Back

Top reports from U.S. Dept Of Defense program at HackerOne:

Stored Xss Vulnerability on ████████ to U.S. Dept Of Defense - 183 upvotes, $0
Bypassing CORS Misconfiguration Leads to Sensitive Exposure to U.S. Dept Of Defense - 139 upvotes, $0
Public instance of Jenkins on https://██████████/ with /script enabled to U.S. Dept Of Defense - 110 upvotes, $0
Remote Code Execution in ██████ to U.S. Dept Of Defense - 91 upvotes, $0
XXE in DoD website that may lead to RCE to U.S. Dept Of Defense - 87 upvotes, $0
Remote Code Execution (RCE) in a DoD website to U.S. Dept Of Defense - 82 upvotes, $0
[SQLI ]Time Bassed Injection at ██████████ via referer header to U.S. Dept Of Defense - 80 upvotes, $0
SQL Injection on www.██████████ on countID parameter to U.S. Dept Of Defense - 78 upvotes, $0
SQL Injection in ████ to U.S. Dept Of Defense - 71 upvotes, $0
RCE on █████ via CVE-2017-10271 to U.S. Dept Of Defense - 68 upvotes, $0
CVE-2020-3187 - Unauthenticated Arbitrary File Deletion to U.S. Dept Of Defense - 68 upvotes, $0
[█████████] Administrative access to Oracle WebLogic Server using default credentials to U.S. Dept Of Defense - 61 upvotes, $0
Remote Code Execution through DNN Cookie Deserialization to U.S. Dept Of Defense - 54 upvotes, $0
Information disclousure by clicking on the link shown in http://████████/ to U.S. Dept Of Defense - 47 upvotes, $0
SQL Injection in ████ to U.S. Dept Of Defense - 45 upvotes, $0
Gateway information leakage to U.S. Dept Of Defense - 43 upvotes, $0
SQL Injection vulnerability located at ████████ to U.S. Dept Of Defense - 42 upvotes, $0
LFI with potential to RCE on ██████ using CVE-2019-3396 to U.S. Dept Of Defense - 42 upvotes, $0
Leaked DB credentials on https://██████████.mil/███ to U.S. Dept Of Defense - 41 upvotes, $0
Local File Inclusion vulnerability on an Army system allows downloading local files to U.S. Dept Of Defense - 39 upvotes, $0
Account takeover through CSRF in http://███████/██████████/default.asp to U.S. Dept Of Defense - 39 upvotes, $0
Remote Code Execution via Insecure Deserialization in Telerik UI to U.S. Dept Of Defense - 38 upvotes, $0
Remote code execution on an Army website to U.S. Dept Of Defense - 31 upvotes, $0
Pulse Secure File disclosure, clear text and potential RCE to U.S. Dept Of Defense - 31 upvotes, $0
Unrestricted File Upload to U.S. Dept Of Defense - 30 upvotes, $0
XXE on DoD web server to U.S. Dept Of Defense - 30 upvotes, $0
[██████] Cross-origin resource sharing misconfiguration (CORS) to U.S. Dept Of Defense - 30 upvotes, $0
Blind Stored XSS Payload fired at the backend on https://█████████/ to U.S. Dept Of Defense - 30 upvotes, $0
Remote Code Execution (RCE) in a DoD website to U.S. Dept Of Defense - 29 upvotes, $0
SOAP WSDL Parser SQL Code Execution to U.S. Dept Of Defense - 29 upvotes, $0
SSRF+XSS to U.S. Dept Of Defense - 28 upvotes, $0
Reflected Xss to U.S. Dept Of Defense - 28 upvotes, $0
Information Disclosure to U.S. Dept Of Defense - 27 upvotes, $0
SQL injection to U.S. Dept Of Defense - 27 upvotes, $0
Trace.axd page leaks sensitive information to U.S. Dept Of Defense - 26 upvotes, $0
SSRF vulnerability on ██████████ leaks internal IP and various sensitive information to U.S. Dept Of Defense - 25 upvotes, $0
Command Injection (via CVE-2019-11510 and CVE-2019-11539) to U.S. Dept Of Defense - 24 upvotes, $0
████ - Complete account takeover to U.S. Dept Of Defense - 24 upvotes, $0
SQL Injection in the move_papers.php on the https://██████████ to U.S. Dept Of Defense - 24 upvotes, $0
Authentication bypass and RCE on the https://████ due to exposed Cisco TelePresence SX80 with default credentials to U.S. Dept Of Defense - 24 upvotes, $0
CSRF Account Deletion on ███ Website to U.S. Dept Of Defense - 23 upvotes, $0
403 Forbidden Bypass at www.██████.mil to U.S. Dept Of Defense - 22 upvotes, $0
RCE on a Department of Defense website to U.S. Dept Of Defense - 21 upvotes, $0
SQL injection on the https://████/ to U.S. Dept Of Defense - 21 upvotes, $0
[Partial] SSN & [PII] exposed through iPERMs Presentation Slide. to U.S. Dept Of Defense - 21 upvotes, $0
Reflected XSS in https://www.██████/ to U.S. Dept Of Defense - 21 upvotes, $0
█████████ IDOR leads to disclosure of PHI/PII to U.S. Dept Of Defense - 21 upvotes, $0
Request smuggling on ████████ to U.S. Dept Of Defense - 20 upvotes, $0
SSRF on █████████ Allowing internal server data access to U.S. Dept Of Defense - 20 upvotes, $0
Video player on ███ allows arbitrary remote videos to be played to U.S. Dept Of Defense - 20 upvotes, $0
CSRF - Close Account to U.S. Dept Of Defense - 20 upvotes, $0
Reflected XSS in https://www.█████/ to U.S. Dept Of Defense - 20 upvotes, $0
Full account takeover on https://████████.mil to U.S. Dept Of Defense - 20 upvotes, $0
███ exposes sensitive shipment information to public web to U.S. Dept Of Defense - 19 upvotes, $0
Access to all █████████ files, including CAC authentication bypass to U.S. Dept Of Defense - 19 upvotes, $0
Publicly accessible Order confirmations leaking User Emails on ███ to U.S. Dept Of Defense - 19 upvotes, $0
