Top reports from U.S. Dept Of Defense program at HackerOne:

Stored Xss Vulnerability on ████████ to U.S. Dept Of Defense - 187 upvotes, $0
Bypassing CORS Misconfiguration Leads to Sensitive Exposure to U.S. Dept Of Defense - 142 upvotes, $0
Public instance of Jenkins on https://██████████/ with /script enabled to U.S. Dept Of Defense - 113 upvotes, $0
[hta3] Remote Code Execution on ████ to U.S. Dept Of Defense - 99 upvotes, $0
Wordpress Takeover using setup configuration at http://████.edu [HtUS] to U.S. Dept Of Defense - 97 upvotes, $1000
Remote Code Execution in ██████ to U.S. Dept Of Defense - 93 upvotes, $0
[███████] Information disclosure due unauthenticated access to APIs and system browser functions to U.S. Dept Of Defense - 93 upvotes, $0
LOGJ4 VUlnerability [HtUS] to U.S. Dept Of Defense - 92 upvotes, $1000
XXE in DoD website that may lead to RCE to U.S. Dept Of Defense - 90 upvotes, $0
Remote Code Execution (RCE) in a DoD website to U.S. Dept Of Defense - 83 upvotes, $0
[SQLI ]Time Bassed Injection at ██████████ via referer header to U.S. Dept Of Defense - 83 upvotes, $0
SQL Injection on www.██████████ on countID parameter to U.S. Dept Of Defense - 79 upvotes, $0
User automatically logged in as Sys Admin user on https://███/Administration/Administration.aspx to U.S. Dept Of Defense - 79 upvotes, $0
Time based SQL injection at████████ to U.S. Dept Of Defense - 75 upvotes, $0
SQL Injection in ████ to U.S. Dept Of Defense - 71 upvotes, $0
CVE-2020-3187 - Unauthenticated Arbitrary File Deletion to U.S. Dept Of Defense - 70 upvotes, $0
RCE on █████ via CVE-2017-10271 to U.S. Dept Of Defense - 68 upvotes, $0
[█████████] Administrative access to Oracle WebLogic Server using default credentials to U.S. Dept Of Defense - 62 upvotes, $0
Full account takeover of any user through reset password to U.S. Dept Of Defense - 59 upvotes, $0
Remote Code Execution through DNN Cookie Deserialization to U.S. Dept Of Defense - 56 upvotes, $0
CVE-2023-29489 XSS in cpanel at [www.███] - Securado, Oman to U.S. Dept Of Defense - 56 upvotes, $0
Unauthenticated SQL Injection at █████████ [HtUS] to U.S. Dept Of Defense - 54 upvotes, $0
LFI with potential to RCE on ██████ using CVE-2019-3396 to U.S. Dept Of Defense - 53 upvotes, $0
Improper Authentication (Login without Registration with any user) at ████ to U.S. Dept Of Defense - 51 upvotes, $0
Information disclousure by clicking on the link shown in http://████████/ to U.S. Dept Of Defense - 48 upvotes, $0
Log4Shell: RCE 0-day exploit on █████████ to U.S. Dept Of Defense - 48 upvotes, $0
SSRF to read AWS metaData at https://█████/ [HtUS] to U.S. Dept Of Defense - 46 upvotes, $1000
SQL Injection in ████ to U.S. Dept Of Defense - 46 upvotes, $0
Local File Inclusion vulnerability on an Army system allows downloading local files to U.S. Dept Of Defense - 44 upvotes, $0
SQL Injection vulnerability located at ████████ to U.S. Dept Of Defense - 44 upvotes, $0
Gateway information leakage to U.S. Dept Of Defense - 43 upvotes, $0
Xss - ███ to U.S. Dept Of Defense - 43 upvotes, $0
Leaked DB credentials on https://██████████.mil/███ to U.S. Dept Of Defense - 42 upvotes, $0
Unauthenticated Access to Admin Panel Functions at https://██████████/████████ to U.S. Dept Of Defense - 42 upvotes, $0
Remote Code Execution via Insecure Deserialization in Telerik UI to U.S. Dept Of Defense - 41 upvotes, $0
Attacker can Add itself as admin user and can also change privileges of Existing Users [█████████] to U.S. Dept Of Defense - 40 upvotes, $0
Account takeover through CSRF in http://███████/██████████/default.asp to U.S. Dept Of Defense - 39 upvotes, $0
HTTP Request Smuggling to U.S. Dept Of Defense - 39 upvotes, $0
IDOR to delete profile images in https:███████ to U.S. Dept Of Defense - 37 upvotes, $0
SSRF in Functional Administrative Support Tool pdf generator (████) [HtUS] to U.S. Dept Of Defense - 36 upvotes, $4000
Arbitrary File Reading leads to RCE in the Pulse Secure SSL VPN on the https://████ to U.S. Dept Of Defense - 36 upvotes, $0
Blind Sql Injection https:/████████ to U.S. Dept Of Defense - 35 upvotes, $0
Unauthenticated Jenkins instance exposed information related to █████ to U.S. Dept Of Defense - 35 upvotes, $0
Blind Stored XSS Payload fired at the backend on https://█████████/ to U.S. Dept Of Defense - 33 upvotes, $0
Web Cache Poisoning on █████ to U.S. Dept Of Defense - 33 upvotes, $0
Subdomain takeover of █████████ to U.S. Dept Of Defense - 33 upvotes, $0
[HTA2] Authorization Bypass on https://██████ leaks confidential aircraft/missile information to U.S. Dept Of Defense - 33 upvotes, $0
[HTA2] XXE on https://███ via SpellCheck Endpoint. to U.S. Dept Of Defense - 33 upvotes, $0
XSS in Cisco Endpoint to U.S. Dept Of Defense - 33 upvotes, $0
RCE in ███ [CVE-2021-26084] to U.S. Dept Of Defense - 33 upvotes, $0
Xss Parameter: /<s>/[*]/<s>.css ████████ to U.S. Dept Of Defense - 33 upvotes, $0
Critical sensitive information Disclosure. [HtUS] to U.S. Dept Of Defense - 32 upvotes, $500
403 Forbidden Bypass at www.██████.mil to U.S. Dept Of Defense - 32 upvotes, $0
POST based RXSS on https://███████/ via ███ parameter to U.S. Dept Of Defense - 32 upvotes, $0
EC2 subdomain takeover at http://████████/ to U.S. Dept Of Defense - 32 upvotes, $0
Unathenticated file read (CVE-2020-3452) to U.S. Dept Of Defense - 32 upvotes, $0
XXE on DoD web server to U.S. Dept Of Defense - 31 upvotes, $0
Remote code execution on an Army website to U.S. Dept Of Defense - 31 upvotes, $0
Pulse Secure File disclosure, clear text and potential RCE to U.S. Dept Of Defense - 31 upvotes, $0
Unrestricted File Upload to U.S. Dept Of Defense - 30 upvotes, $0
SSRF+XSS to U.S. Dept Of Defense - 30 upvotes, $0
[██████] Cross-origin resource sharing misconfiguration (CORS) to U.S. Dept Of Defense - 30 upvotes, $0
Remote Code Execution (RCE) in a DoD website to U.S. Dept Of Defense - 29 upvotes, $0
SOAP WSDL Parser SQL Code Execution to U.S. Dept Of Defense - 29 upvotes, $0
SQL injection my method -1 OR 321=6 AND 000159=000159 to U.S. Dept Of Defense - 29 upvotes, $0
DoD internal documents are leaked to the public to U.S. Dept Of Defense - 29 upvotes, $0
Information Disclosure to U.S. Dept Of Defense - 28 upvotes, $0
SQL injection to U.S. Dept Of Defense - 28 upvotes, $0
SSRF vulnerability on ██████████ leaks internal IP and various sensitive information to U.S. Dept Of Defense - 28 upvotes, $0
Reflected Xss to U.S. Dept Of Defense - 28 upvotes, $0
[███████] Remote Code Execution at ██████ [CVE-2021-44529] [HtUS] to U.S. Dept Of Defense - 27 upvotes, $1000
Trace.axd page leaks sensitive information to U.S. Dept Of Defense - 27 upvotes, $0
[hta3] Remote Code Execution on https://███ via improper access control to SCORM Zip upload/import to U.S. Dept Of Defense - 27 upvotes, $0
Splunk Sensitive Information Disclosure @████████ to U.S. Dept Of Defense - 27 upvotes, $0
Reflected xss on https://█████████ to U.S. Dept Of Defense - 27 upvotes, $0
SQL injection at [https://█████████] [HtUS] to U.S. Dept Of Defense - 26 upvotes, $0
SQL Injection at https://████████.asp (█████████) [selMajcom] [HtUS] to U.S. Dept Of Defense - 26 upvotes, $0
Reflected XSS to U.S. Dept Of Defense - 26 upvotes, $0
Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464) to U.S. Dept Of Defense - 26 upvotes, $0
Command Injection (via CVE-2019-11510 and CVE-2019-11539) to U.S. Dept Of Defense - 25 upvotes, $0
Authentication bypass and RCE on the https://████ due to exposed Cisco TelePresence SX80 with default credentials to U.S. Dept Of Defense - 25 upvotes, $0
CSRF to Cross-site Scripting (XSS) to U.S. Dept Of Defense - 25 upvotes, $0
Remote Code Execution via Insecure Deserialization in Telerik UI (CVE-2019-18935) to U.S. Dept Of Defense - 25 upvotes, $0
RCE on a Department of Defense website to U.S. Dept Of Defense - 24 upvotes, $0
Request smuggling on ████████ to U.S. Dept Of Defense - 24 upvotes, $0
Video player on ███ allows arbitrary remote videos to be played to U.S. Dept Of Defense - 24 upvotes, $0
████ - Complete account takeover to U.S. Dept Of Defense - 24 upvotes, $0
SQL Injection in the move_papers.php on the https://██████████ to U.S. Dept Of Defense - 24 upvotes, $0
RCE via File Upload with a Null Byte Truncated File Extension at https://██████/ to U.S. Dept Of Defense - 24 upvotes, $0
