Skip to content

Latest commit

 

History

History
296 lines (292 loc) · 39.8 KB

TOPUSDEPTOFDEFENSE.md

File metadata and controls

296 lines (292 loc) · 39.8 KB

Back

Top reports from U.S. Dept Of Defense program at HackerOne:

  1. Stored Xss Vulnerability on ████████ to U.S. Dept Of Defense - 149 upvotes, $0
  2. Public instance of Jenkins on https://██████████/ with /script enabled to U.S. Dept Of Defense - 107 upvotes, $0
  3. XXE in DoD website that may lead to RCE to U.S. Dept Of Defense - 86 upvotes, $0
  4. Remote Code Execution (RCE) in a DoD website to U.S. Dept Of Defense - 80 upvotes, $0
  5. Remote Code Execution in ██████ to U.S. Dept Of Defense - 78 upvotes, $0
  6. SQL Injection on www.██████████ on countID parameter to U.S. Dept Of Defense - 76 upvotes, $0
  7. SQL Injection in ████ to U.S. Dept Of Defense - 68 upvotes, $0
  8. RCE on █████ via CVE-2017-10271 to U.S. Dept Of Defense - 67 upvotes, $0
  9. Remote Code Execution through DNN Cookie Deserialization to U.S. Dept Of Defense - 49 upvotes, $0
  10. Information disclousure by clicking on the link shown in http://████████/ to U.S. Dept Of Defense - 45 upvotes, $0
  11. SQL Injection in ████ to U.S. Dept Of Defense - 41 upvotes, $0
  12. Gateway information leakage to U.S. Dept Of Defense - 40 upvotes, $0
  13. SQL Injection vulnerability located at ████████ to U.S. Dept Of Defense - 40 upvotes, $0
  14. Local File Inclusion vulnerability on an Army system allows downloading local files to U.S. Dept Of Defense - 38 upvotes, $0
  15. Remote code execution on an Army website to U.S. Dept Of Defense - 31 upvotes, $0
  16. LFI with potential to RCE on ██████ using CVE-2019-3396 to U.S. Dept Of Defense - 31 upvotes, $0
  17. Unrestricted File Upload to U.S. Dept Of Defense - 29 upvotes, $0
  18. Remote Code Execution (RCE) in a DoD website to U.S. Dept Of Defense - 29 upvotes, $0
  19. SOAP WSDL Parser SQL Code Execution to U.S. Dept Of Defense - 29 upvotes, $0
  20. Pulse Secure File disclosure, clear text and potential RCE to U.S. Dept Of Defense - 29 upvotes, $0
  21. Remote Code Execution via Insecure Deserialization in Telerik UI to U.S. Dept Of Defense - 29 upvotes, $0
  22. XXE on DoD web server to U.S. Dept Of Defense - 28 upvotes, $0
  23. SSRF+XSS to U.S. Dept Of Defense - 27 upvotes, $0
  24. SQL injection to U.S. Dept Of Defense - 26 upvotes, $0
  25. Trace.axd page leaks sensitive information to U.S. Dept Of Defense - 25 upvotes, $0
  26. Information Disclosure to U.S. Dept Of Defense - 23 upvotes, $0
  27. [██████] Cross-origin resource sharing misconfiguration (CORS) to U.S. Dept Of Defense - 23 upvotes, $0
  28. ████ - Complete account takeover to U.S. Dept Of Defense - 22 upvotes, $0
  29. SQL injection on the https://████/ to U.S. Dept Of Defense - 21 upvotes, $0
  30. SSRF vulnerability on ██████████ leaks internal IP and various sensitive information to U.S. Dept Of Defense - 21 upvotes, $0
  31. [Partial] SSN & [PII] exposed through iPERMs Presentation Slide. to U.S. Dept Of Defense - 21 upvotes, $0
  32. Command Injection (via CVE-2019-11510 and CVE-2019-11539) to U.S. Dept Of Defense - 21 upvotes, $0
  33. RCE on a Department of Defense website to U.S. Dept Of Defense - 19 upvotes, $0
  34. Access to all █████████ files, including CAC authentication bypass to U.S. Dept Of Defense - 19 upvotes, $0
  35. SSRF on █████████ Allowing internal server data access to U.S. Dept Of Defense - 19 upvotes, $0
  36. Publicly accessible Order confirmations leaking User Emails on ███ to U.S. Dept Of Defense - 19 upvotes, $0
  37. ███ exposes sensitive shipment information to public web to U.S. Dept Of Defense - 18 upvotes, $0
  38. [REMOTE] Full Account Takeover At https://██████████████/CAS/ to U.S. Dept Of Defense - 18 upvotes, $0
  39. Examples directory is PUBLIC on https://████████mil, leading to multiple vulns to U.S. Dept Of Defense - 18 upvotes, $0
