Skip to content

Latest commit

 

History

History
744 lines (743 loc) · 106 KB

TOPUSDEPTOFDEFENSE.md

File metadata and controls

744 lines (743 loc) · 106 KB

Top reports from U.S. Dept Of Defense program at HackerOne:

  1. Stored Xss Vulnerability on ████████ to U.S. Dept Of Defense - 187 upvotes, $0
  2. Bypassing CORS Misconfiguration Leads to Sensitive Exposure to U.S. Dept Of Defense - 142 upvotes, $0
  3. Public instance of Jenkins on https://██████████/ with /script enabled to U.S. Dept Of Defense - 113 upvotes, $0
  4. [hta3] Remote Code Execution on ████ to U.S. Dept Of Defense - 99 upvotes, $0
  5. Wordpress Takeover using setup configuration at http://████.edu [HtUS] to U.S. Dept Of Defense - 97 upvotes, $1000
  6. Remote Code Execution in ██████ to U.S. Dept Of Defense - 93 upvotes, $0
  7. [███████] Information disclosure due unauthenticated access to APIs and system browser functions to U.S. Dept Of Defense - 93 upvotes, $0
  8. LOGJ4 VUlnerability [HtUS] to U.S. Dept Of Defense - 92 upvotes, $1000
  9. XXE in DoD website that may lead to RCE to U.S. Dept Of Defense - 91 upvotes, $0
  10. Remote Code Execution (RCE) in a DoD website to U.S. Dept Of Defense - 83 upvotes, $0
  11. [SQLI ]Time Bassed Injection at ██████████ via referer header to U.S. Dept Of Defense - 83 upvotes, $0
  12. ███ leaking PII of tour visitors (names, email addresses, phone numbers) via misconfigured record permissions to U.S. Dept Of Defense - 82 upvotes, $0
  13. SQL Injection on www.██████████ on countID parameter to U.S. Dept Of Defense - 79 upvotes, $0
  14. User automatically logged in as Sys Admin user on https://███/Administration/Administration.aspx to U.S. Dept Of Defense - 79 upvotes, $0
  15. Time based SQL injection at████████ to U.S. Dept Of Defense - 75 upvotes, $0
  16. SQL Injection in ████ to U.S. Dept Of Defense - 71 upvotes, $0
  17. CVE-2020-3187 - Unauthenticated Arbitrary File Deletion to U.S. Dept Of Defense - 70 upvotes, $0
  18. RCE on █████ via CVE-2017-10271 to U.S. Dept Of Defense - 68 upvotes, $0
  19. [█████████] Administrative access to Oracle WebLogic Server using default credentials to U.S. Dept Of Defense - 62 upvotes, $0
  20. Full account takeover of any user through reset password to U.S. Dept Of Defense - 61 upvotes, $0
  21. Remote Code Execution through DNN Cookie Deserialization to U.S. Dept Of Defense - 56 upvotes, $0
  22. CVE-2023-29489 XSS in cpanel at [www.███] - Securado, Oman to U.S. Dept Of Defense - 56 upvotes, $0
  23. Unauthenticated SQL Injection at █████████ [HtUS] to U.S. Dept Of Defense - 55 upvotes, $0
  24. LFI with potential to RCE on ██████ using CVE-2019-3396 to U.S. Dept Of Defense - 53 upvotes, $0
  25. Improper Authentication (Login without Registration with any user) at ████ to U.S. Dept Of Defense - 53 upvotes, $0
  26. Reflected XSS via Keycloak on ███ [CVE-2021-20323] to U.S. Dept Of Defense - 50 upvotes, $0
  27. Information disclousure by clicking on the link shown in http://████████/ to U.S. Dept Of Defense - 48 upvotes, $0
  28. Log4Shell: RCE 0-day exploit on █████████ to U.S. Dept Of Defense - 48 upvotes, $0
  29. SSRF to read AWS metaData at https://█████/ [HtUS] to U.S. Dept Of Defense - 46 upvotes, $1000
  30. SQL Injection in ████ to U.S. Dept Of Defense - 46 upvotes, $0
  31. Local File Inclusion vulnerability on an Army system allows downloading local files to U.S. Dept Of Defense - 45 upvotes, $0
  32. SQL Injection vulnerability located at ████████ to U.S. Dept Of Defense - 44 upvotes, $0
  33. Gateway information leakage to U.S. Dept Of Defense - 43 upvotes, $0
  34. Xss - ███ to U.S. Dept Of Defense - 43 upvotes, $0
  35. Remote Code Execution via Insecure Deserialization in Telerik UI to U.S. Dept Of Defense - 42 upvotes, $0
  36. Leaked DB credentials on https://██████████.mil/███ to U.S. Dept Of Defense - 42 upvotes, $0
  37. Unauthenticated Access to Admin Panel Functions at https://██████████/████████ to U.S. Dept Of Defense - 42 upvotes, $0
  38. HTTP Request Smuggling to U.S. Dept Of Defense - 40 upvotes, $0
  39. Attacker can Add itself as admin user and can also change privileges of Existing Users [█████████] to U.S. Dept Of Defense - 40 upvotes, $0
  40. Reflected Cross-site Scripting via search query on ██████ to U.S. Dept Of Defense - 40 upvotes, $0
  41. Account takeover through CSRF in http://███████/██████████/default.asp to U.S. Dept Of Defense - 39 upvotes, $0
  42. IDOR to delete profile images in https:███████ to U.S. Dept Of Defense - 38 upvotes, $0
  43. reflected xss [CVE-2020-3580] to U.S. Dept Of Defense - 38 upvotes, $0
  44. Arbitrary File Reading leads to RCE in the Pulse Secure SSL VPN on the https://████ to U.S. Dept Of Defense - 36 upvotes, $5000
  45. SSRF in Functional Administrative Support Tool pdf generator (████) [HtUS] to U.S. Dept Of Defense - 36 upvotes, $4000
  46. Blind Sql Injection https:/████████ to U.S. Dept Of Defense - 35 upvotes, $0
  47. Unauthenticated Jenkins instance exposed information related to █████ to U.S. Dept Of Defense - 35 upvotes, $0
  48. Xss Parameter: /<s>/[*]/<s>.css ████████ to U.S. Dept Of Defense - 34 upvotes, $0
  49. Blind Stored XSS Payload fired at the backend on https://█████████/ to U.S. Dept Of Defense - 33 upvotes, $0
  50. Web Cache Poisoning on █████ to U.S. Dept Of Defense - 33 upvotes, $0
  51. EC2 subdomain takeover at http://████████/ to U.S. Dept Of Defense - 33 upvotes, $0
  52. Subdomain takeover of █████████ to U.S. Dept Of Defense - 33 upvotes, $0
  53. [HTA2] Authorization Bypass on https://██████ leaks confidential aircraft/missile information to U.S. Dept Of Defense - 33 upvotes, $0
  54. [HTA2] XXE on https://███ via SpellCheck Endpoint. to U.S. Dept Of Defense - 33 upvotes, $0
  55. Unathenticated file read (CVE-2020-3452) to U.S. Dept Of Defense - 33 upvotes, $0
  56. XSS in Cisco Endpoint to U.S. Dept Of Defense - 33 upvotes, $0
  57. RCE in ███ [CVE-2021-26084] to U.S. Dept Of Defense - 33 upvotes, $0
  58. Critical sensitive information Disclosure. [HtUS] to U.S. Dept Of Defense - 32 upvotes, $500
  59. 403 Forbidden Bypass at www.██████.mil to U.S. Dept Of Defense - 32 upvotes, $0
  60. POST based RXSS on https://███████/ via ███ parameter to U.S. Dept Of Defense - 32 upvotes, $0
  61. Reflected XSS on error message on Login Page to U.S. Dept Of Defense - 32 upvotes, $0
  62. XXE on DoD web server to U.S. Dept Of Defense - 31 upvotes, $0
  63. Remote code execution on an Army website to U.S. Dept Of Defense - 31 upvotes, $0
  64. [██████] Cross-origin resource sharing misconfiguration (CORS) to U.S. Dept Of Defense - 31 upvotes, $0
  65. Pulse Secure File disclosure, clear text and potential RCE to U.S. Dept Of Defense - 31 upvotes, $0
  66. Unrestricted File Upload to U.S. Dept Of Defense - 30 upvotes, $0
  67. SSRF+XSS to U.S. Dept Of Defense - 30 upvotes, $0
  68. Remote Code Execution (RCE) in a DoD website to U.S. Dept Of Defense - 29 upvotes, $0
  69. SOAP WSDL Parser SQL Code Execution to U.S. Dept Of Defense - 29 upvotes, $0
  70. SQL injection my method -1 OR 321=6 AND 000159=000159 to U.S. Dept Of Defense - 29 upvotes, $0
  71. DoD internal documents are leaked to the public to U.S. Dept Of Defense - 29 upvotes, $0
  72. Information Disclosure to U.S. Dept Of Defense - 28 upvotes, $0
  73. SQL injection to U.S. Dept Of Defense - 28 upvotes, $0
  74. SSRF vulnerability on ██████████ leaks internal IP and various sensitive information to U.S. Dept Of Defense - 28 upvotes, $0
  75. Reflected Xss to U.S. Dept Of Defense - 28 upvotes, $0
  76. [███████] Remote Code Execution at ██████ [CVE-2021-44529] [HtUS] to U.S. Dept Of Defense - 27 upvotes, $1000
  77. Trace.axd page leaks sensitive information to U.S. Dept Of Defense - 27 upvotes, $0
  78. [hta3] Remote Code Execution on https://███ via improper access control to SCORM Zip upload/import to U.S. Dept Of Defense - 27 upvotes, $0
  79. Splunk Sensitive Information Disclosure @████████ to U.S. Dept Of Defense - 27 upvotes, $0
  80. Reflected xss on https://█████████ to U.S. Dept Of Defense - 27 upvotes, $0
  81. SQL injection at [https://█████████] [HtUS] to U.S. Dept Of Defense - 26 upvotes, $0
  82. SQL Injection at https://████████.asp (█████████) [selMajcom] [HtUS] to U.S. Dept Of Defense - 26 upvotes, $0
  83. Reflected XSS to U.S. Dept Of Defense - 26 upvotes, $0
  84. Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464) to U.S. Dept Of Defense - 26 upvotes, $0
  85. Command Injection (via CVE-2019-11510 and CVE-2019-11539) to U.S. Dept Of Defense - 25 upvotes, $0
  86. Authentication bypass and RCE on the https://████ due to exposed Cisco TelePresence SX80 with default credentials to U.S. Dept Of Defense - 25 upvotes, $0
  87. CSRF to Cross-site Scripting (XSS) to U.S. Dept Of Defense - 25 upvotes, $0
  88. Remote Code Execution via Insecure Deserialization in Telerik UI (CVE-2019-18935) to U.S. Dept Of Defense - 25 upvotes, $0
  89. RCE on a Department of Defense website to U.S. Dept Of Defense - 24 upvotes, $0
  90. Request smuggling on ████████ to U.S. Dept Of Defense - 24 upvotes, $0