CSRF Account Deletion on ███ Website to U.S. Dept Of Defense - 23 upvotes, $0
Reflected XSS in https://www.█████/ to U.S. Dept Of Defense - 23 upvotes, $0
Apache solr RCE via velocity template to U.S. Dept Of Defense - 23 upvotes, $0
█████████ IDOR leads to disclosure of PHI/PII to U.S. Dept Of Defense - 23 upvotes, $0
Default Admin Username and Password on █████ Server at █████████mil to U.S. Dept Of Defense - 23 upvotes, $0
SQL injection on the https://████/ to U.S. Dept Of Defense - 22 upvotes, $0
[Partial] SSN & [PII] exposed through iPERMs Presentation Slide. to U.S. Dept Of Defense - 22 upvotes, $0
Unauthenticated Blind SSRF at https://█████ via xmlrpc.php file to U.S. Dept Of Defense - 22 upvotes, $0
Docker Registry without authentication leads to docker images download to U.S. Dept Of Defense - 22 upvotes, $0
SSRF on █████████ Allowing internal server data access to U.S. Dept Of Defense - 21 upvotes, $0
Examples directory is PUBLIC on https://████████mil, leading to multiple vulns to U.S. Dept Of Defense - 21 upvotes, $0
Subdomain takeover due to an unclaimed Amazon S3 bucket on ███ to U.S. Dept Of Defense - 21 upvotes, $0
IDOR to Account Takeover on https://████/index.html to U.S. Dept Of Defense - 21 upvotes, $0
Reflected XSS in https://www.██████/ to U.S. Dept Of Defense - 21 upvotes, $0
Full account takeover on https://████████.mil to U.S. Dept Of Defense - 21 upvotes, $0
Reflected XSS in ████████████ to U.S. Dept Of Defense - 21 upvotes, $0
Leaks of username and password leads to CVE-2018-18862 exploitation to U.S. Dept Of Defense - 21 upvotes, $0
Arbitrary File Reading leads to RCE in the Pulse Secure SSL VPN on the https://███ to U.S. Dept Of Defense - 20 upvotes, $0
CSRF - Close Account to U.S. Dept Of Defense - 20 upvotes, $0
Path traversal on https://███ allows arbitrary file read (CVE-2020-3452) to U.S. Dept Of Defense - 20 upvotes, $0
[████████] RXSS via "CurrentFolder" parameter to U.S. Dept Of Defense - 20 upvotes, $0
███ exposes sensitive shipment information to public web to U.S. Dept Of Defense - 19 upvotes, $0
Access to all █████████ files, including CAC authentication bypass to U.S. Dept Of Defense - 19 upvotes, $0
Publicly accessible Order confirmations leaking User Emails on ███ to U.S. Dept Of Defense - 19 upvotes, $0
Remote Code Execution on █████████ to U.S. Dept Of Defense - 19 upvotes, $0
critical information disclosure to U.S. Dept Of Defense - 19 upvotes, $0
[CVE-2018-7600] Remote Code Execution due to outdated Drupal server on www.█████████ to U.S. Dept Of Defense - 19 upvotes, $0
Reflected XSS on ███ to U.S. Dept Of Defense - 19 upvotes, $0
IDOR while uploading ████ attachments at [█████████] to U.S. Dept Of Defense - 19 upvotes, $0
[hta3] Chain of ESI Injection & Reflected XSS leading to Account Takeover on [███] to U.S. Dept Of Defense - 18 upvotes, $750
[REMOTE] Full Account Takeover At https://██████████████/CAS/ to U.S. Dept Of Defense - 18 upvotes, $0
Subdomain takeover of ████ to U.S. Dept Of Defense - 18 upvotes, $0
https://██████ vulnerable to CVE-2020-3187 - Unauthenticated arbitrary file deletion in Cisco ASA/FTD to U.S. Dept Of Defense - 18 upvotes, $0
XSS Reflect to POST █████ to U.S. Dept Of Defense - 18 upvotes, $0
Blind SQL iNJECTION to U.S. Dept Of Defense - 18 upvotes, $0
Self stored Xss + Login Csrf to U.S. Dept Of Defense - 18 upvotes, $0
time based SQL injection at [https://███] [HtUS] to U.S. Dept Of Defense - 18 upvotes, $0
Reflected XSS on ██████.mil to U.S. Dept Of Defense - 18 upvotes, $0
Client side authentication leads to Auth Bypass to U.S. Dept Of Defense - 18 upvotes, $0
Misconfigured password reset vulnerability on a DoD website to U.S. Dept Of Defense - 17 upvotes, $0
SQL injection vulnerability on a DoD website to U.S. Dept Of Defense - 17 upvotes, $0
Remote code execution vulnerability on a DoD website to U.S. Dept Of Defense - 17 upvotes, $0
Remote Code Execution (RCE) in DoD Websites to U.S. Dept Of Defense - 17 upvotes, $0
███████ Site Exposes █████████ forms to U.S. Dept Of Defense - 17 upvotes, $0
Partial SSN exposed through Presentation slides on ██████████ to U.S. Dept Of Defense - 17 upvotes, $0
PII leakage due to scrceenshot of health records to U.S. Dept Of Defense - 17 upvotes, $0
Self XSS combine CSRF at https://████████/index.php to U.S. Dept Of Defense - 17 upvotes, $0
███ is vulnerable to CVE-2020-3452 Read-Only Path Traversal Vulnerability to U.S. Dept Of Defense - 17 upvotes, $0
Sensitive information disclosure [HtUS] to U.S. Dept Of Defense - 17 upvotes, $0
Parâmetro XSS: Nome de usuário - █████████ to U.S. Dept Of Defense - 17 upvotes, $0
Reflected XSS on https://█████████/ to U.S. Dept Of Defense - 16 upvotes, $0
RXSS - https://████████/ to U.S. Dept Of Defense - 16 upvotes, $0
Arbitrary File Read at ███ via filename parameter to U.S. Dept Of Defense - 16 upvotes, $0
SQL Injection on █████ to U.S. Dept Of Defense - 16 upvotes, $0
Information Disclosure FrontPage Configuration Information to U.S. Dept Of Defense - 16 upvotes, $0
Default Admin Username and Password on ███ to U.S. Dept Of Defense - 16 upvotes, $0
RCE on ███████ [CVE-2021-26084] to U.S. Dept Of Defense - 16 upvotes, $0
Resource Injection - [████████] to U.S. Dept Of Defense - 16 upvotes, $0
XSS on www.██████ alerts and a number of other pages to U.S. Dept Of Defense - 15 upvotes, $0
[█████] — DOM-based XSS on endpoint /?s= to U.S. Dept Of Defense - 15 upvotes, $0
Sensitive information about a ██████ to U.S. Dept Of Defense - 15 upvotes, $0
CSRF to account takeover in https://███████.mil/ to U.S. Dept Of Defense - 15 upvotes, $0
Blind stored XSS due to insecure contact form at https://█████.mil leads to leakage of session token and to U.S. Dept Of Defense - 15 upvotes, $0
Unauth RCE on Jenkins Instance at https://█████████/ to U.S. Dept Of Defense - 15 upvotes, $0
Password Reset link hijacking via Host Header Poisoning leads to account takeover to U.S. Dept Of Defense - 15 upvotes, $0
XSS via X-Forwarded-Host header to U.S. Dept Of Defense - 15 upvotes, $0
IDOR to U.S. Dept Of Defense - 15 upvotes, $0
reflected xss in www.████████.gov to U.S. Dept Of Defense - 15 upvotes, $0
Full Access to sonarQube and Docker to U.S. Dept Of Defense - 15 upvotes, $0
Blind SQLi vulnerability in a DoD Website to U.S. Dept Of Defense - 14 upvotes, $0
IDOR on DoD Website exposes FTP users and passes linked to all accounts! to U.S. Dept Of Defense - 14 upvotes, $0
Open FTP server on a DoD system to U.S. Dept Of Defense - 14 upvotes, $0
PII leakage due to caching of Order/Contract ID's on █████████ to U.S. Dept Of Defense - 14 upvotes, $0
Blind SQL injection on ████████ to U.S. Dept Of Defense - 14 upvotes, $0
Reflected cross-site scripting vulnerability on a DoD website to U.S. Dept Of Defense - 14 upvotes, $0
Exposed Docker Registry at https://████ to U.S. Dept Of Defense - 14 upvotes, $0
Remote Code Execution via CVE-2019-18935 to U.S. Dept Of Defense - 14 upvotes, $0
Local File Disclosure on the ████████ (https://████/) leads to the source code disclosure & DB credentials leak to U.S. Dept Of Defense - 14 upvotes, $0
Old Session Does Not Expires After Password Change to U.S. Dept Of Defense - 14 upvotes, $0
CSRF in https://███ to U.S. Dept Of Defense - 14 upvotes, $0
Subdomain takeover [████████] to U.S. Dept Of Defense - 14 upvotes, $0
Expired SSL Certificate allows credentials steal to U.S. Dept Of Defense - 14 upvotes, $0
[Urgent] Critical Vulnerability [RCE] on ███ vulnerable to Remote Code Execution by exploiting MS15-034, CVE-2015-1635 to U.S. Dept Of Defense - 14 upvotes, $0
SQL injection at [█████████] [HtUS] to U.S. Dept Of Defense - 14 upvotes, $0
[█████] Bug Reports allow for Unrestricted File Upload to U.S. Dept Of Defense - 14 upvotes, $0
SQL injection vulnerability on a DoD website to U.S. Dept Of Defense - 13 upvotes, $0
Remote Code Execution (RCE) in a DoD website to U.S. Dept Of Defense - 13 upvotes, $0
[Critical] Full local fylesystem access (LFI/LFD) as admin via Path Traversal in the misconfigured Java servlet on the https://███/ to U.S. Dept Of Defense - 13 upvotes, $0
PII leakage-Full SSN on ███ to U.S. Dept Of Defense - 13 upvotes, $0
http://████/data.json showing users sensitive information via json file to U.S. Dept Of Defense - 13 upvotes, $0
