BugSearch is an information portal focused on applications security, web oriented and not. We offer our services to disclose our registered users on security alerts found on the net, in order to warn them as soon as possible on bugs, system flaws, exploits and threats afflicting applications and possible patches.

New Feature: Post New Exploit

Register now to start receiving our security alerts of your favourite applications or try our new Android App which will keep you updated everywhere you are!

Last Advisories
phpBB 3.2.3 - Remote Code Execution12-12-2019
Oracle Weblogic Server - Deserialization Remote Command Execution (Patch Bypass)25-10-2019
Laundry CMS - Multiple Vulnerabilities15-03-2019
Vembu Storegrid Web Interface 4.4.0 - Multiple Vulnerabilities15-03-2019
Mail Carrier 2.5.1 - 'MAIL FROM' Buffer Overflow15-03-2019
CMS Made Simple Showtime2 Module 3.6.2 - Authenticated Arbitrary File Upload15-03-2019
Moodle 3.4.1 - Remote Code Execution15-03-2019
NetData 1.13.0 - HTML Injection15-03-2019
ICE HRM 23.0 - Multiple Vulnerabilities15-03-2019
Pegasus CMS 1.0 - 'extra_fields.php' Plugin Remote Code Execution14-03-2019
FTPGetter Standard - Remote Code Execution14-03-2019
Intel Modular Server System 10.18 - Cross-Site Request Forgery (Change Admin Password)14-03-2019
Apache UNO / LibreOffice Version: 6.1.2 / OpenOffice 4.1.6 API - Remote Code Execution14-03-2019
Core FTP Server FTP / SFTP Server v2 Build 674 - 'MDTM' Directory Traversal13-03-2019
WordPress Plugin GraceMedia Media Player 1.0 - Local File Inclusion13-03-2019
Core FTP Server FTP / SFTP Server v2 Build 674 - 'SIZE' Directory Traversal13-03-2019
Microsoft Windows - .reg File / Dialog Box Message Spoofing13-03-2019
Apache Tika-server < 1.18 - Command Injection13-03-2019
elFinder PHP Connector < 2.1.48 - exiftran Command Injection (Metasploit)13-03-2019
pfSense 2.4.4-p1 (HAProxy Package 0.59_14) - Persistent Cross-Site Scripting13-03-2019
PilusCart 1.4.1 - Cross-Site Request Forgery (Add Admin)12-03-2019
Core FTP 2.0 build 653 - 'PBSZ' Denial of Service (PoC)12-03-2019
Flexpaper PHP Publish Service 2.3.6 - Remote Code Execution11-03-2019
Liferay CE Portal < 7.1.2 ga3 - Remote Command Execution (Metasploit)11-03-2019
Linux/x86 - Polymorphic execve(/bin/sh) Shellcode (63 bytes)11-03-2019
Linux Kernel 4.4 (Ubuntu 16.04) - 'snd_timer_user_ccallback()' Kernel Pointer Leak11-03-2019
OpenKM 6.3.2 < 6.3.7 - Remote Command Execution (Metasploit)11-03-2019
NetSetMan 4.7.1 - Local Buffer Overflow (SEH Unicode)11-03-2019
PRTG Network Monitor 18.2.38 - Authenticated Remote Code Execution11-03-2019
Linux/x86 - MMX-XOR Encoder / Decoder execve(/bin/sh) Shellcode (44 bytes)11-03-2019