BugSearch is an information portal focused on applications security, web oriented and not. We offer our services to disclose our registered users on security alerts found on the net, in order to warn them as soon as possible on bugs, system flaws, exploits and threats afflicting applications and possible patches.

New Feature: Post New Exploit

Register now to start receiving our security alerts of your favourite applications or try our new Android App which will keep you updated everywhere you are!


Last Advisories
Check Point ZoneAlarm 8.8.1.110 - Local Privilege Escalation17-01-2019
Microsoft Windows CONTACT - Remote Code Execution17-01-2019
Oracle Reports Developer Component 12.2.1.3 - Cross-site Scripting17-01-2019
blueman - set_dhcp_handler D-Bus Privilege Escalation (Metasploit)16-01-2019
NTPsec 1.1.2 - 'ntp_control' Out-of-Bounds Read (PoC)16-01-2019
Coship Wireless Router 4.0.0.48 / 4.0.0.40 / 5.0.0.54 / 5.0.0.55 / 10.0.0.49 - Unauthenticated Admin Password Reset16-01-2019
Blueimp's jQuery File Upload 9.22.0 - Arbitrary File Upload Exploit16-01-2019
NTPsec 1.1.2 - 'ctl_getitem' Out-of-Bounds Read (PoC)16-01-2019
NTPsec 1.1.2 - 'ntp_control' Authenticated NULL Pointer Dereference (PoC)16-01-2019
Google Chrome V8 JavaScript Engine 71.0.3578.98 - Out-of-Memory in Invalid Array Length16-01-2019
Microsoft Windows 10 - 'RestrictedErrorInfo' Unmarshal Section Handle Use-After-Free16-01-2019
NTPsec 1.1.2 - 'config' Authenticated Out-of-Bounds Write Denial of Service (PoC)16-01-2019
GL-AR300M-Lite 2.27 - Authenticated Command Injection / Arbitrary File Download / Directory Traversal16-01-2019
WebKit JSC JIT - GetIndexedPropertyStorage Use-After-Free16-01-2019
Microsoft Windows 10 - XmlDocument Insecure Sharing Privilege Escalation16-01-2019
doorGets CMS 7.0 - Arbitrary File Download16-01-2019
Roxy Fileman 1.4.5 - Arbitrary File Download16-01-2019
ShoreTel / Mitel Connect ONSITE 19.49.5200.0 - Remote Code Execution16-01-2019
FortiGate FortiOS < 6.0.3 - LDAP Credential Disclosure16-01-2019
Spotify 1.0.96.181 - 'Proxy configuration' Denial of Service (PoC)16-01-2019
Microsoft Windows VCF - Remote Code Execution15-01-2019
ownDMS 4.7 - SQL Injection15-01-2019
Linux/x86 - Bind (4444/TCP) Shell (/bin/sh) Shellcode (100 bytes)15-01-2019
1Password < 7.0 - Denial of Service15-01-2019
ThinkPHP 5.X - Remote Command Execution14-01-2019
Hucart CMS 5.7.4 - Cross-Site Request Forgery (Add Administrator Account)14-01-2019
Umbraco CMS 7.12.4 - Authenticated Remote Code Execution14-01-2019
Bigcart - Ecommerce Multivendor System 1.0 - SQL Injection14-01-2019
Modern POS 1.3 - SQL Injection14-01-2019
Live Call Support Widget 1.5 - Remote Code Execution / SQL Injection14-01-2019