Remote Code Execution - Unauthenticated Remote Command Injection (via Microsoft SharePoint CVE-2019-0604) to U.S. Dept Of Defense - 13 upvotes, $0
SSN leak due to editable slides to U.S. Dept Of Defense - 13 upvotes, $0
Previously Compromised PulseSSL VPN Hosts to U.S. Dept Of Defense - 13 upvotes, $0
[SQLI ]Time Bassed Injection at ██████████ via /██████/library.php?c=G14 parameter to U.S. Dept Of Defense - 13 upvotes, $0
CSRF to Stored HTML injection at https://www.█████ to U.S. Dept Of Defense - 13 upvotes, $0
Administration Authentication Bypass on https://█████ to U.S. Dept Of Defense - 13 upvotes, $0
DOM Based XSS on https://████ via backURL param to U.S. Dept Of Defense - 13 upvotes, $0
Insufficient Session Expiration on Adobe Connect | https://█████████ to U.S. Dept Of Defense - 13 upvotes, $0
Reflected XSS through ClickJacking to U.S. Dept Of Defense - 13 upvotes, $0
XSS DUE TO CVE-2020-3580 to U.S. Dept Of Defense - 13 upvotes, $0
phpinfo() disclosure info to U.S. Dept Of Defense - 13 upvotes, $0
Stored XSS at https://█████ to U.S. Dept Of Defense - 13 upvotes, $0
xss on reset password page to U.S. Dept Of Defense - 13 upvotes, $0
XSS on ( █████████.gov ) Via URL path to U.S. Dept Of Defense - 13 upvotes, $0
[U.S. Air Force] Information disclosure due unauthenticated access to APIs and system browser functions to U.S. Dept Of Defense - 13 upvotes, $0
CSRF to ATO at https://█████/user/account [HtUS] to U.S. Dept Of Defense - 12 upvotes, $500
Unrestricted File Download / Path Traversal to U.S. Dept Of Defense - 12 upvotes, $0
DOM Based XSS on an Army website to U.S. Dept Of Defense - 12 upvotes, $0
SQL injections to U.S. Dept Of Defense - 12 upvotes, $0
RCE on https://█████/ Using CVE-2017-9248 to U.S. Dept Of Defense - 12 upvotes, $0
No Rate Limiting on https://██████/██████████/accounts/password/reset/ endpoint leads to Denial of Service to U.S. Dept Of Defense - 12 upvotes, $0
Unrestricted File Upload Leads to XSS & Potential RCE to U.S. Dept Of Defense - 12 upvotes, $0
PII Leak of USCG Designated Examiner List at https://www.███ to U.S. Dept Of Defense - 12 upvotes, $0
CSRF to Cross-site Scripting (XSS) to U.S. Dept Of Defense - 12 upvotes, $0
Reflected XSS at [████████] to U.S. Dept Of Defense - 12 upvotes, $0
All private support requests to ███████ are being disclosed at https://███████ to U.S. Dept Of Defense - 12 upvotes, $0
Rxss on █████████ via logout?service=javascript:alert(1) to U.S. Dept Of Defense - 12 upvotes, $0
Full account takeover in ███████ due lack of rate limiting in forgot password to U.S. Dept Of Defense - 12 upvotes, $0
Reflected cross site scripting in https://███████ to U.S. Dept Of Defense - 12 upvotes, $0
[XSS] Reflected XSS via POST request to U.S. Dept Of Defense - 12 upvotes, $0
WordPress application vulnerable to DoS attack via wp-cron.php to U.S. Dept Of Defense - 12 upvotes, $0
Local File Read vulnerability on ██████████ [HtUS] to U.S. Dept Of Defense - 11 upvotes, $500
Reflected cross-site scripting vulnerability on a DoD website to U.S. Dept Of Defense - 11 upvotes, $0
Local file inclusion vulnerability on a DoD website to U.S. Dept Of Defense - 11 upvotes, $0
SQL Injection vulnerability in a DoD website to U.S. Dept Of Defense - 11 upvotes, $0
Path traversal on ████████ to U.S. Dept Of Defense - 11 upvotes, $0
MSSQL injection via param Customwho in https://█████/News/Transcripts/Search/Sort/ and WAF bypass to U.S. Dept Of Defense - 11 upvotes, $0
SQL Injection in Login Page: https://█████/█████████/login.php to U.S. Dept Of Defense - 11 upvotes, $0
PII/PHI data available on web https://████████Portals/22/Documents/Meetings to U.S. Dept Of Defense - 11 upvotes, $0
IDOR + Account Takeover [UNAUTHENTICATED] to U.S. Dept Of Defense - 11 upvotes, $0
CORS misconfiguration which leads to the disclosure to U.S. Dept Of Defense - 11 upvotes, $0
Sensitive Information Leaking Through DoD Owned Website https://www.█████.mil to U.S. Dept Of Defense - 11 upvotes, $0
Blind Stored XSS on ███████ leads to takeover admin account to U.S. Dept Of Defense - 11 upvotes, $0
External Service Interaction (HTTP/DNS) on https://www.███ (██████████ parameter) to U.S. Dept Of Defense - 11 upvotes, $0
Path Traversal - [ CVE-2020-3452 ] to U.S. Dept Of Defense - 11 upvotes, $0
XML Injection / External Service Interaction (HTTP/DNS) On https://█████████.mil to U.S. Dept Of Defense - 11 upvotes, $0
Reflected Xss https://██████/ to U.S. Dept Of Defense - 11 upvotes, $0
XSS Reflected - ██████████ to U.S. Dept Of Defense - 11 upvotes, $0
CSRF - Delete Account (Urgent) to U.S. Dept Of Defense - 11 upvotes, $0
Account takeover on ███████ [HtUS] to U.S. Dept Of Defense - 11 upvotes, $0
IDOR leaking PII data via VendorId parameter to U.S. Dept Of Defense - 11 upvotes, $0
Sql Injection At █████████ to U.S. Dept Of Defense - 11 upvotes, $0
AWS Credentials Disclosure at ███ to U.S. Dept Of Defense - 11 upvotes, $0
Remote Code Execution (RCE) in a DoD website to U.S. Dept Of Defense - 10 upvotes, $0
SQL injection on █████ due to tech.cfm to U.S. Dept Of Defense - 10 upvotes, $0
CSRF - Modify Company Info to U.S. Dept Of Defense - 10 upvotes, $0
xmlrpc.php FILE IS enable which enables attacker to XSPA Brute-force and even Denial of Service(DOS), in https://████/xmlrpc.php to U.S. Dept Of Defense - 10 upvotes, $0
(CORS) Cross-origin resource sharing misconfiguration to U.S. Dept Of Defense - 10 upvotes, $0
Elmah.axd is publicly accessible and leaking Error Log for ROOT on █████_PRD_WEB1 █████████elmah.axd to U.S. Dept Of Defense - 10 upvotes, $0
Unauthenticated Arbitrary File Deletion ("CVE-2020-3187") in ████████ to U.S. Dept Of Defense - 10 upvotes, $0
Reflected XSS on https://████/ (Bypass of #1002977) to U.S. Dept Of Defense - 10 upvotes, $0
Local File Inclusion In Registration Page to U.S. Dept Of Defense - 10 upvotes, $0
Reflected XSS www.█████ search form to U.S. Dept Of Defense - 10 upvotes, $0
Reflected XSS In https://███████ to U.S. Dept Of Defense - 10 upvotes, $0
critical information disclosure to U.S. Dept Of Defense - 10 upvotes, $0
Git repo on https://██████.mil/ discloses API password to U.S. Dept Of Defense - 10 upvotes, $0
Improper Access Control - Generic on https://████ to U.S. Dept Of Defense - 10 upvotes, $0
https://████ is vulnerable to cve-2020-3452 to U.S. Dept Of Defense - 10 upvotes, $0
Reflected XSS on https://██████ to U.S. Dept Of Defense - 10 upvotes, $0
Reflected XSS through clickjacking at https://████ to U.S. Dept Of Defense - 10 upvotes, $0
Cross site scripting to U.S. Dept Of Defense - 10 upvotes, $0
Broken Authentication to U.S. Dept Of Defense - 10 upvotes, $0
Reflected XSS on [█████████] to U.S. Dept Of Defense - 10 upvotes, $0
The dashboard is exposed in https://███ to U.S. Dept Of Defense - 10 upvotes, $0
Reflected XSS in ██████ to U.S. Dept Of Defense - 10 upvotes, $0
AEM misconfiguration leads to Information disclosure to U.S. Dept Of Defense - 10 upvotes, $0
CSRF to delete accounts [HtUS] to U.S. Dept Of Defense - 10 upvotes, $0
DBMS information getting exposed publicly on -- [ ██████████ ] to U.S. Dept Of Defense - 10 upvotes, $0
Reflective Cross Site Scripting (XSS) on ███████/Pages to U.S. Dept Of Defense - 10 upvotes, $0
Privilege Escalation on a DoD Website to U.S. Dept Of Defense - 9 upvotes, $0
Authentication bypass vulnerability on a DoD website to U.S. Dept Of Defense - 9 upvotes, $0
Reflected XSS on a DoD website to U.S. Dept Of Defense - 9 upvotes, $0
Personal information disclosure on a DoD website to U.S. Dept Of Defense - 9 upvotes, $0
File upload vulnerability on a DoD website to U.S. Dept Of Defense - 9 upvotes, $0
Blind SQLi in a DoD Website to U.S. Dept Of Defense - 9 upvotes, $0
Time Based SQL Injection vulnerability on a DoD website to U.S. Dept Of Defense - 9 upvotes, $0
Remote Code Execution (RCE) in a DoD website to U.S. Dept Of Defense - 9 upvotes, $0
SSRF in ███████ to U.S. Dept Of Defense - 9 upvotes, $0
[CVE-2019-11510 ] Path Traversal on ████████ leads to leaked passwords, RCE, etc to U.S. Dept Of Defense - 9 upvotes, $0
Unrestricted File Upload to ███████SubmitRequest/Index.cfm?fwa=wizardform to U.S. Dept Of Defense - 9 upvotes, $0
SSN is exposed on slides, previous critical report was not fixed in an appropriate way to U.S. Dept Of Defense - 9 upvotes, $0
