BugSearch is an information portal focused on applications security, web oriented and not. We offer our services to disclose our registered users on security alerts found on the net, in order to warn them as soon as possible on bugs, system flaws, exploits and threats afflicting applications and possible patches.

New Feature: Post New Exploit

Register now to start receiving our security alerts of your favourite applications or try our new Android App which will keep you updated everywhere you are!


Last Advisories
Drupal < 8.6.9 - REST Module Remote Code Execution25-02-2019
Jenkins Plugin Script Security 1.49/Declarative 1.3.4/Groovy 2.60 - Remote Code Execution25-02-2019
News Website Script 2.0.5 - SQL Injection25-02-2019
Advance Gift Shop Pro Script 2.0.3 - SQL Injection25-02-2019
Xlight FTP Server 3.9.1 - Buffer Overflow (PoC)25-02-2019
PHP Ecommerce Script 2.0.6 - Cross-Site Scripting / SQL Injection25-02-2019
Drupal < 8.6.10 / < 8.5.11 - REST Module Remote Code Execution23-02-2019
WinRAR 5.61 - Path Traversal22-02-2019
Teracue ENC-400 - Command Injection / Missing Authentication22-02-2019
Micro Focus Filr 3.4.0.217 - Path Traversal / Local Privilege Escalation22-02-2019
Nuuo Central Management - Authenticated SQL Server SQL Injection (Metasploit)22-02-2019
WebKit JSC - reifyStaticProperty Needs to set the PropertyAttribute::CustomAccessor flag for CustomGetterSetter22-02-2019
Quest NetVault Backup Server < 11.4.5 - Process Manager Service SQL Injection / Remote Code Execution22-02-2019
MikroTik RouterOS < 6.43.12 (stable) / < 6.42.12 (long-term) - Firewall and NAT Bypass21-02-2019
ScreenStream 3.0.15 - Denial of Service21-02-2019
C4G Basic Laboratory Information System (BLIS) 3.4 - SQL Injection21-02-2019
Memu Play 6.0.7 - Privilege Escalation21-02-2019
Valentina Studio 9.0.5 Linux - 'Host' Buffer Overflow (PoC)21-02-2019
Virtual VCR Max .0a - '.vcr' Buffer Overflow (PoC)21-02-2019
RealTerm Serial Terminal 2.0.0.70 - 'Echo Port' Buffer Overflow (SEH)21-02-2019
AirDrop 2.0 - Denial of Service (DoS)21-02-2019
EI-Tube 3 - SQL Injection21-02-2019
Belkin Wemo UPnP - Remote Code Execution (Metasploit)20-02-2019
FTPShell Server 6.83 - 'Account name to ban' Denial of Service (PoC)20-02-2019
FaceTime - Texture Processing Memory Corruption20-02-2019
MatrixSSL < 4.0.2 - Stack Buffer Overflow Verifying x.509 Certificates20-02-2019
Android Kernel < 4.8 - ptrace seccomp Filter Bypass20-02-2019
HotelDruid 2.3 - Cross-Site Scripting20-02-2019
webERP 4.15 - 'ImportBankTransaction' Blind SQL Injection20-02-2019
WinRAR 5.61 - '.lng' Denial of Service20-02-2019