  40. Remote code execution vulnerability on a DoD website to U.S. Dept Of Defense - 17 upvotes, $0
  41. Partial SSN exposed through Presentation slides on ██████████ to U.S. Dept Of Defense - 17 upvotes, $0
  42. Arbitrary File Reading leads to RCE in the Pulse Secure SSL VPN on the https://███ to U.S. Dept Of Defense - 17 upvotes, $0
  43. SQL injection vulnerability on a DoD website to U.S. Dept Of Defense - 16 upvotes, $0
  44. Remote Code Execution (RCE) in DoD Websites to U.S. Dept Of Defense - 16 upvotes, $0
  45. Request smuggling on ████████ to U.S. Dept Of Defense - 16 upvotes, $0
  46. PII leakage due to scrceenshot of health records to U.S. Dept Of Defense - 16 upvotes, $0
  47. ███████ Site Exposes █████████ forms to U.S. Dept Of Defense - 15 upvotes, $0
  48. Video player on ███ allows arbitrary remote videos to be played to U.S. Dept Of Defense - 15 upvotes, $0
  49. Misconfigured password reset vulnerability on a DoD website to U.S. Dept Of Defense - 14 upvotes, $0
  50. Blind SQLi vulnerability in a DoD Website to U.S. Dept Of Defense - 14 upvotes, $0
  51. Open FTP server on a DoD system to U.S. Dept Of Defense - 14 upvotes, $0
  52. PII leakage due to caching of Order/Contract ID's on █████████ to U.S. Dept Of Defense - 14 upvotes, $0
  53. Blind SQL injection on ████████ to U.S. Dept Of Defense - 14 upvotes, $0
  54. [█████] — DOM-based XSS on endpoint /?s= to U.S. Dept Of Defense - 14 upvotes, $0
  55. SQL injection vulnerability on a DoD website to U.S. Dept Of Defense - 13 upvotes, $0
  56. PII leakage-Full SSN on ███ to U.S. Dept Of Defense - 13 upvotes, $0
  57. XSS on www.██████ alerts and a number of other pages to U.S. Dept Of Defense - 13 upvotes, $0
  58. http://████/data.json showing users sensitive information via json file to U.S. Dept Of Defense - 13 upvotes, $0
  59. Self XSS combine CSRF at https://████████/index.php to U.S. Dept Of Defense - 13 upvotes, $0
  60. DOM Based XSS on an Army website to U.S. Dept Of Defense - 12 upvotes, $0
  61. Remote Code Execution (RCE) in a DoD website to U.S. Dept Of Defense - 12 upvotes, $0
  62. [Critical] Full local fylesystem access (LFI/LFD) as admin via Path Traversal in the misconfigured Java servlet on the https://███/ to U.S. Dept Of Defense - 12 upvotes, $0
  63. SSN leak due to editable slides to U.S. Dept Of Defense - 12 upvotes, $0
  64. Unrestricted File Download / Path Traversal to U.S. Dept Of Defense - 11 upvotes, $0
  65. Reflected cross-site scripting vulnerability on a DoD website to U.S. Dept Of Defense - 11 upvotes, $0
  66. SQL injections to U.S. Dept Of Defense - 11 upvotes, $0
  67. IDOR on DoD Website exposes FTP users and passes linked to all accounts! to U.S. Dept Of Defense - 11 upvotes, $0
  68. Local file inclusion vulnerability on a DoD website to U.S. Dept Of Defense - 10 upvotes, $0
  69. Remote Code Execution (RCE) in a DoD website to U.S. Dept Of Defense - 10 upvotes, $0
  70. SQL Injection vulnerability in a DoD website to U.S. Dept Of Defense - 10 upvotes, $0
  71. Remote Code Execution - Unauthenticated Remote Command Injection (via Microsoft SharePoint CVE-2019-0604) to U.S. Dept Of Defense - 10 upvotes, $0
  72. Previously Compromised PulseSSL VPN Hosts to U.S. Dept Of Defense - 10 upvotes, $0
  73. Privilege Escalation on a DoD Website to U.S. Dept Of Defense - 9 upvotes, $0
  74. Authentication bypass vulnerability on a DoD website to U.S. Dept Of Defense - 9 upvotes, $0
  75. Reflected XSS on a DoD website to U.S. Dept Of Defense - 9 upvotes, $0
  76. Blind SQLi in a DoD Website to U.S. Dept Of Defense - 9 upvotes, $0
  77. Time Based SQL Injection vulnerability on a DoD website to U.S. Dept Of Defense - 9 upvotes, $0
  78. [Critical] Possibility to takeover any user account #2 without interaction on the https://██████████ to U.S. Dept Of Defense - 9 upvotes, $0
  79. Path traversal on ████████ to U.S. Dept Of Defense - 9 upvotes, $0
  80. SQL injection on █████ due to tech.cfm to U.S. Dept Of Defense - 9 upvotes, $0