SharePoint Web Services Exposed to Anonymous Access Users to U.S. Dept Of Defense - 9 upvotes, $0
Reflected XSS on ███████ to U.S. Dept Of Defense - 9 upvotes, $0
Unauthenticated Arbitrary File Deletion "CVE-2020-3187" in █████ to U.S. Dept Of Defense - 9 upvotes, $0
IDOR leads to Leakage an ██████████ Login Information to U.S. Dept Of Defense - 9 upvotes, $0
Reflected XSS at https://████████/███/... to U.S. Dept Of Defense - 9 upvotes, $0
███ on https://████ enable ███ scraping, injection, stored XSS to U.S. Dept Of Defense - 9 upvotes, $0
Reflected XSS to U.S. Dept Of Defense - 9 upvotes, $0
Unauthorized access to admin panel of the Questionmark Perception system at https://██████████ to U.S. Dept Of Defense - 9 upvotes, $0
CSRF Based XSS @ https://██████████ to U.S. Dept Of Defense - 9 upvotes, $0
Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464) to U.S. Dept Of Defense - 9 upvotes, $0
Cache Posioning leading to denial of service at █████████ - Bypass fix from report #1198434 to U.S. Dept Of Defense - 9 upvotes, $0
Unauthenticated Access to Admin Panel Functions at https://███████/███ to U.S. Dept Of Defense - 9 upvotes, $0
insecure gitlab repositories at ████████ [HtUS] to U.S. Dept Of Defense - 9 upvotes, $0
Reflected XSS at ████████ to U.S. Dept Of Defense - 9 upvotes, $0
Sensitive Data Exposure at https://█████████ to U.S. Dept Of Defense - 9 upvotes, $0
CORS Misconfiguration in https://████████/accounts/login/ to U.S. Dept Of Defense - 9 upvotes, $0
Email exploitation with web hosting services. to U.S. Dept Of Defense - 9 upvotes, $0
Exposed GIT repo on ██████████[HtUS] to U.S. Dept Of Defense - 9 upvotes, $0
External service interaction ( DNS and HTTP ) in www.████████ to U.S. Dept Of Defense - 9 upvotes, $0
Unauthorized access to Argo dashboard on █████ to U.S. Dept Of Defense - 9 upvotes, $0
Reflected XSS in a Navy website to U.S. Dept Of Defense - 8 upvotes, $0
Reflected XSS on an Army website to U.S. Dept Of Defense - 8 upvotes, $0
Reflected XSS on a Department of Defense website to U.S. Dept Of Defense - 8 upvotes, $0
Reflected XSS on a Department of Defense website to U.S. Dept Of Defense - 8 upvotes, $0
XSS on a DoD website to U.S. Dept Of Defense - 8 upvotes, $0
Reflected XSS on a DoD website to U.S. Dept Of Defense - 8 upvotes, $0
Server-side include injection vulnerability in a DoD website to U.S. Dept Of Defense - 8 upvotes, $0
Remote code execution (RCE) in multiple DoD websites to U.S. Dept Of Defense - 8 upvotes, $0
Cross-site scripting (XSS) vulnerability on a DoD website to U.S. Dept Of Defense - 8 upvotes, $0
[Critical] Possibility to takeover any user account #2 without interaction on the https://██████████ to U.S. Dept Of Defense - 8 upvotes, $0
Server-Side Request Forgery (SSRF) to U.S. Dept Of Defense - 8 upvotes, $0
[███] SQL injection & Reflected XSS to U.S. Dept Of Defense - 8 upvotes, $0
PII Leak via https://████████ to U.S. Dept Of Defense - 8 upvotes, $0
Tomcat examples available for public, Disclosure Apache Tomcat version, Critical/High/Medium CVE to U.S. Dept Of Defense - 8 upvotes, $0
RCE (Remote code execution) in one of DoD's websites to U.S. Dept Of Defense - 8 upvotes, $0
Сode injection host █████████ to U.S. Dept Of Defense - 8 upvotes, $0
Stored XSS via Comment Form at ████████ to U.S. Dept Of Defense - 8 upvotes, $0
SQLi in login form of █████ to U.S. Dept Of Defense - 8 upvotes, $0
Cross Site Scripting (XSS) – Reflected to U.S. Dept Of Defense - 8 upvotes, $0
DOM XSS on https://www.███████ to U.S. Dept Of Defense - 8 upvotes, $0
PII Information Leak at https://████████.mil/ to U.S. Dept Of Defense - 8 upvotes, $0
PII Leak via /████████ to U.S. Dept Of Defense - 8 upvotes, $0
XML Injection on https://www.█████████ (███ parameter) to U.S. Dept Of Defense - 8 upvotes, $0
RCE in ██████ subdomain via CVE-2017-1000486 to U.S. Dept Of Defense - 8 upvotes, $0
Reflected XSS at www.███████ at /██████████ via the ████████ parameter to U.S. Dept Of Defense - 8 upvotes, $0
SQLi on █████████ to U.S. Dept Of Defense - 8 upvotes, $0
AWS subdomain takeover of www.███████ to U.S. Dept Of Defense - 8 upvotes, $0
Open Akamai ARL XSS at ████████ to U.S. Dept Of Defense - 8 upvotes, $0
Cross-site Scripting (XSS) - Reflected at https://██████████/ to U.S. Dept Of Defense - 8 upvotes, $0
Blind SQL Injection to U.S. Dept Of Defense - 8 upvotes, $0
SQL Injection on https://████████/ to U.S. Dept Of Defense - 8 upvotes, $0
CVE-2020-3187 - Unauthenticated Arbitrary File Deletion to U.S. Dept Of Defense - 8 upvotes, $0
Unauthorized Access to Internal Server Panel without Authentication to U.S. Dept Of Defense - 8 upvotes, $0
Full read SSRF at █████████ [HtUS] to U.S. Dept Of Defense - 8 upvotes, $0
Local file read at https://████/ [HtUS] to U.S. Dept Of Defense - 8 upvotes, $0
.git folder exposed [HtUS] to U.S. Dept Of Defense - 8 upvotes, $0
stored cross site scripting in https://███ to U.S. Dept Of Defense - 8 upvotes, $0
Unauthenticated phpinfo()files could lead to ability file read at █████████ [HtUS] to U.S. Dept Of Defense - 8 upvotes, $0
IDOR when editing email leads to Mass Full ATOs (Account Takeovers) without user interaction on https://██████/ to U.S. Dept Of Defense - 8 upvotes, $0
Elasticsearch is currently open without authentication on https://██████l to U.S. Dept Of Defense - 8 upvotes, $0
Reflected XSS on a Navy website to U.S. Dept Of Defense - 7 upvotes, $0
SQL Injection vulnerability on a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
QuickTime Promotion on a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
Exposed Access Control Data Backup Files on DoD Website to U.S. Dept Of Defense - 7 upvotes, $0
Reflected XSS vulnerability on a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
Information disclosure on a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
Remote Command Execution on a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
Bypass file access control vulnerability on a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
SQL injection vulnerability on a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
Insecure direct object reference vulnerability on a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
SQL injection vulnerability on a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
Information disclosure on a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
Arbitary file download vulnerability on a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
Insecure Direct Object Reference (IDOR) vulnerability in a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
X-XSS-Protection -> Misconfiguration to U.S. Dept Of Defense - 7 upvotes, $0
Root Remote Code Execution on https://███ to U.S. Dept Of Defense - 7 upvotes, $0
Information Disclosure (can access all ███s) within ███████ view █████████ Portal to U.S. Dept Of Defense - 7 upvotes, $0
Open FTP on ███ to U.S. Dept Of Defense - 7 upvotes, $0
Exposed ███████ Administrative Interface (ColdFusion 11) to U.S. Dept Of Defense - 7 upvotes, $0
SharePoint exposed web services to U.S. Dept Of Defense - 7 upvotes, $0
Corda Server XSS ████████ to U.S. Dept Of Defense - 7 upvotes, $0
[████████] Boolean SQL Injection (/personnel.php?content=profile&rcnum=*) to U.S. Dept Of Defense - 7 upvotes, $0
Unrestricted File Upload to U.S. Dept Of Defense - 7 upvotes, $0
Null byte Injection in https://████/ to U.S. Dept Of Defense - 7 upvotes, $0
CVE-2020-3452, unauthenticated file read in Cisco ASA & Cisco Firepower. to U.S. Dept Of Defense - 7 upvotes, $0
CSRF to account takeover in https://█████/ to U.S. Dept Of Defense - 7 upvotes, $0
{███} It is posible download all information and files via S3 Bucket Misconfiguration to U.S. Dept Of Defense - 7 upvotes, $0
SQL Injection in www.██████████ to U.S. Dept Of Defense - 7 upvotes, $0
Reflected XSS on https://█████████html?url to U.S. Dept Of Defense - 7 upvotes, $0
Stored XSS via 64(?) vulnerable fields in ███ leads to credential theft/account takeover to U.S. Dept Of Defense - 7 upvotes, $0
Bypassed a fix to gain access to PII of more than 100 Officers to U.S. Dept Of Defense - 7 upvotes, $0
CVE 2020 14179 on jira instance to U.S. Dept Of Defense - 7 upvotes, $0
Password Cracking - Weak Password Used to Secure ████ Containing a Plaintext Password to U.S. Dept Of Defense - 7 upvotes, $0