Examples directory is PUBLIC on https://████████mil, leading to multiple vulns to U.S. Dept Of Defense - 19 upvotes, $0
Arbitrary File Reading leads to RCE in the Pulse Secure SSL VPN on the https://███ to U.S. Dept Of Defense - 19 upvotes, $0
Subdomain takeover due to an unclaimed Amazon S3 bucket on ███ to U.S. Dept Of Defense - 19 upvotes, $0
[REMOTE] Full Account Takeover At https://██████████████/CAS/ to U.S. Dept Of Defense - 18 upvotes, $0
Subdomain takeover of ████ to U.S. Dept Of Defense - 18 upvotes, $0
https://██████ vulnerable to CVE-2020-3187 - Unauthenticated arbitrary file deletion in Cisco ASA/FTD to U.S. Dept Of Defense - 18 upvotes, $0
Apache solr RCE via velocity template to U.S. Dept Of Defense - 18 upvotes, $0
SQL injection vulnerability on a DoD website to U.S. Dept Of Defense - 17 upvotes, $0
Remote code execution vulnerability on a DoD website to U.S. Dept Of Defense - 17 upvotes, $0
Remote Code Execution (RCE) in DoD Websites to U.S. Dept Of Defense - 17 upvotes, $0
Partial SSN exposed through Presentation slides on ██████████ to U.S. Dept Of Defense - 17 upvotes, $0
Self XSS combine CSRF at https://████████/index.php to U.S. Dept Of Defense - 17 upvotes, $0
Path traversal on https://███ allows arbitrary file read (CVE-2020-3452) to U.S. Dept Of Defense - 17 upvotes, $0
Remote Code Execution on █████████ to U.S. Dept Of Defense - 17 upvotes, $0
IDOR to Account Takeover on https://████/index.html to U.S. Dept Of Defense - 17 upvotes, $0
[CVE-2018-7600] Remote Code Execution due to outdated Drupal server on www.█████████ to U.S. Dept Of Defense - 17 upvotes, $0
CSRF to Cross-site Scripting (XSS) to U.S. Dept Of Defense - 17 upvotes, $0
███████ Site Exposes █████████ forms to U.S. Dept Of Defense - 16 upvotes, $0
PII leakage due to scrceenshot of health records to U.S. Dept Of Defense - 16 upvotes, $0
Reflected XSS on https://█████████/ to U.S. Dept Of Defense - 16 upvotes, $0
Reflected XSS on ███ to U.S. Dept Of Defense - 16 upvotes, $0
Misconfigured password reset vulnerability on a DoD website to U.S. Dept Of Defense - 15 upvotes, $0
Blind SQLi vulnerability in a DoD Website to U.S. Dept Of Defense - 14 upvotes, $0
Open FTP server on a DoD system to U.S. Dept Of Defense - 14 upvotes, $0
PII leakage due to caching of Order/Contract ID's on █████████ to U.S. Dept Of Defense - 14 upvotes, $0
Blind SQL injection on ████████ to U.S. Dept Of Defense - 14 upvotes, $0
[█████] — DOM-based XSS on endpoint /?s= to U.S. Dept Of Defense - 14 upvotes, $0
███ is vulnerable to CVE-2020-3452 Read-Only Path Traversal Vulnerability to U.S. Dept Of Defense - 14 upvotes, $0
Sensitive information about a ██████ to U.S. Dept Of Defense - 14 upvotes, $0
Blind stored XSS due to insecure contact form at https://█████.mil leads to leakage of session token and to U.S. Dept Of Defense - 14 upvotes, $0
critical information disclosure to U.S. Dept Of Defense - 14 upvotes, $0
SQL injection vulnerability on a DoD website to U.S. Dept Of Defense - 13 upvotes, $0
IDOR on DoD Website exposes FTP users and passes linked to all accounts! to U.S. Dept Of Defense - 13 upvotes, $0
PII leakage-Full SSN on ███ to U.S. Dept Of Defense - 13 upvotes, $0
XSS on www.██████ alerts and a number of other pages to U.S. Dept Of Defense - 13 upvotes, $0
http://████/data.json showing users sensitive information via json file to U.S. Dept Of Defense - 13 upvotes, $0
SSN leak due to editable slides to U.S. Dept Of Defense - 13 upvotes, $0
Previously Compromised PulseSSL VPN Hosts to U.S. Dept Of Defense - 13 upvotes, $0
Remote Code Execution via CVE-2019-18935 to U.S. Dept Of Defense - 13 upvotes, $0
CSRF to Stored HTML injection at https://www.█████ to U.S. Dept Of Defense - 13 upvotes, $0
DOM Based XSS on an Army website to U.S. Dept Of Defense - 12 upvotes, $0
Remote Code Execution (RCE) in a DoD website to U.S. Dept Of Defense - 12 upvotes, $0
[Critical] Full local fylesystem access (LFI/LFD) as admin via Path Traversal in the misconfigured Java servlet on the https://███/ to U.S. Dept Of Defense - 12 upvotes, $0
SQL injections to U.S. Dept Of Defense - 12 upvotes, $0
Remote Code Execution - Unauthenticated Remote Command Injection (via Microsoft SharePoint CVE-2019-0604) to U.S. Dept Of Defense - 12 upvotes, $0
Reflected cross-site scripting vulnerability on a DoD website to U.S. Dept Of Defense - 12 upvotes, $0
No Rate Limiting on https://██████/██████████/accounts/password/reset/ endpoint leads to Denial of Service to U.S. Dept Of Defense - 12 upvotes, $0
Exposed Docker Registry at https://████ to U.S. Dept Of Defense - 12 upvotes, $0
CSRF to account takeover in https://███████.mil/ to U.S. Dept Of Defense - 12 upvotes, $0
XSS Reflect to POST █████ to U.S. Dept Of Defense - 12 upvotes, $0
[SQLI ]Time Bassed Injection at ██████████ via /██████/library.php?c=G14 parameter to U.S. Dept Of Defense - 12 upvotes, $0
Old Session Does Not Expires After Password Change to U.S. Dept Of Defense - 12 upvotes, $0