  91. Video player on ███ allows arbitrary remote videos to be played to U.S. Dept Of Defense - 24 upvotes, $0
  92. ████ - Complete account takeover to U.S. Dept Of Defense - 24 upvotes, $0
  93. SQL Injection in the move_papers.php on the https://██████████ to U.S. Dept Of Defense - 24 upvotes, $0
  94. RCE via File Upload with a Null Byte Truncated File Extension at https://██████/ to U.S. Dept Of Defense - 24 upvotes, $0
  95. Examples directory is PUBLIC on https://████████mil, leading to multiple vulns to U.S. Dept Of Defense - 23 upvotes, $0
  96. CSRF Account Deletion on ███ Website to U.S. Dept Of Defense - 23 upvotes, $0
  97. Reflected XSS in https://www.█████/ to U.S. Dept Of Defense - 23 upvotes, $0
  98. Apache solr RCE via velocity template to U.S. Dept Of Defense - 23 upvotes, $0
  99. █████████ IDOR leads to disclosure of PHI/PII to U.S. Dept Of Defense - 23 upvotes, $0
  100. Default Admin Username and Password on █████ Server at █████████mil to U.S. Dept Of Defense - 23 upvotes, $0
  101. SQL injection on ██████████ via 'where' parameter to U.S. Dept Of Defense - 23 upvotes, $0
  102. SQL injection on the https://████/ to U.S. Dept Of Defense - 22 upvotes, $0
  103. [Partial] SSN & [PII] exposed through iPERMs Presentation Slide. to U.S. Dept Of Defense - 22 upvotes, $0
  104. Unauthenticated Blind SSRF at https://█████ via xmlrpc.php file to U.S. Dept Of Defense - 22 upvotes, $0
  105. Docker Registry without authentication leads to docker images download to U.S. Dept Of Defense - 22 upvotes, $0
  106. SSRF on █████████ Allowing internal server data access to U.S. Dept Of Defense - 21 upvotes, $0
  107. Subdomain takeover due to an unclaimed Amazon S3 bucket on ███ to U.S. Dept Of Defense - 21 upvotes, $0
  108. IDOR to Account Takeover on https://████/index.html to U.S. Dept Of Defense - 21 upvotes, $0
  109. Reflected XSS in https://www.██████/ to U.S. Dept Of Defense - 21 upvotes, $0
  110. Full account takeover on https://████████.mil to U.S. Dept Of Defense - 21 upvotes, $0
  111. IDOR while uploading ████ attachments at [█████████] to U.S. Dept Of Defense - 21 upvotes, $0
  112. Reflected XSS in ████████████ to U.S. Dept Of Defense - 21 upvotes, $0
  113. Leaks of username and password leads to CVE-2018-18862 exploitation to U.S. Dept Of Defense - 21 upvotes, $0
  114. Arbitrary File Reading leads to RCE in the Pulse Secure SSL VPN on the https://███ to U.S. Dept Of Defense - 20 upvotes, $0
  115. CSRF - Close Account to U.S. Dept Of Defense - 20 upvotes, $0
  116. Path traversal on https://███ allows arbitrary file read (CVE-2020-3452) to U.S. Dept Of Defense - 20 upvotes, $0
  117. [████████] RXSS via "CurrentFolder" parameter to U.S. Dept Of Defense - 20 upvotes, $0
  118. ███ exposes sensitive shipment information to public web to U.S. Dept Of Defense - 19 upvotes, $0
  119. Access to all █████████ files, including CAC authentication bypass to U.S. Dept Of Defense - 19 upvotes, $0
  120. Publicly accessible Order confirmations leaking User Emails on ███ to U.S. Dept Of Defense - 19 upvotes, $0
  121. Remote Code Execution on █████████ to U.S. Dept Of Defense - 19 upvotes, $0
  122. critical information disclosure to U.S. Dept Of Defense - 19 upvotes, $0
  123. [CVE-2018-7600] Remote Code Execution due to outdated Drupal server on www.█████████ to U.S. Dept Of Defense - 19 upvotes, $0
  124. Reflected XSS on ███ to U.S. Dept Of Defense - 19 upvotes, $0
  125. Self stored Xss + Login Csrf to U.S. Dept Of Defense - 19 upvotes, $0
  126. [hta3] Chain of ESI Injection & Reflected XSS leading to Account Takeover on [███] to U.S. Dept Of Defense - 18 upvotes, $750
  127. [REMOTE] Full Account Takeover At https://██████████████/CAS/ to U.S. Dept Of Defense - 18 upvotes, $0
  128. Subdomain takeover of ████ to U.S. Dept Of Defense - 18 upvotes, $0
  129. https://██████ vulnerable to CVE-2020-3187 - Unauthenticated arbitrary file deletion in Cisco ASA/FTD to U.S. Dept Of Defense - 18 upvotes, $0
  130. XSS Reflect to POST █████ to U.S. Dept Of Defense - 18 upvotes, $0
  131. Blind SQL iNJECTION to U.S. Dept Of Defense - 18 upvotes, $0
  132. time based SQL injection at [https://███] [HtUS] to U.S. Dept Of Defense - 18 upvotes, $0
  133. Reflected XSS on ██████.mil to U.S. Dept Of Defense - 18 upvotes, $0
  134. Client side authentication leads to Auth Bypass to U.S. Dept Of Defense - 18 upvotes, $0
  135. Resource Injection - [████████] to U.S. Dept Of Defense - 18 upvotes, $0
  136. Parâmetro XSS: Nome de usuário - █████████ to U.S. Dept Of Defense - 18 upvotes, $0
  137. Misconfigured password reset vulnerability on a DoD website to U.S. Dept Of Defense - 17 upvotes, $0
  138. SQL injection vulnerability on a DoD website to U.S. Dept Of Defense - 17 upvotes, $0
  139. Remote code execution vulnerability on a DoD website to U.S. Dept Of Defense - 17 upvotes, $0
  140. Remote Code Execution (RCE) in DoD Websites to U.S. Dept Of Defense - 17 upvotes, $0
  141. ███████ Site Exposes █████████ forms to U.S. Dept Of Defense - 17 upvotes, $0
  142. Partial SSN exposed through Presentation slides on ██████████ to U.S. Dept Of Defense - 17 upvotes, $0
  143. PII leakage due to scrceenshot of health records to U.S. Dept Of Defense - 17 upvotes, $0
  144. Self XSS combine CSRF at https://████████/index.php to U.S. Dept Of Defense - 17 upvotes, $0
  145. ███ is vulnerable to CVE-2020-3452 Read-Only Path Traversal Vulnerability to U.S. Dept Of Defense - 17 upvotes, $0
  146. SQL Injection on █████ to U.S. Dept Of Defense - 17 upvotes, $0
  147. Sensitive information disclosure [HtUS] to U.S. Dept Of Defense - 17 upvotes, $0
  148. Reflected XSS via Moodle on ███ [CVE-2022-35653] to U.S. Dept Of Defense - 17 upvotes, $0
  149. Reflected XSS on https://█████████/ to U.S. Dept Of Defense - 16 upvotes, $0
  150. RXSS - https://████████/ to U.S. Dept Of Defense - 16 upvotes, $0
  151. Arbitrary File Read at ███ via filename parameter to U.S. Dept Of Defense - 16 upvotes, $0
  152. Information Disclosure FrontPage Configuration Information to U.S. Dept Of Defense - 16 upvotes, $0
  153. Default Admin Username and Password on ███ to U.S. Dept Of Defense - 16 upvotes, $0
  154. RCE on ███████ [CVE-2021-26084] to U.S. Dept Of Defense - 16 upvotes, $0
  155. XSS on www.██████ alerts and a number of other pages to U.S. Dept Of Defense - 15 upvotes, $0
  156. [█████] — DOM-based XSS on endpoint /?s= to U.S. Dept Of Defense - 15 upvotes, $0
  157. Sensitive information about a ██████ to U.S. Dept Of Defense - 15 upvotes, $0
  158. CSRF to account takeover in https://███████.mil/ to U.S. Dept Of Defense - 15 upvotes, $0
  159. Blind stored XSS due to insecure contact form at https://█████.mil leads to leakage of session token and to U.S. Dept Of Defense - 15 upvotes, $0
  160. Unauth RCE on Jenkins Instance at https://█████████/ to U.S. Dept Of Defense - 15 upvotes, $0
  161. Password Reset link hijacking via Host Header Poisoning leads to account takeover to U.S. Dept Of Defense - 15 upvotes, $0
  162. XSS via X-Forwarded-Host header to U.S. Dept Of Defense - 15 upvotes, $0
  163. IDOR to U.S. Dept Of Defense - 15 upvotes, $0
  164. reflected xss in www.████████.gov to U.S. Dept Of Defense - 15 upvotes, $0
  165. Full Access to sonarQube and Docker to U.S. Dept Of Defense - 15 upvotes, $0
  166. Blind SQLi vulnerability in a DoD Website to U.S. Dept Of Defense - 14 upvotes, $0
  167. IDOR on DoD Website exposes FTP users and passes linked to all accounts! to U.S. Dept Of Defense - 14 upvotes, $0
  168. Open FTP server on a DoD system to U.S. Dept Of Defense - 14 upvotes, $0
  169. PII leakage due to caching of Order/Contract ID's on █████████ to U.S. Dept Of Defense - 14 upvotes, $0
  170. Blind SQL injection on ████████ to U.S. Dept Of Defense - 14 upvotes, $0
  171. Reflected cross-site scripting vulnerability on a DoD website to U.S. Dept Of Defense - 14 upvotes, $0
  172. Exposed Docker Registry at https://████ to U.S. Dept Of Defense - 14 upvotes, $0
  173. Remote Code Execution via CVE-2019-18935 to U.S. Dept Of Defense - 14 upvotes, $0
  174. Local File Disclosure on the ████████ (https://████/) leads to the source code disclosure & DB credentials leak to U.S. Dept Of Defense - 14 upvotes, $0
  175. Old Session Does Not Expires After Password Change to U.S. Dept Of Defense - 14 upvotes, $0
  176. CSRF in https://███ to U.S. Dept Of Defense - 14 upvotes, $0
  177. Subdomain takeover [​████████] to U.S. Dept Of Defense - 14 upvotes, $0
  178. Expired SSL Certificate allows credentials steal to U.S. Dept Of Defense - 14 upvotes, $0
  179. [Urgent] Critical Vulnerability [RCE] on ███ vulnerable to Remote Code Execution by exploiting MS15-034, CVE-2015-1635 to U.S. Dept Of Defense - 14 upvotes, $0
  180. SQL injection at [█████████] [HtUS] to U.S. Dept Of Defense - 14 upvotes, $0
  181. [█████] Bug Reports allow for Unrestricted File Upload to U.S. Dept Of Defense - 14 upvotes, $0
  182. Reflective Cross Site Scripting (XSS) on ███████/Pages to U.S. Dept Of Defense - 14 upvotes, $0
