BugSearch is an information portal focused on applications security, web oriented and not. We offer our services to disclose our registered users on security alerts found on the net, in order to warn them as soon as possible on bugs, system flaws, exploits and threats afflicting applications and possible patches.

New Feature: Post New Exploit

Register now to start receiving our security alerts of your favourite applications or try our new Android App which will keep you updated everywhere you are!

Last Advisories
Oracle WebLogic - wls-wsat Component Deserialization Remote Code Execution (Metasploit)29-01-2018
Arq 5.10 - Local root Privilege Escalation (2)29-01-2018
macOS - 'sysctl_vfs_generic_conf' Stack Leak Through Struct Padding29-01-2018
iBall WRA150N - Multiple Vulnerabilities29-01-2018
systemd (systemd-tmpfiles) < 236 - 'fs.protected_hardlinks=0' Local Privilege Escalation29-01-2018
Artifex MuJS 1.0.2 - Integer Overflow28-01-2018
Artifex MuJS 1.0.2 - Denial of Service28-01-2018
Nexpose < 6.4.66 - Cross-Site Request Forgery28-01-2018
Trend Micro Threat Discovery Appliance 2.6.1062r1 - 'dlp_policy_upload.cgi' Remote Code Execution28-01-2018
KeystoneJS < 4.0.0-beta.7 - Cross-Site Request Forgery28-01-2018
PACSOne Server 6.6.2 DICOM Web Viewer - Directory Trasversal28-01-2018
Linux/x86 - Egghunter Shellcode (12 Bytes)28-01-2018
Buddy Zone 2.9.9 - SQL Injection28-01-2018
Netis WF2419 Router - Cross-Site Request Forgery28-01-2018
Hot Scripts Clone - 'subctid' SQL Injection28-01-2018
Task Rabbit Clone 1.0 - 'id' SQL Injection28-01-2018
PACSOne Server 6.6.2 DICOM Web Viewer - SQL Injection28-01-2018
TSiteBuilder 1.0 - SQL Injection28-01-2018
Multilanguage Real Estate MLM Script 3.0 - 'srch' SQL Injection28-01-2018
Linux/ARM - Reverse TCP ( Shell (/bin/sh) Null Free Shellcode (80 bytes)28-01-2018
Gnew 2018.1 - Cross-Site Request Forgery28-01-2018
Joomla! Component JS Support Ticket 1.1.0 - Cross-Site Request Forgery28-01-2018
Joomla! Component Jtag Members Directory 5.3.7 - Arbitrary File Download28-01-2018
BMC BladeLogic - Remote Command Execution26-01-2018
WordPress Plugin Learning Management System - 'course_id' SQL Injection26-01-2018
Linux/x86 - Disable ASLR Security Obfuscated Shellcode (23 bytes)26-01-2018
Dodocool DC38 N300 - Cross-site Request Forgery26-01-2018
Exodus Wallet (ElectronJS Framework) - Remote Code Execution25-01-2018
ASUS DSL-N14U B1 Router - Change Administrator Password25-01-2018
Oracle VirtualBox < 5.1.30 / < 5.2-rc1 - Guest to Host Escape24-01-2018