BugSearch is an information portal focused on applications security, web oriented and not. We offer our services to disclose our registered users on security alerts found on the net, in order to warn them as soon as possible on bugs, system flaws, exploits and threats afflicting applications and possible patches.

New Feature: Post New Exploit

Register now to start receiving our security alerts of your favourite applications or try our new Android App which will keep you updated everywhere you are!

Last Advisories
Joomla! Component JEXTN Membership 3.1.0 - 'usr_plan' SQL Injection02-02-2018
Joomla! Component JMS Music 1.1.1 - SQL Injection02-02-2018
FiberHome AN5506 - Unauthenticated Remote DNS Change02-02-2018
Joomla! Component JE PayperVideo 3.0.0 - 'usr_plan' SQL Injection02-02-2018
Joomla! Component Jimtawl 2.1.6 - Arbitrary File Upload02-02-2018
IPSwitch MOVEit 8.1 < 9.4 - Cross-Site Scripting02-02-2018
Fancy Clone Script - 'search_browse_product' SQL Injection02-02-2018
Linux/x64 - Twofish Encoded + DNS (CNAME) Password + execve(/bin/sh) Shellcode02-02-2018
Event Manager 1.0 - SQL Injection02-02-2018
Joomla! Component JEXTN Classified 1.0.0 - 'sid' SQL Injection02-02-2018
Joomla! Component JEXTN Reverse Auction 3.1.0 - SQL Injection02-02-2018
Real Estate Custom Script - 'route' SQL Injection02-02-2018
Oracle Hospitality Simphony (MICROS) 2.7 < 2.9 - Directory Traversal02-02-2018
Advance Loan Management System - 'id' SQL Injection02-02-2018
WebKit - 'detachWrapper' Use-After-Free01-02-2018
WebKit - 'WebCore::FrameView::clientToLayoutViewportPoint' Use-After-Free01-02-2018
BMC Server Automation RSCD Agent - NSH Remote Command Execution (Metasploit)01-02-2018
Geovision Inc. IP Camera/Video/Access Control - Multiple Remote Command Execution / Stack Overflow / Double Free / Unauthorized Access01-02-2018
Geovision Inc. IP Camera & Video - Remote Command Execution01-02-2018
Sync Breeze Enterprise 10.4.18 - Remote Buffer Overflow (SEH)01-02-2018
Hotspot Shield - Information Disclosure30-01-2018
BMC BladeLogic RSCD Agent - Windows Users Disclosure30-01-2018
Joomla! Component CP Event Calendar 3.0.1 - 'id' SQL Injection30-01-2018
Joomla! Component Picture Calendar for Joomla 3.1.4 - Directory Traversal30-01-2018
LabF nfsAxe 3.7 TFTP Client - Local Buffer Overflow30-01-2018
Joomla! Component Visual Calendar 3.1.3 - 'id' SQL Injection30-01-2018
HPE iMC 7.3 - RMI Java Deserialization30-01-2018
Advantech WebAccess < 8.3 - SQL Injection30-01-2018
System Shield - Privilege Escalation30-01-2018
Oracle WebLogic - wls-wsat Component Deserialization Remote Code Execution (Metasploit)29-01-2018