  183. SQL injection vulnerability on a DoD website to U.S. Dept Of Defense - 13 upvotes, $0
  184. Remote Code Execution (RCE) in a DoD website to U.S. Dept Of Defense - 13 upvotes, $0
  185. [Critical] Full local fylesystem access (LFI/LFD) as admin via Path Traversal in the misconfigured Java servlet on the https://███/ to U.S. Dept Of Defense - 13 upvotes, $0
  186. PII leakage-Full SSN on ███ to U.S. Dept Of Defense - 13 upvotes, $0
  187. http://████/data.json showing users sensitive information via json file to U.S. Dept Of Defense - 13 upvotes, $0
  188. Remote Code Execution - Unauthenticated Remote Command Injection (via Microsoft SharePoint CVE-2019-0604) to U.S. Dept Of Defense - 13 upvotes, $0
  189. SSN leak due to editable slides to U.S. Dept Of Defense - 13 upvotes, $0
  190. Previously Compromised PulseSSL VPN Hosts to U.S. Dept Of Defense - 13 upvotes, $0
  191. [SQLI ]Time Bassed Injection at ██████████ via /██████/library.php?c=G14 parameter to U.S. Dept Of Defense - 13 upvotes, $0
  192. CSRF to Stored HTML injection at https://www.█████ to U.S. Dept Of Defense - 13 upvotes, $0
  193. Administration Authentication Bypass on https://█████ to U.S. Dept Of Defense - 13 upvotes, $0
  194. DOM Based XSS on https://████ via backURL param to U.S. Dept Of Defense - 13 upvotes, $0
  195. Insufficient Session Expiration on Adobe Connect | https://█████████ to U.S. Dept Of Defense - 13 upvotes, $0
  196. Reflected XSS through ClickJacking to U.S. Dept Of Defense - 13 upvotes, $0
  197. Reflected XSS at [████████] to U.S. Dept Of Defense - 13 upvotes, $0
  198. XSS DUE TO CVE-2020-3580 to U.S. Dept Of Defense - 13 upvotes, $0
  199. phpinfo() disclosure info to U.S. Dept Of Defense - 13 upvotes, $0
  200. Stored XSS at https://█████ to U.S. Dept Of Defense - 13 upvotes, $0
  201. xss on reset password page to U.S. Dept Of Defense - 13 upvotes, $0
  202. XSS on ( █████████.gov ) Via URL path to U.S. Dept Of Defense - 13 upvotes, $0
  203. [U.S. Air Force] Information disclosure due unauthenticated access to APIs and system browser functions to U.S. Dept Of Defense - 13 upvotes, $0
  204. CSRF to ATO at https://█████/user/account [HtUS] to U.S. Dept Of Defense - 12 upvotes, $500
  205. Unrestricted File Download / Path Traversal to U.S. Dept Of Defense - 12 upvotes, $0
  206. DOM Based XSS on an Army website to U.S. Dept Of Defense - 12 upvotes, $0
  207. SQL injections to U.S. Dept Of Defense - 12 upvotes, $0
  208. RCE on https://█████/ Using CVE-2017-9248 to U.S. Dept Of Defense - 12 upvotes, $0
  209. No Rate Limiting on https://██████/██████████/accounts/password/reset/ endpoint leads to Denial of Service to U.S. Dept Of Defense - 12 upvotes, $0
  210. Unrestricted File Upload Leads to XSS & Potential RCE to U.S. Dept Of Defense - 12 upvotes, $0
  211. PII Leak of USCG Designated Examiner List at https://www.███ to U.S. Dept Of Defense - 12 upvotes, $0
  212. CSRF to Cross-site Scripting (XSS) to U.S. Dept Of Defense - 12 upvotes, $0
  213. All private support requests to ███████ are being disclosed at https://███████ to U.S. Dept Of Defense - 12 upvotes, $0
  214. Rxss on █████████ via logout?service=javascript:alert(1) to U.S. Dept Of Defense - 12 upvotes, $0
  215. Full account takeover in ███████ due lack of rate limiting in forgot password to U.S. Dept Of Defense - 12 upvotes, $0
  216. Reflected cross site scripting in https://███████ to U.S. Dept Of Defense - 12 upvotes, $0
  217. [XSS] Reflected XSS via POST request to U.S. Dept Of Defense - 12 upvotes, $0
  218. WordPress application vulnerable to DoS attack via wp-cron.php to U.S. Dept Of Defense - 12 upvotes, $0
  219. Account takeover on ███████ [HtUS] to U.S. Dept Of Defense - 11 upvotes, $500
  220. Local File Read vulnerability on ██████████ [HtUS] to U.S. Dept Of Defense - 11 upvotes, $500
  221. Reflected cross-site scripting vulnerability on a DoD website to U.S. Dept Of Defense - 11 upvotes, $0
  222. Local file inclusion vulnerability on a DoD website to U.S. Dept Of Defense - 11 upvotes, $0
  223. SQL Injection vulnerability in a DoD website to U.S. Dept Of Defense - 11 upvotes, $0
  224. Path traversal on ████████ to U.S. Dept Of Defense - 11 upvotes, $0
  225. MSSQL injection via param Customwho in https://█████/News/Transcripts/Search/Sort/ and WAF bypass to U.S. Dept Of Defense - 11 upvotes, $0
  226. SQL Injection in Login Page: https://█████/█████████/login.php to U.S. Dept Of Defense - 11 upvotes, $0
  227. PII/PHI data available on web https://████████Portals/22/Documents/Meetings to U.S. Dept Of Defense - 11 upvotes, $0
  228. IDOR + Account Takeover [UNAUTHENTICATED] to U.S. Dept Of Defense - 11 upvotes, $0
  229. CORS misconfiguration which leads to the disclosure to U.S. Dept Of Defense - 11 upvotes, $0
  230. Sensitive Information Leaking Through DoD Owned Website https://www.█████.mil to U.S. Dept Of Defense - 11 upvotes, $0
  231. Blind Stored XSS on ███████ leads to takeover admin account to U.S. Dept Of Defense - 11 upvotes, $0
  232. External Service Interaction (HTTP/DNS) on https://www.███ (██████████ parameter) to U.S. Dept Of Defense - 11 upvotes, $0
  233. Path Traversal - [ CVE-2020-3452 ] to U.S. Dept Of Defense - 11 upvotes, $0
  234. XML Injection / External Service Interaction (HTTP/DNS) On https://█████████.mil to U.S. Dept Of Defense - 11 upvotes, $0
  235. Reflected Xss https://██████/ to U.S. Dept Of Defense - 11 upvotes, $0
  236. XSS Reflected - ██████████ to U.S. Dept Of Defense - 11 upvotes, $0
  237. CSRF - Delete Account (Urgent) to U.S. Dept Of Defense - 11 upvotes, $0
  238. IDOR leaking PII data via VendorId parameter to U.S. Dept Of Defense - 11 upvotes, $0
  239. Sql Injection At █████████ to U.S. Dept Of Defense - 11 upvotes, $0
  240. AWS Credentials Disclosure at ███ to U.S. Dept Of Defense - 11 upvotes, $0
  241. DBMS information getting exposed publicly on -- [ ██████████ ] to U.S. Dept Of Defense - 11 upvotes, $0
  242. Remote Code Execution (RCE) in a DoD website to U.S. Dept Of Defense - 10 upvotes, $0
  243. SQL injection on █████ due to tech.cfm to U.S. Dept Of Defense - 10 upvotes, $0
  244. CSRF - Modify Company Info to U.S. Dept Of Defense - 10 upvotes, $0
  245. xmlrpc.php FILE IS enable which enables attacker to XSPA Brute-force and even Denial of Service(DOS), in https://████/xmlrpc.php to U.S. Dept Of Defense - 10 upvotes, $0
  246. (CORS) Cross-origin resource sharing misconfiguration to U.S. Dept Of Defense - 10 upvotes, $0
  247. Elmah.axd is publicly accessible and leaking Error Log for ROOT on █████_PRD_WEB1 █████████elmah.axd to U.S. Dept Of Defense - 10 upvotes, $0
  248. Unauthenticated Arbitrary File Deletion ("CVE-2020-3187") in ████████ to U.S. Dept Of Defense - 10 upvotes, $0
  249. Reflected XSS on https://████/ (Bypass of #1002977) to U.S. Dept Of Defense - 10 upvotes, $0
  250. Local File Inclusion In Registration Page to U.S. Dept Of Defense - 10 upvotes, $0
  251. Reflected XSS www.█████ search form to U.S. Dept Of Defense - 10 upvotes, $0
  252. Reflected XSS In https://███████ to U.S. Dept Of Defense - 10 upvotes, $0
  253. critical information disclosure to U.S. Dept Of Defense - 10 upvotes, $0
  254. Git repo on https://██████.mil/ discloses API password to U.S. Dept Of Defense - 10 upvotes, $0
  255. Improper Access Control - Generic on https://████ to U.S. Dept Of Defense - 10 upvotes, $0
  256. https://████ is vulnerable to cve-2020-3452 to U.S. Dept Of Defense - 10 upvotes, $0
  257. Reflected XSS on https://██████ to U.S. Dept Of Defense - 10 upvotes, $0
  258. Reflected XSS through clickjacking at https://████ to U.S. Dept Of Defense - 10 upvotes, $0
  259. Unauthorized access to admin panel of the Questionmark Perception system at https://██████████ to U.S. Dept Of Defense - 10 upvotes, $0
  260. CSRF Based XSS @ https://██████████ to U.S. Dept Of Defense - 10 upvotes, $0
  261. Cross site scripting to U.S. Dept Of Defense - 10 upvotes, $0
  262. Unauthenticated Access to Admin Panel Functions at https://███████/███ to U.S. Dept Of Defense - 10 upvotes, $0
  263. Broken Authentication to U.S. Dept Of Defense - 10 upvotes, $0
  264. Reflected XSS on [█████████] to U.S. Dept Of Defense - 10 upvotes, $0
  265. The dashboard is exposed in https://███ to U.S. Dept Of Defense - 10 upvotes, $0
  266. Reflected XSS in ██████ to U.S. Dept Of Defense - 10 upvotes, $0
  267. AEM misconfiguration leads to Information disclosure to U.S. Dept Of Defense - 10 upvotes, $0
  268. CSRF to delete accounts [HtUS] to U.S. Dept Of Defense - 10 upvotes, $0
  269. Privilege Escalation on a DoD Website to U.S. Dept Of Defense - 9 upvotes, $0
  270. Authentication bypass vulnerability on a DoD website to U.S. Dept Of Defense - 9 upvotes, $0
  271. Reflected XSS on a DoD website to U.S. Dept Of Defense - 9 upvotes, $0
  272. Personal information disclosure on a DoD website to U.S. Dept Of Defense - 9 upvotes, $0
  273. File upload vulnerability on a DoD website to U.S. Dept Of Defense - 9 upvotes, $0
  274. Blind SQLi in a DoD Website to U.S. Dept Of Defense - 9 upvotes, $0
