BugSearch is an information portal focused on applications security, web oriented and not. We offer our services to disclose our registered users on security alerts found on the net, in order to warn them as soon as possible on bugs, system flaws, exploits and threats afflicting applications and possible patches.

New Feature: Post New Exploit

Register now to start receiving our security alerts of your favourite applications or try our new Android App which will keep you updated everywhere you are!


Last Advisories
Active Websurvey 9.1 (Auth Bypass) Remote SQL Injection Vulnerability29-11-2008
Active Membership v 2 (Auth Bypass) Remote SQL Injection Vulnerability29-11-2008
Active Newsletter 4.3 (Auth Bypass) Remote SQL Injection Vulnerability29-11-2008
eWebquiz v 8 (Auth Bypass) Remote SQL Injection Vulnerability29-11-2008
Active Web Mail v 4 (Auth Bypass) Remote SQL Injection Vulnerability29-11-2008
Active Trade 2 (Auth Bypass) Remote SQL Injection Vulnerability29-11-2008
Active Price Comparison 4 (Auth Bypass) SQL Injection Vulnerability29-11-2008
PHP TV Portal 2.0 (index.php mid) SQL Injection Vulnerability29-11-2008
Active Force Matrix v2 (Auth Bypass) Remote SQL Injection Vulnerability29-11-2008
ASPReferral 5.3 (AccountID) Blind SQL Injection Vulnerability 29-11-2008
ActiveVotes 2.2 (Auth Bypass) Remote SQL Injection Vulnerability 29-11-2008
Active Test 2.1 (Auth Bypass) Remote SQL Injection Vulnerability29-11-2008
Active Test 2.1 (QuizID) Blind SQL Injection Vulnerability29-11-2008
Bluo CMS 1.2 (index.php id) Blind SQL Injection Vulnerability28-11-2008
CMS little (index.php term) Remote SQL Injection Exploit28-11-2008
ReVou Twitter Clone (Auth Bypass) SQL Injection Vulnerability28-11-2008
Apache Tomcat untime.getRuntime().exec() Privilege Escalation (win)28-11-2008
Web Calendar System <= 3.40 (XSS-SQL) Multiple Remote Vulnerabilities28-11-2008
All Club CMS <= 0.0.2 Remote DB Config Retrieve Exploit28-11-2008
SailPlanner 0.3a (Auth Bypass) SQL Injection Vulnerability28-11-2008
Microsoft Office Communicator (SIP) Remote Denial of Service Exploit28-11-2008
Booking Centre 2.01 (Auth Bypass) SQL Injection Vulnerability28-11-2008
BaSiC-CMS (acm2000.mdb) Remote Database Disclosure Vulnerability28-11-2008
Basic PHP CMS (index.php id) Blind SQL Injection Vulnerability28-11-2008
Ocean12 FAQ Manager Pro (ID) Blind SQL Injection Vulnerabillity28-11-2008
RakhiSoftware Shopping Cart (subcategory_id) SQL Injection Vulnerability27-11-2008
Ocean12 Calendar Manager Gold Database Disclosure Vulnerability27-11-2008
Ocean12 Poll Manager Pro Database Disclosure Vulnerability27-11-2008
Family Project 2.x (Auth Bypass) SQL Injection Vulnerability27-11-2008
i.Scribe SMTP Client <= 2.00b (wscanf) Remote Format String PoC27-11-2008