Unauth RCE on Jenkins Instance at https://█████████/ to U.S. Dept Of Defense - 12 upvotes, $0
Unrestricted File Download / Path Traversal to U.S. Dept Of Defense - 11 upvotes, $0
Reflected cross-site scripting vulnerability on a DoD website to U.S. Dept Of Defense - 11 upvotes, $0
SQL Injection in Login Page: https://█████/█████████/login.php to U.S. Dept Of Defense - 11 upvotes, $0
PII/PHI data available on web https://████████Portals/22/Documents/Meetings to U.S. Dept Of Defense - 11 upvotes, $0
Unrestricted File Upload Leads to XSS & Potential RCE to U.S. Dept Of Defense - 11 upvotes, $0
Elmah.axd is publicly accessible and leaking Error Log for ROOT on █████_PRD_WEB1 █████████elmah.axd to U.S. Dept Of Defense - 11 upvotes, $0
Local File Disclosure on the ████████ (https://████/) leads to the source code disclosure & DB credentials leak to U.S. Dept Of Defense - 11 upvotes, $0
Password Reset link hijacking via Host Header Poisoning leads to account takeover to U.S. Dept Of Defense - 11 upvotes, $0
Local file inclusion vulnerability on a DoD website to U.S. Dept Of Defense - 10 upvotes, $0
Remote Code Execution (RCE) in a DoD website to U.S. Dept Of Defense - 10 upvotes, $0
SQL Injection vulnerability in a DoD website to U.S. Dept Of Defense - 10 upvotes, $0
RCE on https://█████/ Using CVE-2017-9248 to U.S. Dept Of Defense - 10 upvotes, $0
MSSQL injection via param Customwho in https://█████/News/Transcripts/Search/Sort/ and WAF bypass to U.S. Dept Of Defense - 10 upvotes, $0
Unauthenticated Arbitrary File Deletion ("CVE-2020-3187") in ████████ to U.S. Dept Of Defense - 10 upvotes, $0
IDOR + Account Takeover [UNAUTHENTICATED] to U.S. Dept Of Defense - 10 upvotes, $0
CORS misconfiguration which leads to the disclosure to U.S. Dept Of Defense - 10 upvotes, $0
Reflected XSS on https://████/ (Bypass of #1002977) to U.S. Dept Of Defense - 10 upvotes, $0
PII Leak of USCG Designated Examiner List at https://www.███ to U.S. Dept Of Defense - 10 upvotes, $0
Sensitive Information Leaking Through DoD Owned Website https://www.█████.mil to U.S. Dept Of Defense - 10 upvotes, $0
critical information disclosure to U.S. Dept Of Defense - 10 upvotes, $0
Privilege Escalation on a DoD Website to U.S. Dept Of Defense - 9 upvotes, $0
Authentication bypass vulnerability on a DoD website to U.S. Dept Of Defense - 9 upvotes, $0
Reflected XSS on a DoD website to U.S. Dept Of Defense - 9 upvotes, $0
Personal information disclosure on a DoD website to U.S. Dept Of Defense - 9 upvotes, $0
Blind SQLi in a DoD Website to U.S. Dept Of Defense - 9 upvotes, $0
Time Based SQL Injection vulnerability on a DoD website to U.S. Dept Of Defense - 9 upvotes, $0
Path traversal on ████████ to U.S. Dept Of Defense - 9 upvotes, $0
SQL injection on █████ due to tech.cfm to U.S. Dept Of Defense - 9 upvotes, $0
[CVE-2019-11510 ] Path Traversal on ████████ leads to leaked passwords, RCE, etc to U.S. Dept Of Defense - 9 upvotes, $0
Unrestricted File Upload to ███████SubmitRequest/Index.cfm?fwa=wizardform to U.S. Dept Of Defense - 9 upvotes, $0
CSRF - Modify Company Info to U.S. Dept Of Defense - 9 upvotes, $0
SSN is exposed on slides, previous critical report was not fixed in an appropriate way to U.S. Dept Of Defense - 9 upvotes, $0
Reflected XSS on ███████ to U.S. Dept Of Defense - 9 upvotes, $0
Local File Inclusion In Registration Page to U.S. Dept Of Defense - 9 upvotes, $0
Reflected XSS In https://███████ to U.S. Dept Of Defense - 9 upvotes, $0
Blind Stored XSS on ███████ leads to takeover admin account to U.S. Dept Of Defense - 9 upvotes, $0
Reflected XSS at https://████████/███/... to U.S. Dept Of Defense - 9 upvotes, $0
Reflected XSS in a Navy website to U.S. Dept Of Defense - 8 upvotes, $0
Reflected XSS on an Army website to U.S. Dept Of Defense - 8 upvotes, $0
Reflected XSS on a Department of Defense website to U.S. Dept Of Defense - 8 upvotes, $0
Reflected XSS on a Department of Defense website to U.S. Dept Of Defense - 8 upvotes, $0
File upload vulnerability on a DoD website to U.S. Dept Of Defense - 8 upvotes, $0
Remote code execution (RCE) in multiple DoD websites to U.S. Dept Of Defense - 8 upvotes, $0
Cross-site scripting (XSS) vulnerability on a DoD website to U.S. Dept Of Defense - 8 upvotes, $0
[Critical] Possibility to takeover any user account #2 without interaction on the https://██████████ to U.S. Dept Of Defense - 8 upvotes, $0
Remote Code Execution (RCE) in a DoD website to U.S. Dept Of Defense - 8 upvotes, $0
Server-Side Request Forgery (SSRF) to U.S. Dept Of Defense - 8 upvotes, $0
PII Leak via https://████████ to U.S. Dept Of Defense - 8 upvotes, $0
(CORS) Cross-origin resource sharing misconfiguration to U.S. Dept Of Defense - 8 upvotes, $0
RCE (Remote code execution) in one of DoD's websites to U.S. Dept Of Defense - 8 upvotes, $0
Сode injection host █████████ to U.S. Dept Of Defense - 8 upvotes, $0
SQLi in login form of █████ to U.S. Dept Of Defense - 8 upvotes, $0
DOM XSS on https://www.███████ to U.S. Dept Of Defense - 8 upvotes, $0
Unauthenticated Arbitrary File Deletion "CVE-2020-3187" in █████ to U.S. Dept Of Defense - 8 upvotes, $0