  275. Time Based SQL Injection vulnerability on a DoD website to U.S. Dept Of Defense - 9 upvotes, $0
  276. Remote Code Execution (RCE) in a DoD website to U.S. Dept Of Defense - 9 upvotes, $0
  277. SSRF in ███████ to U.S. Dept Of Defense - 9 upvotes, $0
  278. [CVE-2019-11510 ] Path Traversal on ████████ leads to leaked passwords, RCE, etc to U.S. Dept Of Defense - 9 upvotes, $0
  279. Unrestricted File Upload to ███████SubmitRequest/Index.cfm?fwa=wizardform to U.S. Dept Of Defense - 9 upvotes, $0
  280. SSN is exposed on slides, previous critical report was not fixed in an appropriate way to U.S. Dept Of Defense - 9 upvotes, $0
  281. SharePoint Web Services Exposed to Anonymous Access Users to U.S. Dept Of Defense - 9 upvotes, $0
  282. Reflected XSS on ███████ to U.S. Dept Of Defense - 9 upvotes, $0
  283. Unauthenticated Arbitrary File Deletion "CVE-2020-3187" in █████ to U.S. Dept Of Defense - 9 upvotes, $0
  284. IDOR leads to Leakage an ██████████ Login Information to U.S. Dept Of Defense - 9 upvotes, $0
  285. Reflected XSS at https://████████/███/... to U.S. Dept Of Defense - 9 upvotes, $0
  286. ███ on https://████ enable ███ scraping, injection, stored XSS to U.S. Dept Of Defense - 9 upvotes, $0
  287. Reflected XSS to U.S. Dept Of Defense - 9 upvotes, $0
  288. Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464) to U.S. Dept Of Defense - 9 upvotes, $0
  289. Cache Posioning leading to denial of service at █████████ - Bypass fix from report #1198434 to U.S. Dept Of Defense - 9 upvotes, $0
  290. insecure gitlab repositories at ████████ [HtUS] to U.S. Dept Of Defense - 9 upvotes, $0
  291. Reflected XSS at ████████ to U.S. Dept Of Defense - 9 upvotes, $0
  292. Sensitive Data Exposure at https://█████████ to U.S. Dept Of Defense - 9 upvotes, $0
  293. CORS Misconfiguration in https://████████/accounts/login/ to U.S. Dept Of Defense - 9 upvotes, $0
  294. Email exploitation with web hosting services. to U.S. Dept Of Defense - 9 upvotes, $0
  295. Exposed GIT repo on ██████████[HtUS] to U.S. Dept Of Defense - 9 upvotes, $0
  296. External service interaction ( DNS and HTTP ) in www.████████ to U.S. Dept Of Defense - 9 upvotes, $0
  297. Unauthorized access to Argo dashboard on █████ to U.S. Dept Of Defense - 9 upvotes, $0
  298. Reflected XSS in a Navy website to U.S. Dept Of Defense - 8 upvotes, $0
  299. Reflected XSS on an Army website to U.S. Dept Of Defense - 8 upvotes, $0
  300. Reflected XSS on a Department of Defense website to U.S. Dept Of Defense - 8 upvotes, $0
  301. Reflected XSS on a Department of Defense website to U.S. Dept Of Defense - 8 upvotes, $0
  302. XSS on a DoD website to U.S. Dept Of Defense - 8 upvotes, $0
  303. Reflected XSS on a DoD website to U.S. Dept Of Defense - 8 upvotes, $0
  304. Server-side include injection vulnerability in a DoD website to U.S. Dept Of Defense - 8 upvotes, $0
  305. Remote code execution (RCE) in multiple DoD websites to U.S. Dept Of Defense - 8 upvotes, $0
  306. Cross-site scripting (XSS) vulnerability on a DoD website to U.S. Dept Of Defense - 8 upvotes, $0
  307. [Critical] Possibility to takeover any user account #2 without interaction on the https://██████████ to U.S. Dept Of Defense - 8 upvotes, $0
  308. Server-Side Request Forgery (SSRF) to U.S. Dept Of Defense - 8 upvotes, $0
  309. [███] SQL injection & Reflected XSS to U.S. Dept Of Defense - 8 upvotes, $0
  310. PII Leak via https://████████ to U.S. Dept Of Defense - 8 upvotes, $0
  311. Tomcat examples available for public, Disclosure Apache Tomcat version, Critical/High/Medium CVE to U.S. Dept Of Defense - 8 upvotes, $0
  312. RCE (Remote code execution) in one of DoD's websites to U.S. Dept Of Defense - 8 upvotes, $0
  313. Сode injection host █████████ to U.S. Dept Of Defense - 8 upvotes, $0
  314. Stored XSS via Comment Form at ████████ to U.S. Dept Of Defense - 8 upvotes, $0
  315. SQLi in login form of █████ to U.S. Dept Of Defense - 8 upvotes, $0
  316. Cross Site Scripting (XSS) – Reflected to U.S. Dept Of Defense - 8 upvotes, $0
  317. DOM XSS on https://www.███████ to U.S. Dept Of Defense - 8 upvotes, $0
  318. PII Information Leak at https://████████.mil/ to U.S. Dept Of Defense - 8 upvotes, $0
  319. PII Leak via /████████ to U.S. Dept Of Defense - 8 upvotes, $0
  320. XML Injection on https://www.█████████ (███ parameter) to U.S. Dept Of Defense - 8 upvotes, $0
  321. RCE in ██████ subdomain via CVE-2017-1000486 to U.S. Dept Of Defense - 8 upvotes, $0
  322. Reflected XSS at www.███████ at /██████████ via the ████████ parameter to U.S. Dept Of Defense - 8 upvotes, $0
  323. SQLi on █████████ to U.S. Dept Of Defense - 8 upvotes, $0
  324. AWS subdomain takeover of www.███████ to U.S. Dept Of Defense - 8 upvotes, $0
  325. Open Akamai ARL XSS at ████████ to U.S. Dept Of Defense - 8 upvotes, $0
  326. Cross-site Scripting (XSS) - Reflected at https://██████████/ to U.S. Dept Of Defense - 8 upvotes, $0
  327. Blind SQL Injection to U.S. Dept Of Defense - 8 upvotes, $0
  328. SQL Injection on https://████████/ to U.S. Dept Of Defense - 8 upvotes, $0
  329. CVE-2020-3187 - Unauthenticated Arbitrary File Deletion to U.S. Dept Of Defense - 8 upvotes, $0
  330. Unauthorized Access to Internal Server Panel without Authentication to U.S. Dept Of Defense - 8 upvotes, $0
  331. Full read SSRF at █████████ [HtUS] to U.S. Dept Of Defense - 8 upvotes, $0
  332. Local file read at https://████/ [HtUS] to U.S. Dept Of Defense - 8 upvotes, $0
  333. .git folder exposed [HtUS] to U.S. Dept Of Defense - 8 upvotes, $0
  334. stored cross site scripting in https://███ to U.S. Dept Of Defense - 8 upvotes, $0
  335. Unauthenticated phpinfo()files could lead to ability file read at █████████ [HtUS] to U.S. Dept Of Defense - 8 upvotes, $0
  336. IDOR when editing email leads to Mass Full ATOs (Account Takeovers) without user interaction on https://██████/ to U.S. Dept Of Defense - 8 upvotes, $0
  337. xmlrpc.php file enabled at ██████.org to U.S. Dept Of Defense - 8 upvotes, $0
  338. DOM-XSS to U.S. Dept Of Defense - 8 upvotes, $0
  339. Elasticsearch is currently open without authentication on https://██████l to U.S. Dept Of Defense - 8 upvotes, $0
  340. Reflected XSS on a Navy website to U.S. Dept Of Defense - 7 upvotes, $0
  341. SQL Injection vulnerability on a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
  342. QuickTime Promotion on a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
  343. Exposed Access Control Data Backup Files on DoD Website to U.S. Dept Of Defense - 7 upvotes, $0
  344. Reflected XSS vulnerability on a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
  345. Information disclosure on a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
  346. Remote Command Execution on a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
  347. Bypass file access control vulnerability on a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
  348. SQL injection vulnerability on a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
  349. Insecure direct object reference vulnerability on a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
  350. Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
  351. SQL injection vulnerability on a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
  352. Information disclosure on a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
  353. Arbitary file download vulnerability on a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
  354. Insecure Direct Object Reference (IDOR) vulnerability in a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
  355. X-XSS-Protection -> Misconfiguration to U.S. Dept Of Defense - 7 upvotes, $0
  356. Root Remote Code Execution on https://███ to U.S. Dept Of Defense - 7 upvotes, $0
  357. ██████ Authenticated User Data Disclosure to U.S. Dept Of Defense - 7 upvotes, $0
  358. Information Disclosure (can access all ███s) within ███████ view █████████ Portal to U.S. Dept Of Defense - 7 upvotes, $0
  359. Open FTP on ███ to U.S. Dept Of Defense - 7 upvotes, $0
  360. Exposed ███████ Administrative Interface (ColdFusion 11) to U.S. Dept Of Defense - 7 upvotes, $0
  361. SharePoint exposed web services to U.S. Dept Of Defense - 7 upvotes, $0
  362. Corda Server XSS ████████ to U.S. Dept Of Defense - 7 upvotes, $0
  363. [████████] Boolean SQL Injection (/personnel.php?content=profile&rcnum=*) to U.S. Dept Of Defense - 7 upvotes, $0
  364. Unrestricted File Upload to U.S. Dept Of Defense - 7 upvotes, $0
  365. Null byte Injection in https://████/ to U.S. Dept Of Defense - 7 upvotes, $0
  366. CVE-2020-3452, unauthenticated file read in Cisco ASA & Cisco Firepower. to U.S. Dept Of Defense - 7 upvotes, $0
  367. CSRF to account takeover in https://█████/ to U.S. Dept Of Defense - 7 upvotes, $0
  368. {███} It is posible download all information and files via S3 Bucket Misconfiguration to U.S. Dept Of Defense - 7 upvotes, $0
  369. SQL Injection in www.██████████ to U.S. Dept Of Defense - 7 upvotes, $0
