BugSearch is an information portal focused on applications security, web oriented and not. We offer our services to disclose our registered users on security alerts found on the net, in order to warn them as soon as possible on bugs, system flaws, exploits and threats afflicting applications and possible patches.

New Feature: Post New Exploit

Register now to start receiving our security alerts of your favourite applications or try our new Android App which will keep you updated everywhere you are!


Last Advisories
UniSharp Laravel File Manager 2.0.0-alpha7 - Arbitrary File Upload15-02-2019
VSCO 1.1.1.0 - Denial of Service (PoC)15-02-2019
DomainMOD 4.11.01 - 'assets/edit/host.php?whid=5' Cross-Site Scripting14-02-2019
Core FTP/SFTP Server 1.2 Build 589.42 - 'User domain' Denial of Service (PoC)14-02-2019
WordPress Plugin Booking Calendar 8.4.3 - Authenticated SQL Injection14-02-2019
DomainMOD 4.11.01 - 'assets/add/dns.php' Cross-Site Scripting14-02-2019
MediaMonkey 4.1.23 - '.mp3' URL Denial of Service (PoC)14-02-2019
exacqVision ESM 5.12.2 - Privilege Escalation14-02-2019
DomainMOD 4.11.01 - 'ssl-accounts.php username' Cross-Site Scripting14-02-2019
DomainMOD 4.11.01 - 'ssl-provider-name' Cross-Site Scripting14-02-2019
LayerBB 1.1.2 - Cross-Site Request Forgery (Add Admin)14-02-2019
ApowerManager 3.1.7 - Phone Manager Remote Denial of Service (DoS)14-02-2019
DomainMOD 4.11.01 - 'category.php CatagoryName, StakeHolder' Cross-Site Scripting14-02-2019
snapd < 2.37.0 (Ubuntu) - 'dirty_sock' Local Privilege Escalation (2)13-02-2019
snapd < 2.37.0 (Ubuntu) - 'dirty_sock' Local Privilege Escalation (1)13-02-2019
Jiofi 4 (JMR 1140 Amtel_JMR1140_R12.07) - Cross-Site Request Forgery (Password Disclosure)13-02-2019
Jiofi 4 (JMR 1140 Amtel_JMR1140_R12.07) - Reflected Cross-Site Scripting13-02-2019
PilusCart 1.4.1 - 'send' SQL Injection13-02-2019
Jiofi 4 (JMR 1140 Amtel_JMR1140_R12.07) - Cross-Site Request Forgery (Admin Token Disclosure)13-02-2019
Rukovoditel Project Management CRM 2.4.1 - Cross-Site Scripting13-02-2019
runc < 1.0-rc6 (Docker < 18.09.2) - Container Breakout (2)13-02-2019
NetworkSleuth 3.0 - 'Name' Denial of Service (PoC)13-02-2019
OPNsense < 19.1.1 - Cross-Site Scripting12-02-2019
LayerBB 1.1.2 - Cross-Site Scripting12-02-2019
BlogEngine.NET 3.3.6 - Directory Traversal / Remote Code Execution12-02-2019
Jenkins 2.150.2 - Remote Command Execution (Metasploit)12-02-2019
Android - binder Use-After-Free via fdget() Optimization12-02-2019
Ubuntu snapd < 2.37.1 - Local Privilege Escalation12-02-2019
runc< 1.0-rc6 (Docker < 18.09.2) - Host Command Execution12-02-2019
Skyworth GPON HomeGateways and Optical Network Terminals - Stack Overflow12-02-2019