BugSearch is an information portal focused on applications security, web oriented and not. We offer our services to disclose our registered users on security alerts found on the net, in order to warn them as soon as possible on bugs, system flaws, exploits and threats afflicting applications and possible patches.

New Feature: Post New Exploit

Register now to start receiving our security alerts of your favourite applications or try our new Android App which will keep you updated everywhere you are!


Last Advisories
Freefloat FTP Server 1.0 - 'STOR' Remote Buffer Overflow30-04-2019
DeviceViewer 3.12.0.1 - 'user' SEH Overflow30-04-2019
Oracle Weblogic 10.3.6.0.0 / 12.1.3.0.0 - Remote Code Execution30-04-2019
Linux - Missing Locking Between ELF coredump code and userfaultfd VMA Modification30-04-2019
SpotAuditor 5.2.6 - 'Name' Denial of Service (PoC)30-04-2019
AIS logistics ESEL-Server - Unauth SQL Injection RCE (Metasploit)30-04-2019
Pimcore < 5.71 - Unserialize RCE (Metasploit)30-04-2019
systemd - DynamicUser can Create setuid Binaries when Assisted by Another Process26-04-2019
NSauditor 3.1.2.0 - 'Name' Denial of Service (PoC)26-04-2019
NSauditor 3.1.2.0 - 'Community' Denial of Service (PoC)26-04-2019
Apache Pluto 3.0.0 / 3.0.1 - Persistent Cross-Site Scripting26-04-2019
Backup Key Recovery 2.2.4 - Denial of Service (PoC)25-04-2019
JioFi 4G M2S 1.0.2 - 'mask' Cross-Site Scripting25-04-2019
Lavavo CD Ripper 4.20 - 'License Activation Name' Buffer Overflow (SEH)25-04-2019
HeidiSQL 10.1.0.5464 - Denial of Service (PoC)25-04-2019
osTicket 1.11 - Cross-Site Scripting / Local File Inclusion25-04-2019
RARLAB WinRAR 5.61 - ACE Format Input Validation Remote Code Execution (Metasploit)25-04-2019
AnMing MP3 CD Burner 2.0 - Denial of Service (PoC)25-04-2019
JioFi 4G M2S 1.0.2 - Denial of Service25-04-2019
VirtualBox 6.0.4 r128413 - COM RPC Interface Code Injection Host Privilege Escalation24-04-2019
Google Chrome 72.0.3626.121 / 74.0.3725.0 - 'NewFixedDoubleArray' Integer Overflow24-04-2019
Linux/x86 - Rabbit Shellcode Crypter (200 bytes)24-04-2019
Linux - Missing Locking in Siemens R3964 Line Discipline Race Condition23-04-2019
Linux - 'page->_refcount' Overflow via FUSE23-04-2019
systemd - Lack of Seat Verification in PAM Module Permits Spoofing Active Session to polkit23-04-2019
Ross Video DashBoard 8.5.1 - Insecure Permissions23-04-2019
Msvod 10 - Cross-Site Request Forgery (Change User Information)22-04-2019
74CMS 5.0.1 - Cross-Site Request Forgery (Add New Admin User)22-04-2019
Linux/ARM - Password-Protected Reverse TCP Shellcode (100 bytes)22-04-2019
Ease Audio Converter 5.30 - '.mp4' Denial of Service (PoC)22-04-2019