SSRF due to CVE-2021-26855 on ████████ to U.S. Dept Of Defense - 7 upvotes, $0
Reflected XSS on ███████ to U.S. Dept Of Defense - 7 upvotes, $0
IDOR on https://██████ via POST UID enables database scraping to U.S. Dept Of Defense - 7 upvotes, $0
████████ portal is open to enumeration once authenticated. Session ID's appear static. All PII available once a valid session ID is found. to U.S. Dept Of Defense - 7 upvotes, $0
XSS on ███ to U.S. Dept Of Defense - 7 upvotes, $0
Sensitive data exposure via https://███████/jira//secure/QueryComponent!Default.jspa - CVE-2020-14179 to U.S. Dept Of Defense - 7 upvotes, $0
RXSS - ████ to U.S. Dept Of Defense - 7 upvotes, $0
Military name,email,phone,address,certdata Disclosure to U.S. Dept Of Defense - 7 upvotes, $0
SQL Injection in █████ to U.S. Dept Of Defense - 7 upvotes, $0
Open Akamai ARL XSS at ████████ to U.S. Dept Of Defense - 7 upvotes, $0
lfi in filePathDownload parameter via ███████ to U.S. Dept Of Defense - 7 upvotes, $0
Blind SSRF via image upload URL downloader on https://██████/ to U.S. Dept Of Defense - 7 upvotes, $0
Host Header Injection on https://███/████████/Account/ForgotPassword to U.S. Dept Of Defense - 7 upvotes, $0
stored cross site scripting in https://██████████ to U.S. Dept Of Defense - 7 upvotes, $0
Upload and delete files in debug page without access control. to U.S. Dept Of Defense - 7 upvotes, $0
DoS at ████████ (CVE-2018-6389) to U.S. Dept Of Defense - 7 upvotes, $0
HAProxy stats panel exposed externally to U.S. Dept Of Defense - 7 upvotes, $0
xmlrpc.php file enabled at ██████.org to U.S. Dept Of Defense - 7 upvotes, $0
Path traversal leads to reading of local files on ███████ and ████ to U.S. Dept Of Defense - 7 upvotes, $0
DoS at █████(CVE-2018-6389) to U.S. Dept Of Defense - 7 upvotes, $0
DOM-XSS to U.S. Dept Of Defense - 7 upvotes, $0
Information leakage on a Department of Defense website to U.S. Dept Of Defense - 6 upvotes, $0
Cross-site scripting (XSS) vulnerability on a DoD website to U.S. Dept Of Defense - 6 upvotes, $0
Remote file inclusion vulnerability on a DoD website to U.S. Dept Of Defense - 6 upvotes, $0
HTML injection vulnerability on a DoD website to U.S. Dept Of Defense - 6 upvotes, $0
Reflected XSS in a DoD Website to U.S. Dept Of Defense - 6 upvotes, $0
Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 6 upvotes, $0
Remote code execution vulnerability on a DoD website to U.S. Dept Of Defense - 6 upvotes, $0
Default credentials on a DoD website to U.S. Dept Of Defense - 6 upvotes, $0
Arbitary file download vulnerability on a DoD website to U.S. Dept Of Defense - 6 upvotes, $0
Arbitary file download vulnerability on a DoD website to U.S. Dept Of Defense - 6 upvotes, $0
Violation of secure design principles on a DoD website to U.S. Dept Of Defense - 6 upvotes, $0
Limited code execution vulnerability on a DoD website to U.S. Dept Of Defense - 6 upvotes, $0
Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 6 upvotes, $0
Remote Code Execution (RCE) vulnerability in a DoD website to U.S. Dept Of Defense - 6 upvotes, $0
Account takeover due to CSRF in "Account details" option on █████████ to U.S. Dept Of Defense - 6 upvotes, $0
██████ Authenticated User Data Disclosure to U.S. Dept Of Defense - 6 upvotes, $0
SQL Injection in the get_publications.php on the https://█████ to U.S. Dept Of Defense - 6 upvotes, $0
SSRF on ████████ to U.S. Dept Of Defense - 6 upvotes, $0
Out-of-date Version (Apache) to U.S. Dept Of Defense - 6 upvotes, $0
Default page exposes admin functions and all metods and classes available. on https://██████/█████/dwr/index.html to U.S. Dept Of Defense - 6 upvotes, $0
Admin Salt Leakage on DoD site. to U.S. Dept Of Defense - 6 upvotes, $0
SharePoint exposed web services to U.S. Dept Of Defense - 6 upvotes, $0
LDAP Injection at ██████ to U.S. Dept Of Defense - 6 upvotes, $0
Partial PII leakage due to public set gitlab to U.S. Dept Of Defense - 6 upvotes, $0
[█████] Get all tickets (IDOR) to U.S. Dept Of Defense - 6 upvotes, $0
██████████ bruteforceable RIC Codes allowing information on contracts to U.S. Dept Of Defense - 6 upvotes, $0
[█████] Reflected GET XSS (/personnel.php?...&rcnum=*) with mouse action to U.S. Dept Of Defense - 6 upvotes, $0
Full Account Take-Over of ████████ Members via IDOR to U.S. Dept Of Defense - 6 upvotes, $0
[Critical] Insufficient Access Control On Registration Page of Webapps Website Allows Privilege Escalation to Administrator to U.S. Dept Of Defense - 6 upvotes, $0
Stored XSS at ██████userprofile.aspx to U.S. Dept Of Defense - 6 upvotes, $0
https://██████ vulnerable to CVE-2020-3187 - Unauthenticated arbitrary file deletion in Cisco ASA/FTD to U.S. Dept Of Defense - 6 upvotes, $0
View another user information with IDOR vulnerability to U.S. Dept Of Defense - 6 upvotes, $0
███████mill is vulnerable to cross site request forgery that leads to full account take over. to U.S. Dept Of Defense - 6 upvotes, $0
Stored XSS at https://www.█████████.mil to U.S. Dept Of Defense - 6 upvotes, $0
Second Order XSS via █████ to U.S. Dept Of Defense - 6 upvotes, $0
Read-only path traversal (CVE-2020-3452) at https://██████.mil to U.S. Dept Of Defense - 6 upvotes, $0
Reflected XSS on █████████ to U.S. Dept Of Defense - 6 upvotes, $0
Website vulnerable to POODLE (SSLv3) with expired certificate to U.S. Dept Of Defense - 6 upvotes, $0
Sending trusted ████ and ██████████ emails through public API endpoint in ███████ site to U.S. Dept Of Defense - 6 upvotes, $0
CVE-2019-3403 on https://████/rest/api/2/user/picker?query= to U.S. Dept Of Defense - 6 upvotes, $0
Elmah.axd is publicly accessible leaking Error Log to U.S. Dept Of Defense - 6 upvotes, $0
[www.███] Reflected Cross-Site Scripting to U.S. Dept Of Defense - 6 upvotes, $0
Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464) to U.S. Dept Of Defense - 6 upvotes, $0
███████ - XSS - CVE-2020-3580 to U.S. Dept Of Defense - 6 upvotes, $0
Reflected XSS at https://█████ via "██████████" parameter to U.S. Dept Of Defense - 6 upvotes, $0
XSS on https://████/ via ███████ parameter to U.S. Dept Of Defense - 6 upvotes, $0
username and password leaked via pptx for █████████ website to U.S. Dept Of Defense - 6 upvotes, $0
[CVE-2020-3452] on ███████ to U.S. Dept Of Defense - 6 upvotes, $0
██████████ vulnerable to CVE-2022-22954 to U.S. Dept Of Defense - 6 upvotes, $0
RXSS on █████████ to U.S. Dept Of Defense - 6 upvotes, $0
Reflected XSS via ████████ parameter to U.S. Dept Of Defense - 6 upvotes, $0
XSS DUE TO CVE-2022-38463 in https://████████ to U.S. Dept Of Defense - 6 upvotes, $0
Authentication bypass leads to Information Disclosure at U.S Air Force "https://███" to U.S. Dept Of Defense - 6 upvotes, $0
XSS via Client Side Template Injection on www.███/News/Speeches to U.S. Dept Of Defense - 6 upvotes, $0
stored cross site scripting in https://███ to U.S. Dept Of Defense - 6 upvotes, $0
Sensitive Data Exposure via wp-config.php file to U.S. Dept Of Defense - 6 upvotes, $0
LDAP Server NULL Bind Connection Information Disclosure to U.S. Dept Of Defense - 6 upvotes, $0
Adobe ColdFusion Access Control Bypass - CVE-2023-38205 to U.S. Dept Of Defense - 6 upvotes, $0
Unauthenticated File Read Adobe ColdFusion to U.S. Dept Of Defense - 6 upvotes, $0
XSS vulnerability on an Army website to U.S. Dept Of Defense - 5 upvotes, $0
Open Redirect in a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
Cross-site request forgery vulnerability on a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
Password reset vulnerability on a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
Remote command execution (RCE) vulnerability on a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
Reflected XSS vulnerability on a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
Open redirect vulnerability in a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
Reflected cross-site scripting (XSS) vulnerability on a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
SQL Injection vulnerability in a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
Server Side Request Forgery (SSRF) vulnerability in a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
https://█████████ Vulnerable to CVE-2018-0296 Cisco ASA Path Traversal Authentication Bypass to U.S. Dept Of Defense - 5 upvotes, $0