  370. Reflected XSS on https://█████████html?url to U.S. Dept Of Defense - 7 upvotes, $0
  371. Stored XSS via 64(?) vulnerable fields in ███ leads to credential theft/account takeover to U.S. Dept Of Defense - 7 upvotes, $0
  372. Bypassed a fix to gain access to PII of more than 100 Officers to U.S. Dept Of Defense - 7 upvotes, $0
  373. CVE 2020 14179 on jira instance to U.S. Dept Of Defense - 7 upvotes, $0
  374. Password Cracking - Weak Password Used to Secure ████ Containing a Plaintext Password to U.S. Dept Of Defense - 7 upvotes, $0
  375. SSRF due to CVE-2021-26855 on ████████ to U.S. Dept Of Defense - 7 upvotes, $0
  376. Reflected XSS on ███████ to U.S. Dept Of Defense - 7 upvotes, $0
  377. IDOR on https://██████ via POST UID enables database scraping to U.S. Dept Of Defense - 7 upvotes, $0
  378. ████████ portal is open to enumeration once authenticated. Session ID's appear static. All PII available once a valid session ID is found. to U.S. Dept Of Defense - 7 upvotes, $0
  379. [www.███] Reflected Cross-Site Scripting to U.S. Dept Of Defense - 7 upvotes, $0
  380. XSS on ███ to U.S. Dept Of Defense - 7 upvotes, $0
  381. Sensitive data exposure via https://███████/jira//secure/QueryComponent!Default.jspa - CVE-2020-14179 to U.S. Dept Of Defense - 7 upvotes, $0
  382. RXSS - ████ to U.S. Dept Of Defense - 7 upvotes, $0
  383. Military name,email,phone,address,certdata Disclosure to U.S. Dept Of Defense - 7 upvotes, $0
  384. SQL Injection in █████ to U.S. Dept Of Defense - 7 upvotes, $0
  385. Open Akamai ARL XSS at ████████ to U.S. Dept Of Defense - 7 upvotes, $0
  386. lfi in filePathDownload parameter via ███████ to U.S. Dept Of Defense - 7 upvotes, $0
  387. Blind SSRF via image upload URL downloader on https://██████/ to U.S. Dept Of Defense - 7 upvotes, $0
  388. Host Header Injection on https://███/████████/Account/ForgotPassword to U.S. Dept Of Defense - 7 upvotes, $0
  389. stored cross site scripting in https://██████████ to U.S. Dept Of Defense - 7 upvotes, $0
  390. Upload and delete files in debug page without access control. to U.S. Dept Of Defense - 7 upvotes, $0
  391. DoS at ████████ (CVE-2018-6389) to U.S. Dept Of Defense - 7 upvotes, $0
  392. HAProxy stats panel exposed externally to U.S. Dept Of Defense - 7 upvotes, $0
  393. Path traversal leads to reading of local files on ███████ and ████ to U.S. Dept Of Defense - 7 upvotes, $0
  394. DoS at █████(CVE-2018-6389) to U.S. Dept Of Defense - 7 upvotes, $0
  395. Information leakage on a Department of Defense website to U.S. Dept Of Defense - 6 upvotes, $0
  396. Cross-site scripting (XSS) vulnerability on a DoD website to U.S. Dept Of Defense - 6 upvotes, $0
  397. Remote file inclusion vulnerability on a DoD website to U.S. Dept Of Defense - 6 upvotes, $0
  398. HTML injection vulnerability on a DoD website to U.S. Dept Of Defense - 6 upvotes, $0
  399. Reflected XSS in a DoD Website to U.S. Dept Of Defense - 6 upvotes, $0
  400. Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 6 upvotes, $0
  401. Remote code execution vulnerability on a DoD website to U.S. Dept Of Defense - 6 upvotes, $0
  402. Default credentials on a DoD website to U.S. Dept Of Defense - 6 upvotes, $0
  403. Arbitary file download vulnerability on a DoD website to U.S. Dept Of Defense - 6 upvotes, $0
  404. Arbitary file download vulnerability on a DoD website to U.S. Dept Of Defense - 6 upvotes, $0
  405. Violation of secure design principles on a DoD website to U.S. Dept Of Defense - 6 upvotes, $0
  406. Limited code execution vulnerability on a DoD website to U.S. Dept Of Defense - 6 upvotes, $0
  407. Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 6 upvotes, $0
  408. Remote Code Execution (RCE) vulnerability in a DoD website to U.S. Dept Of Defense - 6 upvotes, $0
  409. Account takeover due to CSRF in "Account details" option on █████████ to U.S. Dept Of Defense - 6 upvotes, $0
  410. SQL Injection in the get_publications.php on the https://█████ to U.S. Dept Of Defense - 6 upvotes, $0
  411. SSRF on ████████ to U.S. Dept Of Defense - 6 upvotes, $0
  412. Out-of-date Version (Apache) to U.S. Dept Of Defense - 6 upvotes, $0
  413. Default page exposes admin functions and all metods and classes available. on https://██████/█████/dwr/index.html to U.S. Dept Of Defense - 6 upvotes, $0
  414. Admin Salt Leakage on DoD site. to U.S. Dept Of Defense - 6 upvotes, $0
  415. SharePoint exposed web services to U.S. Dept Of Defense - 6 upvotes, $0
  416. LDAP Injection at ██████ to U.S. Dept Of Defense - 6 upvotes, $0
  417. Partial PII leakage due to public set gitlab to U.S. Dept Of Defense - 6 upvotes, $0
  418. [█████] Get all tickets (IDOR) to U.S. Dept Of Defense - 6 upvotes, $0
  419. ██████████ bruteforceable RIC Codes allowing information on contracts to U.S. Dept Of Defense - 6 upvotes, $0
  420. [█████] Reflected GET XSS (/personnel.php?...&rcnum=*) with mouse action to U.S. Dept Of Defense - 6 upvotes, $0
  421. Full Account Take-Over of ████████ Members via IDOR to U.S. Dept Of Defense - 6 upvotes, $0
  422. [Critical] Insufficient Access Control On Registration Page of Webapps Website Allows Privilege Escalation to Administrator to U.S. Dept Of Defense - 6 upvotes, $0
  423. Stored XSS at ██████userprofile.aspx to U.S. Dept Of Defense - 6 upvotes, $0
  424. https://██████ vulnerable to CVE-2020-3187 - Unauthenticated arbitrary file deletion in Cisco ASA/FTD to U.S. Dept Of Defense - 6 upvotes, $0
  425. hardcoded password stored in javascript of https://████.mil to U.S. Dept Of Defense - 6 upvotes, $0
  426. View another user information with IDOR vulnerability to U.S. Dept Of Defense - 6 upvotes, $0
  427. ███████mill is vulnerable to cross site request forgery that leads to full account take over. to U.S. Dept Of Defense - 6 upvotes, $0
  428. Stored XSS at https://www.█████████.mil to U.S. Dept Of Defense - 6 upvotes, $0
  429. Second Order XSS via █████ to U.S. Dept Of Defense - 6 upvotes, $0
  430. Read-only path traversal (CVE-2020-3452) at https://██████.mil to U.S. Dept Of Defense - 6 upvotes, $0
  431. Reflected XSS on █████████ to U.S. Dept Of Defense - 6 upvotes, $0
  432. Website vulnerable to POODLE (SSLv3) with expired certificate to U.S. Dept Of Defense - 6 upvotes, $0
  433. Sending trusted ████ and ██████████ emails through public API endpoint in ███████ site to U.S. Dept Of Defense - 6 upvotes, $0
  434. CVE-2019-3403 on https://████/rest/api/2/user/picker?query= to U.S. Dept Of Defense - 6 upvotes, $0
  435. Elmah.axd is publicly accessible leaking Error Log to U.S. Dept Of Defense - 6 upvotes, $0
  436. [█████████] Reflected Cross-Site Scripting Vulnerability to U.S. Dept Of Defense - 6 upvotes, $0
  437. Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464) to U.S. Dept Of Defense - 6 upvotes, $0
  438. ███████ - XSS - CVE-2020-3580 to U.S. Dept Of Defense - 6 upvotes, $0
  439. Reflected XSS at https://█████ via "██████████" parameter to U.S. Dept Of Defense - 6 upvotes, $0
  440. XSS on https://████/ via ███████ parameter to U.S. Dept Of Defense - 6 upvotes, $0
  441. username and password leaked via pptx for █████████ website to U.S. Dept Of Defense - 6 upvotes, $0
  442. [CVE-2020-3452] on ███████ to U.S. Dept Of Defense - 6 upvotes, $0
  443. ██████████ vulnerable to CVE-2022-22954 to U.S. Dept Of Defense - 6 upvotes, $0
  444. RXSS on █████████ to U.S. Dept Of Defense - 6 upvotes, $0
  445. Reflected XSS via ████████ parameter to U.S. Dept Of Defense - 6 upvotes, $0
  446. XSS DUE TO CVE-2022-38463 in https://████████ to U.S. Dept Of Defense - 6 upvotes, $0
  447. Authentication bypass leads to Information Disclosure at U.S Air Force "https://███" to U.S. Dept Of Defense - 6 upvotes, $0
  448. XSS via Client Side Template Injection on www.███/News/Speeches to U.S. Dept Of Defense - 6 upvotes, $0
  449. stored cross site scripting in https://███ to U.S. Dept Of Defense - 6 upvotes, $0
  450. Sensitive Data Exposure via wp-config.php file to U.S. Dept Of Defense - 6 upvotes, $0
  451. LDAP Server NULL Bind Connection Information Disclosure to U.S. Dept Of Defense - 6 upvotes, $0
  452. Adobe ColdFusion Access Control Bypass - CVE-2023-38205 to U.S. Dept Of Defense - 6 upvotes, $0
  453. Unauthenticated File Read Adobe ColdFusion to U.S. Dept Of Defense - 6 upvotes, $0
  454. XSS vulnerability on an Army website to U.S. Dept Of Defense - 5 upvotes, $0
  455. Open Redirect in a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
  456. Cross-site request forgery vulnerability on a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
  457. Password reset vulnerability on a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
  458. Remote command execution (RCE) vulnerability on a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
  459. Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
  460. Reflected XSS vulnerability on a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
  461. Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
  462. Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
