BugSearch is an information portal focused on applications security, web oriented and not. We offer our services to disclose our registered users on security alerts found on the net, in order to warn them as soon as possible on bugs, system flaws, exploits and threats afflicting applications and possible patches.

New Feature: Post New Exploit

Register now to start receiving our security alerts of your favourite applications or try our new Android App which will keep you updated everywhere you are!


Last Advisories
Microsoft Edge Chakra - 'JavascriptGeneratorFunction::GetPropertyBuiltIns' Type Confusion17-01-2018
Master IP CAM 01 - Multiple Vulnerabilities17-01-2018
Belkin N600DB Wireless Router - Multiple Vulnerabilities17-01-2018
D-Link DSL-2640R - Unauthenticated DNS Change17-01-2018
Reservo Image Hosting Script 1.5 - Cross-Site Scripting17-01-2018
SugarCRM 3.5.1 - Cross-Site Scripting17-01-2018
Zomato Clone Script - Arbitrary File Upload17-01-2018
glibc - 'getcwd()' Local Privilege Escalation16-01-2018
Synology Photo Station 6.8.2-3461 - 'SYNOPHOTO_Flickr_MultiUpload' Race Condition File Write Remote Code Execution15-01-2018
D-Link DNS-343 ShareCenter < 1.05 - Command Injection15-01-2018
D-Link DNS-325 ShareCenter < 1.05B03 - Multiple Vulnerabilities15-01-2018
OBS studio 20.1.3 - Local Buffer Overflow15-01-2018
ILIAS < 5.2.4 - Cross-Site Scripting15-01-2018
Flash Operator Panel 2.31.03 - Command Execution15-01-2018
GitStack - Unauthenticated Remote Code Execution15-01-2018
Oracle PeopleSoft 8.5x - Remote Code Execution15-01-2018
Adminer 4.3.1 - Server-Side Request Forgery15-01-2018
Disk Pulse Enterprise 10.1.18 - Buffer Overflow15-01-2018
SysGauge Server 3.6.18 - Buffer Overflow15-01-2018
RISE 1.9 - 'search' SQL Injection15-01-2018
PerfexCRM 1.9.7 - Arbitrary File Upload15-01-2018
ImgHosting 1.5 - Cross-Site Scripting15-01-2018
Domains & Hostings Manager PRO 3.0 - Authentication Bypass15-01-2018
pfSense < 2.1.4 - 'status_rrd_graph_img.php' Command Injection15-01-2018
Linux/ARM - Reverse TCP (192.168.1.1:4444/TCP) Shell (/bin/sh) + Password (MyPasswd) + Null-Free Shellcode (156 bytes)15-01-2018
DarkComet (C2 Server) - File Upload15-01-2018
Linux/x86 - execve(/bin/sh) + Polymorphic Shellcode (26 bytes)14-01-2018
Linux/x86-64 - execve("/sbin/iptables", , NULL) Shellcode (43 bytes)13-01-2018
Linux/x86-64 - Execute /bin/sh Shellcode (24 bytes)13-01-2018
Linux/x86-64 - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (96 bytes)13-01-2018