PII Information Leak at https://████████.mil/ to U.S. Dept Of Defense - 8 upvotes, $0
Reflected XSS www.█████ search form to U.S. Dept Of Defense - 8 upvotes, $0
PII Leak via /████████ to U.S. Dept Of Defense - 8 upvotes, $0
Git repo on https://██████.mil/ discloses API password to U.S. Dept Of Defense - 8 upvotes, $0
RCE in ██████ subdomain via CVE-2017-1000486 to U.S. Dept Of Defense - 8 upvotes, $0
Reflected XSS on a Navy website to U.S. Dept Of Defense - 7 upvotes, $0
QuickTime Promotion on a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
Exposed Access Control Data Backup Files on DoD Website to U.S. Dept Of Defense - 7 upvotes, $0
Reflected XSS vulnerability on a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
Information disclosure on a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
Remote Command Execution on a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
Bypass file access control vulnerability on a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
XSS on a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
SQL injection vulnerability on a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
Insecure direct object reference vulnerability on a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
Server-side include injection vulnerability in a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
Information disclosure on a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
Arbitary file download vulnerability on a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
Insecure Direct Object Reference (IDOR) vulnerability in a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
X-XSS-Protection -> Misconfiguration to U.S. Dept Of Defense - 7 upvotes, $0
Root Remote Code Execution on https://███ to U.S. Dept Of Defense - 7 upvotes, $0
Exposed ███████ Administrative Interface (ColdFusion 11) to U.S. Dept Of Defense - 7 upvotes, $0
Corda Server XSS ████████ to U.S. Dept Of Defense - 7 upvotes, $0
Unrestricted File Upload to U.S. Dept Of Defense - 7 upvotes, $0
Null byte Injection in https://████/ to U.S. Dept Of Defense - 7 upvotes, $0
Tomcat examples available for public, Disclosure Apache Tomcat version, Critical/High/Medium CVE to U.S. Dept Of Defense - 7 upvotes, $0
SharePoint Web Services Exposed to Anonymous Access Users to U.S. Dept Of Defense - 7 upvotes, $0
Stored XSS via Comment Form at ████████ to U.S. Dept Of Defense - 7 upvotes, $0
{███} It is posible download all information and files via S3 Bucket Misconfiguration to U.S. Dept Of Defense - 7 upvotes, $0
SQL Injection in www.██████████ to U.S. Dept Of Defense - 7 upvotes, $0
Reflected XSS on https://█████████html?url to U.S. Dept Of Defense - 7 upvotes, $0
Password Cracking - Weak Password Used to Secure ████ Containing a Plaintext Password to U.S. Dept Of Defense - 7 upvotes, $0
IDOR leads to Leakage an ██████████ Login Information to U.S. Dept Of Defense - 7 upvotes, $0
CSRF to Cross-site Scripting (XSS) to U.S. Dept Of Defense - 7 upvotes, $0
Improper Access Control - Generic on https://████ to U.S. Dept Of Defense - 7 upvotes, $0
IDOR on https://██████ via POST UID enables database scraping to U.S. Dept Of Defense - 7 upvotes, $0
SQL Injection vulnerability on a DoD website to U.S. Dept Of Defense - 6 upvotes, $0
Information leakage on a Department of Defense website to U.S. Dept Of Defense - 6 upvotes, $0
Cross-site scripting (XSS) vulnerability on a DoD website to U.S. Dept Of Defense - 6 upvotes, $0
Remote file inclusion vulnerability on a DoD website to U.S. Dept Of Defense - 6 upvotes, $0
HTML injection vulnerability on a DoD website to U.S. Dept Of Defense - 6 upvotes, $0
Reflected XSS on a DoD website to U.S. Dept Of Defense - 6 upvotes, $0
Reflected XSS in a DoD Website to U.S. Dept Of Defense - 6 upvotes, $0
SQL injection vulnerability on a DoD website to U.S. Dept Of Defense - 6 upvotes, $0
Remote code execution vulnerability on a DoD website to U.S. Dept Of Defense - 6 upvotes, $0
Arbitary file download vulnerability on a DoD website to U.S. Dept Of Defense - 6 upvotes, $0
Arbitary file download vulnerability on a DoD website to U.S. Dept Of Defense - 6 upvotes, $0
Violation of secure design principles on a DoD website to U.S. Dept Of Defense - 6 upvotes, $0
Limited code execution vulnerability on a DoD website to U.S. Dept Of Defense - 6 upvotes, $0
Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 6 upvotes, $0
Remote Code Execution (RCE) vulnerability in a DoD website to U.S. Dept Of Defense - 6 upvotes, $0
Account takeover due to CSRF in "Account details" option on █████████ to U.S. Dept Of Defense - 6 upvotes, $0
██████ Authenticated User Data Disclosure to U.S. Dept Of Defense - 6 upvotes, $0
SSRF on ████████ to U.S. Dept Of Defense - 6 upvotes, $0
Information Disclosure (can access all ███s) within ███████ view █████████ Portal to U.S. Dept Of Defense - 6 upvotes, $0
Out-of-date Version (Apache) to U.S. Dept Of Defense - 6 upvotes, $0
Open FTP on ███ to U.S. Dept Of Defense - 6 upvotes, $0