  81. MSSQL injection via param Customwho in https://█████/News/Transcripts/Search/Sort/ and WAF bypass to U.S. Dept Of Defense - 9 upvotes, $0
  82. Reflected XSS in a Navy website to U.S. Dept Of Defense - 8 upvotes, $0
  83. Reflected XSS on an Army website to U.S. Dept Of Defense - 8 upvotes, $0
  84. Reflected XSS on a Department of Defense website to U.S. Dept Of Defense - 8 upvotes, $0
  85. Reflected XSS on a Department of Defense website to U.S. Dept Of Defense - 8 upvotes, $0
  86. Personal information disclosure on a DoD website to U.S. Dept Of Defense - 8 upvotes, $0
  87. File upload vulnerability on a DoD website to U.S. Dept Of Defense - 8 upvotes, $0
  88. Remote code execution (RCE) in multiple DoD websites to U.S. Dept Of Defense - 8 upvotes, $0
  89. Remote Code Execution (RCE) in a DoD website to U.S. Dept Of Defense - 8 upvotes, $0
  90. Server-Side Request Forgery (SSRF) to U.S. Dept Of Defense - 8 upvotes, $0
  91. [CVE-2019-11510 ] Path Traversal on ████████ leads to leaked passwords, RCE, etc to U.S. Dept Of Defense - 8 upvotes, $0
  92. Reflected XSS on a Navy website to U.S. Dept Of Defense - 7 upvotes, $0
  93. QuickTime Promotion on a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
  94. Exposed Access Control Data Backup Files on DoD Website to U.S. Dept Of Defense - 7 upvotes, $0
  95. Reflected XSS vulnerability on a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
  96. Information disclosure on a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
  97. Remote Command Execution on a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
  98. Bypass file access control vulnerability on a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
  99. XSS on a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
  100. SQL injection vulnerability on a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
  101. Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
  102. Server-side include injection vulnerability in a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
  103. Information disclosure on a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
  104. Cross-site scripting (XSS) vulnerability on a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
  105. X-XSS-Protection -> Misconfiguration to U.S. Dept Of Defense - 7 upvotes, $0
  106. Root Remote Code Execution on https://███ to U.S. Dept Of Defense - 7 upvotes, $0
  107. RCE on https://█████/ Using CVE-2017-9248 to U.S. Dept Of Defense - 7 upvotes, $0
  108. Exposed ███████ Administrative Interface (ColdFusion 11) to U.S. Dept Of Defense - 7 upvotes, $0
  109. Corda Server XSS ████████ to U.S. Dept Of Defense - 7 upvotes, $0
  110. Reflected cross-site scripting vulnerability on a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
  111. No Rate Limiting on https://██████/██████████/accounts/password/reset/ endpoint leads to Denial of Service to U.S. Dept Of Defense - 7 upvotes, $0
  112. SQL Injection vulnerability on a DoD website to U.S. Dept Of Defense - 6 upvotes, $0
  113. Information leakage on a Department of Defense website to U.S. Dept Of Defense - 6 upvotes, $0
  114. Cross-site scripting (XSS) vulnerability on a DoD website to U.S. Dept Of Defense - 6 upvotes, $0
  115. Remote file inclusion vulnerability on a DoD website to U.S. Dept Of Defense - 6 upvotes, $0
  116. HTML injection vulnerability on a DoD website to U.S. Dept Of Defense - 6 upvotes, $0
  117. Insecure direct object reference vulnerability on a DoD website to U.S. Dept Of Defense - 6 upvotes, $0
  118. Reflected XSS on a DoD website to U.S. Dept Of Defense - 6 upvotes, $0
  119. Reflected XSS in a DoD Website to U.S. Dept Of Defense - 6 upvotes, $0
  120. SQL injection vulnerability on a DoD website to U.S. Dept Of Defense - 6 upvotes, $0
  121. Remote code execution vulnerability on a DoD website to U.S. Dept Of Defense - 6 upvotes, $0
