 1.0 - 'pages.php id' SQL Injection19-02-2019
BulletProof FTP Server 2019.0.0.50 - 'SMTP Server' Denial of Service (PoC)19-02-2019
Find a Place CMS Directory 1.5 - 'assets/external/data_2.php cate' SQL Injection19-02-2019
eDirectory - SQL Injection19-02-2019
Ask Expert Script 3.0.5 - Cross Site Scripting / SQL Injection19-02-2019
XAMPP 5.6.8 - SQL Injection / Persistent Cross-Site Scripting19-02-2019
MaxxAudio Drivers WavesSysSvc64.exe - Local Privilege Escalation19-02-2019