  463. Open redirect vulnerability in a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
  464. Reflected cross-site scripting (XSS) vulnerability on a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
  465. SQL Injection vulnerability in a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
  466. Server Side Request Forgery (SSRF) vulnerability in a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
  467. Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
  468. https://█████████ Vulnerable to CVE-2018-0296 Cisco ASA Path Traversal Authentication Bypass to U.S. Dept Of Defense - 5 upvotes, $0
  469. sql injection on /messagecenter/messagingcenter at https://www.███████/ to U.S. Dept Of Defense - 5 upvotes, $0
  470. Remote Code Execution (RCE) in a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
  471. Remote File Inclusion, Malicious File Hosting, and Cross-site Scripting (XSS) in ████████ to U.S. Dept Of Defense - 5 upvotes, $0
  472. HTML Injection on ████ to U.S. Dept Of Defense - 5 upvotes, $0
  473. Email PII disclosure due to Insecure Password Reset field to U.S. Dept Of Defense - 5 upvotes, $0
  474. File Upload Restriction Bypass to U.S. Dept Of Defense - 5 upvotes, $0
  475. [██████████] Unauthorized access to admin panel to U.S. Dept Of Defense - 5 upvotes, $0
  476. Internal IP Address Disclosed to U.S. Dept Of Defense - 5 upvotes, $0
  477. Reflected XSS and HTML Injectionon a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
  478. External Service Interaction | https://█████████.mil to U.S. Dept Of Defense - 5 upvotes, $0
  479. PHP info page disclosure to U.S. Dept Of Defense - 5 upvotes, $0
  480. Directory Indexing on the ████ (https://████/) leads to the backups disclosure and credentials leak to U.S. Dept Of Defense - 5 upvotes, $0
  481. PII Leak of ████████ Personal at https://www.█████████ to U.S. Dept Of Defense - 5 upvotes, $0
  482. Improper Access Controls Allow PII Leak via ████ to U.S. Dept Of Defense - 5 upvotes, $0
  483. Knowledge Base Articles are Globally Modifiable via ██████ to U.S. Dept Of Defense - 5 upvotes, $0
  484. Support incident can be opened for any user via /███████ and PII leak via █████████ field to U.S. Dept Of Defense - 5 upvotes, $0
  485. Arbitrary file upload and stored XSS via ███ support request to U.S. Dept Of Defense - 5 upvotes, $0
  486. Access to requests and approvals via /█████ allows sensitive information gathering to U.S. Dept Of Defense - 5 upvotes, $0
  487. HTML Injection + XSS Vulnerability - https://████████/ | Proof of Concept [PoC] to U.S. Dept Of Defense - 5 upvotes, $0
  488. Information Disclosure(PHPINFO/Credentials) on DoD Asset to U.S. Dept Of Defense - 5 upvotes, $0
  489. CRXDE Lite/CRX is on ██████ exposed that leads to PII disclosure to U.S. Dept Of Defense - 5 upvotes, $0
  490. RXSS - https://███/ to U.S. Dept Of Defense - 5 upvotes, $0
  491. Blind Stored XSS on https://█████████ after filling a request at https://█████ to U.S. Dept Of Defense - 5 upvotes, $0
  492. param allows any external resource to be downloadable | https://████████ to U.S. Dept Of Defense - 5 upvotes, $0
  493. reflected xss @ www.█████████ to U.S. Dept Of Defense - 5 upvotes, $0
  494. Misconfigured AWS S3 bucket leaks senstive data such of admin, Prdouction,beta, localhost and many more directories.... to U.S. Dept Of Defense - 5 upvotes, $0
  495. Reflected XSS in https://██████████ via "████████" parameter to U.S. Dept Of Defense - 5 upvotes, $0
  496. Cache Posioning leading do Denial of Service on www.█████████ to U.S. Dept Of Defense - 5 upvotes, $0
  497. XSS DUE TO CVE-2020-3580 to U.S. Dept Of Defense - 5 upvotes, $0
  498. S3 bucket listing/download to U.S. Dept Of Defense - 5 upvotes, $0
  499. Subdomain takeover of ███ to U.S. Dept Of Defense - 5 upvotes, $0
  500. Path traversal on [███] to U.S. Dept Of Defense - 5 upvotes, $0
  501. CVE-2020-3187 - Unauthenticated Arbitrary File Deletion to U.S. Dept Of Defense - 5 upvotes, $0
  502. RXSS on ███████ to U.S. Dept Of Defense - 5 upvotes, $0
  503. SSRF ACCESS AWS METADATA - █████ to U.S. Dept Of Defense - 5 upvotes, $0
  504. Account Takeover and Information update due to cross site request forgery via POST █████████/registration/my-account.cfm to U.S. Dept Of Defense - 5 upvotes, $0
  505. Unauthenticated PII leak on verified/requested to be verified profiles on ███████/app/org/{id}/profile/{id}/version/{id} [HtUS] to U.S. Dept Of Defense - 5 upvotes, $0
  506. Reflected XSS | https://████████ to U.S. Dept Of Defense - 5 upvotes, $0
  507. stored cross site scripting in https://███████ to U.S. Dept Of Defense - 5 upvotes, $0
  508. stored cross site scripting in https://██████████ to U.S. Dept Of Defense - 5 upvotes, $0
  509. stored cross site scripting in https://█████████ to U.S. Dept Of Defense - 5 upvotes, $0
  510. stored cross site scripting in https://███ to U.S. Dept Of Defense - 5 upvotes, $0
  511. Authentication Bypass Using Default Credentials on █████ to U.S. Dept Of Defense - 5 upvotes, $0
  512. Install.php File Exposure on Drupal to U.S. Dept Of Defense - 5 upvotes, $0
  513. Reflected XSS in ██████████ to U.S. Dept Of Defense - 5 upvotes, $0
  514. Reflected XSS in ██████████ to U.S. Dept Of Defense - 5 upvotes, $0
  515. Improper Access Control on Media Wiki allows an attackers to restart installation on DoD asset to U.S. Dept Of Defense - 5 upvotes, $0
  516. Default Credentials on Kinetic Core System Console - https://█████/kinetic/app/ to U.S. Dept Of Defense - 5 upvotes, $0
  517. XSS in ServiceNow logout https://████:443 to U.S. Dept Of Defense - 5 upvotes, $0
  518. Persistent XSS vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  519. Cross-site scripting vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  520. Cross-site scripting (XSS) vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  521. Arbitrary Script Injection (Mail) in a DoD Website to U.S. Dept Of Defense - 4 upvotes, $0
  522. Stored cross-site scripting (XSS) on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  523. HTML Injection/Load Images vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  524. SQL injection vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  525. Reflected XSS on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  526. Cross-Site Scripting (XSS) on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  527. Reflected XSS on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  528. Remote Code Execution (RCE) in a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  529. Server side information disclosure on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  530. Reflected XSS on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  531. Reflected XSS on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  532. Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  533. Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  534. Cross-site request forgery (CSRF) vulnerability in a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  535. Reflected XSS vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  536. Information disclosure vulnerability in a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  537. SQL Injection vulnerability in a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  538. SQL Injection vulnerability in a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  539. SQL injection vulnerability in a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  540. Reflective XSS vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  541. Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  542. Stored cross site scripting (XSS) vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  543. SQL injection vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  544. Remote Code Execution (RCE) vulnerability in multiple DoD websites to U.S. Dept Of Defense - 4 upvotes, $0
  545. Cross-site scripting (XSS) vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  546. Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  547. Cross-site scripting (XSS) on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  548. SQL Injection vulnerability in a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  549. Remote OS command Execution in the 3 more Oracle Weblogic on the ████████, ████, ███████ [CVE-2017-10352] to U.S. Dept Of Defense - 4 upvotes, $0
  550. Admin panel take over | User info leakage | Mass Comprimise to U.S. Dept Of Defense - 4 upvotes, $0
  551. Code reversion allowing SQLI again in ███████ to U.S. Dept Of Defense - 4 upvotes, $0
  552. Remote Code Execution (RCE) in a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  553. Critical information disclosure at https://█████████ to U.S. Dept Of Defense - 4 upvotes, $0
  554. CRLF Injection on ███████ to U.S. Dept Of Defense - 4 upvotes, $0
  555. WebLogic Server Side Request Forgery to U.S. Dept Of Defense - 4 upvotes, $0
  556. [████████] Reflected XSS to U.S. Dept Of Defense - 4 upvotes, $0
  557. [███████] Reflected GET XSS (/mission.php?...&missionDate=*) to U.S. Dept Of Defense - 4 upvotes, $0
