BugSearch is an information portal focused on applications security, web oriented and not. We offer our services to disclose our registered users on security alerts found on the net, in order to warn them as soon as possible on bugs, system flaws, exploits and threats afflicting applications and possible patches.

New Feature: Post New Exploit

Register now to start receiving our security alerts of your favourite applications or try our new Android App which will keep you updated everywhere you are!


Last Advisories
The Classified Ad System 1.0 (main) Remote SQL Injection Exploit26-12-2006
Cahier de texte 2.2 Bypass General Access Protection Exploit26-12-2006
PHP-Update <= 2.7 Multiple Remote Vulnerabilities Exploit26-12-2006
mxBB Module pafiledb <= 2.0.1b Remote File Include Vulnerability26-12-2006
myPHPCalendar 10192000b (cal_dir) Remote File Include Vulnerabilities26-12-2006
PHP-Update <= 2.7 (admin-uploads.php) Remote Code Execution Exploit26-12-2006
KsIRC 1.3.12 (PRIVMSG) Remote Buffer Overflow PoC26-12-2006
HLStats <=1.34 (hlstats.php) Remote SQL Injection Exploit25-12-2006
Jinzora <= 2.7 (include_path) Multiple Remote File Include Vulnerabilities25-12-2006
eNdonesia 8.4 (mod.php-friend.php-admin.php) Multiple Vulnerabilities25-12-2006
MTCMS <= 2.0 (admin-admin_settings.php) Remote File Include Exploit25-12-2006
PhpbbXtra 2.0 (phpbb_root_path) Remote File Include Vulnerability25-12-2006
Irokez CMS <= 0.7.1 Multiple Remote File Include Vulnerabilities25-12-2006
Ciberia Content Federator <= 1.0.1 (path) Remote File Include Exploit25-12-2006
Shadowed Portal Module Character Roster (mod_root) RFI Vulnerability25-12-2006
myphpNuke Module My_eGallery 2.5.6 (basepath) RFI Vulnerability25-12-2006
Fishyshoop <= 0.930b Remote Add Administrator Account Exploit25-12-2006
Okul Merkezi Portal 1.0 (ataturk.php) Remote File Include Vulnerability25-12-2006
MS Windows NetrWkstaUserEnum() Remote DoS Exploit (0day)25-12-2006
logahead UNU edition 1.0 Remote Upload File - Code Execution Vuln25-12-2006
File Upload Manager <= 1.0.6 (detail.asp) Remote SQL Injection Exploit24-12-2006
Newsletter MX <= 1.0.2 (ID) Remote SQL Injection Exploit24-12-2006
Ultimate PHP Board <= 2.0b1 (chat-login.php) Code Execution Exploit24-12-2006
Pagetool CMS <= 1.07 (pt_upload.php) Remote File Include Vulnerability24-12-2006
Ananda Real Estate <= 3.4 (agent) Remote SQL Injection Vulnerability24-12-2006
Open Newsletter <= 2.5 Multiple Remote Vulnerabilities Exploit (update)23-12-2006
b2 Blog <= 0.5 (b2verifauth.php) Remote File Include Vulnerability23-12-2006
SH-News 0.93 (misc.php) Remote File Include Exploit23-12-2006
acFTP FTP Server 1.5 (REST-PBSZ) Remote Denial of Service Exploit23-12-2006
Enthrallweb ePhotos 1.0 (subLevel2.asp) SQL Injection Vulnerability23-12-2006