sql injection on /messagecenter/messagingcenter at https://www.███████/ to U.S. Dept Of Defense - 5 upvotes, $0
Remote Code Execution (RCE) in a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
Remote File Inclusion, Malicious File Hosting, and Cross-site Scripting (XSS) in ████████ to U.S. Dept Of Defense - 5 upvotes, $0
HTML Injection on ████ to U.S. Dept Of Defense - 5 upvotes, $0
Email PII disclosure due to Insecure Password Reset field to U.S. Dept Of Defense - 5 upvotes, $0
File Upload Restriction Bypass to U.S. Dept Of Defense - 5 upvotes, $0
[██████████] Unauthorized access to admin panel to U.S. Dept Of Defense - 5 upvotes, $0
Internal IP Address Disclosed to U.S. Dept Of Defense - 5 upvotes, $0
Reflected XSS and HTML Injectionon a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
External Service Interaction | https://█████████.mil to U.S. Dept Of Defense - 5 upvotes, $0
PHP info page disclosure to U.S. Dept Of Defense - 5 upvotes, $0
Directory Indexing on the ████ (https://████/) leads to the backups disclosure and credentials leak to U.S. Dept Of Defense - 5 upvotes, $0
PII Leak of ████████ Personal at https://www.█████████ to U.S. Dept Of Defense - 5 upvotes, $0
Improper Access Controls Allow PII Leak via ████ to U.S. Dept Of Defense - 5 upvotes, $0
Knowledge Base Articles are Globally Modifiable via ██████ to U.S. Dept Of Defense - 5 upvotes, $0
Support incident can be opened for any user via /███████ and PII leak via █████████ field to U.S. Dept Of Defense - 5 upvotes, $0
Arbitrary file upload and stored XSS via ███ support request to U.S. Dept Of Defense - 5 upvotes, $0
Access to requests and approvals via /█████ allows sensitive information gathering to U.S. Dept Of Defense - 5 upvotes, $0
HTML Injection + XSS Vulnerability - https://████████/ | Proof of Concept [PoC] to U.S. Dept Of Defense - 5 upvotes, $0
Information Disclosure(PHPINFO/Credentials) on DoD Asset to U.S. Dept Of Defense - 5 upvotes, $0
CRXDE Lite/CRX is on ██████ exposed that leads to PII disclosure to U.S. Dept Of Defense - 5 upvotes, $0
RXSS - https://███/ to U.S. Dept Of Defense - 5 upvotes, $0
Blind Stored XSS on https://█████████ after filling a request at https://█████ to U.S. Dept Of Defense - 5 upvotes, $0
param allows any external resource to be downloadable | https://████████ to U.S. Dept Of Defense - 5 upvotes, $0
reflected xss @ www.█████████ to U.S. Dept Of Defense - 5 upvotes, $0
Misconfigured AWS S3 bucket leaks senstive data such of admin, Prdouction,beta, localhost and many more directories.... to U.S. Dept Of Defense - 5 upvotes, $0
Reflected XSS in https://██████████ via "████████" parameter to U.S. Dept Of Defense - 5 upvotes, $0
[█████████] Reflected Cross-Site Scripting Vulnerability to U.S. Dept Of Defense - 5 upvotes, $0
XSS DUE TO CVE-2020-3580 to U.S. Dept Of Defense - 5 upvotes, $0
S3 bucket listing/download to U.S. Dept Of Defense - 5 upvotes, $0
Subdomain takeover of ███ to U.S. Dept Of Defense - 5 upvotes, $0
Path traversal on [███] to U.S. Dept Of Defense - 5 upvotes, $0
CVE-2020-3187 - Unauthenticated Arbitrary File Deletion to U.S. Dept Of Defense - 5 upvotes, $0
RXSS on ███████ to U.S. Dept Of Defense - 5 upvotes, $0
SSRF ACCESS AWS METADATA - █████ to U.S. Dept Of Defense - 5 upvotes, $0
Account Takeover and Information update due to cross site request forgery via POST █████████/registration/my-account.cfm to U.S. Dept Of Defense - 5 upvotes, $0
Unauthenticated PII leak on verified/requested to be verified profiles on ███████/app/org/{id}/profile/{id}/version/{id} [HtUS] to U.S. Dept Of Defense - 5 upvotes, $0
Reflected XSS | https://████████ to U.S. Dept Of Defense - 5 upvotes, $0
stored cross site scripting in https://███████ to U.S. Dept Of Defense - 5 upvotes, $0
stored cross site scripting in https://██████████ to U.S. Dept Of Defense - 5 upvotes, $0
stored cross site scripting in https://█████████ to U.S. Dept Of Defense - 5 upvotes, $0
stored cross site scripting in https://███ to U.S. Dept Of Defense - 5 upvotes, $0
Authentication Bypass Using Default Credentials on █████ to U.S. Dept Of Defense - 5 upvotes, $0
Install.php File Exposure on Drupal to U.S. Dept Of Defense - 5 upvotes, $0
Reflected XSS in ██████████ to U.S. Dept Of Defense - 5 upvotes, $0
Reflected XSS in ██████████ to U.S. Dept Of Defense - 5 upvotes, $0
Improper Access Control on Media Wiki allows an attackers to restart installation on DoD asset to U.S. Dept Of Defense - 5 upvotes, $0
Default Credentials on Kinetic Core System Console - https://█████/kinetic/app/ to U.S. Dept Of Defense - 5 upvotes, $0
XSS in ServiceNow logout https://████:443 to U.S. Dept Of Defense - 5 upvotes, $0
Persistent XSS vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
Cross-site scripting vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
Cross-site scripting (XSS) vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
Arbitrary Script Injection (Mail) in a DoD Website to U.S. Dept Of Defense - 4 upvotes, $0
Stored cross-site scripting (XSS) on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
HTML Injection/Load Images vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
SQL injection vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
Reflected XSS on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
Cross-Site Scripting (XSS) on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
Reflected XSS on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
Remote Code Execution (RCE) in a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
Server side information disclosure on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
Reflected XSS on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
Reflected XSS on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
Cross-site request forgery (CSRF) vulnerability in a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
Reflected XSS vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
Information disclosure vulnerability in a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
SQL Injection vulnerability in a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
SQL Injection vulnerability in a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
SQL injection vulnerability in a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
Reflective XSS vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
Stored cross site scripting (XSS) vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
SQL injection vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
Remote Code Execution (RCE) vulnerability in multiple DoD websites to U.S. Dept Of Defense - 4 upvotes, $0
Cross-site scripting (XSS) vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
Cross-site scripting (XSS) on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
SQL Injection vulnerability in a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
Remote OS command Execution in the 3 more Oracle Weblogic on the ████████, ████, ███████ [CVE-2017-10352] to U.S. Dept Of Defense - 4 upvotes, $0
Admin panel take over | User info leakage | Mass Comprimise to U.S. Dept Of Defense - 4 upvotes, $0
Code reversion allowing SQLI again in ███████ to U.S. Dept Of Defense - 4 upvotes, $0
Remote Code Execution (RCE) in a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
Critical information disclosure at https://█████████ to U.S. Dept Of Defense - 4 upvotes, $0
CRLF Injection on ███████ to U.S. Dept Of Defense - 4 upvotes, $0
WebLogic Server Side Request Forgery to U.S. Dept Of Defense - 4 upvotes, $0
[████████] Reflected XSS to U.S. Dept Of Defense - 4 upvotes, $0
[███████] Reflected GET XSS (/mission.php?...&missionDate=*) to U.S. Dept Of Defense - 4 upvotes, $0
Firewall rules for ████████ can be bypassed to leak site authors to U.S. Dept Of Defense - 4 upvotes, $0
idor on upload profile functionality to U.S. Dept Of Defense - 4 upvotes, $0
Application level DoS via xmlrpc.php to U.S. Dept Of Defense - 4 upvotes, $0
Unrestricted file upload leads to stored xss on https://████████/ to U.S. Dept Of Defense - 4 upvotes, $0
HTML Injection leads to XSS on███ to U.S. Dept Of Defense - 4 upvotes, $0
[██████████.mil] Cisco VPN Service Path Traversal to U.S. Dept Of Defense - 4 upvotes, $0
[CVE-2020-3452] Unauthenticated file read in Cisco ASA to U.S. Dept Of Defense - 4 upvotes, $0
