BugSearch is an information portal focused on applications security, web oriented and not. We offer our services to disclose our registered users on security alerts found on the net, in order to warn them as soon as possible on bugs, system flaws, exploits and threats afflicting applications and possible patches.

New Feature: Post New Exploit

Register now to start receiving our security alerts of your favourite applications or try our new Android App which will keep you updated everywhere you are!


Last Advisories
Realterm Serial Terminal 2.0.0.70 - Denial of Service18-02-2019
Realterm Serial Terminal 2.0.0.70 - Local Buffer Overflow (SEH)18-02-2019
Comodo Dome Firewall 2.7.0 - Cross-Site Scripting18-02-2019
Webiness Inventory 2.3 - 'ProductModel' Arbitrary File Upload18-02-2019
macOS - Reverse (::1:4444/TCP) Shell (/bin/sh) +IPv6 Shellcode (119 bytes)18-02-2019
macOS - execve(/bin/sh) + Null-Free Shellcode (31 bytes)18-02-2019
qdPM 9.1 - 'type' Cross-Site Scripting18-02-2019
mIRC < 7.55 - Remote Command Execution Using Argument Injection Through Custom URI Protocol Handlers18-02-2019
MISP 2.4.97 - SQL Command Execution via Command Injection in STIX Module18-02-2019
Master IP CAM 01 3.3.4.2103 - Remote Command Execution18-02-2019
Oracle Java Runtime Environment - Heap Out-of-Bounds Read During TTF Font Rendering in ExtractBitMap_blocClass18-02-2019
macOS - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (103 bytes)18-02-2019
Apache CouchDB 2.3.0 - Cross-Site Scripting18-02-2019
Oracle Java Runtime Environment - Heap Out-of-Bounds Read During TTF Font Rendering in OpenTypeLayoutEngine::adjustGlyphPositions18-02-2019
Oracle Java Runtime Environment - Heap Out-of-Bounds Read During TTF Font Rendering in AlternateSubstitutionSubtable::process18-02-2019
M/Monit 3.7.2 - Privilege Escalation18-02-2019
Oracle Java Runtime Environment - Heap Out-of-Bounds Read During OTF Font Rendering in glyph_CloseContour18-02-2019
macOS - Bind (4444/TCP) Shell (/bin/sh) + IPv6 Shellcode (129 bytes)18-02-2019
NBMonitor 1.6.5.0 - 'Key' Denial of Service (PoC)18-02-2019
qdPM 9.1 - 'search' Cross-Site Scripting18-02-2019
macOS - Bind (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (123 bytes)18-02-2019
CMSsite 1.0 - 'post' SQL Injection18-02-2019
ArangoDB Community Edition 3.4.2-1 - Cross-Site Scripting18-02-2019
Linux - 'kvm_ioctl_create_device()' NULL Pointer Dereference15-02-2019
AirMore 1.6.1 - Denial of Service (PoC)15-02-2019
Free IP Switcher 3.1 - 'Computer Name' Denial of Service (PoC)15-02-2019
Navicat for Oracle 12.1.15 - "Password" Denial of Service (PoC)15-02-2019
UniSharp Laravel File Manager 2.0.0-alpha7 - Arbitrary File Upload15-02-2019
qdPM 9.1 - 'search_by_extrafields' SQL Injection15-02-2019
VSCO 1.1.1.0 - Denial of Service (PoC)15-02-2019