  122. Arbitary file download vulnerability on a DoD website to U.S. Dept Of Defense - 6 upvotes, $0
  123. Limited code execution vulnerability on a DoD website to U.S. Dept Of Defense - 6 upvotes, $0
  124. Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 6 upvotes, $0
  125. Remote Code Execution (RCE) vulnerability in a DoD website to U.S. Dept Of Defense - 6 upvotes, $0
  126. ██████ Authenticated User Data Disclosure to U.S. Dept Of Defense - 6 upvotes, $0
  127. Information Disclosure (can access all ███s) within ███████ view █████████ Portal to U.S. Dept Of Defense - 6 upvotes, $0
  128. Out-of-date Version (Apache) to U.S. Dept Of Defense - 6 upvotes, $0
  129. Open FTP on ███ to U.S. Dept Of Defense - 6 upvotes, $0
  130. Default page exposes admin functions and all metods and classes available. on https://██████/█████/dwr/index.html to U.S. Dept Of Defense - 6 upvotes, $0
  131. Admin Salt Leakage on DoD site. to U.S. Dept Of Defense - 6 upvotes, $0
  132. Partial PII leakage due to public set gitlab to U.S. Dept Of Defense - 6 upvotes, $0
  133. [███] SQL injection & Reflected XSS to U.S. Dept Of Defense - 6 upvotes, $0
  134. [█████] Get all tickets (IDOR) to U.S. Dept Of Defense - 6 upvotes, $0
  135. ██████████ bruteforceable RIC Codes allowing information on contracts to U.S. Dept Of Defense - 6 upvotes, $0
  136. [████████] Boolean SQL Injection (/personnel.php?content=profile&rcnum=*) to U.S. Dept Of Defense - 6 upvotes, $0
  137. [█████] Reflected GET XSS (/personnel.php?...&rcnum=*) with mouse action to U.S. Dept Of Defense - 6 upvotes, $0
  138. Unrestricted File Upload to U.S. Dept Of Defense - 6 upvotes, $0
  139. Null byte Injection in https://████/ to U.S. Dept Of Defense - 6 upvotes, $0
  140. XSS vulnerability on an Army website to U.S. Dept Of Defense - 5 upvotes, $0
  141. Open Redirect in a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
  142. Cross-site request forgery vulnerability on a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
  143. Password reset vulnerability on a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
  144. Remote command execution (RCE) vulnerability on a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
  145. Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
  146. Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
  147. Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
  148. Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
  149. Open redirect vulnerability in a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
  150. Reflected cross-site scripting (XSS) vulnerability on a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
  151. SQL Injection vulnerability in a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
  152. Arbitary file download vulnerability on a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
  153. Arbitary file download vulnerability on a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
  154. Violation of secure design principles on a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
  155. Server Side Request Forgery (SSRF) vulnerability in a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
  156. Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
  157. Insecure Direct Object Reference (IDOR) vulnerability in a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
  158. Account takeover due to CSRF in "Account details" option on █████████ to U.S. Dept Of Defense - 5 upvotes, $0
  159. https://█████████ Vulnerable to CVE-2018-0296 Cisco ASA Path Traversal Authentication Bypass to U.S. Dept Of Defense - 5 upvotes, $0
  160. sql injection on /messagecenter/messagingcenter at https://www.███████/ to U.S. Dept Of Defense - 5 upvotes, $0
  161. Remote Code Execution (RCE) in a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
  162. Remote File Inclusion, Malicious File Hosting, and Cross-site Scripting (XSS) in ████████ to U.S. Dept Of Defense - 5 upvotes, $0
