BugSearch is an information portal focused on applications security, web oriented and not. We offer our services to disclose our registered users on security alerts found on the net, in order to warn them as soon as possible on bugs, system flaws, exploits and threats afflicting applications and possible patches.

New Feature: Post New Exploit

Register now to start receiving our security alerts of your favourite applications or try our new Android App which will keep you updated everywhere you are!


Last Advisories
Bolt CMS 3.6.6 - Cross-Site Request Forgery / Remote Code Execution08-04-2019
SaLICru -SLC-20-cube3(5) - HTML Injection08-04-2019
Tradebox CryptoCurrency - 'symbol' SQL Injection08-04-2019
CentOS Web Panel 0.9.8.793 (Free) / 0.9.8.753 (Pro) - Cross-Site Scripting08-04-2019
Jobgator - 'experience' SQL Injection08-04-2019
AllPlayer 7.4 - SEH Buffer Overflow (Unicode)08-04-2019
FlexHEX 2.71 - SEH Buffer Overflow (Unicode)08-04-2019
River Past Cam Do 3.7.6 - 'Activation Code' Local Buffer Overflow08-04-2019
ShoreTel Connect ONSITE < 19.49.1500.0 - Multiple Vulnerabilities08-04-2019
Download Accelerator Plus (DAP) 10.0.6.0 - SEH Buffer Overflow08-04-2019
QNAP Netatalk < 3.1.12 - Authentication Bypass08-04-2019
Apache 2.4.17 < 2.4.38 - 'apache2ctl graceful' 'logrotate' Local Privilege Escalation08-04-2019
WordPress Plugin Limit Login Attempts Reloaded 2.7.4 - Login Limit Bypass08-04-2019
ManageEngine ServiceDesk Plus 9.3 - User Enumeration08-04-2019
WordPress 5.0.0 - Crop-image Shell Upload (Metasploit)05-04-2019
WordPress Plugin Contact Form Maker 1.13.1 - Cross-Site Request Forgery05-04-2019
AIDA64 Extreme 5.99.4900 - 'Logging' SEH Buffer Overflow05-04-2019
Manage Engine ServiceDesk Plus 9.3 - Privilege Escalation05-04-2019
Magic ISO Maker 5.5(build 281) - 'Serial Code' Denial of Service (PoC)04-04-2019
FreeSMS 2.1.2 - SQL Injection (Authentication Bypass)04-04-2019
AIDA64 Engineer 5.99.4900 - 'Load from file' Field Buffer Overflow (SEH)04-04-2019
TeemIp IPAM < 2.4.0 - 'new_config' Command Injection (Metasploit)03-04-2019
Ashop Shopping Cart Software - SQL Injection03-04-2019
Clinic Pro v4 - 'month' SQL Injection03-04-2019
iScripts ReserveLogic - SQL Injection03-04-2019
SpiderMonkey - IonMonkey Compiled Code Fails to Update Inferred Property Types (Type Confusion)03-04-2019
AIDA64 Business 5.99.4900 - SEH Buffer Overflow (EggHunter)03-04-2019
PhreeBooks ERP 5.2.3 - Remote Command Execution03-04-2019
PhreeBooks ERP 5.2.3 - Arbitrary File Upload03-04-2019
WebKit JavaScriptCore - 'createRegExpMatchesArray' Type Confusion03-04-2019