  558. Firewall rules for ████████ can be bypassed to leak site authors to U.S. Dept Of Defense - 4 upvotes, $0
  559. idor on upload profile functionality to U.S. Dept Of Defense - 4 upvotes, $0
  560. Application level DoS via xmlrpc.php to U.S. Dept Of Defense - 4 upvotes, $0
  561. Unrestricted file upload leads to stored xss on https://████████/ to U.S. Dept Of Defense - 4 upvotes, $0
  562. HTML Injection leads to XSS on███ to U.S. Dept Of Defense - 4 upvotes, $0
  563. [██████████.mil] Cisco VPN Service Path Traversal to U.S. Dept Of Defense - 4 upvotes, $0
  564. [CVE-2020-3452] Unauthenticated file read in Cisco ASA to U.S. Dept Of Defense - 4 upvotes, $0
  565. [████] SQL Injections on Referer Header exploitable via Time-Based method to U.S. Dept Of Defense - 4 upvotes, $0
  566. Able to authenticate as administrator by navigating to https://█████/admin/ to U.S. Dept Of Defense - 4 upvotes, $0
  567. Able to log in with default ██████g creds at https█████████████████████.mil to U.S. Dept Of Defense - 4 upvotes, $0
  568. Insecure ███████ credentials on staging app at ████ leads to application takeover to U.S. Dept Of Defense - 4 upvotes, $0
  569. Register with non accepted email types on https://███████ to U.S. Dept Of Defense - 4 upvotes, $0
  570. Dashboard sharing enables code injection into ████ emails to U.S. Dept Of Defense - 4 upvotes, $0
  571. PII Leak via /███████ to U.S. Dept Of Defense - 4 upvotes, $0
  572. PII Leak via /██████ to U.S. Dept Of Defense - 4 upvotes, $0
  573. Stored XSS through name / last name on https://██████████/ to U.S. Dept Of Defense - 4 upvotes, $0
  574. Self XSS + CSRF Leads to Reflected XSS in https://████/ to U.S. Dept Of Defense - 4 upvotes, $0
  575. CVE-2021-26855 on ████████ resulting in SSRF to U.S. Dept Of Defense - 4 upvotes, $0
  576. Read-only path traversal (CVE-2020-3452) at https://█████ to U.S. Dept Of Defense - 4 upvotes, $0
  577. Read-only path traversal (CVE-2020-3452) at https://████████ to U.S. Dept Of Defense - 4 upvotes, $0
  578. xss on https://███████(█████████ parameter) to U.S. Dept Of Defense - 4 upvotes, $0
  579. XSS due to CVE-2020-3580 [██████] to U.S. Dept Of Defense - 4 upvotes, $0
  580. Reflected XSS at ████ via ██████████= parameter to U.S. Dept Of Defense - 4 upvotes, $0
  581. Wrong settings in ADF Faces leads to information disclosure to U.S. Dept Of Defense - 4 upvotes, $0
  582. ██████████ running a vulnerable log4j to U.S. Dept Of Defense - 4 upvotes, $0
  583. default ████ creds on https://████████ to U.S. Dept Of Defense - 4 upvotes, $0
  584. Reflected XSS at https://█████████ via "███" parameter to U.S. Dept Of Defense - 4 upvotes, $0
  585. Broken access control, can lead to legitimate user data loss to U.S. Dept Of Defense - 4 upvotes, $0
  586. ███ vulnerable to CVE-2022-22954 to U.S. Dept Of Defense - 4 upvotes, $0
  587. SSRF due to CVE-2021-27905 in www.████████ to U.S. Dept Of Defense - 4 upvotes, $0
  588. springboot actuator is leaking internals at ██████████ to U.S. Dept Of Defense - 4 upvotes, $0
  589. Broken access discloses users and PII at https://███████ [HtUS] to U.S. Dept Of Defense - 4 upvotes, $0
  590. Found Origin IP's Lead To Access ████ to U.S. Dept Of Defense - 4 upvotes, $0
  591. IDOR on ███████ [HtUS] to U.S. Dept Of Defense - 4 upvotes, $0
  592. stored cross site scripting in https://████ to U.S. Dept Of Defense - 4 upvotes, $0
  593. stored cross site scripting in https://███ to U.S. Dept Of Defense - 4 upvotes, $0
  594. [HTAF4-213] [Pre-submission] CVE-2018-2879 (padding oracle attack in the Oracle Access Manager) at https://█████████ to U.S. Dept Of Defense - 3 upvotes, $3000
  595. DNS Misconfiguration to U.S. Dept Of Defense - 3 upvotes, $0
  596. Server side information disclosure to U.S. Dept Of Defense - 3 upvotes, $0
  597. XSS vulnerability on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
  598. Potentially sensitive information disclosure on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
  599. Misconfigured user account settings on DoD website to U.S. Dept Of Defense - 3 upvotes, $0
  600. Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
  601. Remote Code Execution (RCE) in a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
  602. Reflected XSS on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
  603. Reflected XSS on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
  604. DOM Based XSS on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
  605. Time Based SQL Injection vulnerability on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
  606. Reflected XSS vulnerability on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
  607. Cross-site request forgery (CSRF) vulnerability on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
  608. Remote code execution vulnerability on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
  609. Reflected XSS vulnerability on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
  610. Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
  611. Reflected XSS on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
  612. Online training material disclosing username and password to U.S. Dept Of Defense - 3 upvotes, $0
  613. https://████████ Impacted by DNN ImageHandler SSRF to U.S. Dept Of Defense - 3 upvotes, $0
  614. ████████ SQL to U.S. Dept Of Defense - 3 upvotes, $0
  615. Attackers can control which security questions they are presented (████████) to U.S. Dept Of Defense - 3 upvotes, $0
  616. SQL injection on https://███████ to U.S. Dept Of Defense - 3 upvotes, $0
  617. Insecure Direct Object Reference on in-scope .mil website to U.S. Dept Of Defense - 3 upvotes, $0
  618. Sensitive Email disclosure Due to Insecure Reactivate Account field to U.S. Dept Of Defense - 3 upvotes, $0
  619. Able to view Backend Database dur to improper authentication to U.S. Dept Of Defense - 3 upvotes, $0
  620. █████ - DOM-based XSS to U.S. Dept Of Defense - 3 upvotes, $0
  621. █████ - DOM-based XSS to U.S. Dept Of Defense - 3 upvotes, $0
  622. [██████] Reflected GET XSS (/personnel.php?..&folder=*) with mouse action to U.S. Dept Of Defense - 3 upvotes, $0
  623. ████ █████ exposes highly sensitive information to public to U.S. Dept Of Defense - 3 upvotes, $0
  624. █████████ - Insecure download cookie generation allows bypass of CAC authentication, access to deleted and locked files to U.S. Dept Of Defense - 3 upvotes, $0
  625. Improper Neutralization of Input During Web Page Generation to U.S. Dept Of Defense - 3 upvotes, $0
  626. No ACL on S3 Bucket in [https://www.██████████/] to U.S. Dept Of Defense - 3 upvotes, $0
  627. Domian Takeover in [███████] to U.S. Dept Of Defense - 3 upvotes, $0
  628. [████████] — XSS on /███████_flight/images via advanced_val parameter to U.S. Dept Of Defense - 3 upvotes, $0
  629. XSS Reflected to U.S. Dept Of Defense - 3 upvotes, $0
  630. Reflected XSS on ███████ page to U.S. Dept Of Defense - 3 upvotes, $0
  631. Reflected XSS in https://███████ via search parameter to U.S. Dept Of Defense - 3 upvotes, $0
  632. PII Leak (such as CAC User ID) at https://████████/pages/login.aspx to U.S. Dept Of Defense - 3 upvotes, $0
  633. Apparent ██████████ website is publicly exposed, suggests default account details on page and has expired SSL/TLS cert to U.S. Dept Of Defense - 3 upvotes, $0
  634. POST based RXSS on https://█████ via frm_email parameter to U.S. Dept Of Defense - 3 upvotes, $0
  635. Sensitive data exposure via https://███/secure/QueryComponent!Default.jspa - CVE-2020-14179 to U.S. Dept Of Defense - 3 upvotes, $0
  636. Sensitive data exposure via https://███████/secure/QueryComponent!Default.jspa - CVE-2020-14179 to U.S. Dept Of Defense - 3 upvotes, $0
  637. System Error Reveals Sensitive SQL Call Data to U.S. Dept Of Defense - 3 upvotes, $0
  638. Members Personal Information Leak Due to IDOR to U.S. Dept Of Defense - 3 upvotes, $0
  639. [CVE-2021-29156] LDAP Injection at https://██████ to U.S. Dept Of Defense - 3 upvotes, $0
  640. https://██████/ Vulnerable to CVE-2013-3827 (Directory-traversal vulnerability) to U.S. Dept Of Defense - 3 upvotes, $0
  641. SQL injection located in ███ in POST param ████████ to U.S. Dept Of Defense - 3 upvotes, $0
  642. Unauthorized access to PII leads to MASS account Takeover to U.S. Dept Of Defense - 3 upvotes, $0
  643. Reflected XSS at https://██████/██████████ via "████████" parameter to U.S. Dept Of Defense - 3 upvotes, $0
  644. Reflected XSS at https://██████/██████ via "██████" parameter to U.S. Dept Of Defense - 3 upvotes, $0
  645. XSS trigger via HTML Iframe injection in ( https://██████████ ) due to unfiltered HTML tags to U.S. Dept Of Defense - 3 upvotes, $0
  646. CUI Labelled document out in the open to U.S. Dept Of Defense - 3 upvotes, $0
  647. XSS Reflected - ███ to U.S. Dept Of Defense - 3 upvotes, $0
  648. XSS on https://██████/███ via █████ parameter to U.S. Dept Of Defense - 3 upvotes, $0
  649. SQL INJECTION in https://████/██████████ to U.S. Dept Of Defense - 3 upvotes, $0
