We are bugsec

BugSec is a leading cyber and information security consulting company that provides technical offensive and defensive security services to its clients based in Israel. As such, we provide a diverse range of professional services to the public, institutional and private market sectors. In our view, the growing and advanced persistent threat to information systems demands a comprehensive and sustainable solution to effectively mitigate the potential business risk exposure of cyber and information security attacks.


About us

About us



We are bugsec

BugSec is a leading cyber and information security expert advisor and provides relevant and comprehensive technical security services to its clients based in Israel and abroad. As such, we provide a diverse range of professional services to the public, institutional and private market sectors. In our view, the growing and advanced persistent threat to information systems demands a comprehensive and sustainable solution to effectively mitigate the potential business risk exposure of cyber and information security attacks.

achievements


ACKNOWLEDGMENTS
  • Firestorm Vulnerability
    Firestorm vulnerability in NGFW
    read more
  • SNAP Vulnerability
    SNAP vulnerability in LG phones
    read more
  • Eurograbber Malware Publication
    Check Point And Versafe Uncover New Eurograbber Attack
    read more
  • GMAIL Android App XSS
    Inline Resource XSS via Gmail Android Application
    read more
  • Oracle Java SE and Java for Business Critical Vulnerabilities
    remotely exploitable without authentication, i.e., may be exploited over a network without the need...
    read more
  • Acknowledgments & Honors
    Bugsec researchers acknowledged by leading vendors for reporting security vulnerabilities: Google, Adobe, Yahoo, ATNT, Microsoft,
    read more
  • Vulnerabilities in Forefront Unified Access Gateway
    Vulnerabilities in Forefront Unified Access Gateway (UAG) Could Allow Elevation of Privilege
    read more
  • Joomla Component LFI Vulnerability
    Joomla Component SEF (com_sef) - LFI Vulnerability
    read more
VULNERABILITIES & CVE’s
  • Wordpress XSS CVE-2015-4413
    Security flaw in WordPress Nextend Social Plugins
    read more
  • Adobe Connect XSS CVE-2015-0343
    XSS vulnerability Adobe Connect 9.3
    read more
  • Windows Remote Desktop Vulnerability CVE-2011-0029
    A remote code execution vulnerability has been reported in Windows Remote Desktop Client
    read more
  • UAG Redirection Spoofing Vulnerability CVE-2010-2732
    allow spoofing or redirecting of traffic intended for the UAG server if a UAG...
    read more
  • UAG XSS Allows EOP Vulnerability CVE-2010-2733
    allow specially crafted script code to run under the guise of the server
    read more
  • XSS Issue on UAG Mobile Portal Website in Forefront Unified Access Gateway CVE-2010-2734
    allow specially crafted script code to run under the guise of the server.
    read more
  • Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 CVE-2010-0249
    allows remote attackers to execute arbitrary code by accessing a pointer associated with a...
    read more
  • Media Wiki XSS CVE-2007-1055
    Cross-site scripting (XSS) vulnerability in the AJAX features in index.php in MediaWiki 1.9.x before...
    read more
  • JSPWiki 2.4.104 Directory Traversal CVE-2008-1231
    Directory traversal vulnerability in Edit.jsp in JSPWiki 2.4.104 and 2.5.139 allows remote attackers to...
    read more
  • JSPWiki 2.4.104 XSS CVE-2008-1229
    JSPWiki 2.4.104 and 2.5.139 allows remote attackers to inject arbitrary web script or HTML...
    read more
  • JSPWiki 2.4.104 and 2.5.139 Directory Traversal CVE-2008-1231
    Directory traversal vulnerability in Edit.jsp in JSPWiki 2.4.104 and 2.5.139 allows remote attackers to...
    read more
  • Aurora IE Exploit Identification CVE-2010-0249
    Disclosure of the Aurora IE exploit in the wild.
    read more
  • UnixODBC Buffer Overflow CVE-2012-2657 CVE-2012-2658
    Multiple buffer overflow in unixODBC
    read more
  • Microsoft SharePoint Server Privilege Escalation CVE-2013-0080
    allow an attacker, after obtaining sensitive system data, elevate their access to the server.
    read more
  • phpMyAdmin Privilege Escalation CVE-2013-5029
    phpMyAdmin clickjacking function Privilege Escalation
    read more
  • Social Engine XSS/CSRF CVE-2012-2216
    Social Engine 4.2.2 multiple xss/csrf
    read more

