BugSearch is an information portal focused on applications security, web oriented and not. We offer our services to disclose our registered users on security alerts found on the net, in order to warn them as soon as possible on bugs, system flaws, exploits and threats afflicting applications and possible patches.

New Feature: Post New Exploit

Register now to start receiving our security alerts of your favourite applications or try our new Android App which will keep you updated everywhere you are!

Last Advisories
Event Locations 1.0.1 - 'id' SQL Injection10-01-2019
Event Calendar 3.7.4 - 'id' SQL Injection10-01-2019
Shield CMS 2.2 - 'email' SQL Injection10-01-2019
MLMPro 1.0 - SQL Injection10-01-2019
Architectural 1.0 - 'email' SQL Injection10-01-2019
doitX 1.0 - 'search' SQL Injection10-01-2019
RGui 3.5.0 - Local Buffer Overflow (SEH)(DEP Bypass)10-01-2019
PEAR Archive_Tar < 1.4.4 - PHP Object Injection10-01-2019
eBrigade ERP 4.5 - Arbitrary File Download10-01-2019
Matrix MLM Script 1.0 - Information Disclosure10-01-2019
BlogEngine 3.3 - XML External Entity Injection09-01-2019
Microsoft Windows - DSSVC CheckFilePermission Arbitrary File Deletion09-01-2019
polkit - Temporary auth Hijacking via PID Reuse and Non-atomic Fork09-01-2019
Heatmiser Wifi Thermostat 1.7 - Cross-Site Request Forgery (Update Admin)09-01-2019
Google Chrome V8 JavaScript Engine 71.0.3578.98 - Out-of-Memory. Denial of Service (PoC)09-01-2019
Microsoft Office SharePoint Server 2016 - Denial of Service (Metasploit)09-01-2019
ZTE MF65 BD_HDV6MF65V1.0.0B05 - Cross-Site Scripting09-01-2019
Linux/x86 - wget chmod execute over execve /bin/sh -c Shellcode (119 bytes)09-01-2019
Wireshark - 'get_t61_string' Heap Out-of-Bounds Read08-01-2019
CF Image Hosting Script 1.6.5 - (Delete all Pictures) Privilege Escalation08-01-2019
Dolibarr ERP-CRM 8.0.4 - 'rowid' SQL Injection08-01-2019
Foscam Video Management System - 'Username' Denial of Service (PoC)07-01-2019
Huawei E5330 - Cross-Site Request Forgery (Send SMS)07-01-2019
SpotFTP Password Recover 2.4.2 - 'Name' Denial of Service (PoC)07-01-2019
BlueAuditor - 'Key' Denial of Service (PoC)07-01-2019
KioWare Server Version 4.9.6 - Weak Folder Permissions Privilege Escalation07-01-2019
Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 - Cross-Site Request Forgery07-01-2019
Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 - JS/HTML Code Injection07-01-2019
Ajera Timesheets 9.10.16 - Deserialization of Untrusted Data07-01-2019
Roxy Fileman 1.4.5 - Unrestricted File Upload / Directory Traversal07-01-2019