hardcoded password stored in javascript of https://████.mil to U.S. Dept Of Defense - 4 upvotes, $0
Able to authenticate as administrator by navigating to https://█████/admin/ to U.S. Dept Of Defense - 4 upvotes, $0
Able to log in with default ██████g creds at https█████████████████████.mil to U.S. Dept Of Defense - 4 upvotes, $0
Insecure ███████ credentials on staging app at ████ leads to application takeover to U.S. Dept Of Defense - 4 upvotes, $0
Register with non accepted email types on https://███████ to U.S. Dept Of Defense - 4 upvotes, $0
Dashboard sharing enables code injection into ████ emails to U.S. Dept Of Defense - 4 upvotes, $0
PII Leak via /███████ to U.S. Dept Of Defense - 4 upvotes, $0
PII Leak via /██████ to U.S. Dept Of Defense - 4 upvotes, $0
Stored XSS through name / last name on https://██████████/ to U.S. Dept Of Defense - 4 upvotes, $0
Self XSS + CSRF Leads to Reflected XSS in https://████/ to U.S. Dept Of Defense - 4 upvotes, $0
CVE-2021-26855 on ████████ resulting in SSRF to U.S. Dept Of Defense - 4 upvotes, $0
Read-only path traversal (CVE-2020-3452) at https://█████ to U.S. Dept Of Defense - 4 upvotes, $0
Read-only path traversal (CVE-2020-3452) at https://████████ to U.S. Dept Of Defense - 4 upvotes, $0
Cache Posioning leading do Denial of Service on www.█████████ to U.S. Dept Of Defense - 4 upvotes, $0
xss on https://███████(█████████ parameter) to U.S. Dept Of Defense - 4 upvotes, $0
XSS due to CVE-2020-3580 [██████] to U.S. Dept Of Defense - 4 upvotes, $0
Reflected XSS at ████ via ██████████= parameter to U.S. Dept Of Defense - 4 upvotes, $0
Wrong settings in ADF Faces leads to information disclosure to U.S. Dept Of Defense - 4 upvotes, $0
██████████ running a vulnerable log4j to U.S. Dept Of Defense - 4 upvotes, $0
default ████ creds on https://████████ to U.S. Dept Of Defense - 4 upvotes, $0
Reflected XSS at https://█████████ via "███" parameter to U.S. Dept Of Defense - 4 upvotes, $0
Broken access control, can lead to legitimate user data loss to U.S. Dept Of Defense - 4 upvotes, $0
███ vulnerable to CVE-2022-22954 to U.S. Dept Of Defense - 4 upvotes, $0
SSRF due to CVE-2021-27905 in www.████████ to U.S. Dept Of Defense - 4 upvotes, $0
springboot actuator is leaking internals at ██████████ to U.S. Dept Of Defense - 4 upvotes, $0
Broken access discloses users and PII at https://███████ [HtUS] to U.S. Dept Of Defense - 4 upvotes, $0
Found Origin IP's Lead To Access ████ to U.S. Dept Of Defense - 4 upvotes, $0
IDOR on ███████ [HtUS] to U.S. Dept Of Defense - 4 upvotes, $0
stored cross site scripting in https://████ to U.S. Dept Of Defense - 4 upvotes, $0
stored cross site scripting in https://███ to U.S. Dept Of Defense - 4 upvotes, $0
DNS Misconfiguration to U.S. Dept Of Defense - 3 upvotes, $0
Server side information disclosure to U.S. Dept Of Defense - 3 upvotes, $0
XSS vulnerability on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
Potentially sensitive information disclosure on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
Misconfigured user account settings on DoD website to U.S. Dept Of Defense - 3 upvotes, $0
Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
Remote Code Execution (RCE) in a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
Reflected XSS on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
Reflected XSS on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
DOM Based XSS on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
Time Based SQL Injection vulnerability on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
Reflected XSS vulnerability on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
Cross-site request forgery (CSRF) vulnerability on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
Remote code execution vulnerability on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
Reflected XSS vulnerability on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
Reflected XSS on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
Online training material disclosing username and password to U.S. Dept Of Defense - 3 upvotes, $0
https://████████ Impacted by DNN ImageHandler SSRF to U.S. Dept Of Defense - 3 upvotes, $0
████████ SQL to U.S. Dept Of Defense - 3 upvotes, $0
Attackers can control which security questions they are presented (████████) to U.S. Dept Of Defense - 3 upvotes, $0
SQL injection on https://███████ to U.S. Dept Of Defense - 3 upvotes, $0
Insecure Direct Object Reference on in-scope .mil website to U.S. Dept Of Defense - 3 upvotes, $0
Sensitive Email disclosure Due to Insecure Reactivate Account field to U.S. Dept Of Defense - 3 upvotes, $0
Able to view Backend Database dur to improper authentication to U.S. Dept Of Defense - 3 upvotes, $0
█████ - DOM-based XSS to U.S. Dept Of Defense - 3 upvotes, $0
█████ - DOM-based XSS to U.S. Dept Of Defense - 3 upvotes, $0
[██████] Reflected GET XSS (/personnel.php?..&folder=*) with mouse action to U.S. Dept Of Defense - 3 upvotes, $0
████ █████ exposes highly sensitive information to public to U.S. Dept Of Defense - 3 upvotes, $0
█████████ - Insecure download cookie generation allows bypass of CAC authentication, access to deleted and locked files to U.S. Dept Of Defense - 3 upvotes, $0
Improper Neutralization of Input During Web Page Generation to U.S. Dept Of Defense - 3 upvotes, $0
No ACL on S3 Bucket in [https://www.██████████/] to U.S. Dept Of Defense - 3 upvotes, $0
Domian Takeover in [███████] to U.S. Dept Of Defense - 3 upvotes, $0
[████████] — XSS on /███████_flight/images via advanced_val parameter to U.S. Dept Of Defense - 3 upvotes, $0
XSS Reflected to U.S. Dept Of Defense - 3 upvotes, $0
Reflected XSS on ███████ page to U.S. Dept Of Defense - 3 upvotes, $0
[████] SQL Injections on Referer Header exploitable via Time-Based method to U.S. Dept Of Defense - 3 upvotes, $0
Reflected XSS in https://███████ via search parameter to U.S. Dept Of Defense - 3 upvotes, $0
PII Leak (such as CAC User ID) at https://████████/pages/login.aspx to U.S. Dept Of Defense - 3 upvotes, $0
Apparent ██████████ website is publicly exposed, suggests default account details on page and has expired SSL/TLS cert to U.S. Dept Of Defense - 3 upvotes, $0
POST based RXSS on https://█████ via frm_email parameter to U.S. Dept Of Defense - 3 upvotes, $0
Sensitive data exposure via https://███/secure/QueryComponent!Default.jspa - CVE-2020-14179 to U.S. Dept Of Defense - 3 upvotes, $0
Sensitive data exposure via https://███████/secure/QueryComponent!Default.jspa - CVE-2020-14179 to U.S. Dept Of Defense - 3 upvotes, $0
System Error Reveals Sensitive SQL Call Data to U.S. Dept Of Defense - 3 upvotes, $0
Members Personal Information Leak Due to IDOR to U.S. Dept Of Defense - 3 upvotes, $0
[HTAF4-213] [Pre-submission] CVE-2018-2879 (padding oracle attack in the Oracle Access Manager) at https://█████████ to U.S. Dept Of Defense - 3 upvotes, $0
https://██████/ Vulnerable to CVE-2013-3827 (Directory-traversal vulnerability) to U.S. Dept Of Defense - 3 upvotes, $0
SQL injection located in ███ in POST param ████████ to U.S. Dept Of Defense - 3 upvotes, $0
Unauthorized access to PII leads to MASS account Takeover to U.S. Dept Of Defense - 3 upvotes, $0
Reflected XSS at https://██████/██████████ via "████████" parameter to U.S. Dept Of Defense - 3 upvotes, $0
Reflected XSS at https://██████/██████ via "██████" parameter to U.S. Dept Of Defense - 3 upvotes, $0
XSS trigger via HTML Iframe injection in ( https://██████████ ) due to unfiltered HTML tags to U.S. Dept Of Defense - 3 upvotes, $0
CUI Labelled document out in the open to U.S. Dept Of Defense - 3 upvotes, $0
XSS Reflected - ███ to U.S. Dept Of Defense - 3 upvotes, $0
XSS on https://██████/███ via █████ parameter to U.S. Dept Of Defense - 3 upvotes, $0
SQL INJECTION in https://████/██████████ to U.S. Dept Of Defense - 3 upvotes, $0
Reflected XSS [██████] to U.S. Dept Of Defense - 3 upvotes, $0
[CVE-2020-3452] Unauthenticated file read in Cisco ASA to U.S. Dept Of Defense - 3 upvotes, $0
RXSS on █████████ to U.S. Dept Of Defense - 3 upvotes, $0
Reflected Xss in [██████] to U.S. Dept Of Defense - 3 upvotes, $0
Reflected XSS [██████] to U.S. Dept Of Defense - 3 upvotes, $0
Open Redirect at █████ to U.S. Dept Of Defense - 3 upvotes, $0