SSRF in ███████ to U.S. Dept Of Defense - 6 upvotes, $0
Default page exposes admin functions and all metods and classes available. on https://██████/█████/dwr/index.html to U.S. Dept Of Defense - 6 upvotes, $0
Admin Salt Leakage on DoD site. to U.S. Dept Of Defense - 6 upvotes, $0
LDAP Injection at ██████ to U.S. Dept Of Defense - 6 upvotes, $0
Partial PII leakage due to public set gitlab to U.S. Dept Of Defense - 6 upvotes, $0
[███] SQL injection & Reflected XSS to U.S. Dept Of Defense - 6 upvotes, $0
[█████] Get all tickets (IDOR) to U.S. Dept Of Defense - 6 upvotes, $0
██████████ bruteforceable RIC Codes allowing information on contracts to U.S. Dept Of Defense - 6 upvotes, $0
[████████] Boolean SQL Injection (/personnel.php?content=profile&rcnum=*) to U.S. Dept Of Defense - 6 upvotes, $0
[█████] Reflected GET XSS (/personnel.php?...&rcnum=*) with mouse action to U.S. Dept Of Defense - 6 upvotes, $0
Full Account Take-Over of ████████ Members via IDOR to U.S. Dept Of Defense - 6 upvotes, $0
xmlrpc.php FILE IS enable which enables attacker to XSPA Brute-force and even Denial of Service(DOS), in https://████/xmlrpc.php to U.S. Dept Of Defense - 6 upvotes, $0
Stored XSS at ██████userprofile.aspx to U.S. Dept Of Defense - 6 upvotes, $0
CSRF to account takeover in https://█████/ to U.S. Dept Of Defense - 6 upvotes, $0
███████mill is vulnerable to cross site request forgery that leads to full account take over. to U.S. Dept Of Defense - 6 upvotes, $0
Stored XSS at https://www.█████████.mil to U.S. Dept Of Defense - 6 upvotes, $0
Stored XSS via 64(?) vulnerable fields in ███ leads to credential theft/account takeover to U.S. Dept Of Defense - 6 upvotes, $0
Bypassed a fix to gain access to PII of more than 100 Officers to U.S. Dept Of Defense - 6 upvotes, $0
CVE 2020 14179 on jira instance to U.S. Dept Of Defense - 6 upvotes, $0
Second Order XSS via █████ to U.S. Dept Of Defense - 6 upvotes, $0
SSRF due to CVE-2021-26855 on ████████ to U.S. Dept Of Defense - 6 upvotes, $0
Reflected XSS on ███████ to U.S. Dept Of Defense - 6 upvotes, $0
Website vulnerable to POODLE (SSLv3) with expired certificate to U.S. Dept Of Defense - 6 upvotes, $0
XSS vulnerability on an Army website to U.S. Dept Of Defense - 5 upvotes, $0
Open Redirect in a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
Cross-site request forgery vulnerability on a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
Password reset vulnerability on a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
Remote command execution (RCE) vulnerability on a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
Open redirect vulnerability in a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
Reflected cross-site scripting (XSS) vulnerability on a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
Default credentials on a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
SQL Injection vulnerability in a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
Server Side Request Forgery (SSRF) vulnerability in a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
https://█████████ Vulnerable to CVE-2018-0296 Cisco ASA Path Traversal Authentication Bypass to U.S. Dept Of Defense - 5 upvotes, $0
SQL Injection in the get_publications.php on the https://█████ to U.S. Dept Of Defense - 5 upvotes, $0
sql injection on /messagecenter/messagingcenter at https://www.███████/ to U.S. Dept Of Defense - 5 upvotes, $0
Remote Code Execution (RCE) in a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
Remote File Inclusion, Malicious File Hosting, and Cross-site Scripting (XSS) in ████████ to U.S. Dept Of Defense - 5 upvotes, $0
HTML Injection on ████ to U.S. Dept Of Defense - 5 upvotes, $0
SharePoint exposed web services to U.S. Dept Of Defense - 5 upvotes, $0
Email PII disclosure due to Insecure Password Reset field to U.S. Dept Of Defense - 5 upvotes, $0
File Upload Restriction Bypass to U.S. Dept Of Defense - 5 upvotes, $0
[Critical] Insufficient Access Control On Registration Page of Webapps Website Allows Privilege Escalation to Administrator to U.S. Dept Of Defense - 5 upvotes, $0
Reflected XSS and HTML Injectionon a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
Directory Indexing on the ████ (https://████/) leads to the backups disclosure and credentials leak to U.S. Dept Of Defense - 5 upvotes, $0
Improper Access Controls Allow PII Leak via ████ to U.S. Dept Of Defense - 5 upvotes, $0
Knowledge Base Articles are Globally Modifiable via ██████ to U.S. Dept Of Defense - 5 upvotes, $0
Support incident can be opened for any user via /███████ and PII leak via █████████ field to U.S. Dept Of Defense - 5 upvotes, $0
Arbitrary file upload and stored XSS via ███ support request to U.S. Dept Of Defense - 5 upvotes, $0
Access to requests and approvals via /█████ allows sensitive information gathering to U.S. Dept Of Defense - 5 upvotes, $0
CRXDE Lite/CRX is on ██████ exposed that leads to PII disclosure to U.S. Dept Of Defense - 5 upvotes, $0
RXSS - https://███/ to U.S. Dept Of Defense - 5 upvotes, $0
