BugSearch is an information portal focused on applications security, web oriented and not. We offer our services to disclose our registered users on security alerts found on the net, in order to warn them as soon as possible on bugs, system flaws, exploits and threats afflicting applications and possible patches.

New Feature: Post New Exploit

Register now to start receiving our security alerts of your favourite applications or try our new Android App which will keep you updated everywhere you are!

Last Advisories
MailCarrier 2.51 - POP3 'USER' Buffer Overflow15-04-2019
MailCarrier 2.51 - POP3 'LIST' SEH Buffer Overflow15-04-2019
UltraVNC Launcher - 'Path' Denial of Service (PoC)15-04-2019
Cisco RV130W Routers - Management Interface Remote Command Execution (Metasploit)15-04-2019
MailCarrier 2.51 - POP3 'TOP' SEH Buffer Overflow15-04-2019
Linux/x86 - Cat File Encode to base64 and post via curl to Webserver Shellcode (125 bytes)15-04-2019
Microsoft Windows - Contact File Format Arbitary Code Execution (Metasploit)12-04-2019
Zimbra Collaboration - Autodiscover Servlet XXE and ProxyServlet SSRF (Metasploit)12-04-2019
CyberArk EPM - Security Restrictions Bypass12-04-2019
Microsoft Internet Explorer 11 - XML External Entity Injection12-04-2019
ATutor < 2.2.4 - 'file_manager' Remote Code Execution (Metasploit)12-04-2019
Linux/x86 - Add User to Passwd File Shellcode (149 bytes)12-04-2019
D-Link DI-524 V2.06RU - Multiple Cross-Site Scripting10-04-2019
FTPShell Server 6.83 - 'Account name to ban' Local Buffer10-04-2019
FTPShell Server 6.83 - 'Virtual Path Mapping' Local Buffer10-04-2019
Dell KACE Systems Management Appliance (K1000) 6.4.120756 - Unauthenticated Remote Code Execution10-04-2019
Microsoft Windows - AppX Deployment Service Privilege Escalation09-04-2019
Apache Axis 1.4 - Remote Code Execution09-04-2019
Ashop Shopping Cart Software - 'bannedcustomers.php?blacklistitemid' SQL Injection09-04-2019
Linux/x64 - XANAX Decoder Shellcode (127 bytes)09-04-2019
TP-LINK TL-WR940N / TL-WR941ND - Buffer Overflow09-04-2019
Linux/x64 - XANAX Encoder Shellcode (127 bytes)09-04-2019
Jobgator - 'experience' SQL Injection08-04-2019
Tradebox CryptoCurrency - 'symbol' SQL Injection08-04-2019
River Past Cam Do 3.7.6 - 'Activation Code' Local Buffer Overflow08-04-2019
SaLICru -SLC-20-cube3(5) - HTML Injection08-04-2019
ShoreTel Connect ONSITE < 19.49.1500.0 - Multiple Vulnerabilities08-04-2019
FlexHEX 2.71 - SEH Buffer Overflow (Unicode)08-04-2019
Bolt CMS 3.6.6 - Cross-Site Request Forgery / Remote Code Execution08-04-2019
AllPlayer 7.4 - SEH Buffer Overflow (Unicode)08-04-2019