[HTA2] Receiving████ access request on @wearehackerone.com email address to U.S. Dept Of Defense - 2 upvotes, $750
Information disclosure on a DoD website to U.S. Dept Of Defense - 2 upvotes, $0
Reflected XSS vulnerability in a DoD website to U.S. Dept Of Defense - 2 upvotes, $0
Stored XSS vulnerability on a DoD website to U.S. Dept Of Defense - 2 upvotes, $0
Reflected XSS on a DoD website to U.S. Dept Of Defense - 2 upvotes, $0
SQL Injection vulnerability in a DoD website to U.S. Dept Of Defense - 2 upvotes, $0
SQL Injection vulnerability in a DoD website to U.S. Dept Of Defense - 2 upvotes, $0
2 vulnerabilities of arbitrary code in ████████ - CVE-2017-5929 to U.S. Dept Of Defense - 2 upvotes, $0
Illegal account registration in ████████ to U.S. Dept Of Defense - 2 upvotes, $0
Multiple cryptographic vulnerabilities in login page on ███████ to U.S. Dept Of Defense - 2 upvotes, $0
Exposed FTP Credentials on ███████ to U.S. Dept Of Defense - 2 upvotes, $0
Blind SQL Injection on DoD Site to U.S. Dept Of Defense - 2 upvotes, $0
Sensitive Information Leaking Through DoD Owned Website. [██████████] to U.S. Dept Of Defense - 2 upvotes, $0
Followup - SQL Injection - https://██████████/██████/MSI.portal to U.S. Dept Of Defense - 2 upvotes, $0
CORS Misconfiguration Leads to Exposing User Data to U.S. Dept Of Defense - 2 upvotes, $0
Padding Oracle ms10-070 in the a DoD website (https://██████/) to U.S. Dept Of Defense - 2 upvotes, $0
Admin Login Credential Leak for DoD Gitlab EE instance to U.S. Dept Of Defense - 2 upvotes, $0
Username&password is Disclosure in readme file in [https://█████████] to U.S. Dept Of Defense - 2 upvotes, $0
Sensitive Information Leaking Through DARPA Website. [█████████] to U.S. Dept Of Defense - 2 upvotes, $0
Sensitive Information Leaking Through Navy Website. [█████] to U.S. Dept Of Defense - 2 upvotes, $0
Reflected XSS on https://███████/ to U.S. Dept Of Defense - 2 upvotes, $0
SharePoint Web Services Exposed to Anonymous Access to U.S. Dept Of Defense - 2 upvotes, $0
SSRF in login page using fetch API exposes victims IP address to attacker controled server to U.S. Dept Of Defense - 2 upvotes, $0
Reflected XSS - https://███ to U.S. Dept Of Defense - 2 upvotes, $0
[CVE-2021-29156 on ForgeRock OpenAm] LDAP Injection in Webfinger Protocol! to U.S. Dept Of Defense - 2 upvotes, $0
[CVE-2021-29156] LDAP Injection at https://██████ to U.S. Dept Of Defense - 2 upvotes, $0
Sensitive information on ██████████ to U.S. Dept Of Defense - 2 upvotes, $0
System Error Reveals SQL Information to U.S. Dept Of Defense - 2 upvotes, $0
Information disclosure at '████████' --- CVE-2020-14179 to U.S. Dept Of Defense - 2 upvotes, $0
RXSS Via URI Path - https://██████████/ to U.S. Dept Of Defense - 2 upvotes, $0
Reflected XSS in https://███████ via hidden parameter "████████" to U.S. Dept Of Defense - 2 upvotes, $0
███ ████████ running a vulnerable log4j to U.S. Dept Of Defense - 2 upvotes, $0
Reflected XSS at https://██████████/████████ via "███████" parameter to U.S. Dept Of Defense - 2 upvotes, $0
CVE-2021-42567 - Apereo CAS Reflected XSS on https://█████████ to U.S. Dept Of Defense - 2 upvotes, $0
IDOR - Delete Users Saved Projects to U.S. Dept Of Defense - 2 upvotes, $0
Authorization bypass -> IDOR -> PII Leakage to U.S. Dept Of Defense - 2 upvotes, $0
[www.█████] Path-based reflected Cross Site Scripting to U.S. Dept Of Defense - 2 upvotes, $0
CORS Misconfiguration to U.S. Dept Of Defense - 2 upvotes, $0
Sensitive data exposure via /secure/QueryComponent!Default.jspa endpoint on ████████ to U.S. Dept Of Defense - 2 upvotes, $0
Reflected XSS [███] to U.S. Dept Of Defense - 2 upvotes, $0
[CVE-2020-3452] Unauthenticated file read in Cisco ASA to U.S. Dept Of Defense - 2 upvotes, $0
XSS DUE TO CVE-2020-3580 to U.S. Dept Of Defense - 2 upvotes, $0
an internel important paths disclosure [HtUS] to U.S. Dept Of Defense - 2 upvotes, $0
STORED XSS in █████████/nlc/login.aspx via "edit" GET parameter through markdown editor [HtUS] to U.S. Dept Of Defense - 2 upvotes, $0
Reflected XSS | https://████ to U.S. Dept Of Defense - 2 upvotes, $0
Cross-site scripting (XSS) vulnerability on a DoD website to U.S. Dept Of Defense - 1 upvotes, $0
SQL injection found in US Navy Website (http://███/) to U.S. Dept Of Defense - 1 upvotes, $0
Access to job creation web page on http://████████ to U.S. Dept Of Defense - 1 upvotes, $0
Content-Injection/XSS ████ to U.S. Dept Of Defense - 1 upvotes, $0
█████ - Pre-generation of VIEWSTATE allows CAC bypass to U.S. Dept Of Defense - 1 upvotes, $0
[https://███] Local File Inclusion via graph.php to U.S. Dept Of Defense - 1 upvotes, $0
Publicly accessible Grafana install allows pivoting to Prometheus datasource to U.S. Dept Of Defense - 1 upvotes, $0
Unencrypted __VIEWSTATE parameter in a DoD website to U.S. Dept Of Defense - 1 upvotes, $0
PulseSSL VPN Site with Compromised Creds @ ████ to U.S. Dept Of Defense - 1 upvotes, $0
https://█████ is vulnerable to CVE-2020-3452 Read-Only Path Traversal Vulnerability to U.S. Dept Of Defense - 1 upvotes, $0
Sensitive data exposure via https://████████.mil/secure/QueryComponent!Default.jspa - CVE-2020-14179 to U.S. Dept Of Defense - 1 upvotes, $0
Access to Unclassified / FOUO Advanced Motion Platform of █████████.mil to U.S. Dept Of Defense - 1 upvotes, $0
SharePoint Web Services Exposed to Anonymous Access to U.S. Dept Of Defense - 1 upvotes, $0
Reflected XSS on https://█████ to U.S. Dept Of Defense - 1 upvotes, $0
xss reflected on https://███████- (███ parameters) to U.S. Dept Of Defense - 1 upvotes, $0
XSS Reflected on https://███ (███ parameter) to U.S. Dept Of Defense - 1 upvotes, $0
XSS due to CVE-2020-3580 [███.mil] to U.S. Dept Of Defense - 1 upvotes, $0
CUI labled and ████ and ██████ Restricted ██████ intelligence to U.S. Dept Of Defense - 1 upvotes, $0
XSS due to CVE-2020-3580 [███] to U.S. Dept Of Defense - 1 upvotes, $0
Reflected XSS on https://███/████via hidden parameter "█████████" to U.S. Dept Of Defense - 1 upvotes, $0
[CVE-2020-3452] Unauthenticated file read in Cisco ASA to U.S. Dept Of Defense - 1 upvotes, $0
RXSS ON https://██████████ to U.S. Dept Of Defense - 1 upvotes, $0
(CORS) Cross-origin resource sharing misconfiguration on https://█████████ to U.S. Dept Of Defense - 1 upvotes, $0
XSS because of Akamai ARL misconfiguration on ████ to U.S. Dept Of Defense - 1 upvotes, $0
Reflected XSS - in Email Input to U.S. Dept Of Defense - 1 upvotes, $0
CSRF - Modify User Settings with one click - Account TakeOver to U.S. Dept Of Defense - 1 upvotes, $0
Arbitrary File Deletion (CVE-2020-3187) on ████████ to U.S. Dept Of Defense - 1 upvotes, $0
CVE-2020-3452 on https://█████/ to U.S. Dept Of Defense - 1 upvotes, $0
Bypassing CORS Misconfiguration Leads to Sensitive Exposure at https://███/ to U.S. Dept Of Defense - 1 upvotes, $0
XSS on https://███████/██████████ parameter to U.S. Dept Of Defense - 1 upvotes, $0
XSS on https://████████/████' parameter to U.S. Dept Of Defense - 1 upvotes, $0
██████_log4j - https://██████ to U.S. Dept Of Defense - 1 upvotes, $0
solr_log4j - http://██████████ to U.S. Dept Of Defense - 1 upvotes, $0
Directory Traversal at █████ to U.S. Dept Of Defense - 1 upvotes, $0
IDOR Lead To VIEW & DELETE & Create api_key [HtUS] to U.S. Dept Of Defense - 1 upvotes, $0
Unprotected ██████ and Test site API Exposes Documents, Credentials, and Emails in ██████████ Proposal System to U.S. Dept Of Defense - 1 upvotes, $0
Two Error-Based SQLi in courses.aspx on ██████████ to U.S. Dept Of Defense - 0 upvotes, $0
SQL Injection - https://███/█████████/MSI.portal to U.S. Dept Of Defense - 0 upvotes, $0
[██████████] — Directory traversal via /aerosol-bin/███████/display_directory_████_t.cgi to U.S. Dept Of Defense - 0 upvotes, $0
Stored XSS on ████████helpdesk to U.S. Dept Of Defense - 0 upvotes, $0
Sensitive information on '████████' to U.S. Dept Of Defense - 0 upvotes, $0
CUI labled and ████ Restricted pdf on █████ to U.S. Dept Of Defense - 0 upvotes, $0
Access to admininstrative resources/account via path traversal to U.S. Dept Of Defense - 0 upvotes, $0

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

TOPUSDEPTOFDEFENSE.md

TOPUSDEPTOFDEFENSE.md

Files

TOPUSDEPTOFDEFENSE.md

Latest commit

History

TOPUSDEPTOFDEFENSE.md

File metadata and controls