Blind Stored XSS on https://█████████ after filling a request at https://█████ to U.S. Dept Of Defense - 5 upvotes, $0
param allows any external resource to be downloadable | https://████████ to U.S. Dept Of Defense - 5 upvotes, $0
External Service Interaction (HTTP/DNS) on https://www.███ (██████████ parameter) to U.S. Dept Of Defense - 5 upvotes, $0
Reflected XSS on █████████ to U.S. Dept Of Defense - 5 upvotes, $0
Sending trusted ████ and ██████████ emails through public API endpoint in ███████ site to U.S. Dept Of Defense - 5 upvotes, $0
Persistent XSS vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
Cross-site scripting vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
Cross-site scripting (XSS) vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
HTML Injection/Load Images vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
SQL injection vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
Reflected XSS on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
Reflected XSS on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
Remote Code Execution (RCE) in a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
Reflected XSS on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
Reflected XSS vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
Cross-site request forgery (CSRF) vulnerability in a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
Reflected XSS vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
Information disclosure vulnerability in a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
SQL Injection vulnerability in a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
SQL Injection vulnerability in a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
SQL injection vulnerability in a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
Reflective XSS vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
SQL injection vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
Remote Code Execution (RCE) vulnerability in multiple DoD websites to U.S. Dept Of Defense - 4 upvotes, $0
Cross-site scripting (XSS) vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
Cross-site scripting (XSS) on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
SQL Injection vulnerability in a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
Admin panel take over | User info leakage | Mass Comprimise to U.S. Dept Of Defense - 4 upvotes, $0
Code reversion allowing SQLI again in ███████ to U.S. Dept Of Defense - 4 upvotes, $0
Remote Code Execution (RCE) in a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
WebLogic Server Side Request Forgery to U.S. Dept Of Defense - 4 upvotes, $0
SharePoint exposed web services to U.S. Dept Of Defense - 4 upvotes, $0
[████████] Reflected XSS to U.S. Dept Of Defense - 4 upvotes, $0
[███████] Reflected GET XSS (/mission.php?...&missionDate=*) to U.S. Dept Of Defense - 4 upvotes, $0
[██████████] Unauthorized access to admin panel to U.S. Dept Of Defense - 4 upvotes, $0
Application level DoS via xmlrpc.php to U.S. Dept Of Defense - 4 upvotes, $0
Unrestricted file upload leads to stored xss on https://████████/ to U.S. Dept Of Defense - 4 upvotes, $0
CVE-2020-3452, unauthenticated file read in Cisco ASA & Cisco Firepower. to U.S. Dept Of Defense - 4 upvotes, $0
Cross Site Scripting (XSS) – Reflected to U.S. Dept Of Defense - 4 upvotes, $0
External Service Interaction | https://█████████.mil to U.S. Dept Of Defense - 4 upvotes, $0
https://██████ vulnerable to CVE-2020-3187 - Unauthenticated arbitrary file deletion in Cisco ASA/FTD to U.S. Dept Of Defense - 4 upvotes, $0
hardcoded password stored in javascript of https://████.mil to U.S. Dept Of Defense - 4 upvotes, $0
View another user information with IDOR vulnerability to U.S. Dept Of Defense - 4 upvotes, $0
PHP info page disclosure to U.S. Dept Of Defense - 4 upvotes, $0
Insecure ███████ credentials on staging app at ████ leads to application takeover to U.S. Dept Of Defense - 4 upvotes, $0
PII Leak of ████████ Personal at https://www.█████████ to U.S. Dept Of Defense - 4 upvotes, $0
Dashboard sharing enables code injection into ████ emails to U.S. Dept Of Defense - 4 upvotes, $0
PII Leak via /███████ to U.S. Dept Of Defense - 4 upvotes, $0
PII Leak via /██████ to U.S. Dept Of Defense - 4 upvotes, $0
HTML Injection + XSS Vulnerability - https://████████/ | Proof of Concept [PoC] to U.S. Dept Of Defense - 4 upvotes, $0
Information Disclosure(PHPINFO/Credentials) on DoD Asset to U.S. Dept Of Defense - 4 upvotes, $0
Stored XSS through name / last name on https://██████████/ to U.S. Dept Of Defense - 4 upvotes, $0
reflected xss @ www.█████████ to U.S. Dept Of Defense - 4 upvotes, $0
CVE-2021-26855 on ████████ resulting in SSRF to U.S. Dept Of Defense - 4 upvotes, $0
Read-only path traversal (CVE-2020-3452) at https://██████.mil to U.S. Dept Of Defense - 4 upvotes, $0
XML Injection on https://www.█████████ (███ parameter) to U.S. Dept Of Defense - 4 upvotes, $0
DNS Misconfiguration to U.S. Dept Of Defense - 3 upvotes, $0