  163. HTML Injection on ████ to U.S. Dept Of Defense - 5 upvotes, $0
  164. SSRF in ███████ to U.S. Dept Of Defense - 5 upvotes, $0
  165. SharePoint exposed web services to U.S. Dept Of Defense - 5 upvotes, $0
  166. LDAP Injection at ██████ to U.S. Dept Of Defense - 5 upvotes, $0
  167. Email PII disclosure due to Insecure Password Reset field to U.S. Dept Of Defense - 5 upvotes, $0
  168. PII Leak via https://████████ to U.S. Dept Of Defense - 5 upvotes, $0
  169. SQL Injection in Login Page: https://█████/█████████/login.php to U.S. Dept Of Defense - 5 upvotes, $0
  170. Persistent XSS vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  171. Cross-site scripting vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  172. Cross-site scripting (XSS) vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  173. HTML Injection/Load Images vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  174. SQL injection vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  175. Reflected XSS on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  176. Reflected XSS on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  177. Reflected XSS on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  178. Reflected XSS vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  179. Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  180. Cross-site request forgery (CSRF) vulnerability in a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  181. Reflected XSS vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  182. Information disclosure vulnerability in a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  183. SQL Injection vulnerability in a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  184. SQL Injection vulnerability in a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  185. SQL injection vulnerability in a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  186. Reflective XSS vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  187. Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  188. Default credentials on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  189. SQL injection vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  190. Remote Code Execution (RCE) vulnerability in multiple DoD websites to U.S. Dept Of Defense - 4 upvotes, $0
  191. Cross-site scripting (XSS) vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  192. Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  193. Cross-site scripting (XSS) on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  194. SQL Injection vulnerability in a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  195. SQL Injection in the get_publications.php on the https://█████ to U.S. Dept Of Defense - 4 upvotes, $0
  196. ████████ SQL to U.S. Dept Of Defense - 4 upvotes, $0
  197. Code reversion allowing SQLI again in ███████ to U.S. Dept Of Defense - 4 upvotes, $0
  198. Remote Code Execution (RCE) in a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  199. WebLogic Server Side Request Forgery to U.S. Dept Of Defense - 4 upvotes, $0
  200. SharePoint exposed web services to U.S. Dept Of Defense - 4 upvotes, $0
  201. [████████] Reflected XSS to U.S. Dept Of Defense - 4 upvotes, $0
  202. [███████] Reflected GET XSS (/mission.php?...&missionDate=*) to U.S. Dept Of Defense - 4 upvotes, $0
  203. File Upload Restriction Bypass to U.S. Dept Of Defense - 4 upvotes, $0
  204. Full Account Take-Over of ████████ Members via IDOR to U.S. Dept Of Defense - 4 upvotes, $0
  205. DNS Misconfiguration to U.S. Dept Of Defense - 3 upvotes, $0
  206. XSS vulnerability on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
  207. Arbitrary Script Injection (Mail) in a DoD Website to U.S. Dept Of Defense - 3 upvotes, $0
  208. Potentially sensitive information disclosure on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