achievements


achievements

ACKNOWLEDGMENTS
  • Firestorm Vulnerability
    Firestorm vulnerability in NGFW
    read more
  • SNAP Vulnerability
    SNAP vulnerability in LG phones
    read more
  • Eurograbber Malware Publication
    Check Point And Versafe Uncover New Eurograbber Attack
    read more
  • GMAIL Android App XSS
    Inline Resource XSS via Gmail Android Application
    read more
  • Oracle Java SE and Java for Business Critical Vulnerabilities
    remotely exploitable without authentication, i.e., may be exploited over a network without the need...
    read more
  • Acknowledgments & Honors
    Bugsec researchers acknowledged by leading vendors for reporting security vulnerabilities: Google, Adobe, Yahoo, ATNT, Microsoft,
    read more
  • Vulnerabilities in Forefront Unified Access Gateway
    Vulnerabilities in Forefront Unified Access Gateway (UAG) Could Allow Elevation of Privilege
    read more
  • Joomla Component LFI Vulnerability
    Joomla Component SEF (com_sef) - LFI Vulnerability
    read more
VULNERABILITIES & CVE’s
  • Wordpress XSS CVE-2015-4413
    Security flaw in WordPress Nextend Social Plugins
    read more
  • Adobe Connect XSS CVE-2015-0343
    XSS vulnerability Adobe Connect 9.3
    read more
  • Windows Remote Desktop Vulnerability CVE-2011-0029
    A remote code execution vulnerability has been reported in Windows Remote Desktop Client
    read more
  • UAG Redirection Spoofing Vulnerability CVE-2010-2732
    allow spoofing or redirecting of traffic intended for the UAG server if a UAG...
    read more
  • UAG XSS Allows EOP Vulnerability CVE-2010-2733
    allow specially crafted script code to run under the guise of the server
    read more
  • XSS Issue on UAG Mobile Portal Website in Forefront Unified Access Gateway CVE-2010-2734
    allow specially crafted script code to run under the guise of the server.
    read more
  • Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 CVE-2010-0249
    allows remote attackers to execute arbitrary code by accessing a pointer associated with a...
    read more
  • Media Wiki XSS CVE-2007-1055
    Cross-site scripting (XSS) vulnerability in the AJAX features in index.php in MediaWiki 1.9.x before...
    read more
  • JSPWiki 2.4.104 Directory Traversal CVE-2008-1231
    Directory traversal vulnerability in Edit.jsp in JSPWiki 2.4.104 and 2.5.139 allows remote attackers to...
    read more
  • JSPWiki 2.4.104 XSS CVE-2008-1229
    JSPWiki 2.4.104 and 2.5.139 allows remote attackers to inject arbitrary web script or HTML...
    read more
  • JSPWiki 2.4.104 and 2.5.139 Directory Traversal CVE-2008-1231
    Directory traversal vulnerability in Edit.jsp in JSPWiki 2.4.104 and 2.5.139 allows remote attackers to...
    read more
  • Aurora IE Exploit Identification CVE-2010-0249
    Disclosure of the Aurora IE exploit in the wild.
    read more
  • UnixODBC Buffer Overflow CVE-2012-2657 CVE-2012-2658
    Multiple buffer overflow in unixODBC
    read more
  • Microsoft SharePoint Server Privilege Escalation CVE-2013-0080
    allow an attacker, after obtaining sensitive system data, elevate their access to the server.
    read more
  • phpMyAdmin Privilege Escalation CVE-2013-5029
    phpMyAdmin clickjacking function Privilege Escalation
    read more
  • Social Engine XSS/CSRF CVE-2012-2216
    Social Engine 4.2.2 multiple xss/csrf
    read more

Company Profile


Since 2005, BugSec has been providing security consulting services to global companies in the fields of finance, government, hi-tech, communications, utilities and other markets.

For more than decade. BugSec’s professional excellence, deep technical capabilities and unique access to cutting edge technologies have enabled us to assist a range of industry leaders to overcome their security challenges. With specialists in application, infrastructure and cyber security, we aim to maintain our outstanding reputation of delivering value and excellence to all our clients.

We continually strive to maintain our position as leaders in the cyber and information security arena while staying abreast of the latest security threats/trends. We believe that the role of information security is to enable business growth and therefore we are constantly looking for the synthesis of security with business requirements. Our deep industry and business understanding enables us to tailor our services to facilitate specific business requirements.

Bugsec initiated the development of some of the top security software on the market today

Versafe, a provider of web anti-fraud, anti-phishing, and anti-malware solutions, which was acquired by F5 Networks (NASDAQ: FFIV) in September 2013.

Cynet 360. Cynet was created in response to the growing prevalence of advanced persistent threats (APTs) and targeted attacks from unknown origins. Its flagship product, Cynet 360, provides an agentless, comprehensive detection and remediation solution for mitigating advanced threats including unsigned malware and zero day attacks, regardless of whether the threat originates in files, endpoints, networks or at the user level.


Contact Us


Take A Look