XSS vulnerability on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
Arbitrary Script Injection (Mail) in a DoD Website to U.S. Dept Of Defense - 3 upvotes, $0
Potentially sensitive information disclosure on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
Misconfigured user account settings on DoD website to U.S. Dept Of Defense - 3 upvotes, $0
Stored cross-site scripting (XSS) on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
Cross-Site Scripting (XSS) on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
Remote Code Execution (RCE) in a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
Server side information disclosure on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
Reflected XSS on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
Reflected XSS on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
Reflected XSS on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
DOM Based XSS on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
Time Based SQL Injection vulnerability on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
Reflected XSS vulnerability on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
Cross-site request forgery (CSRF) vulnerability on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
Remote code execution vulnerability on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
Stored cross site scripting (XSS) vulnerability on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
Reflected XSS vulnerability on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
Reflected XSS on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
Remote OS command Execution in the 3 more Oracle Weblogic on the ████████, ████, ███████ [CVE-2017-10352] to U.S. Dept Of Defense - 3 upvotes, $0
Online training material disclosing username and password to U.S. Dept Of Defense - 3 upvotes, $0
https://████████ Impacted by DNN ImageHandler SSRF to U.S. Dept Of Defense - 3 upvotes, $0
████████ SQL to U.S. Dept Of Defense - 3 upvotes, $0
Attackers can control which security questions they are presented (████████) to U.S. Dept Of Defense - 3 upvotes, $0
Insecure Direct Object Reference on in-scope .mil website to U.S. Dept Of Defense - 3 upvotes, $0
Sensitive Email disclosure Due to Insecure Reactivate Account field to U.S. Dept Of Defense - 3 upvotes, $0
CRLF Injection on ███████ to U.S. Dept Of Defense - 3 upvotes, $0
Able to view Backend Database dur to improper authentication to U.S. Dept Of Defense - 3 upvotes, $0
█████ - DOM-based XSS to U.S. Dept Of Defense - 3 upvotes, $0
█████ - DOM-based XSS to U.S. Dept Of Defense - 3 upvotes, $0
[██████] Reflected GET XSS (/personnel.php?..&folder=*) with mouse action to U.S. Dept Of Defense - 3 upvotes, $0
████ █████ exposes highly sensitive information to public to U.S. Dept Of Defense - 3 upvotes, $0
█████████ - Insecure download cookie generation allows bypass of CAC authentication, access to deleted and locked files to U.S. Dept Of Defense - 3 upvotes, $0
Firewall rules for ████████ can be bypassed to leak site authors to U.S. Dept Of Defense - 3 upvotes, $0
Internal IP Address Disclosed to U.S. Dept Of Defense - 3 upvotes, $0
idor on upload profile functionality to U.S. Dept Of Defense - 3 upvotes, $0
Improper Neutralization of Input During Web Page Generation to U.S. Dept Of Defense - 3 upvotes, $0
No ACL on S3 Bucket in [https://www.██████████/] to U.S. Dept Of Defense - 3 upvotes, $0
Domian Takeover in [███████] to U.S. Dept Of Defense - 3 upvotes, $0
[████████] — XSS on /███████_flight/images via advanced_val parameter to U.S. Dept Of Defense - 3 upvotes, $0
XSS Reflected to U.S. Dept Of Defense - 3 upvotes, $0
Reflected XSS on ███████ page to U.S. Dept Of Defense - 3 upvotes, $0
[██████████.mil] Cisco VPN Service Path Traversal to U.S. Dept Of Defense - 3 upvotes, $0
[CVE-2020-3452] Unauthenticated file read in Cisco ASA to U.S. Dept Of Defense - 3 upvotes, $0
Reflected XSS in https://███████ via search parameter to U.S. Dept Of Defense - 3 upvotes, $0
PII Leak (such as CAC User ID) at https://████████/pages/login.aspx to U.S. Dept Of Defense - 3 upvotes, $0
Apparent ██████████ website is publicly exposed, suggests default account details on page and has expired SSL/TLS cert to U.S. Dept Of Defense - 3 upvotes, $0
Able to authenticate as administrator by navigating to https://█████/admin/ to U.S. Dept Of Defense - 3 upvotes, $0
Able to log in with default ██████g creds at https█████████████████████.mil to U.S. Dept Of Defense - 3 upvotes, $0
POST based RXSS on https://█████ via frm_email parameter to U.S. Dept Of Defense - 3 upvotes, $0
Sensitive data exposure via https://███/secure/QueryComponent!Default.jspa - CVE-2020-14179 to U.S. Dept Of Defense - 3 upvotes, $0
System Error Reveals Sensitive SQL Call Data to U.S. Dept Of Defense - 3 upvotes, $0
Self XSS + CSRF Leads to Reflected XSS in https://████/ to U.S. Dept Of Defense - 3 upvotes, $0
Misconfigured AWS S3 bucket leaks senstive data such of admin, Prdouction,beta, localhost and many more directories.... to U.S. Dept Of Defense - 3 upvotes, $0