  209. Misconfigured user account settings on DoD website to U.S. Dept Of Defense - 3 upvotes, $0
  210. Stored cross-site scripting (XSS) on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
  211. Cross-Site Scripting (XSS) on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
  212. Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
  213. Remote Code Execution (RCE) in a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
  214. Remote Code Execution (RCE) in a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
  215. Server side information disclosure on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
  216. Reflected XSS on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
  217. Reflected XSS on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
  218. Reflected XSS on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
  219. DOM Based XSS on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
  220. Time Based SQL Injection vulnerability on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
  221. Reflected XSS vulnerability on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
  222. Cross-site request forgery (CSRF) vulnerability on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
  223. Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
  224. Remote code execution vulnerability on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
  225. Stored cross site scripting (XSS) vulnerability on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
  226. Reflected XSS vulnerability on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
  227. Remote OS command Execution in the 3 more Oracle Weblogic on the ████████, ████, ███████ [CVE-2017-10352] to U.S. Dept Of Defense - 3 upvotes, $0
  228. Online training material disclosing username and password to U.S. Dept Of Defense - 3 upvotes, $0
  229. https://████████ Impacted by DNN ImageHandler SSRF to U.S. Dept Of Defense - 3 upvotes, $0
  230. Admin panel take over | User info leakage | Mass Comprimise to U.S. Dept Of Defense - 3 upvotes, $0
  231. Sensitive Email disclosure Due to Insecure Reactivate Account field to U.S. Dept Of Defense - 3 upvotes, $0
  232. Able to view Backend Database dur to improper authentication to U.S. Dept Of Defense - 3 upvotes, $0
  233. █████ - DOM-based XSS to U.S. Dept Of Defense - 3 upvotes, $0
  234. █████ - DOM-based XSS to U.S. Dept Of Defense - 3 upvotes, $0
  235. [██████] Reflected GET XSS (/personnel.php?..&folder=*) with mouse action to U.S. Dept Of Defense - 3 upvotes, $0
  236. ████ █████ exposes highly sensitive information to public to U.S. Dept Of Defense - 3 upvotes, $0
  237. [██████████] Unauthorized access to admin panel to U.S. Dept Of Defense - 3 upvotes, $0
  238. Bypassing CORS Misconfiguration Leads to Sensitive Exposure to U.S. Dept Of Defense - 3 upvotes, $0
  239. Domian Takeover in [███████] to U.S. Dept Of Defense - 3 upvotes, $0
  240. [████████] — XSS on /███████_flight/images via advanced_val parameter to U.S. Dept Of Defense - 3 upvotes, $0
  241. [Critical] Insufficient Access Control On Registration Page of Webapps Website Allows Privilege Escalation to Administrator to U.S. Dept Of Defense - 3 upvotes, $0
  242. Server side information disclosure to U.S. Dept Of Defense - 2 upvotes, $0
  243. Information disclosure on a DoD website to U.S. Dept Of Defense - 2 upvotes, $0
  244. Reflected XSS vulnerability in a DoD website to U.S. Dept Of Defense - 2 upvotes, $0
  245. Stored XSS vulnerability on a DoD website to U.S. Dept Of Defense - 2 upvotes, $0
  246. Reflected XSS on a DoD website to U.S. Dept Of Defense - 2 upvotes, $0
  247. Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 2 upvotes, $0
  248. Reflected XSS on a DoD website to U.S. Dept Of Defense - 2 upvotes, $0
  249. SQL Injection vulnerability in a DoD website to U.S. Dept Of Defense - 2 upvotes, $0
  250. SQL Injection vulnerability in a DoD website to U.S. Dept Of Defense - 2 upvotes, $0
