BugSearch is an information portal focused on applications security, web oriented and not. We offer our services to disclose our registered users on security alerts found on the net, in order to warn them as soon as possible on bugs, system flaws, exploits and threats afflicting applications and possible patches.

New Feature: Post New Exploit

Register now to start receiving our security alerts of your favourite applications or try our new Android App which will keep you updated everywhere you are!


Last Advisories
DomainMOD 4.11.01 - Owner name Field Cross-Site Scripting04-12-2018
Rockwell Automation Allen-Bradley PowerMonitor 1000 - Incorrect Access Control Authentication Bypass04-12-2018
OpenSSH < 7.7 - User Enumeration (2)04-12-2018
NEC Univerge Sv9100 WebPro - 6.00 - Predictable Session ID / Clear Text Password Storage04-12-2018
Dolibarr ERP/CRM 8.0.3 - Cross-Site Scripting04-12-2018
Xorg X11 Server (AIX) - Local Privilege Escalation04-12-2018
Emacs - movemail Privilege Escalation (Metasploit)04-12-2018
FreshRSS 1.11.1 - Cross-Site Scripting04-12-2018
HP Intelligent Management - Java Deserialization RCE (Metasploit)04-12-2018
Wireshark - 'find_signature' Heap Out-of-Bounds Read04-12-2018
Wireshark - 'cdma2k_message_ACTIVE_SET_RECORD_FIELDS' Stack Corruption04-12-2018
NUUO NVRMini2 3.9.1 - Authenticated Command Injection04-12-2018
DomainMOD 4.11.01 - Registrar Cross-Site Scripting04-12-2018
Mozilla Firefox 63.0.1 - Denial of Service (PoC)03-12-2018
PHP Server Monitor 3.3.1 - Cross-Site Request Forgery03-12-2018
Apache Superset < 0.23 - Remote Code Execution03-12-2018
WordPress Plugin Advanced-Custom-Fields 5.7.7 - Cross-Site Scripting03-12-2018
Budabot 4.0 - Denial of Service (PoC)03-12-2018
PhpSpreadsheet < 1.5.0 - XML External Entity (XXE)30-11-2018
Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (1234567) Shellcode (136 bytes)09-11-2018
Keybase keybase-redirector - '$PATH' Local Privilege Escalation22-10-2018
LibSSH 0.7.6 / 0.8.4 - Unauthorized Access20-10-2018
TeamCity < 9.0.2 - Disabled Registration Bypass28-03-2018
Dup Scout Enterprise 10.5.12 - 'Share Username' Local Buffer Overflow05-03-2018
Xion 1.0.125 - '.m3u' Local SEH-Based Unicode Venetian Exploit05-03-2018
TestLink Open Source Test Management < 1.9.16 - Remote Code Execution02-03-2018
uWSGI < 2.0.17 - Directory Traversal02-03-2018
DualDesk 20 - 'Proxy.exe' Denial of Service02-03-2018
SEGGER embOS/IP FTP Server 3.22 - Denial of Service02-03-2018
D-Link DIR-600M Wireless - Cross-Site Scripting02-03-2018