Reflected XSS in https://██████████ via "████████" parameter to U.S. Dept Of Defense - 3 upvotes, $0
Server side information disclosure to U.S. Dept Of Defense - 2 upvotes, $0
Information disclosure on a DoD website to U.S. Dept Of Defense - 2 upvotes, $0
Reflected XSS vulnerability in a DoD website to U.S. Dept Of Defense - 2 upvotes, $0
Stored XSS vulnerability on a DoD website to U.S. Dept Of Defense - 2 upvotes, $0
Reflected XSS on a DoD website to U.S. Dept Of Defense - 2 upvotes, $0
Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 2 upvotes, $0
SQL Injection vulnerability in a DoD website to U.S. Dept Of Defense - 2 upvotes, $0
SQL Injection vulnerability in a DoD website to U.S. Dept Of Defense - 2 upvotes, $0
2 vulnerabilities of arbitrary code in ████████ - CVE-2017-5929 to U.S. Dept Of Defense - 2 upvotes, $0
Critical information disclosure at https://█████████ to U.S. Dept Of Defense - 2 upvotes, $0
Illegal account registration in ████████ to U.S. Dept Of Defense - 2 upvotes, $0
Multiple cryptographic vulnerabilities in login page on ███████ to U.S. Dept Of Defense - 2 upvotes, $0
Exposed FTP Credentials on ███████ to U.S. Dept Of Defense - 2 upvotes, $0
Blind SQL Injection on DoD Site to U.S. Dept Of Defense - 2 upvotes, $0
Sensitive Information Leaking Through DoD Owned Website. [██████████] to U.S. Dept Of Defense - 2 upvotes, $0
Followup - SQL Injection - https://██████████/██████/MSI.portal to U.S. Dept Of Defense - 2 upvotes, $0
CORS Misconfiguration Leads to Exposing User Data to U.S. Dept Of Defense - 2 upvotes, $0
Padding Oracle ms10-070 in the a DoD website (https://██████/) to U.S. Dept Of Defense - 2 upvotes, $0
Admin Login Credential Leak for DoD Gitlab EE instance to U.S. Dept Of Defense - 2 upvotes, $0
Username&password is Disclosure in readme file in [https://█████████] to U.S. Dept Of Defense - 2 upvotes, $0
Sensitive Information Leaking Through DARPA Website. [█████████] to U.S. Dept Of Defense - 2 upvotes, $0
Sensitive Information Leaking Through Navy Website. [█████] to U.S. Dept Of Defense - 2 upvotes, $0
HTML Injection leads to XSS on███ to U.S. Dept Of Defense - 2 upvotes, $0
Reflected XSS on https://███████/ to U.S. Dept Of Defense - 2 upvotes, $0
[████] SQL Injections on Referer Header exploitable via Time-Based method to U.S. Dept Of Defense - 2 upvotes, $0
SharePoint Web Services Exposed to Anonymous Access to U.S. Dept Of Defense - 2 upvotes, $0
Sensitive data exposure via https://███████/secure/QueryComponent!Default.jspa - CVE-2020-14179 to U.S. Dept Of Defense - 2 upvotes, $0
Read-only path traversal (CVE-2020-3452) at https://█████ to U.S. Dept Of Defense - 2 upvotes, $0
Read-only path traversal (CVE-2020-3452) at https://████████ to U.S. Dept Of Defense - 2 upvotes, $0
Cross-site scripting (XSS) vulnerability on a DoD website to U.S. Dept Of Defense - 1 upvotes, $0
Access to job creation web page on http://████████ to U.S. Dept Of Defense - 1 upvotes, $0
Content-Injection/XSS ████ to U.S. Dept Of Defense - 1 upvotes, $0
SQL injection on https://███████ to U.S. Dept Of Defense - 1 upvotes, $0
█████ - Pre-generation of VIEWSTATE allows CAC bypass to U.S. Dept Of Defense - 1 upvotes, $0
[https://███] Local File Inclusion via graph.php to U.S. Dept Of Defense - 1 upvotes, $0
Publicly accessible Grafana install allows pivoting to Prometheus datasource to U.S. Dept Of Defense - 1 upvotes, $0
Unencrypted __VIEWSTATE parameter in a DoD website to U.S. Dept Of Defense - 1 upvotes, $0
PulseSSL VPN Site with Compromised Creds @ ████ to U.S. Dept Of Defense - 1 upvotes, $0
https://█████ is vulnerable to CVE-2020-3452 Read-Only Path Traversal Vulnerability to U.S. Dept Of Defense - 1 upvotes, $0
SharePoint Web Services Exposed to Anonymous Access to U.S. Dept Of Defense - 1 upvotes, $0
Register with non accepted email types on https://███████ to U.S. Dept Of Defense - 1 upvotes, $0
Reflected XSS on https://█████ to U.S. Dept Of Defense - 1 upvotes, $0
SQL injection found in US Navy Website (http://███/) to U.S. Dept Of Defense - 0 upvotes, $0
Two Error-Based SQLi in courses.aspx on ██████████ to U.S. Dept Of Defense - 0 upvotes, $0
SQL Injection - https://███/█████████/MSI.portal to U.S. Dept Of Defense - 0 upvotes, $0
[██████████] — Directory traversal via /aerosol-bin/███████/display_directory_████_t.cgi to U.S. Dept Of Defense - 0 upvotes, $0
Stored XSS on ████████helpdesk to U.S. Dept Of Defense - 0 upvotes, $0
Sensitive data exposure via https://████████.mil/secure/QueryComponent!Default.jspa - CVE-2020-14179 to U.S. Dept Of Defense - 0 upvotes, $0
Access to Unclassified / FOUO Advanced Motion Platform of █████████.mil to U.S. Dept Of Defense - 0 upvotes, $0
SSRF in login page using fetch API exposes victims IP address to attacker controled server to U.S. Dept Of Defense - 0 upvotes, $0

Back

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

TOPUSDEPTOFDEFENSE.md

TOPUSDEPTOFDEFENSE.md

Files

TOPUSDEPTOFDEFENSE.md

Latest commit

History

TOPUSDEPTOFDEFENSE.md

File metadata and controls