  251. 2 vulnerabilities of arbitrary code in ████████ - CVE-2017-5929 to U.S. Dept Of Defense - 2 upvotes, $0
  252. SSRF on ████████ to U.S. Dept Of Defense - 2 upvotes, $0
  253. Attackers can control which security questions they are presented (████████) to U.S. Dept Of Defense - 2 upvotes, $0
  254. Illegal account registration in ████████ to U.S. Dept Of Defense - 2 upvotes, $0
  255. Insecure Direct Object Reference on in-scope .mil website to U.S. Dept Of Defense - 2 upvotes, $0
  256. Exposed FTP Credentials on ███████ to U.S. Dept Of Defense - 2 upvotes, $0
  257. Blind SQL Injection on DoD Site to U.S. Dept Of Defense - 2 upvotes, $0
  258. █████████ - Insecure download cookie generation allows bypass of CAC authentication, access to deleted and locked files to U.S. Dept Of Defense - 2 upvotes, $0
  259. Followup - SQL Injection - https://██████████/██████/MSI.portal to U.S. Dept Of Defense - 2 upvotes, $0
  260. Improper Neutralization of Input During Web Page Generation to U.S. Dept Of Defense - 2 upvotes, $0
  261. Username&password is Disclosure in readme file in [https://█████████] to U.S. Dept Of Defense - 2 upvotes, $0
  262. Application level DoS via xmlrpc.php to U.S. Dept Of Defense - 2 upvotes, $0
  263. No ACL on S3 Bucket in [https://www.██████████/] to U.S. Dept Of Defense - 2 upvotes, $0
  264. Sensitive Information Leaking Through Navy Website. [█████] to U.S. Dept Of Defense - 2 upvotes, $0
  265. XSS Reflected to U.S. Dept Of Defense - 2 upvotes, $0
  266. Unrestricted file upload leads to stored xss on https://████████/ to U.S. Dept Of Defense - 2 upvotes, $0
  267. Cross-site scripting (XSS) vulnerability on a DoD website to U.S. Dept Of Defense - 1 upvotes, $0
  268. Critical information disclosure at https://█████████ to U.S. Dept Of Defense - 1 upvotes, $0
  269. Access to job creation web page on http://████████ to U.S. Dept Of Defense - 1 upvotes, $0
  270. Content-Injection/XSS ████ to U.S. Dept Of Defense - 1 upvotes, $0
  271. SQL injection on https://███████ to U.S. Dept Of Defense - 1 upvotes, $0
  272. Multiple cryptographic vulnerabilities in login page on ███████ to U.S. Dept Of Defense - 1 upvotes, $0
  273. CRLF Injection on ███████ to U.S. Dept Of Defense - 1 upvotes, $0
  274. Sensitive Information Leaking Through DoD Owned Website. [██████████] to U.S. Dept Of Defense - 1 upvotes, $0
  275. █████ - Pre-generation of VIEWSTATE allows CAC bypass to U.S. Dept Of Defense - 1 upvotes, $0
  276. Firewall rules for ████████ can be bypassed to leak site authors to U.S. Dept Of Defense - 1 upvotes, $0
  277. [https://███] Local File Inclusion via graph.php to U.S. Dept Of Defense - 1 upvotes, $0
  278. Internal IP Address Disclosed to U.S. Dept Of Defense - 1 upvotes, $0
  279. Publicly accessible Grafana install allows pivoting to Prometheus datasource to U.S. Dept Of Defense - 1 upvotes, $0
  280. idor on upload profile functionality to U.S. Dept Of Defense - 1 upvotes, $0
  281. CORS Misconfiguration Leads to Exposing User Data to U.S. Dept Of Defense - 1 upvotes, $0
  282. Padding Oracle ms10-070 in the a DoD website (https://██████/) to U.S. Dept Of Defense - 1 upvotes, $0
  283. Sensitive Information Leaking Through DARPA Website. [█████████] to U.S. Dept Of Defense - 1 upvotes, $0
  284. SQL injection found in US Navy Website (http://███/) to U.S. Dept Of Defense - 0 upvotes, $0
  285. Two Error-Based SQLi in courses.aspx on ██████████ to U.S. Dept Of Defense - 0 upvotes, $0
  286. SQL Injection - https://███/█████████/MSI.portal to U.S. Dept Of Defense - 0 upvotes, $0
  287. Unencrypted __VIEWSTATE parameter in a DoD website to U.S. Dept Of Defense - 0 upvotes, $0
  288. Admin Login Credential Leak for DoD Gitlab EE instance to U.S. Dept Of Defense - 0 upvotes, $0
  289. [██████████] — Directory traversal via /aerosol-bin/███████/display_directory_████_t.cgi to U.S. Dept Of Defense - 0 upvotes, $0

Back