  650. Reflected XSS [██████] to U.S. Dept Of Defense - 3 upvotes, $0
  651. [CVE-2020-3452] Unauthenticated file read in Cisco ASA to U.S. Dept Of Defense - 3 upvotes, $0
  652. RXSS on █████████ to U.S. Dept Of Defense - 3 upvotes, $0
  653. Reflected Xss in [██████] to U.S. Dept Of Defense - 3 upvotes, $0
  654. Reflected XSS [██████] to U.S. Dept Of Defense - 3 upvotes, $0
  655. Open Redirect at █████ to U.S. Dept Of Defense - 3 upvotes, $0
  656. [HTA2] Receiving████ access request on @wearehackerone.com email address to U.S. Dept Of Defense - 2 upvotes, $750
  657. Information disclosure on a DoD website to U.S. Dept Of Defense - 2 upvotes, $0
  658. Reflected XSS vulnerability in a DoD website to U.S. Dept Of Defense - 2 upvotes, $0
  659. Stored XSS vulnerability on a DoD website to U.S. Dept Of Defense - 2 upvotes, $0
  660. Reflected XSS on a DoD website to U.S. Dept Of Defense - 2 upvotes, $0
  661. SQL Injection vulnerability in a DoD website to U.S. Dept Of Defense - 2 upvotes, $0
  662. SQL Injection vulnerability in a DoD website to U.S. Dept Of Defense - 2 upvotes, $0
  663. 2 vulnerabilities of arbitrary code in ████████ - CVE-2017-5929 to U.S. Dept Of Defense - 2 upvotes, $0
  664. Illegal account registration in ████████ to U.S. Dept Of Defense - 2 upvotes, $0
  665. Multiple cryptographic vulnerabilities in login page on ███████ to U.S. Dept Of Defense - 2 upvotes, $0
  666. Exposed FTP Credentials on ███████ to U.S. Dept Of Defense - 2 upvotes, $0
  667. Blind SQL Injection on DoD Site to U.S. Dept Of Defense - 2 upvotes, $0
  668. Sensitive Information Leaking Through DoD Owned Website. [██████████] to U.S. Dept Of Defense - 2 upvotes, $0
  669. Followup - SQL Injection - https://██████████/██████/MSI.portal to U.S. Dept Of Defense - 2 upvotes, $0
  670. CORS Misconfiguration Leads to Exposing User Data to U.S. Dept Of Defense - 2 upvotes, $0
  671. Padding Oracle ms10-070 in the a DoD website (https://██████/) to U.S. Dept Of Defense - 2 upvotes, $0
  672. Admin Login Credential Leak for DoD Gitlab EE instance to U.S. Dept Of Defense - 2 upvotes, $0
  673. Username&password is Disclosure in readme file in [https://█████████] to U.S. Dept Of Defense - 2 upvotes, $0
  674. Sensitive Information Leaking Through DARPA Website. [█████████] to U.S. Dept Of Defense - 2 upvotes, $0
  675. Sensitive Information Leaking Through Navy Website. [█████] to U.S. Dept Of Defense - 2 upvotes, $0
  676. Reflected XSS on https://███████/ to U.S. Dept Of Defense - 2 upvotes, $0
  677. SharePoint Web Services Exposed to Anonymous Access to U.S. Dept Of Defense - 2 upvotes, $0
  678. SSRF in login page using fetch API exposes victims IP address to attacker controled server to U.S. Dept Of Defense - 2 upvotes, $0
  679. Reflected XSS - https://███ to U.S. Dept Of Defense - 2 upvotes, $0
  680. [CVE-2021-29156 on ForgeRock OpenAm] LDAP Injection in Webfinger Protocol! to U.S. Dept Of Defense - 2 upvotes, $0
  681. Sensitive information on ██████████ to U.S. Dept Of Defense - 2 upvotes, $0
  682. System Error Reveals SQL Information to U.S. Dept Of Defense - 2 upvotes, $0
  683. Information disclosure at '████████' --- CVE-2020-14179 to U.S. Dept Of Defense - 2 upvotes, $0
  684. RXSS Via URI Path - https://██████████/ to U.S. Dept Of Defense - 2 upvotes, $0
  685. Reflected XSS in https://███████ via hidden parameter "████████" to U.S. Dept Of Defense - 2 upvotes, $0
  686. ███ ████████ running a vulnerable log4j to U.S. Dept Of Defense - 2 upvotes, $0
  687. Reflected XSS at https://██████████/████████ via "███████" parameter to U.S. Dept Of Defense - 2 upvotes, $0
  688. CVE-2021-42567 - Apereo CAS Reflected XSS on https://█████████ to U.S. Dept Of Defense - 2 upvotes, $0
  689. IDOR - Delete Users Saved Projects to U.S. Dept Of Defense - 2 upvotes, $0
  690. Authorization bypass -> IDOR -> PII Leakage to U.S. Dept Of Defense - 2 upvotes, $0
  691. [www.█████] Path-based reflected Cross Site Scripting to U.S. Dept Of Defense - 2 upvotes, $0
  692. CORS Misconfiguration to U.S. Dept Of Defense - 2 upvotes, $0
  693. Sensitive data exposure via /secure/QueryComponent!Default.jspa endpoint on ████████ to U.S. Dept Of Defense - 2 upvotes, $0
  694. Reflected XSS [███] to U.S. Dept Of Defense - 2 upvotes, $0
  695. [CVE-2020-3452] Unauthenticated file read in Cisco ASA to U.S. Dept Of Defense - 2 upvotes, $0
  696. XSS DUE TO CVE-2020-3580 to U.S. Dept Of Defense - 2 upvotes, $0
  697. an internel important paths disclosure [HtUS] to U.S. Dept Of Defense - 2 upvotes, $0
  698. STORED XSS in █████████/nlc/login.aspx via "edit" GET parameter through markdown editor [HtUS] to U.S. Dept Of Defense - 2 upvotes, $0
  699. Reflected XSS | https://████ to U.S. Dept Of Defense - 2 upvotes, $0
  700. Cross-site scripting (XSS) vulnerability on a DoD website to U.S. Dept Of Defense - 1 upvotes, $0
  701. SQL injection found in US Navy Website (http://███/) to U.S. Dept Of Defense - 1 upvotes, $0
  702. Access to job creation web page on http://████████ to U.S. Dept Of Defense - 1 upvotes, $0
  703. Content-Injection/XSS ████ to U.S. Dept Of Defense - 1 upvotes, $0
  704. █████ - Pre-generation of VIEWSTATE allows CAC bypass to U.S. Dept Of Defense - 1 upvotes, $0
  705. [https://███] Local File Inclusion via graph.php to U.S. Dept Of Defense - 1 upvotes, $0
  706. Publicly accessible Grafana install allows pivoting to Prometheus datasource to U.S. Dept Of Defense - 1 upvotes, $0
  707. Unencrypted __VIEWSTATE parameter in a DoD website to U.S. Dept Of Defense - 1 upvotes, $0
  708. PulseSSL VPN Site with Compromised Creds @ ████ to U.S. Dept Of Defense - 1 upvotes, $0
  709. https://█████ is vulnerable to CVE-2020-3452 Read-Only Path Traversal Vulnerability to U.S. Dept Of Defense - 1 upvotes, $0
  710. Sensitive data exposure via https://████████.mil/secure/QueryComponent!Default.jspa - CVE-2020-14179 to U.S. Dept Of Defense - 1 upvotes, $0
  711. Access to Unclassified / FOUO Advanced Motion Platform of █████████.mil to U.S. Dept Of Defense - 1 upvotes, $0
  712. SharePoint Web Services Exposed to Anonymous Access to U.S. Dept Of Defense - 1 upvotes, $0
  713. Reflected XSS on https://█████ to U.S. Dept Of Defense - 1 upvotes, $0
  714. xss reflected on https://███████- (███ parameters) to U.S. Dept Of Defense - 1 upvotes, $0
  715. XSS Reflected on https://███ (███ parameter) to U.S. Dept Of Defense - 1 upvotes, $0
  716. XSS due to CVE-2020-3580 [███.mil] to U.S. Dept Of Defense - 1 upvotes, $0
  717. CUI labled and ████ and ██████ Restricted ██████ intelligence to U.S. Dept Of Defense - 1 upvotes, $0
  718. XSS due to CVE-2020-3580 [███] to U.S. Dept Of Defense - 1 upvotes, $0
  719. Reflected XSS on https://███/████via hidden parameter "█████████" to U.S. Dept Of Defense - 1 upvotes, $0
  720. [CVE-2020-3452] Unauthenticated file read in Cisco ASA to U.S. Dept Of Defense - 1 upvotes, $0
  721. RXSS ON https://██████████ to U.S. Dept Of Defense - 1 upvotes, $0
  722. (CORS) Cross-origin resource sharing misconfiguration on https://█████████ to U.S. Dept Of Defense - 1 upvotes, $0
  723. XSS because of Akamai ARL misconfiguration on ████ to U.S. Dept Of Defense - 1 upvotes, $0
  724. Reflected XSS - in Email Input to U.S. Dept Of Defense - 1 upvotes, $0
  725. CSRF - Modify User Settings with one click - Account TakeOver to U.S. Dept Of Defense - 1 upvotes, $0
  726. Arbitrary File Deletion (CVE-2020-3187) on ████████ to U.S. Dept Of Defense - 1 upvotes, $0
  727. CVE-2020-3452 on https://█████/ to U.S. Dept Of Defense - 1 upvotes, $0
  728. Bypassing CORS Misconfiguration Leads to Sensitive Exposure at https://███/ to U.S. Dept Of Defense - 1 upvotes, $0
  729. XSS on https://███████/██████████ parameter to U.S. Dept Of Defense - 1 upvotes, $0
  730. XSS on https://████████/████' parameter to U.S. Dept Of Defense - 1 upvotes, $0
  731. ██████_log4j - https://██████ to U.S. Dept Of Defense - 1 upvotes, $0
  732. solr_log4j - http://██████████ to U.S. Dept Of Defense - 1 upvotes, $0
  733. Directory Traversal at █████ to U.S. Dept Of Defense - 1 upvotes, $0
  734. IDOR Lead To VIEW & DELETE & Create api_key [HtUS] to U.S. Dept Of Defense - 1 upvotes, $0
  735. Unprotected ██████ and Test site API Exposes Documents, Credentials, and Emails in ██████████ Proposal System to U.S. Dept Of Defense - 1 upvotes, $0
  736. Two Error-Based SQLi in courses.aspx on ██████████ to U.S. Dept Of Defense - 0 upvotes, $0
  737. SQL Injection - https://███/█████████/MSI.portal to U.S. Dept Of Defense - 0 upvotes, $0
  738. [██████████] — Directory traversal via /aerosol-bin/███████/display_directory_████_t.cgi to U.S. Dept Of Defense - 0 upvotes, $0
  739. Stored XSS on ████████helpdesk to U.S. Dept Of Defense - 0 upvotes, $0
  740. Sensitive information on '████████' to U.S. Dept Of Defense - 0 upvotes, $0
  741. CUI labled and ████ Restricted pdf on █████ to U.S. Dept Of Defense - 0 upvotes, $0
  742. Access to admininstrative resources/account via path traversal to U.S. Dept Of Defense - 0 upvotes, $0